• Corpus ID: 17148684

On a Middlebox Classification

  title={On a Middlebox Classification},
  author={Korian Edeline and Benoit Donnet},
Recent years have seen the rise of middleboxes, such as firewalls, NATs, proxies, or Deep Packet Inspectors. Those middleboxes play an important role in today’s Internet, including enterprise networks and cellular networks. However, despite their huge success in modern network architecture, their actual impact on packets, traffic, or network performance (all in IPv4 and IPv6 networks) is not that much understood. In this paper, we propose a path impairment oriented middlebox classification that… 

Figures from this paper

A Bottom-Up Investigation of the Transport-Layer Ossification

A more detailed explanation of the factors of the transport-level ossification of the middleboxes is provided, and insights on their prevalence in the wild are given.

An Observation-Based Middlebox Policy Taxonomy

A path impairment oriented middlebox classification is proposed that aims at categorizing the initial purpose of a middlebox policy as well as its potential complications.



Are TCP extensions middlebox-proof?

This paper proposes MBtest, a set of Click elements that model middlebox behavior and uses it to experimentally evaluate how three TCP extensions interact with middleboxes, and analyzes measurements of the interference between Multipath TCP and middleboxes in fifty different networks.

Revealing middlebox interference with tracebox

This paper proposes tracebox, an extension to the widely used traceroute tool, that is capable of detecting various types of middlebox interference over almost any path, and evaluates tracebox with measurements performed on PlanetLab nodes.

An untold story of middleboxes in cellular networks

NetPiculet is presented, the first tool that unveils carriers' NAT and firewall policies by conducting intelligent measurement, and can inform developers in optimizing the interaction between mobile applications and cellular networks and also guide carriers in improving their network configurations.

Measuring interactions between transport protocols and middleboxes

Measurement results showing the impact of the current network environment on a number of traditional and proposed protocol mechanisms are provided and can be used to guide the definition of more realistic Internet modeling scenarios.

Cisco Asa All In One Firewall Ips And Vpn Adaptive Security Appliance

This cisco asa all in one firewall ips and vpn adaptive security appliance helps people to enjoy a good book with a cup of coffee in the afternoon instead of juggling with some infectious virus inside their computer.

Is it still possible to extend TCP?

This paper develops a measurement methodology for evaluating middlebox behavior relating to TCP extensions and presents the results of measurements conducted from multiple vantage points, finding that MPTCP is likely to work correctly in the Internet or fallback to regular TCP.

BitTorrent-like P2P approaches for VoD: A comparative study

Stateless IP/ICMP Translation Algorithm (SIIT)

This document specifies a transition mechanism algorithm that translates between IPv4 and IPv6 packet headers in separate translator "boxes" in the network without requiring any per-connection state in those "boxes".

Off-path TCP Sequence Number Inference Attack - How Firewall Middleboxes Reduce Security

A newly discovered "off-path TCP sequence number inference" attack enabled by firewall middle boxes allows an off-path attacker to hijack a TCP connection and inject malicious content, effectively granting the attacker write-only permission on the connection.

IPsec-Network Address Translation (NAT) Compatibility Requirements

This document describes known incompatibilities between Network Address Translation (NAT) and IPsec, and describes the requirements for addressing them. Perhaps the most common use of IPsec is in