TopoMan: Global Network Visibility in the Presence of Middleboxes (A Graybox Approach)

TL;DR

This paper introduces TopoMan, a framework that enhances global network visibility and topology discovery in SDN environments with middleboxes, addressing key challenges like heterogeneity, control, and security.

Contribution

It presents a unified infrastructure framework for topology discovery and path verification that works independently of SDN, including APIs and security considerations.

Findings

Effective topology discovery in mixed environments

End-to-end path connectivity verification support

Enhanced control and visibility in presence of middleboxes

Abstract

Software Defined Networks (SDN) provide vital benefits to network administrators by offering global visibility and network-wide control over the switching infrastructure of the network. It is rather much difficult to obtain the same benefits in the presence of middleboxes (MBs), due to (i) lack of a proper topology discovery mechanism in environments with a mix of forwarding devices and middleboxes. (ii) lack of generic APIs to abstract and gain control on these rigid and heterogeneous third-party middleboxes (iii) lack of a generic network infrastructure framework to monitor and verify any specific device or path connectivity status in the network. These limitations make automation of network operations such as, network-wide monitoring, policy enforcement and rule-placement much difficult to handle. Hence, there is a greater urge even from middlebox vendors, to better handle the control and visibility aspects of the network in presence of middleboxes. In this paper, we propose a Unified network infrastructure framework for gaining global network visibility, by discovering the network topology in the presence of middleboxes, along with a framework to support the end-to-end path connectivity verification, independent of SDN. We have also addressed security aspects and provided necessary APIs to support our framework.