-
Machine Learning Recommendation System For Health Insurance Decision Making In Nigeria
Authors:
Ayomide Owoyemi,
Emmanuel Nnaemeka,
Temitope O. Benson,
Ronald Ikpe,
Blessing Nwachukwu,
Temitope Isedowo
Abstract:
The uptake of health insurance has been poor in Nigeria, a significant step to improving this includes improved awareness, access to information and tools to support decision making. Artificial intelligence (AI) based recommender systems have gained popularity in helping individuals find movies, books, music, and different types of products on the internet including diverse applications in healthc…
▽ More
The uptake of health insurance has been poor in Nigeria, a significant step to improving this includes improved awareness, access to information and tools to support decision making. Artificial intelligence (AI) based recommender systems have gained popularity in helping individuals find movies, books, music, and different types of products on the internet including diverse applications in healthcare. The content-based methodology (item-based approach) was employed in the recommender system. We applied both the K-Nearest Neighbor (KNN) and Cosine similarity algorithm. We chose the Cosine similarity as our chosen algorithm after several evaluations based of their outcomes in comparison with domain knowledge. The recommender system takes into consideration the choices entered by the user, filters the health management organization (HMO) data by location and chosen prices. It then recommends the top 3 HMOs with closest similarity in services offered. A recommendation tool to help people find and select the best health insurance plan for them is useful in reducing the barrier of accessing health insurance. Users are empowered to easily find appropriate information on available plans, reduce cognitive overload in dealing with over 100 options available in the market and easily see what matches their financial capacity.
△ Less
Submitted 18 May, 2023;
originally announced May 2023.
-
Detecting Anomalous Microflows in IoT Volumetric Attacks via Dynamic Monitoring of MUD Activity
Authors:
Ayyoob Hamza,
Hassan Habibi Gharakheili,
Theophilus A. Benson,
Gustavo Batista,
Vijay Sivaraman
Abstract:
IoT networks are increasingly becoming target of sophisticated new cyber-attacks. Anomaly-based detection methods are promising in finding new attacks, but there are certain practical challenges like false-positive alarms, hard to explain, and difficult to scale cost-effectively. The IETF recent standard called Manufacturer Usage Description (MUD) seems promising to limit the attack surface on IoT…
▽ More
IoT networks are increasingly becoming target of sophisticated new cyber-attacks. Anomaly-based detection methods are promising in finding new attacks, but there are certain practical challenges like false-positive alarms, hard to explain, and difficult to scale cost-effectively. The IETF recent standard called Manufacturer Usage Description (MUD) seems promising to limit the attack surface on IoT devices by formally specifying their intended network behavior. In this paper, we use SDN to enforce and monitor the expected behaviors of each IoT device, and train one-class classifier models to detect volumetric attacks.
Our specific contributions are fourfold. (1) We develop a multi-level inferencing model to dynamically detect anomalous patterns in network activity of MUD-compliant traffic flows via SDN telemetry, followed by packet inspection of anomalous flows. This provides enhanced fine-grained visibility into distributed and direct attacks, allowing us to precisely isolate volumetric attacks with microflow (5-tuple) resolution. (2) We collect traffic traces (benign and a variety of volumetric attacks) from network behavior of IoT devices in our lab, generate labeled datasets, and make them available to the public. (3) We prototype a full working system (modules are released as open-source), demonstrates its efficacy in detecting volumetric attacks on several consumer IoT devices with high accuracy while maintaining low false positives, and provides insights into cost and performance of our system. (4) We demonstrate how our models scale in environments with a large number of connected IoTs (with datasets collected from a network of IP cameras in our university campus) by considering various training strategies (per device unit versus per device type), and balancing the accuracy of prediction against the cost of models in terms of size and training time.
△ Less
Submitted 11 April, 2023;
originally announced April 2023.
-
Providing In-network Support to Coflow Scheduling
Authors:
Cristian Hernandez Benet,
Andreas J. Kassler,
Gianni Antichi,
Theophilus A. Benson,
Gergely Pongracz
Abstract:
Many emerging distributed applications, including big data analytics, generate a number of flows that concurrently transport data across data center networks. To improve their performance, it is required to account for the behavior of a collection of flows, i.e., coflows, rather than individual. State-of-the-art solutions allow for a near-optimal completion time by continuously reordering the unfi…
▽ More
Many emerging distributed applications, including big data analytics, generate a number of flows that concurrently transport data across data center networks. To improve their performance, it is required to account for the behavior of a collection of flows, i.e., coflows, rather than individual. State-of-the-art solutions allow for a near-optimal completion time by continuously reordering the unfinished coflows at the end-host, using network priorities. This paper shows that dynamically changing flow priorities at the end host, without taking into account in-flight packets, can cause high-degrees of packet re-ordering, thus imposing pressure on the congestion control and potentially harming network performance in the presence of switches with shallow buffers. We present pCoflow, a new solution that integrates end-host based coflow ordering with in-network scheduling based on packet history. Our evaluation shows that pCoflow improves in CCT upon state-of-the-art solutions by up to 34% for varying load.
