Transcript middle

Middle Boxes
Lixia Zhang
UCLA Computer Science Dept
Sprint Research Symposium
March 8-9, 2000
What are middle boxes?
3/8/00
2
What are the end boxes?
Internet IP delivery
client
server
Back 20 years…
• What's on the net
- servers/clients (e.g. telnet, ftp, email)
- later: peers (e.g. VT)
• data delivery between the end boxes
directly
3/8/00
3
The Role of IP Delivery
server
client
routers
IP delivers packets from end to end
• the ends are defined by the
communicating application process
• the ends are indicated by the source
and destination addresses in the IP
header
3/8/00
4
What are middle boxes?
client
server
middle box
• data is no longer delivered between
the two end boxes by direct IP path
• The first middleman: email server
In the early days:
3/8/00
Email
sender
always connected
Email
recipient
5
What are middle boxes?
client
server
middle box
• data is no longer delivered between
the two end boxes by direct IP path
• The first middleman: email server
As time went:
3/8/00
email
sender
Intermittent
connectivity
always connected
email
server
email
recipient
6
Every coin has two sides
• Gain from having such a middlebox:
solved the asynchrony problem
between the two ends of email
delivery
• Loss for having a box in the middle:
– more parts in the system to mingle with
– more points of potential failures
3/8/00
email
sender
email
server
email
recipient
7
The position of email server
in the IP architecture
• An application level box
– email sender talks to email server
explicitly
– email recipient fetches email from the
server explicitly
in another word, not a "transparent" box
3/8/00
email
sender
email
server
email
recipient
8
What we've seen in last
couple of years
• A lot more middle boxes
Web proxy
– Web proxies
– "transparent" Web caches
Packet hijacking!
("for your benefit")
– portals
3/8/00
client
Web server
9
And more middleboxes yet to come
e.g. Proxy servers to facilitate mobile
wireless devices and mobile users in
handling
– intermittent connectivity
– location tracking
– link QOS constraint
– session migration
3/8/00
10
What we've seen......
• Growing up of the Internet, of course
• need for scalable data dissemination
– large number of clients requesting same
data
– requests coming in asynchronously
• need for information discovery/sorting
• need for authentication/security and
all other kinds of services
3/8/00
11
Challenges from growth
• large number of clients, large number
of mobile users, large number of
servers too
• How to do it right?
So far pretty much "one hundred flowers
blooming"
– Web proxies
– abuse DNS for load balancing
– "transparent" caching
– "layer x switching", 3 < x < 10?
3/8/00
12
What's coming
Big part of the society moving online
• what makes up the society &
business market: mostly middlemen
– largely missing on the Internet
• the reason that the Internet, by and large, does
not look user-friendly to most people
Prediction
3/8/00
– a lot more middle boxes
– IP packet delivery infrastructure fades
into background—ubiquitous IP
connectivity everywhere
13
"Internet architecture" ?
• Where in the architecture do those
new middle boxes belong to?
For now: nowhere,
or everywhere
• haven't you heard
the hot buzzword
"transparency"?
3/8/00
Does that raise a
concern? YES
User programs
application protocols
email WWW phone...
SMTP HTTP RTP...
transport protocols
TCP UDP…
IP
IP
various networks
ethernet PPP…
CSMA async sonet...
copper fiber radio...
14
Concerns about
transparent middleboxes
• "transparent" middleboxes considered
harmful
– packet hijacking versus system
manageability
– Users: being in control versus being
controlled
• Sticking to the layered protocol
architecture considered necessary
3/8/00
15
Where middle boxes belong to
in the Internet architecture
• should be application level boxes
• being visible to end users
• Middleboxes and end-to-end principle:
consider middle boxes as one "end" of
"end-to-end"
– e.g. the mail server in email delivery
3/8/00
16
Middleboxes: gains
• Keep the waist of the hour-glass thin
– manageable, scalable, robust connectivity
• help the Internet scale with growing
applications & client population
• Provide real services, all kinds of them
3/8/00
– personalized portals
– heterogeneity
– building new services from existing
applications
17
Some potential losses
(or things we need to pay attention)
• Dependency on those middleboxes
– increased complexity
– increased vulnerability
• "directory-enabled network": the network is gone
when directory crashes, even if all switches are up
– a robust, self-configured, self-organizing
middlebox infrastructure can lead to
higher availability and more robustness
• more complex security and trust model
• impact on data integrity
3/8/00
18
Summary
• Finally the Internet is growing up!
– Past efforts mostly on packet delivery
– Now people start making money out of
this packet delivery service
• middle boxes are a must
• Warning: pay attention to architecture
• Right way out: building application
level infrastructures on top of the
packet delivery infrastructure
3/8/00
19