Making middleboxes someone else's problem: Network processing as a cloud service

Abstract

Modern enterprises almost ubiquitously deploy middlebox processing services to improve security ami performance in their networks. Despite this. we find that today's middlebox infrastructure is expensive. complex to manage, and creates new failure modes for the networks that use them, (liven the promise of cloud computing to decrease costs, ease management, and provide elasticity and fault-tolerance. we argue that middlehox processing can benefit from outsourcing the cloud. Arriving at a feasible implementation, however. is challenging due to the need to achieve functional equivalence with traditional middlebox deployments without sacrificing performance or increasing network complexity. In this paper, ur motivate. design, and implement APLOMB. a practical service for outsourcing enterprise middlehox processing to the cloud. Our discussion of APLOMB is data-driven, guided by a survey of 57 enterprise networks, the first large-scale academic study of middlebox deployment. We show that APLOMB solves real problems faced by network administrators, can outsource over 90 % of middlebox hardware in a typical large enterprise network, and, in a case study of a real enterprise,imposes an average latency penalty of I. litis and median bandwidth inflation of 3.8%. Copyright 2012 ACM.