△ Less
Submitted 6 July, 2020;
originally announced July 2020.
-
Parallelizing Training of Deep Generative Models on Massive Scientific Datasets
Authors:
Sam Ade Jacobs,
Brian Van Essen,
David Hysom,
Jae-Seung Yeom,
Tim Moon,
Rushil Anirudh,
Jayaraman J. Thiagaranjan,
Shusen Liu,
Peer-Timo Bremer,
Jim Gaffney,
Tom Benson,
Peter Robinson,
Luc Peterson,
Brian Spears
Abstract:
Training deep neural networks on large scientific data is a challenging task that requires enormous compute power, especially if no pre-trained models exist to initialize the process. We present a novel tournament method to train traditional as well as generative adversarial networks built on LBANN, a scalable deep learning framework optimized for HPC systems. LBANN combines multiple levels of par…
▽ More
Training deep neural networks on large scientific data is a challenging task that requires enormous compute power, especially if no pre-trained models exist to initialize the process. We present a novel tournament method to train traditional as well as generative adversarial networks built on LBANN, a scalable deep learning framework optimized for HPC systems. LBANN combines multiple levels of parallelism and exploits some of the worlds largest supercomputers. We demonstrate our framework by creating a complex predictive model based on multi-variate data from high-energy-density physics containing hundreds of millions of images and hundreds of millions of scalar values derived from tens of millions of simulations of inertial confinement fusion. Our approach combines an HPC workflow and extends LBANN with optimized data ingestion and the new tournament-style training algorithm to produce a scalable neural network architecture using a CORAL-class supercomputer. Experimental results show that 64 trainers (1024 GPUs) achieve a speedup of 70.2 over a single trainer (16 GPUs) baseline, and an effective 109% parallel efficiency.
△ Less
Submitted 5 October, 2019;
originally announced October 2019.
-
ConfigTron: Tackling network diversity with heterogeneous configurations
Authors:
Usama Naseer,
Theophilus Benson
Abstract:
The web serving protocol stack is constantly changing and evolving to tackle technological shifts in networking infrastructure and website complexity. As a result of this evolution, the web serving stack includes a plethora of protocols and configuration parameters that enable the web serving stack to address a variety of realistic network conditions. Yet, today, most content providers have adopte…
▽ More
The web serving protocol stack is constantly changing and evolving to tackle technological shifts in networking infrastructure and website complexity. As a result of this evolution, the web serving stack includes a plethora of protocols and configuration parameters that enable the web serving stack to address a variety of realistic network conditions. Yet, today, most content providers have adopted a "one-size-fits-all" approach to configuring the networking stack of their user facing web servers (or at best employ moderate tuning), despite the significant diversity in end-user networks and devices. In this paper, we revisit this problem and ask a more fundamental question: Are there benefits to tuning the network stack? If so, what system design choices and algorithmic ensembles are required to enable modern content provider to dynamically and flexibly tune their protocol stacks. We demonstrate through substantial empirical evidence that this "one-size-fits-all" approach results in sub-optimal performance and argue for a novel framework that extends existing CDN architectures to provide programmatic control over the configuration options of the CDN serving stack. We designed ConfigTron a data-driven framework that leverages data from all connections to identify their network characteristics and learn the optimal configuration parameters to improve end-user performance. ConfigTron uses contextual multi-arm bandit-based learning algorithm to find optimal configurations in minimal time, enabling a content providers to systematically explore heterogeneous configurations while improving end-user page load time by as much as 19% (upto 750ms) on median.
△ Less
Submitted 13 August, 2019;
originally announced August 2019.
