Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010.

Slides:



Advertisements
Similar presentations
Extended Service Set (ESS) Mesh Network Daniela Maniezzo.
Advertisements

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.
4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.
CS 4700 / CS 5700 Network Fundamentals Lecture 13: Middleboxes and NAT (Duct tape for IPv4) Revised 3/9/2013.
Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.
Xiphos.ca Charlie Younghusband XipLink Product Manager Xiphos Technologies Xiphos’ Work with SCPS-TP & applications and interest in CisLunar Introducing.
CAPWAP BOF Control And Provisioning of Wireless Access Points James Kempf DoCoMo Labs USA Dorothy Stanley Agere Systems WAP!
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Requirements for IP/UDP/RTP header compression To become Editor: Mikael Degermark Input: Charter, 3GPP requirements, contribution from 3G.IP, Editors central.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Middle Boxes Lixia Zhang UCLA Computer Science Dept Sprint Research Symposium March 8-9, 2000.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
IPv6 and Overlays EE122 Introduction to Communication Networks Discussion Section.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.
Route Optimization Requirements for Operational Use in Aeronautics and Space Exploration Mobile Networks (draft-eddy-nemo-aero-reqs-01) Wes Eddy – Verizon.
Middleboxes & Network Appliances EE122 TAs Past and Present.
Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,
Barracuda Load Balancer Server Availability and Scalability.
1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF.
Heidelberg, May 1998 AIMS’99 Workshop Internet Protocol version 6 (IPv6) Úna Logan Broadcom Eireann Research Ltd.
1 464XLAT Combination of Stateful and Stateless Translation draft-ietf-v6ops-464xlat-01 IETF 83 v6ops WG Japan Internet Exchange Co.,Ltd.
TRansparent Interconnection of Lots of Links (TRILL) March 11 th 2010 David Bond University of New Hampshire: InterOperability.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public BSCI Module 8 Lessons 1 and 2 1 BSCI Module 8 Lessons 1 and 2 Introducing IPv6 and Defining.
NECP: the Network Element Control Protocol IETF WREC Working Group November 11, 1999.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
IPv4 TO IPv6 TRANSITION AND INTEROPERABILITY FOR TELECOM SERVICE PROVIDER Business Problem In today’s environment of growing connectivity where almost.
Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.
NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.
BEHAVE BOF (Behavior Engineering for Hindrance AVoidancE) Cullen Jennings Jiri Kuthan.
1 Debugging Path MTU Discovery Failures - Techniques and Results Internet2 Member Meeting September 21, 2005 Matthew Luckie, Kenjiro Cho, Bill Owens.
IPv6 WORKING GROUP March 2002 Minneapolis IETF Bob Hinden / Nokia Steve Deering / Cisco Systems Co-Chairs.
1 IPv6 for the Network Edge Steve Deering March 20, 2000.
Module 10: How Middleboxes Impact Performance
1 MPLS: Progress in the IETF Yakov Rekhter
Doc.: IEEE 11-04/0319r0 Submission March 2004 W. Steven Conner, Intel Corporation Slide 1 Architectural Considerations and Requirements for ESS.
1 Chapters 2 & 3 Computer Networking Review – The TCP/IP Protocol Architecture.
Piotr Srebrny 1.  Problem statement  Packet caching  Thesis claims  Contributions  Related works  Critical review of claims  Conclusions  Future.
IPv6 WORKING GROUP (IPNGWG) December 2000 San Diego IETF Bob Hinden / Nokia Steve Deering / Cisco Systems Co-Chairs.
What comes next in Internet infrastructure: quality of service, IPv6, and more Brian E Carpenter Program Director, Internet Standards & Technology, IBM.
Use Cases for High Bandwidth Query and Control of Core Networks Greg Bernstein, Grotto Networking Young Lee, Huawei draft-bernstein-alto-large-bandwidth-cases-00.txt.
6.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 6: Designing.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
Internet Protocol Storage Area Networks (IP SAN)
Network Mobility (NEMO) Advanced Internet 2004 Fall
Characteristics of Scaleable Internetworks
1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.
© 2007 EMC Corporation. All rights reserved. Internet Protocol Storage Area Networks (IP SAN) Module 3.4.
Homenet Routing IETF 83, Paris Acee Lindem, Ericsson.
David B. Johnson Rice University Department of Computer Science DSR Draft Status Monarch Project 57th IETF.
Extension of the MLD proxy functionality to support multiple upstream interfaces 1 Luis M. Contreras Telefónica I+D Carlos J. Bernardos Universidad Carlos.
Guidelines for IPFIX Implementations on Middleboxes Juergen Quittek, Martin Stiemerling 59th IETF meeting, IPFIX WG.
Multicast in Information-Centric Networking March 2012.
On Firewalls Fred Baker and Paul Hoffman draft-ietf-opsawg-firewalls-01.txt.
A Survey of Network Function Placement
David Wetherall Spring 2000
IPv6 for the Network Edge
Mobile IP.
Different Traffic Management Techniques for Mobile Broadband Networks
Kris, Karthik, Ansley, Sean, Jeremy Dick, David K, Frans, Hari
iSCSI X-key for enhanced supportability
Extending IP to Low-Power, Wireless Personal Area Networks
IS4680 Security Auditing for Compliance
Architecture and Principles
Design Expectations vs. Deployment Reality in Protocol Development
M. Boucadair, J. Touch, P. Levis and R. Penno
Presentation transcript:

