| Today it is common to add a network appliance---such as firewalls, traffic shapers, and server load balancers---to solve problems and enhance the services provided by networks within an organization. Enterprise networks have traditionally been difficult to extend and update as requirements change, and appliances are easy-to-deploy, easy-to-manage solutions for adding application-level functionality to networks. Unfortunately, as networks begin to deploy separate appliances for every possible need, it becomes unwieldy to manage so many special-purpose devices, each with their own distinct interfaces that must be learned. Some appliances are also difficult to compose in the way the user wants. For example, the functions of one appliance may conflict with another appliance in a non-trivial way. To solve these problems, the market may soon demand that the myriad of appliances, switches, and routers will one day coalesce into a single, agile device. We refer to this futuristic all-in-one device as a configurable network element (CNE).;There are a variety of challenges associated with configuring and managing CNEs, and past research has not fully addressed them. RouterVM is a graphical, high-level management interface and virtual machine abstraction for CNEs. RouterVM presents a visual and composible interface for service configuration within a CNE. The approach is based on generalized packet filters (GPFs), an extension of the packet filter concept found in routers and switches today. Like packet filters, GPFs are capable of performing classifications and actions on packets, but the types of classifications and actions offered are much more powerful and flexible. GPFs serve as the intuitive high-level building block for almost all functions in RouterVM. We have chosen a library of seven prototype GPFs that is representative of most commercial appliances. We show that an implementation of RouterVM for PC architectures is flexible enough to implement the most interesting CNE configurations and deployment scenarios, including a realistic enterprise network case study. Performance benchmarks suggest that a fully-optimized version of RouterVM for PCs is capable of achieving sufficient performance for enterprise networks. In addition, by assuming that GPFs operate asynchronously and do not normally share state, RouterVM can efficiently target a wide variety of parallel hardware, such as network processors. |
