Presentation is loading. Please wait.

Presentation is loading. Please wait.

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010.

Published byAngie Trathen Modified over 9 years ago

Similar presentations

Presentation on theme: "Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010."— Presentation transcript:

1 Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010

2 Talk Outline  Middlebox Discovery ID Summary and Status  Discussion of Middlebox Needs  Other Common Middlebox Issues of Potential Interest to IETF  References

3 ID Summary  draft-knutsen-tcpm-middlebox-discovery-03 Defines a new TCP Option for in-band discovery of middleboxes Designed from the ground up to:  Consume only a single TCP Option Kind for all vendors who need this capability  Allow for safe proprietary use as well as future standardized use  Includes lessons from years of practical implementation experience Incorporates numerous good suggestions from tcpm mailing list

4 ID Status  Working Group has chosen not to take this up as a WG item  Draft has been submitted for IESG approval

5 Evolving Internet Connectivity  1980’s: Direct IP to IP connections  1990’s: Firewalls and NATs become prevalent on nearly all paths  2000’s: Increasing use of higher level middleboxes Proxies (caching, security) Access points Acceleration devices Load balancers Rate shaping / TCP “enhancing” devices

6 What about End-to-End Arguments?  David D. Clark, Marjory S. Blumenthal, “Rethinking the design of the Internet: The end to end arguments vs. the brave new world”, August 10, 2000.  Paper outlines many requirements that we see today

7 Today’s Drivers  Security Cybercrime and malware are growing problems  Performance Bandwidth savings via advanced compression technologies Latency savings via protocol optimizations Improved goodput via TCP optimizations  New emerging market for proxies as IPv6 transition appliances

8 Known Problems  There are a few problems we see all the time which the IETF could have an impact on: TCP ACK storms  Application Networking devices often use “fail-to-wire” bridging  If fully transparent, when failure happens, ACK storm ensues Asymmetric routing (or routing changes)  Often cited as a key reason transparent intercept is incompatible with Internet architecture  But – vendors have numerous proprietary solutions to handle this Amplification of known issues  PMTU black holes  Broken support for RFC1323 and other extensions to TCP and IP

9 References (1/3)  Historical references on proxies and Internet architecture: Chatel, M., “Classical versus Transparent IP Proxies”, RFC1919 (1996). http://datatracker.ietf.org/doc/rfc1919/ http://datatracker.ietf.org/doc/rfc1919/ Saltzer, J. H.; Reed, D. P.; Clark, D. D., “End-to-End Arguments in System Design”. (1984). http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf Clark, D. D.; Blumenthal, M. S., “Rethinking the design of the Internet: The end to end arguments vs. the brave new world”. (2000). http://cyberlaw.stanford.edu/e2e/papers/TPRC-Clark-Blumenthal.pdf http://cyberlaw.stanford.edu/e2e/papers/TPRC-Clark-Blumenthal.pdf Clark, D. D.; Sollins, K.; Wroclawski, J.; Faber, T., “Addressing Reality: An Architectural Response to Real-World Demands on the Evolving Internet”. (2003). http://www.isi.edu/newarch/DOCUMENTS/Principles.FDNA03.pdfhttp://www.isi.edu/newarch/DOCUMENTS/Principles.FDNA03.pdf

10 References (2/3)  Research publications: Spring, N. T.; Wetherall, D., “A Protocol Independent Technique for Eliminating Redundant Network Traffic”. (2000). http://www.cs.umd.edu/~nspring/papers/sigcomm2000.ps.gz http://www.cs.umd.edu/~nspring/papers/sigcomm2000.ps.gz Li, Q., “A Novel Approach to Manage Asymmetric Traffic Flows for Secure Network Proxies”. (2008). http://www.springerlink.com/content/13n10l6u011530t1/ http://www.springerlink.com/content/13n10l6u011530t1/ Anand, A.; Gupta, A.; Akella, A.; Seshan, S.; Shenker, S., “Packet Caches on Routers: The Implications of Universal Redundant Traffic Elimination”. (2008). http://ccr.sigcomm.org/online/files/p219-anand.pdf http://ccr.sigcomm.org/online/files/p219-anand.pdf Anand, A.; Sekar, V.; Akella, A., “SmartRE: An Architecture for Coordinated Network-wide Redundancy Elimination”. (2009). http://ccr.sigcomm.org/online/files/p87.pdf http://ccr.sigcomm.org/online/files/p87.pdf 10

11 References (3/3)  Vendor references: Salchow, K. J., “Load Balancing 101: The Evolution to Application Delivery Controllers”. http://www.f5.com/pdf/white-papers/evolution-adc-wp.pdf http://www.f5.com/pdf/white-papers/evolution-adc-wp.pdf “Technology Primer: Transparent Application Delivery Networks”. http://www.bluecoat.com/doc/5276 http://www.bluecoat.com/doc/5276 Bartlett, J.; Sevcik, P., “How Network Transparency Affects Application Acceleration Deployment”. http://www.riverbed.com/docs/AnalystReport- NetForecast-Transparency.pdfhttp://www.riverbed.com/docs/AnalystReport- NetForecast-Transparency.pdf 11

Download ppt "Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010."

Similar presentations

Extended Service Set (ESS) Mesh Network Daniela Maniezzo.

Extended Service Set (ESS) Mesh Network Daniela Maniezzo.
Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.
4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.

4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.
CS 4700 / CS 5700 Network Fundamentals Lecture 13: Middleboxes and NAT (Duct tape for IPv4) Revised 3/9/2013.

CS 4700 / CS 5700 Network Fundamentals Lecture 13: Middleboxes and NAT (Duct tape for IPv4) Revised 3/9/2013.
Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.

Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.
Xiphos.ca Charlie Younghusband XipLink Product Manager Xiphos Technologies Xiphos’ Work with SCPS-TP & applications and interest in CisLunar Introducing.

Xiphos.ca Charlie Younghusband XipLink Product Manager Xiphos Technologies Xiphos’ Work with SCPS-TP & applications and interest in CisLunar Introducing.
CAPWAP BOF Control And Provisioning of Wireless Access Points James Kempf DoCoMo Labs USA Dorothy Stanley Agere Systems WAP!

CAPWAP BOF Control And Provisioning of Wireless Access Points James Kempf DoCoMo Labs USA Dorothy Stanley Agere Systems WAP!
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Requirements for IP/UDP/RTP header compression To become Editor: Mikael Degermark Input: Charter, 3GPP requirements, contribution from 3G.IP, Editors central.

Requirements for IP/UDP/RTP header compression To become Editor: Mikael Degermark Input: Charter, 3GPP requirements, contribution from 3G.IP, Editors central.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Middle Boxes Lixia Zhang UCLA Computer Science Dept Sprint Research Symposium March 8-9, 2000.

Middle Boxes Lixia Zhang UCLA Computer Science Dept Sprint Research Symposium March 8-9, 2000.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
IPv6 and Overlays EE122 Introduction to Communication Networks Discussion Section.

IPv6 and Overlays EE122 Introduction to Communication Networks Discussion Section.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.

The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.
Route Optimization Requirements for Operational Use in Aeronautics and Space Exploration Mobile Networks (draft-eddy-nemo-aero-reqs-01) Wes Eddy – Verizon.

Route Optimization Requirements for Operational Use in Aeronautics and Space Exploration Mobile Networks (draft-eddy-nemo-aero-reqs-01) Wes Eddy – Verizon.
Middleboxes & Network Appliances EE122 TAs Past and Present.

Middleboxes & Network Appliances EE122 TAs Past and Present.
Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,

Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,

Similar presentations

Ads by Google