-
Improving Strong-Scaling of CNN Training by Exploiting Finer-Grained Parallelism
Authors:
Nikoli Dryden,
Naoya Maruyama,
Tom Benson,
Tim Moon,
Marc Snir,
Brian Van Essen
Abstract:
Scaling CNN training is necessary to keep up with growing datasets and reduce training time. We also see an emerging need to handle datasets with very large samples, where memory requirements for training are large. Existing training frameworks use a data-parallel approach that partitions samples within a mini-batch, but limits to scaling the mini-batch size and memory consumption makes this unten…
▽ More
Scaling CNN training is necessary to keep up with growing datasets and reduce training time. We also see an emerging need to handle datasets with very large samples, where memory requirements for training are large. Existing training frameworks use a data-parallel approach that partitions samples within a mini-batch, but limits to scaling the mini-batch size and memory consumption makes this untenable for large samples. We describe and implement new approaches to convolution, which parallelize using spatial decomposition or a combination of sample and spatial decomposition. This introduces many performance knobs for a network, so we develop a performance model for CNNs and present a method for using it to automatically determine efficient parallelization strategies.
We evaluate our algorithms with microbenchmarks and image classification with ResNet-50. Our algorithms allow us to prototype a model for a mesh-tangling dataset, where sample sizes are very large. We show that our parallelization achieves excellent strong and weak scaling and enables training for previously unreachable datasets.
△ Less
Submitted 15 March, 2019;
originally announced March 2019.
-
Verifying and Monitoring IoTs Network Behavior using MUD Profiles
Authors:
Ayyoob Hamza,
Dinesha Ranathunga,
Hassan Habibi Gharakheili,
Theophilus A. Benson,
Matthew Roughan,
Vijay Sivaraman
Abstract:
IoT devices are increasingly being implicated in cyber-attacks, raising community concern about the risks they pose to critical infrastructure, corporations, and citizens. In order to reduce this risk, the IETF is pushing IoT vendors to develop formal specifications of the intended purpose of their IoT devices, in the form of a Manufacturer Usage Description (MUD), so that their network behavior i…
▽ More
IoT devices are increasingly being implicated in cyber-attacks, raising community concern about the risks they pose to critical infrastructure, corporations, and citizens. In order to reduce this risk, the IETF is pushing IoT vendors to develop formal specifications of the intended purpose of their IoT devices, in the form of a Manufacturer Usage Description (MUD), so that their network behavior in any operating environment can be locked down and verified rigorously. This paper aims to assist IoT manufacturers in developing and verifying MUD profiles, while also helping adopters of these devices to ensure they are compatible with their organizational policies and track devices network behavior based on their MUD profile. Our first contribution is to develop a tool that takes the traffic trace of an arbitrary IoT device as input and automatically generates the MUD profile for it. We contribute our tool as open source, apply it to 28 consumer IoT devices, and highlight insights and challenges encountered in the process. Our second contribution is to apply a formal semantic framework that not only validates a given MUD profile for consistency, but also checks its compatibility with a given organizational policy. We apply our framework to representative organizations and selected devices, to demonstrate how MUD can reduce the effort needed for IoT acceptance testing. Finally, we show how operators can dynamically identify IoT devices using known MUD profiles and monitor their behavioral changes on their network.
△ Less
Submitted 7 February, 2019;
originally announced February 2019.
-
Exploiting Network Loss for Distributed Approximate Computing with NetApprox
Authors:
Ke Liu,
Jinmou Li,
Shin-Yeh Tsai,
Theophilus Benson,
Yiying Zhang
Abstract:
Many data center applications such as machine learning and big data analytics can complete their analysis without processing the complete set of data. While extensive approximate-aware optimizations have been proposed at hardware, programming language, and application levels. However, to date, the approximate computing optimizations have ignored the network layer.
We propose NetApprox, which to…
▽ More
Many data center applications such as machine learning and big data analytics can complete their analysis without processing the complete set of data. While extensive approximate-aware optimizations have been proposed at hardware, programming language, and application levels. However, to date, the approximate computing optimizations have ignored the network layer.
We propose NetApprox, which to the best of our knowledge, is the first approximate-aware network layer comprising transport-layer protocol, network resource allocation schemes, and scheduling/priority-assignment policies. Building on the observation that approximate applications can tolerate loss, NetApprox's main insights are to aggressively send approximate traffic (which improves the performance of approximate applications) and to minimize the network resources allocated to approximate traffic (which simultaneously limits the impact of aggressive approximate traffic while freeing up resources that, in turn, improve non-approximate applications' performance). We ported Flink, Kafka, Spark, and PyTorch to NetApprox and evaluated NetApprox with both large-scale simulation and real implementation. Our evaluation results show that NetApprox improves job completion times by up to 80% compared to network-oblivious approximation solutions, and improves the performance of co-running non-approximate workloads by 79%.
