Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
Middlebox
A middlebox is a computer networking device that transforms, inspects, filters, and manipulates traffic for purposes other than packet forwarding. Examples of middleboxes include firewalls, network address translators (NATs), load balancers, and deep packet inspection (DPI) devices.
The term middlebox was coined in 1999 by UCLA computer science professor Lixia Zhang.
Middleboxes are widely deployed across both private and public networks. Dedicated middlebox hardware is widely deployed in enterprise networks to improve network security and performance; however, even home network routers often have integrated firewall, NAT, or other middlebox functionality. One 2017 study counted more than 1,000 deployments in autonomous systems, in both directions of traffic flows, and across a wide range networks, including mobile operators and data center networks.
The following are examples of commonly-deployed middleboxes:
Middleboxes have generated technical challenges for application development and have incurred "scorn" and "dismay" in the network architecture community for violating the end-to-end principle of computer system design.
Some middleboxes interfere with application functionality, restricting or preventing end host applications from performing properly.
In particular, network address translators (NATs) present a challenge in that NAT devices divide traffic destined to a public IP address across several receivers. When connections between a host on the Internet and a host behind the NAT are initiated by the host behind the NAT, the NAT learns that traffic for that connection belongs to the local host. Thus, when traffic coming from the Internet is destined to the public (shared) address on a particular port, the NAT can direct the traffic to the appropriate host. However, connections initiated by a host on the Internet do not present the NAT any opportunity to "learn" which internal host the connection belongs to. Moreover, the internal host itself may not even know its own public IP address to announce to potential clients what address to connect to. To resolve this issue, several new protocols have been proposed.
Additionally, because middlebox deployments by cell operators such as AT&T and T-Mobile are opaque, application developers are often "unaware of the middlebox policies enforced by operators", while operators lack full knowledge about application behavior and requirements. For example, one carrier set an "aggressive timeout value to quickly recycle the resources held by inactive TCP connections in the firewall, unexpectedly causing frequent disruptions to long-lived and occasionally idle connections maintained by applications such as push-based email and instant messaging".
Hub AI
Middlebox AI simulator
(@Middlebox_simulator)
Middlebox
A middlebox is a computer networking device that transforms, inspects, filters, and manipulates traffic for purposes other than packet forwarding. Examples of middleboxes include firewalls, network address translators (NATs), load balancers, and deep packet inspection (DPI) devices.
The term middlebox was coined in 1999 by UCLA computer science professor Lixia Zhang.
Middleboxes are widely deployed across both private and public networks. Dedicated middlebox hardware is widely deployed in enterprise networks to improve network security and performance; however, even home network routers often have integrated firewall, NAT, or other middlebox functionality. One 2017 study counted more than 1,000 deployments in autonomous systems, in both directions of traffic flows, and across a wide range networks, including mobile operators and data center networks.
The following are examples of commonly-deployed middleboxes:
Middleboxes have generated technical challenges for application development and have incurred "scorn" and "dismay" in the network architecture community for violating the end-to-end principle of computer system design.
Some middleboxes interfere with application functionality, restricting or preventing end host applications from performing properly.
In particular, network address translators (NATs) present a challenge in that NAT devices divide traffic destined to a public IP address across several receivers. When connections between a host on the Internet and a host behind the NAT are initiated by the host behind the NAT, the NAT learns that traffic for that connection belongs to the local host. Thus, when traffic coming from the Internet is destined to the public (shared) address on a particular port, the NAT can direct the traffic to the appropriate host. However, connections initiated by a host on the Internet do not present the NAT any opportunity to "learn" which internal host the connection belongs to. Moreover, the internal host itself may not even know its own public IP address to announce to potential clients what address to connect to. To resolve this issue, several new protocols have been proposed.
Additionally, because middlebox deployments by cell operators such as AT&T and T-Mobile are opaque, application developers are often "unaware of the middlebox policies enforced by operators", while operators lack full knowledge about application behavior and requirements. For example, one carrier set an "aggressive timeout value to quickly recycle the resources held by inactive TCP connections in the firewall, unexpectedly causing frequent disruptions to long-lived and occasionally idle connections maintained by applications such as push-based email and instant messaging".