Skip to main content

Seminar:  Simplifying Middlebox Policy Enforcement Using SDN

Date:September 22, 2014 
Talk Title:Simplifying Middlebox Policy Enforcement Using SDN
Speaker:Vyas Sekar
Time & Location:12:00pm - 1:00pm
CIC Building, Pittsburgh


Networks today rely on middleboxes such as firewalls, proxies, load balancers, and WAN optimizers to meet critical performance, security, and policy compliance capabilities. Unfortunately, achieving these benefits and ensuring that the traffic is directed through the desired se- quence of middleboxes requires significant manual effort and operator expertise. In this respect, Software-Defined Networking (SDN) offers a promising alternative. Middleboxes introduce new aspects (e.g., policy composition, resource management, packet modifications) that fall outside the purvey of traditional L2/L3 functions that SDN supports (e.g., access control or routing). This talk will describe our work on a SDN-based policy enforcement system called SIMPLE for efficient middlebox-specific “traffic steering”. In designing SIMPLE, we take an explicit stance to work within the constraints of legacy middleboxes and existing SDN interfaces. To this end, we address key algorithmic and system design challenges and demonstrate the feasibility of using SDN to simplify middlebox traffic steering. In doing so, we also take a significant step toward addressing industry concerns surrounding the ability of SDN to integrate with existing infrastructure and support L4–L7 capabilities. I will also briefly highlight some of our other ongoing work in the space of integrating SDN and middleboxes.

Speaker Bio

Vyas Sekar is an Assistant Professor in the ECE Department at CMU. His research interests lie at the intersection of networking, security, and systems. He received his Ph.D. from the Computer Science Department at Carnegie Mellon University in 2010. He earned his bachelor's degree from the Indian Institute of Technology Madras, where he was awarded the President of India Gold Medal. His work has been recognized with best paper awards at ACM SIGCOMM, ACM CoNext, and ACM Multimedia.