△ Less
Submitted 29 June, 2022; v1 submitted 6 January, 2019;
originally announced January 2019.
-
DeepConfig: Automating Data Center Network Topologies Management with Machine Learning
Authors:
Christopher Streiffer,
Huan Chen,
Theophilus Benson,
Asim Kadav
Abstract:
In recent years, many techniques have been developed to improve the performance and efficiency of data center networks. While these techniques provide high accuracy, they are often designed using heuristics that leverage domain-specific properties of the workload or hardware.
In this vision paper, we argue that many data center networking techniques, e.g., routing, topology augmentation, energy…
▽ More
In recent years, many techniques have been developed to improve the performance and efficiency of data center networks. While these techniques provide high accuracy, they are often designed using heuristics that leverage domain-specific properties of the workload or hardware.
In this vision paper, we argue that many data center networking techniques, e.g., routing, topology augmentation, energy savings, with diverse goals actually share design and architectural similarity. We present a design for developing general intermediate representations of network topologies using deep learning that is amenable to solving classes of data center problems. We develop a framework, DeepConfig, that simplifies the processing of configuring and training deep learning agents that use the intermediate representation to learns different tasks. To illustrate the strength of our approach, we configured, implemented, and evaluated a DeepConfig-Agent that tackles the data center topology augmentation problem. Our initial results are promising --- DeepConfig performs comparably to the optimal.
△ Less
Submitted 11 December, 2017;
originally announced December 2017.
-
Dapper: Data Plane Performance Diagnosis of TCP
Authors:
Mojgan Ghasemi,
Theophilus Benson,
Jennifer Rexford
Abstract:
With more applications moving to the cloud, cloud providers need to diagnose performance problems in a timely manner. Offline processing of logs is slow and inefficient, and instrumenting the end-host network stack would violate the tenants' rights to manage their own virtual machines (VMs). Instead, our Dapper system analyzes TCP performance in real time near the end-hosts (e.g., at the hyperviso…
▽ More
With more applications moving to the cloud, cloud providers need to diagnose performance problems in a timely manner. Offline processing of logs is slow and inefficient, and instrumenting the end-host network stack would violate the tenants' rights to manage their own virtual machines (VMs). Instead, our Dapper system analyzes TCP performance in real time near the end-hosts (e.g., at the hypervisor, NIC, or top-of-rack switch). Dapper determines whether a connection is limited by the sender (e.g., a slow server competing for shared resources), the network (e.g., congestion), or the receiver (e.g., small receive buffer). Emerging edge devices now offer flexible packet processing at high speed on commodity hardware, making it possible to monitor TCP performance in the data plane, at line rate. We use P4 to prototype Dapper and evaluate our design on real and synthetic traffic. To reduce the data-plane state requirements, we perform lightweight detection for all connections, followed by heavier-weight diagnosis just for the troubled connections.
△ Less
Submitted 4 November, 2016;
originally announced November 2016.
-
Finding Needles in the Haystack: Harnessing Syslogs for Data Center Management
Authors:
Chen Liang,
Theophilus Benson,
Partha Kanuparthy,
Yihua He
Abstract:
Network device syslogs are ubiquitous and abundant in modern data centers with most large data centers producing millions of messages per day. Yet, the operational information reflected in syslogs and their implications on diagnosis or management tasks are poorly understood. Prevalent approaches to understanding syslogs focus on simple correlation and abnormality detection and are often limited to…
▽ More
Network device syslogs are ubiquitous and abundant in modern data centers with most large data centers producing millions of messages per day. Yet, the operational information reflected in syslogs and their implications on diagnosis or management tasks are poorly understood. Prevalent approaches to understanding syslogs focus on simple correlation and abnormality detection and are often limited to detection providing little insight towards diagnosis and resolution.
Towards improving data center operations, we propose and implement Log-Prophet, a system that applies a toolbox of statistical techniques and domain-specific models to mine detailed diagnoses. Log-Prophet infers causal relationships between syslog lines and constructs succinct but valuable problem graphs, summarizing root causes and their locality, including cascading problems. We validate Log-Prophet using problem tickets and through operator interviews. To demonstrate the strength of Log-Prophet, we perform an initial longitudinal study of a large online service provider's data center. Our study demonstrates that Log-Prophet significantly reduces the number of alerts while highlighting interesting operational issues.
△ Less
Submitted 19 May, 2016;
originally announced May 2016.
