Middle Boxes Lixia Zhang UCLA Computer Science Dept

Middle Boxes Lixia Zhang UCLA Computer Science Dept 3/8/00 Sprint Research Symposium March 8 -9, 2000

What are middle boxes? 3/8/00 2

What are the end boxes? Internet IP delivery client server Back 20 years… • What's on the net - servers/clients (e. g. telnet, ftp, email) - later: peers (e. g. VT) • data delivery between the end boxes directly 3/8/00 3

The Role of IP Delivery server client routers IP delivers packets from end to end • the ends are defined by the communicating application process • the ends are indicated by the source and destination addresses in the IP header 3/8/00 4

What are middle boxes? client server middle box • data is no longer delivered between the two end boxes by direct IP path • The first middleman: email server In the early days: 3/8/00 Email sender always connected Email recipient 5

What are middle boxes? client server middle box • data is no longer delivered between the two end boxes by direct IP path • The first middleman: email server As time went: 3/8/00 email sender Intermittent connectivity always connected email server email recipient 6

Every coin has two sides • Gain from having such a middlebox: solved the asynchrony problem between the two ends of email delivery • Loss for having a box in the middle: – more parts in the system to mingle with – more points of potential failures 3/8/00 email sender email server email recipient 7

The position of email server in the IP architecture • An application level box – email sender talks to email server explicitly – email recipient fetches email from the server explicitly in another word, not a "transparent" box 3/8/00 email sender email server email recipient 8

What we've seen in last couple of years • A lot more middle boxes Web proxy – Web proxies – "transparent" Web caches Packet hijacking! ("for your benefit") – portals 3/8/00 client Web server 9

And more middleboxes yet to come e. g. Proxy servers to facilitate mobile wireless devices and mobile users in handling – intermittent connectivity – location tracking – link QOS constraint – session migration 3/8/00 10

What we've seen. . . • Growing up of the Internet, of course • need for scalable data dissemination – large number of clients requesting same data – requests coming in asynchronously • need for information discovery/sorting • need for authentication/security and all other kinds of services 3/8/00 11

Challenges from growth • large number of clients, large number of mobile users, large number of servers too • How to do it right? So far pretty much "one hundred flowers blooming" – Web proxies – abuse DNS for load balancing – "transparent" caching – "layer switching", 3 < < 10? 3/8/00 12

What's coming Big part of the society moving online • what makes up the society & business market: mostly middlemen – largely missing on the Internet • the reason that the Internet, by and large, does not look user-friendly to most people Prediction 3/8/00 – a lot more middle boxes – IP packet delivery infrastructure fades into background—ubiquitous IP connectivity everywhere 13

"Internet architecture" ? • Where in the architecture do those new middle boxes belong to? For now: nowhere, or everywhere • haven't you heard the hot buzzword "transparency"? 3/8/00 Does that raise a concern? YES User programs application protocols email WWW phone. . . SMTP HTTP RTP. . . transport protocols TCP UDP… IP IP various networks ethernet PPP… CSMA async sonet. . . copper fiber radio. . . 14

Concerns about transparent middleboxes • "transparent" middleboxes considered harmful – packet hijacking versus system manageability – Users: being in control versus being controlled • Sticking to the layered protocol architecture considered necessary 3/8/00 15

Where middle boxes belong to in the Internet architecture • should be application level boxes • being visible to end users • Middleboxes and end-to-end principle: consider middle boxes as one "end" of "end-to-end" – e. g. the mail server in email delivery 3/8/00 16

Middleboxes: gains • Keep the waist of the hour-glass thin – manageable, scalable, robust connectivity • help the Internet scale with growing applications & client population • Provide real services, all kinds of them 3/8/00 – personalized portals – heterogeneity – building new services from existing applications 17

Some potential losses (or things we need to pay attention) • Dependency on those middleboxes – increased complexity – increased vulnerability • "directory-enabled network": the network is gone when directory crashes, even if all switches are up – a robust, self-configured, self-organizing middlebox infrastructure can lead to higher availability and more robustness 3/8/00 • more complex security and trust model • impact on data integrity 18

Summary • Finally the Internet is growing up! – Past efforts mostly on packet delivery – Now people start making money out of this packet delivery service • middle boxes are a must • Warning: pay attention to architecture • Right way out: building application level infrastructures on top of the packet delivery infrastructure 3/8/00 19