Middleboxes No Longer Considered Harmful
نویسندگان
چکیده
Intermediate network elements, such as network address translators (NATs), firewalls, and transparent caches are now commonplace. The usual reaction in the network architecture community to these so-called middleboxes is a combination of scorn (because they violate important architectural principles) and dismay (because these violations make the Internet less flexible). While we acknowledge these concerns, we also recognize that middleboxes have become an Internet fact of life for important reasons. To retain their functions while eliminating their dangerous side-effects, we propose an extension to the Internet architecture, called the Delegation-Oriented Architecture (DOA), that not only allows, but also facilitates, the deployment of middleboxes. DOA involves two relatively modest changes to the current architecture: (a) a set of references that are carried in packets and serve as persistent host identifiers and (b) a way to resolve these references to delegates chosen by the referenced host.
منابع مشابه
Challenges in Unifying Control of Middlebox Traversals and Functionality
Network services appliances, i.e., middleboxes, are a key component of enterprise networks. Through examination andmodification of network traffic, middleboxes help ensure security, optimize performance, and facilitate remote access. A diverse array of middleboxes exist, both in terms of functionality and vendor, requiring distinct, distributed configuration across the enterprise [8]. Furthermo...
متن کاملHow to Detect Middleboxes: Guidelines on a Methodology
Internet middleboxes such as VPNs, firewalls, and proxies can significantly change handling of traffic streams. They play an increasingly important role in various types of IP networks. If end hosts can detect them, these hosts can make beneficial, and in some cases, crucial improvements in security and performance But because middleboxes have widely varying behavior and effects on the traffic ...
متن کاملDesign and Implementation of a Consolidated Middlebox Architecture
Network deployments handle changing application, workload, and policy requirements via the deployment of specialized network appliances or “middleboxes”. Today, however, middlebox platforms are expensive and closed systems, with little or no hooks for extensibility. Furthermore, they are acquired from independent vendors and deployed as standalone devices with little cohesiveness in how the ens...
متن کاملRfc 3234
This document is intended as part of an IETF discussion about "middleboxes" defined as any intermediary box performing functions apart from normal, standard functions of an IP router on the data path between a source host and destination host. This document establishes a catalogue or taxonomy of middleboxes, cites previous and current IETF work concerning middleboxes, and attempts to identify s...
متن کاملIn-Network Processing, User-Level Stacks and the Future of Internet Evolution
In past years, it has become increasingly evident that the venerable end-to-end model often taught in networking courses has more to do with Internet lore than with the reality of the network today. Over time, operators have deployed a vast array of middleboxes to enhance the capabilities of the network, ranging from security (firewalls, IDSes, traffic scrubbers), traffic shaping (rate limiters...
متن کامل