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010

Talk Outline  Middlebox Discovery ID Summary and Status  Discussion of Middlebox Needs  Other Common Middlebox Issues of Potential Interest to IETF  References

ID Summary  draft-knutsen-tcpm-middlebox-discovery-03 Defines a new TCP Option for in-band discovery of middleboxes Designed from the ground up to:  Consume only a single TCP Option Kind for all vendors who need this capability  Allow for safe proprietary use as well as future standardized use  Includes lessons from years of practical implementation experience Incorporates numerous good suggestions from tcpm mailing list

ID Status  Working Group has chosen not to take this up as a WG item  Draft has been submitted for IESG approval

Evolving Internet Connectivity  1980’s: Direct IP to IP connections  1990’s: Firewalls and NATs become prevalent on nearly all paths  2000’s: Increasing use of higher level middleboxes Proxies (caching, security) Access points Acceleration devices Load balancers Rate shaping / TCP “enhancing” devices

What about End-to-End Arguments?  David D. Clark, Marjory S. Blumenthal, “Rethinking the design of the Internet: The end to end arguments vs. the brave new world”, August 10,  Paper outlines many requirements that we see today

Today’s Drivers  Security Cybercrime and malware are growing problems  Performance Bandwidth savings via advanced compression technologies Latency savings via protocol optimizations Improved goodput via TCP optimizations  New emerging market for proxies as IPv6 transition appliances

Known Problems  There are a few problems we see all the time which the IETF could have an impact on: TCP ACK storms  Application Networking devices often use “fail-to-wire” bridging  If fully transparent, when failure happens, ACK storm ensues Asymmetric routing (or routing changes)  Often cited as a key reason transparent intercept is incompatible with Internet architecture  But – vendors have numerous proprietary solutions to handle this Amplification of known issues  PMTU black holes  Broken support for RFC1323 and other extensions to TCP and IP

References (1/3)  Historical references on proxies and Internet architecture: Chatel, M., “Classical versus Transparent IP Proxies”, RFC1919 (1996). Saltzer, J. H.; Reed, D. P.; Clark, D. D., “End-to-End Arguments in System Design”. (1984). Clark, D. D.; Blumenthal, M. S., “Rethinking the design of the Internet: The end to end arguments vs. the brave new world”. (2000). Clark, D. D.; Sollins, K.; Wroclawski, J.; Faber, T., “Addressing Reality: An Architectural Response to Real-World Demands on the Evolving Internet”. (2003).

References (2/3)  Research publications: Spring, N. T.; Wetherall, D., “A Protocol Independent Technique for Eliminating Redundant Network Traffic”. (2000). Li, Q., “A Novel Approach to Manage Asymmetric Traffic Flows for Secure Network Proxies”. (2008). Anand, A.; Gupta, A.; Akella, A.; Seshan, S.; Shenker, S., “Packet Caches on Routers: The Implications of Universal Redundant Traffic Elimination”. (2008). Anand, A.; Sekar, V.; Akella, A., “SmartRE: An Architecture for Coordinated Network-wide Redundancy Elimination”. (2009)

References (3/3)  Vendor references: Salchow, K. J., “Load Balancing 101: The Evolution to Application Delivery Controllers”. “Technology Primer: Transparent Application Delivery Networks”. Bartlett, J.; Sevcik, P., “How Network Transparency Affects Application Acceleration Deployment”. NetForecast-Transparency.pdfhttp:// NetForecast-Transparency.pdf 11