-
Performance Characterization of a Commercial Video Streaming Service
Authors:
Mojgan Ghasemi,
Partha Kanuparthy,
Ahmed Mansy,
Theophilus Benson,
Jennifer Rexford
Abstract:
Despite the growing popularity of video streaming over the Internet, problems such as re-buffering and high startup latency continue to plague users. In this paper, we present an end-to-end characterization of Yahoo's video streaming service, analyzing over 500 million video chunks downloaded over a two-week period. We gain unique visibility into the causes of performance degradation by instrument…
▽ More
Despite the growing popularity of video streaming over the Internet, problems such as re-buffering and high startup latency continue to plague users. In this paper, we present an end-to-end characterization of Yahoo's video streaming service, analyzing over 500 million video chunks downloaded over a two-week period. We gain unique visibility into the causes of performance degradation by instrumenting both the CDN server and the client player at the chunk level, while also collecting frequent snapshots of TCP variables from the server network stack. We uncover a range of performance issues, including an asynchronous disk-read timer and cache misses at the server, high latency and latency variability in the network, and buffering delays and dropped frames at the client. Looking across chunks in the same session, or destined to the same IP prefix, we see how some performance problems are relatively persistent, depending on the video's popularity, the distance between the client and server, and the client's operating system, browser, and Flash runtime.
△ Less
Submitted 16 May, 2016;
originally announced May 2016.
-
YTrace: End-to-end Performance Diagnosis in Large Cloud and Content Providers
Authors:
Partha Kanuparthy,
Yuchen Dai,
Sudhir Pathak,
Sambit Samal,
Theophilus Benson,
Mojgan Ghasemi,
P. P. S. Narayan
Abstract:
Content providers build serving stacks to deliver content to users. An important goal of a content provider is to ensure good user experience, since user experience has an impact on revenue. In this paper, we describe a system at Yahoo called YTrace that diagnoses bad user experience in near real time. We present the different components of YTrace for end-to-end multi-layer diagnosis (instrumentat…
▽ More
Content providers build serving stacks to deliver content to users. An important goal of a content provider is to ensure good user experience, since user experience has an impact on revenue. In this paper, we describe a system at Yahoo called YTrace that diagnoses bad user experience in near real time. We present the different components of YTrace for end-to-end multi-layer diagnosis (instrumentation, methods and backend system), and the system architecture for delivering diagnosis in near real time across all user sessions at Yahoo. YTrace diagnoses problems across service and network layers in the end-to-end path spanning user host, Internet, CDN and the datacenters, and has three diagnosis goals: detection, localization and root cause analysis (including cascading problems) of performance problems in user sessions with the cloud. The key component of the methods in YTrace is capturing and discovering causality, which we design based on a mix of instrumentation API, domain knowledge and blackbox methods. We show three case studies from production that span a large-scale distributed storage system, a datacenter-wide network, and an end-to-end video serving stack at Yahoo. We end by listing a number of open directions for performance diagnosis in cloud and content providers.
△ Less
Submitted 25 May, 2016; v1 submitted 10 February, 2016;
originally announced February 2016.
-
Extended Capability Models for Carbon Fiber Composite (CFC) Panels in the Unstructured Transmission Line Modelling (UTLM) Method
Authors:
Xuesong Meng,
Ana Vukovic,
Trevor M. Benson,
Phillip Sewell
Abstract:
An effective model of single and multilayered thin panels, including those formed using carbon fiber composite (CFC) materials, is incorporated into the Transmission Line Modeling (TLM) method. The thin panel model is a one-dimensional (1D) one based on analytical expansions of cotangent and cosecant functions that are used to describe the admittance matrix in the frequency domain; these are then…
▽ More
An effective model of single and multilayered thin panels, including those formed using carbon fiber composite (CFC) materials, is incorporated into the Transmission Line Modeling (TLM) method. The thin panel model is a one-dimensional (1D) one based on analytical expansions of cotangent and cosecant functions that are used to describe the admittance matrix in the frequency domain; these are then converted into the time domain by using digital filter theory and an inverse Z transform. The model, which is extended to allow for material anisotropy, is executed within 1D TLM codes. And, for the first time, the two-dimensional (2D) thin surface model is embedded in unstructured three-dimensional (3D) TLM codes. The approach is validated by using it to study some canonical structures with analytic solutions, and against results taken from the literature. It is then used to investigate shielding effectiveness of carbon fiber composite materials in a practical curved aerospace-related structure.
