This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: An End to the Middle Colin Dixon Arvind Krishnamurthy University of Washington Thomas Anderson Abstract The last fifteen years has seen a vast proliferation of mid- dleboxes to solve all manner of persistent limitations in the Internet protocol suite. Examples include firewalls, NATs, load balancers, traffic shapers, deep packet intru- sion detection, virtual private networks, network moni- tors, transparent web caches, content delivery networks, and the list goes on and on. However, most smaller net- works in homes, small businesses and the developing world are left without this level of support. Further, the management burden and limitations of middleboxes are apparent even in enterprise networks. We argue for a shift from using proprietary middle- box harware as the dominant tool for managing networks toward using open software running on end hosts. We show that functionality that seemingly must be in the network, such as NATs and traffic prioritization, can be more cheaply, flexibly, and securely provided by dis- tributed software running on end hosts, working in con- cert with vastly simplified physical network hardware. 1 Introduction Middleboxes have done wonderful things for networks in the past few decades. They have enabled us to deal with address-space depletion (NATs), overcome TCPs limitations (packet shapers), and provide better security without changing commodity operating systems (fire- walls). Beyond these we rely on virtual private net- works (VPNs), proxies, caches, intrusion detection sys- tems (IDSs), load balancers, and many other offerings to keep our networks working properly so we can accom- plish our day-to-day tasks. However, middleboxes have not solved everyones problems. Most smaller networks have been left out in the cold as the costs to buy and run middlboxes are sim- ply too high. While we could hope that commodity home routers will eventually include all the functionality of the middleboxes we use in enterprise networks, wed rather not wait. A key motivation for the authors is to be able to get the level of IT support we have at work, for our own networks at home and for networks we help manage for non-profits in the developing world. We aim to solve two key shortcomings of the current middlebox-based approach to network management in order to make it more effective and its benefits more ac- cessible. Cost Middleboxes are expensive at almost every level: upfront costs of hardware, skilled staff to manage them, long-term costs of vendor lock-in, scaling to handle increased loads, and so on. In constrast, most computers today are massively overprovisioned, with a proliferating number of cores used only for short bursts of user activity. It should seem strange then to intentionally design a system that keeps functionality in the network and away from endpoints....
View Full Document
- Spring '08