Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Symposium Organizers
  • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
  • At a Glance
  • Calendar
  • Technical Sessions
  • Purchase the Box Set
  • Activities
    • Posters and Demos
    • Birds-of-a-Feather Sessions
  • Sponsorship
  • Students and Grants
    • Grants for Women
  • Services
  • Questions?
  • Help Promote!
  • For Participants
  • Call for Papers
  • Past Symposia

sponsors

Gold Sponsor
Silver Sponsor
Silver Sponsor
Bronze Sponsor
Bronze Sponsor
Bronze Sponsor
Bronze Sponsor
General Sponsor
General Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Industry Partner

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags
Tweet

connect with us

https://twitter.com/usenix
https://www.facebook.com/usenixassociation
http://www.linkedin.com/groups/USENIX-Association-49559/about
https://plus.google.com/108588319090208187909/posts
http://www.youtube.com/user/USENIXAssociation

Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags

Authors: 

Seyed Kaveh Fayazbakhsh, Carnegie Mellon University; Luis Chiang, Deutsche Telekom Labs; Vyas Sekar, Carnegie Mellon University; Minlan Yu, University of Southern California; Jeffrey C. Mogul, Google

Open Access Content

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Fayazbakhsh PDF
View the slides
BibTeX
Text of BibTeX entry: 
@inproceedings {179779, author = {Seyed Kaveh Fayazbakhsh and Luis Chiang and Vyas Sekar and Minlan Yu and Jeffrey C. Mogul}, title = {Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags}, booktitle = {11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14)}, year = {2014}, month = Apr, isbn = {978-1-931971-09-6}, address = {Seattle, WA}, pages = {543--546}, url = {https://www.usenix.org/conference/nsdi14/technical-sessions/presentation/fayazbakhsh}, publisher = {USENIX Association}, } <br><a href="/biblio/export/bibtex/179779">Download</a>
Abstract: 

Middleboxes provide key security and performance guarantees in networks. Unfortunately, the dynamic traffic modifications they induce make it difficult to reason about network management tasks such as access control, accounting, and diagnostics. This also makes it difficult to integrate middleboxes into SDN-capable networks and leverage the benefits that SDN can offer.

In response, we develop the FlowTags architecture. FlowTags-enhanced middleboxes export tags to provide the necessary causal context (e.g., source hosts or internal cache/miss state). SDN controllers can configure the tag generation and tag consumption operations using new FlowTags APIs. These operations help restore two key SDN tenets: (i) bindings between packets and their “origins,” and (ii) ensuring that packets follow policymandated paths.

We develop new controller mechanisms that leverage FlowTags. We show the feasibility of minimally extending middleboxes to support FlowTags. We also show that FlowTags imposes low overhead over traditional SDN mechanisms. Finally, we demonstrate the early promise of FlowTags in enabling new verification and diagnosis capabilities.

presentation video

Download Video

presentation audio

MP3 Download OGG Download
  • Log in or    Register to post comments

Gold Sponsors

Silver Sponsors

Bronze Sponsors

General Sponsors

Media Sponsors & Industry Partners

© USENIX 2016

  • Privacy Statement
  • Contact Us
  • USENIX Update RSS Feed