A Policy-aware Switching Layer for Data Centers

Summary
This paper aims to solve a problem in data-center design. Currently, if an admin wants to ensure that traffic flows through a particular set of boxes (say a firewall then a load-balancer) there isn't a standard and simple way to do this. Either the boxes have to be physically interposed, which often isn't possible, or nasty tricks like messing with link weights needs to be used. The latter doesn't enforce a flow policy either, since link failure could still allow packets to avoid flowing through a particular box.

To solve this problem the authors propose "Policy Aware Routing". The basic idea is that a central location specifies declaratively what route packets should take. This specification is compiled into a set of rules that specify the next hop for a particular type of packet, given its previous hop. Routers are modified to check this information, consult their rule table, and forward packets appropriately. Middleboxes (firewalls, load-balancers etc) are taken off the physical network path. This both prevents unnecessary traffic to those boxes, and makes the addition of new boxes fairly simple.

To allow unmodified middleboxes to plug in frames are encapsulated and decapsulated at the switches so the boxes only see standard ethernet frames.


Comments
I liked the motivation for this paper. The current situation is clearly problematic and this paper proposes an elegant solution to the problem. There main issue I see is the increase in overhead and latency that this introduces. While the numbers from the paper might be acceptable for external applications requesting data from inside the data-center, inter-center apps, especially those that are network intensive, would probably be quite hurt by the added overhead of this system.

Still, this was an interesting paper and one I would keep on the reading list.