△ Less
Submitted 10 January, 2016;
originally announced January 2016.
-
Secure Distributed Membership Tests via Secret Sharing: How to Hide Your Hostile Hosts Harnessing Shamir Secret Sharing
Authors:
David Zage,
Helen Xu,
Thomas Kroeger,
Bridger Hahn,
Nolan Donoghue,
Thomas Benson
Abstract:
Data security and availability for operational use are frequently seen as conflicting goals. Research on searchable encryption and homomorphic encryption are a start, but they typically build from encryption methods that, at best, provide protections based on problems assumed to be computationally hard. By contrast, data encoding methods such as secret sharing provide information-theoretic data pr…
▽ More
Data security and availability for operational use are frequently seen as conflicting goals. Research on searchable encryption and homomorphic encryption are a start, but they typically build from encryption methods that, at best, provide protections based on problems assumed to be computationally hard. By contrast, data encoding methods such as secret sharing provide information-theoretic data protections. Archives that distribute data using secret sharing can provide data protections that are resilient to malicious insiders, compromised systems, and untrusted components.
In this paper, we create the Serial Interpolation Filter, a method for storing and interacting with sets of data that are secured and distributed using secret sharing. We provide the ability to operate over set-oriented data distributed across multiple repositories without exposing the original data. Furthermore, we demonstrate the security of our method under various attacker models and provide protocol extensions to handle colluding attackers. The Serial Interpolation Filter provides information-theoretic protections from a single attacker and computationally hard protections from colluding attackers.
△ Less
Submitted 30 November, 2015;
originally announced December 2015.
-
Modeling Curved Carbon Fiber Composite (CFC) Structures in the Transmission-Line Modeling (TLM) Method
Authors:
Xuesong Meng,
Phillip Sewell,
Sendy Phang,
Ana Vukovic,
Trevor M. Benson
Abstract:
A new embedded model for curved thin panels is developed in the Transmission Line Modeling (TLM) method. In this model, curved panels are first linearized and then embedded between adjacent 2D TLM nodes allowing for arbitrary positioning between adjacent node centers. The embedded model eliminates the necessity for fine discretization thus reducing the run time and memory requirements for the calc…
▽ More
A new embedded model for curved thin panels is developed in the Transmission Line Modeling (TLM) method. In this model, curved panels are first linearized and then embedded between adjacent 2D TLM nodes allowing for arbitrary positioning between adjacent node centers. The embedded model eliminates the necessity for fine discretization thus reducing the run time and memory requirements for the calculation. The accuracy and convergence of the model are verified by comparing the resonant frequencies of an elliptical cylinder formed using carbon fiber composite (CFC) materials with those of the equivalent metal cylinder. Furthermore, the model is used to analyze the shielding performance of CFC airfoil NACA2415.
△ Less
Submitted 4 February, 2015;
originally announced February 2015.
-
Stratos: A Network-Aware Orchestration Layer for Virtual Middleboxes in Clouds
Authors:
Aaron Gember,
Anand Krishnamurthy,
Saul St. John,
Robert Grandl,
Xiaoyang Gao,
Ashok Anand,
Theophilus Benson,
Vyas Sekar,
Aditya Akella
Abstract:
Enterprises want their in-cloud services to leverage the performance and security benefits that middleboxes offer in traditional deployments. Such virtualized deployments create new opportunities (e.g., flexible scaling) as well as new challenges (e.g., dynamics, multiplexing) for middlebox management tasks such as service composition and provisioning. Unfortunately, enterprises lack systematic to…
▽ More
Enterprises want their in-cloud services to leverage the performance and security benefits that middleboxes offer in traditional deployments. Such virtualized deployments create new opportunities (e.g., flexible scaling) as well as new challenges (e.g., dynamics, multiplexing) for middlebox management tasks such as service composition and provisioning. Unfortunately, enterprises lack systematic tools to efficiently compose and provision in-the-cloud middleboxes and thus fall short of achieving the benefits that cloud-based deployments can offer. To this end, we present the design and implementation of Stratos, an orchestration layer for virtual middleboxes. Stratos provides efficient and correct composition in the presence of dynamic scaling via software-defined networking mechanisms. It ensures efficient and scalable provisioning by combining middlebox-specific traffic engineering, placement, and horizontal scaling strategies. We demonstrate the effectiveness of Stratos using an experimental prototype testbed and large-scale simulations.
△ Less
Submitted 11 March, 2014; v1 submitted 1 May, 2013;
originally announced May 2013.
