Towards a middlebox policy taxonomy: Path impairments

Recent years have seen the rise of middleboxes, such as firewalls, NATs, proxies, or Deep Packet Inspectors. Those middleboxes play an important role in today's Internet, including enterprise networks and cellular networks. However, despite their huge success in modern network architecture, they have a negative impact on the Internet evolution as they can slow down the TCP protocol evolution and its extensions. Making available a summary of the potential middlebox network interferences is of the highest importance as it could allow researchers to confront their new transport protocol to potential issues caused by middleboxes. And, consequently, allowing again innovation in the Internet. This is exactly what we tackle in this paper. We propose a path impairment oriented middlebox taxonomy that aims at categorizing the initial purpose of a middlebox policy as well as its potential unexpected complications. Based on a measurement campaign on IPv4 and IPv6 networks, we confront our taxonomy to the real world. Our dataset is freely available.

[1]  Brian Trammell,et al.  On the State of ECN and TCP Options on the Internet , 2013, PAM.

[2]  Mark Allman,et al.  A middlebox-cooperative TCP for a non end-to-end internet , 2015, SIGCOMM 2015.

[3]  Nitin Chiluka,et al.  BitTorrent-like P2P approaches for VoD: A comparative study , 2013, Comput. Networks.

[4]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[5]  Mark A. Lemley,et al.  The End of End-to-End: Preserving the Architecture of the Internet in the Broadband Era , 2000 .

[6]  Dmitri Krioukov,et al.  Internet Mapping: From Art to Science , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[7]  Sally Floyd,et al.  Measuring interactions between transport protocols and middleboxes , 2004, IMC '04.

[8]  Mark Handley,et al.  TCP Extensions for Multipath Operation with Multiple Addresses , 2020, RFC.

[9]  Olivier Bonaventure,et al.  Are TCP extensions middlebox-proof? , 2013, HotMiddlebox '13.

[10]  David L. Black,et al.  The Addition of Explicit Congestion Notification (ECN) to IP , 2001, RFC.

[11]  Brian E. Carpenter,et al.  Middleboxes: Taxonomy and Issues , 2002, RFC.

[12]  Mark Allman,et al.  A middlebox-cooperative TCP for a non end-to-end internet , 2014, SIGCOMM.

[13]  Gorry Fairhurst,et al.  Enabling Internet-Wide Deployment of Explicit Congestion Notification , 2015, PAM.

[14]  Mark Handley,et al.  Is it still possible to extend TCP? , 2011, IMC '11.

[15]  A. Langley Probing the viability of TCP extensions , 2008 .

[16]  Olivier Bonaventure,et al.  Revealing middlebox interference with tracebox , 2013, Internet Measurement Conference.

[17]  Ming Zhang,et al.  An untold story of middleboxes in cellular networks , 2011, SIGCOMM.

[18]  Zhuoqing Morley Mao,et al.  Off-path TCP Sequence Number Inference Attack - How Firewall Middleboxes Reduce Security , 2012, 2012 IEEE Symposium on Security and Privacy.