Middleboxes no longer considered harmful

Middleboxes no longer considered harmful (2004)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Michael Walfish , Jeremy Stribling , Maxwell Krohn , Hari Balakrishnan , Robert Morris , Scott Shenker

Venue:	In OSDI
Citations:	60 - 12 self

BibTeX

@INPROCEEDINGS{Walfish04middleboxesno,
    author = {Michael Walfish and Jeremy Stribling and Maxwell Krohn and Hari Balakrishnan and Robert Morris and Scott Shenker},
    title = {Middleboxes no longer considered harmful},
    booktitle = {In OSDI},
    year = {2004},
    pages = {215--230}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Intermediate network elements, such as network address translators (NATs), firewalls, and transparent caches are now commonplace. The usual reaction in the network architecture community to these so-called middleboxes is a combination of scorn (because they violate important architectural principles) and dismay (because these violations make the Internet less flexible). While we acknowledge these concerns, we also recognize that middleboxes have become an Internet fact of life for important reasons. To retain their functions while eliminating their dangerous side-effects, we propose an extension to the Internet architecture, called the Delegation-Oriented Architecture (DOA), that not only allows, but also facilitates, the deployment of middleboxes. DOA involves two relatively modest changes to the current architecture: (a) a set of references that are carried in packets and serve as persistent host identifiers and (b) a way to resolve these references to delegates chosen by the referenced host. 1

Citations

1503	Pastry: Scalable, Distributed Object Location and Routing for Large-Scale Peer-to-Peer Systems - Rowstron, Druschel - 2001
777	Wide-area cooperative storage with CFS - Dabek, Kaashoek, et al. - 2001
741	End-to-end arguments in system design - Saltzer, Reed, et al. - 1984
728	The click modular router - Kohler, Morris, et al. - 2000
607	Storage management and caching in past, a large-scale, persistent peer-to-peer storage utility - Rowstron, Druschel - 2001
379	The design philosophy of the DARPA internet protocols - Clark - 1988
278	HMAC: Keyed-Hashing for Message Authentication - Krawczyk, Bellare, et al.
212	An end-to-end approach to host mobility - Snoeren, Balakrishnan - 2000
179	Separating key management from file system security - Mazières, Kaminsky, et al. - 1999
158	OpenDHT: A public DHT service and its uses - RHEA, GODFREY, et al. - 2005
143	Address Allocation for Private Internets - Rekhter, Moskowitz, et al. - 1918
139	Implementing a distributed firewall - Ioannidis, Keromytis, et al. - 2000
136	Looking up data in p2p systems - Balakrishnan, Kaashoek, et al.
124	A toolkit for user-level file systems - Mazières - 2001
110	Firmato: A novel firewall management toolkit - Bartal, Mayer, et al. - 1999
92	IP Network Address Translator (NAT) Terminology and Considerations", RFC 2663 - Srisuresh, Holdrege - 1999
89	Preventing Internet Denial-of-Service with Capabilities - Anderson, Roscoe, et al. - 2004
82	Tapestry: A global-scale overlay for rapid service deployment - Zhao, Huang, et al. - 2004
81	A Layered Naming Architecture for the Internet - Balakrishnan, Lakshminarayanan, et al. - 2004
72	IPNL: A NAT-extended Internet architecture - Francis, Gummadi - 2002
63	A framework for IP based virtual private networks - Gleeson, Lin, et al. - 2000
63	stun - simple traversal of user datagram protocol (udp) through network address translators (nats - Rosenberg, Weinberger, et al. - 2003
61	D.R.: An architecture for content routing support in the internet - Gritter, Cheriton
58	From protocol stack to protocol heap: role-based architecture - Braden, Faber, et al.
56	A Mobile Host Protocol Supporting Route Optimization and Authentication - Myles, Johnson, et al. - 1995
54	TRIAD: A new next generation Internet architecture - Cheriton, Gritter - 2000
52	Traditional IP network address translator (Traditional NAT - Srisuresh, Egevang - 2001
50	Untangling the Web from DNS - Walfish, Balakrishnan, et al. - 2004
49	The nimrod routing architecture - Castineyra, Chiappa, et al. - 1996
49	FARA: Reorganizing the addressing architecture, in - Clark, Braden, et al. - 2003
45	On the naming and binding of network destinations - Saltzer - 1993
44	Unmanaged Internet Protocol: Taming the edge network management crisis - Ford - 2003
44	Integrating Security, Mobility, and Multihoming in a HIP way - Nikander, Ylitalo, et al. - 2003
44	Beehive: O(1) lookup performance for power-law query distributions in peer-to-peer overlays - RAMASUBRAMANIAN, SIRER - 2004
42	Host Identity Protocol Architecture - Moskowitz, Nikander - 2006
41	Spurring adoption of DHTs with OpenHash, a public DHT service - Karp, Ratnasamy, et al. - 2004
39	Distributed firewalls,” ;login - Bellovin - 1999
37	Middlebox communication architecture and framework", RFC 3303 - Srisuresh, Kuthan, et al. - 2002
35	Inter-network naming, addressing, and routing - Shoch - 1978
34	Architectural Implications of NAT - Hain - 2000
27	Host identity protocol - Moskowitz, Nikander, et al. - 2008
24	Addressing reality: An architectural response to real-world demands on the evolving internet - Clark, Sollins, et al. - 2003
22	Jardetzky Predicate Routing: Enabling Controlled Networking - Roscoe, Hand, et al.
21	Middleboxes: Taxonomy and Issues - Carpenter, Brim - 2002
19	The strongman architecture - Keromytis, Ioannidis, et al. - 2003
17	Separating Identifiers and Locators in Addresses: An Analysis - Crawford, Mankin, et al. - 1999
11	Supporting legacy applications over i3 - Wehrle, Kannan, et al. - 2004
10	Addressing in Internetwork Protocols - Francis - 1994
9	8+8 - An alternate addressing architecture for IPv6 - O’Dell - 1996
6	What’s in a name: Thoughts from the NSRG - Lear, Droms - 2003