Network Functions Visualization (NFV) replaces physical middleboxes with software instances running network functions in cloud environments. To support this new paradigm, it is necessary to port the code basis from highly specialized hardware devices to virtual machines running on COTS hardware. In order to fully exploit the inherent capabilities of cloud environments it is further necessary to redesign the software to support a large amount of distributed, cooperating function instances instead of single, isolated and monolithic instances. This development can be observed for network functions like stateful firewalling. Until now, available software firewalls lack support for active/active operation in clustered environments, which hinders horizontal scalability. This is due to the fact that the required synchronization of connection states among the cluster's instances is an impediment that still has to be resolved. Therefore, this work investigates different synchronization strategies and mechanisms, which allow to share connection states among the cluster to maintain scalability and high-availability.
%0 Generic
%1 info3-demo-2017-3
%A Pfaff, Benedikt
%A Scherer, Johann
%A Hock, David
%A Gray, Nicholas
%A Zinner, Thomas
%A Tran-Gia, Phuoc
%A Durner, Raphael
%A Kellerer, Wolfgang
%A Lorenz, Claas
%B In Proceedings of the SIGCOMM Posters and Demos
%D 2017
%K myown sardine ngn
%T SDN/NFV-enabled Security Architecture for Fine-grained Policy Enforcement and Threat Mitigation for Enterprise Networks
%X Network Functions Visualization (NFV) replaces physical middleboxes with software instances running network functions in cloud environments. To support this new paradigm, it is necessary to port the code basis from highly specialized hardware devices to virtual machines running on COTS hardware. In order to fully exploit the inherent capabilities of cloud environments it is further necessary to redesign the software to support a large amount of distributed, cooperating function instances instead of single, isolated and monolithic instances. This development can be observed for network functions like stateful firewalling. Until now, available software firewalls lack support for active/active operation in clustered environments, which hinders horizontal scalability. This is due to the fact that the required synchronization of connection states among the cluster's instances is an impediment that still has to be resolved. Therefore, this work investigates different synchronization strategies and mechanisms, which allow to share connection states among the cluster to maintain scalability and high-availability.
@misc{info3-demo-2017-3,
abstract = {Network Functions Visualization (NFV) replaces physical middleboxes with software instances running network functions in cloud environments. To support this new paradigm, it is necessary to port the code basis from highly specialized hardware devices to virtual machines running on COTS hardware. In order to fully exploit the inherent capabilities of cloud environments it is further necessary to redesign the software to support a large amount of distributed, cooperating function instances instead of single, isolated and monolithic instances. This development can be observed for network functions like stateful firewalling. Until now, available software firewalls lack support for active/active operation in clustered environments, which hinders horizontal scalability. This is due to the fact that the required synchronization of connection states among the cluster's instances is an impediment that still has to be resolved. Therefore, this work investigates different synchronization strategies and mechanisms, which allow to share connection states among the cluster to maintain scalability and high-availability.},
added-at = {2018-08-03T15:47:25.000+0200},
author = {Pfaff, Benedikt and Scherer, Johann and Hock, David and Gray, Nicholas and Zinner, Thomas and Tran-Gia, Phuoc and Durner, Raphael and Kellerer, Wolfgang and Lorenz, Claas},
biburl = {https://www.bibsonomy.org/bibtex/24211b3307e264ae10902ac4c2a3d1d1d/uniwue_info3},
booktitle = {In Proceedings of the SIGCOMM Posters and Demos},
interhash = {09043e1b0aea5f99f7456ce1a8a03bc6},
intrahash = {4211b3307e264ae10902ac4c2a3d1d1d},
keywords = {myown sardine ngn},
month = {8},
timestamp = {2022-03-14T00:14:13.000+0100},
title = {SDN/NFV-enabled Security Architecture for Fine-grained Policy Enforcement and Threat Mitigation for Enterprise Networks},
year = 2017
}