The proliferation of network processing appliances (''Middleboxes'') has been accompanied by a growing recognition of the problems they bring, including expensive hardware and complex management. This recognition led the networking industry to launch a concerted effort towards Network Function Virtualization (NFV) with the goal of bringing greater openness and agility to network dataplanes. However, a closer look “under the hood” reveals a less rosy picture: NFV is currently replacing, on a one-to-one basis, monolithic hardware with monolithic software. Furthermore, while several efforts are exploring a new model for middlebox deployment in which a third-party offers middlebox processing as a service, no solutions address the confidentiality concerns. In order to process an organization’s traffic, the cloud sees the traffic unencrypted. This means that the cloud now has access to potentially sensitive packet payloads and headers. In the first part of this thesis, we present E2, a scalable and application-agnostic scheduling framework for packet processing, and compare its performance to current approaches. E2 brings two benefits: (i) it allows developers to rely on external framework-based mechanisms for common tasks, freeing them to focus on their core application logic and (ii) it simplifies the operator’s responsibilities, as it both automates and consolidates common management tasks. In the following chapter, we then present Embark, the first system that enables a cloud provider to support middlebox outsourcing while maintaining the client’s confidentiality. Embark supports a wide-range of middleboxes. Our evaluation shows that Embark supports these applications with competitive performance.




Download Full History