MIDAS: Middlebox discovery and selection for on-path flow processing

The deployment of micro-datacenters for network function virtualization (NFV) by Internet Service Providers creates opportunities for flow processing along the traffic path. On-path processing requires the discovery of the middleboxes that will be traversed by each flow and the assignment of network functions (NFs) to middleboxes, while preserving the order of the NFs as specified in the service chain. NF location dependencies may require flow processing establishment across multiple NF Providers (NFPs). This entails additional challenges for middlebox discovery and selection, stemming from the NFPs' restrictions in information disclosure and interoperability. To address these issues, we present MIDAS, an architecture for the coordination of middlebox discovery and selection across multiple NFPs. MIDAS relies on a centralized middlebox controller in each NFP to provide interoperability among NFPs for flow processing setup. MIDAS establishes on-path processing via middlebox signaling, controller chaining, and Multi-Party Computation (MPC) based middlebox selection. We particularly employ MPC to preserve the confidentiality of middlebox utilization across the NFPs. We study the feasibility of MIDAS using a prototype implementation and further present simulation results to assess the efficiency of our middlebox selection approach.