Split/Merge: System Support for Elastic Execution in Virtual Middleboxes

, , and
USENIX Symposium on Networked Systems Design and Implementation (NSDI)
Lombard, Illinois,
Abstract. Developing elastic applications should be easy. This paper takes a step toward the goal of generalizing elasticity by observing that a broadly deployed class of software---the network middlebox---is particularly well suited to dynamic scale. Middleboxes tend to achieve a clean separation between a small amount of per-flow network state and a large amount of complex application logic. We present a state-centric, systems-level abstraction for elastic middleboxes called Split/Merge. A virtual middlebox that has appropriately classified its state (e.g., per-flow state) can be dynamically scaled out (or in) by a Split/Merge system, but remains ignorant of the number of replicas in the system. Per-flow state may be transparently split between many replicas or merged back into one, while the network ensures flows are routed to the correct replica. As a result, Split/Merge enables loadbalanced elasticity. We have implemented a Split/Merge system, called FreeFlow, and ported Bro, an open-source intrusion detection system, to run on it. In controlled experiments, FreeFlow enables a 25% reduction in maximum latency while eliminating hotspots during scale-out and a 50% quicker scale-in than standard approaches.
author = {Shriram and Rajagopalan and Dan and Williams and Hani and Jamjoom and Andy and Warfield},
title = {{Split/Merge: System Support for Elastic Execution in Virtual Middleboxes}},
booktitle = {USENIX Symposium on Networked
                  Systems Design and Implementation (NSDI)},
address = {Lombard, Illinois},
month = {April},
year = {2013}