366 | | ==== Enhancing OpenFlow Networks with Service Insertion and Payload Inspection ==== |
367 | | ''This demo shows a working prototype of an application-aware video reconditioning service. Visit us to learn about building value-added network services, such as a context-sensitive service for prioritizing public safety applications or a security service that detects and eliminates malware embedded in unwary user traffic.'' |
368 | | |
369 | | Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. !OpenFlow, the ''de facto'' early standard for Software-Defined Networking, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to !OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the !OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an !OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to modify traffic behavior based on payload content (i.e. expedite specific traffic); inject/remove information from the payload; and encrypt traffic on the fly. |
370 | | |
371 | | The video reconditioning service prototype demonstrates video traffic steered to travel either a best-effort route or an expedited route based on the video feed’s URL. This is currently a capability switches (conventional/OpenFlow-enabled) are not able to perform, because the information lies in the L7 header. |
| 366 | ==== Enhancing an OpenFlow Network with Service Insertion and Payload Inspection ==== |
| 367 | ''This demo shows a working prototype of how arbitrary application-aware services can be introduced and efficiently managed within an !OpenFlow network. Visit us to learn about building value-added network services, such as a context-sensitive service for prioritizing public safety applications or a security service that detects and eliminates malware embedded in unwary user traffic.'' |
| 368 | |
| 369 | Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. !OpenFlow, the de facto early standard for Software-Defined Network, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to !OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the !OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an !OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to modify traffic behavior based on payload content (i.e. expedite specific traffic); inject/remove information from the payload; and encrypt traffic on the fly. |
| 370 | |
| 371 | Our experiment demonstrates how a preferential treatment service powered by an EPB can steer video traffic to travel either a best-effort route or an expedited route based on video feed’s URL. This is currently a capability switches (conventional/OpenFlow-enabled) are not able to perform as the information lies in the L7 header. |