An End to the Middle

The last fifteen years has seen a vast proliferation of middleboxes to solve all manner of persistent limitations in the Internet protocol suite. Examples include firewalls, NATs, load balancers, traffic shapers, deep packet intrusion detection, virtual private networks, network monitors, transparent web caches, content delivery networks, and the list goes on and on. However, most smaller networks in homes, small businesses and the developing world are left without this level of support. Further, the management burden and limitations of middleboxes are apparent even in enterprise networks. We argue for a shift from using proprietary middle-box harware as the dominant tool for managing networks toward using open software running on end hosts. We show that functionality that seemingly must be in the network, such as NATs and traffic prioritization, can be more cheaply, flexibly, and securely provided by distributed software running on end hosts, working in concert with vastly simplified physical network hardware.

[1]  Hong Yan,et al.  Tesseract: A 4D Network Control Plane , 2007, NSDI.

[2]  Scott Shenker,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM.

[3]  David A. Maltz,et al.  Network-Wide Decision Making: Toward A Wafer-Thin Control Plane , 2004 .

[4]  Antony I. T. Rowstron,et al.  Network exception handlers: host-network control in enterprise networks , 2008, SIGCOMM '08.

[5]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[6]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[7]  David R. Cheriton,et al.  An Architecture for Content Routing Support in the Internet , 2001, USITS.

[8]  Martín Casado,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM '07.

[9]  Jennifer Rexford,et al.  Floodless in seattle: a scalable ethernet architecture for large enterprises , 2008, SIGCOMM '08.

[10]  Nick McKeown,et al.  NetFPGA: A Tool for Network Research and Education , 2006 .

[11]  Michael Walfish,et al.  Middleboxes No Longer Considered Harmful , 2004, OSDI.

[12]  Paul Francis,et al.  CONMan: a step towards network manageability , 2007, SIGCOMM.

[13]  Jennifer Rexford,et al.  SEATTLE: A Scalable Ethernet Architecture for Large Enterprises , 2011 .

[14]  Hong Yan,et al.  A clean slate 4D approach to network control and management , 2005, CCRV.

[15]  Saikat Guha,et al.  An end-middle-end approach to connection establishment , 2007, SIGCOMM '07.

[16]  Aaron Weiss Trusted computing , 2006, NTWK.

[17]  Tal Garfinkel,et al.  SANE: A Protection Architecture for Enterprise Networks , 2006, USENIX Security Symposium.

[18]  Nick Feamster,et al.  Design and implementation of a routing control platform , 2005, NSDI.

[19]  Ahmad-Reza Sadeghi,et al.  Trusted Computing , 2010, Handbook of Financial Cryptography and Security.