Don’t ignore the middleboxes
Traditional networks contain routers, switches, clients and servers. Most introductory networking textbooks focus on these devices and the protocols that they use. However, real networks can be much more complex than the typical academic networks that are considered in textbooks. During the last decade, enterprise networks have included more and more middleboxes. A middlebox can be roughly defined as a device that resides inside the network and it able to both forward (like a router or a switch) but also modify packets. For this reason, middleboxes are often considered as layer-7 relays but they are not officially part of the Internet architecture. These middleboxes are usually deployed by network operators to better control or improve the performance of traffic in their network. There exist various types of middleboxes RFC 3234. The most common ones are :
- Network Address Translators (NAT) that rewrite IP addresses and port numbers
- Firewalls that control the incoming and outgoing packets
- Network Intrusion Detection System that analyse the packet payloads to detect possible attacks
- Load balancers that allow to distribute the load among several servers
- WAN optimizers that compress packets before transmitting them over expensive low bandwidth links
- Media gateways that are able to transcode voice and video formats
- transparent proxy caches that speedup access to remote web servers by maintaining caches
- …
The list of middleboxes keeps growing and managing them in addition to the routers and the switches is becoming a concern for enterprise network operators. In a recent paper presented at USENIX NSDI12, Vyas Sekar and colleagues describe a survey that they performed in an anonymous entreprise network. This network contained about 900 routers and more than 600 middleboxes !
Appliance type | Number |
---|---|
Firewall | 166 |
Network Intrusion Detection System | 127 |
Conferencing/Media gateway | 110 |
Load balancers | 67 |
Proxy caches | 66 |
VPN devices | 45 |
WAN optimizers | 44 |
Voice gateways | 11 |
Routers | about 900 |