1,038 Hits in 3.0 sec

A Case for a Stateful Middlebox Networking Stack

Muhammad A. Jamshed, Donghwi Kim, YoungGyoun Moon, Dongsu Han, KyoungSoo Park
2015 Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication - SIGCOMM '15  
Based on the requirements, we build our networking API for stateful middleboxes based on mTCP [3] , a highly-scalable user-level TCP implementation.  ...  The lack of a reusable networking stack for middleboxes makes the code highly dependent on a custom packet library, which greatly reduces readability, modularity, and extensibility.  ... 
doi:10.1145/2785956.2789999 dblp:conf/sigcomm/JamshedKMHP15 fatcat:54vhq3pnpzhujlb7mssx2r23qy

A Case for a Stateful Middlebox Networking Stack

Muhammad A. Jamshed, Donghwi Kim, YoungGyoun Moon, Dongsu Han, KyoungSoo Park
2015 Computer communication review  
Based on the requirements, we build our networking API for stateful middleboxes based on mTCP [3] , a highly-scalable user-level TCP implementation.  ...  The lack of a reusable networking stack for middleboxes makes the code highly dependent on a custom packet library, which greatly reduces readability, modularity, and extensibility.  ... 
doi:10.1145/2829988.2789999 fatcat:sv6dskertzax3itldfcy3z4zxa


Wenfei Wu, Keqiang He, Aditya Akella
2015 Proceedings of the 2015 ACM Conference on Internet Measurement Conference - IMC '15  
Instead they are very complex and involve a variety of sophisticated packet processing elements that reside on the OSes and software running on compute servers where network functions (NFs) are hosted.  ...  The advent of network functions virtualization (NFV) means that data planes are no longer simply composed of routers and switches.  ...  We also thank Vyas Sekar for his comments in the early stage of this project.  ... 
doi:10.1145/2815675.2815698 dblp:conf/imc/WuHA15 fatcat:7dykdnqahngv7imyx7tfwve43y

LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed [article]

Huayi Duan, Cong Wang, Xingliang Yuan, Yajin Zhou, Qian Wang, Kui Ren
2018 arXiv   pre-print
Outsourcing software middlebox (aka. virtual network function) to third-party service provider, like public cloud, has been a recent trend for many well-known benefits.  ...  Following the direction, in this paper, we present LightBox, the first system that can drive full-stack protected stateful middleboxes at native speed.  ...  For example, a lightweight full TCP/IP stack lwIP [7] could be ported to serve proxy-like middleboxes, and a state-of-the-art flow monitoring stack mOS [47] could be ported to develop stateful middleboxes  ... 
arXiv:1706.06261v2 fatcat:mkcpwsxzovbslh5ipyplr4jfnm

Are TCP extensions middlebox-proof?

Benjamin Hesmans, Fabien Duchene, Christoph Paasch, Gregory Detal, Olivier Bonaventure
2013 Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization - HotMiddlebox '13  
In this paper, we experimentally evaluate the interference between middleboxes and the Linux TCP stack. For this, we first propose MBtest, a set of Click elements that model middlebox behavior.  ...  Many of these middleboxes modify the packets that they process. For this, they to implement (a subset of) protocols like TCP.  ...  These network interfaces expose a large MSS value to the TCP stack and split the segments before transmitting them on the wire.  ... 
doi:10.1145/2535828.2535830 dblp:conf/conext/HesmansDPDB13 fatcat:bzbrfzdxkjf5rnzcazuqc7fr6u

Analysis and Consideration on Management of Encrypted Traffic [article]

Pedro A. Aranda Gutiérrez and Diego López and Thomas Fossati
2018 arXiv   pre-print
.- extending and adapting a widely deployed protocol such as TLS, so that information necessary for network management can be obtained; and 2.- introducing a new protocol layer, such as PLUS, that contains  ...  Encrypted traffic poses new and unique challenges for network operators because information that is useful or necessary for management purposes is not accessible anymore.  ...  The protocol is designed to support basic stateful in-network functionality (i.e. network state maintenance and measurement).  ... 
arXiv:1812.04834v2 fatcat:bfnlxm22ovfcti36qvt3nxxcme

Towards a middlebox policy taxonomy: Path impairments

Korian Edeline, Benoit Donnet
2015 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)  
Those middleboxes play an important role in today's Internet, including enterprise networks and cellular networks.  ...  We propose a path impairment oriented middlebox taxonomy that aims at categorizing the initial purpose of a middlebox policy as well as its potential unexpected complications.  ...  Authors lso thank kc claffy and her team at CAIDA (in particular, Young Hyun) for letting them using the Archipelago infrastructure.  ... 
doi:10.1109/infcomw.2015.7179418 dblp:conf/infocom/EdelineD15 fatcat:spiqyt4ihrdwbj5udzrywq7bd4

Restoring End-to-End Resilience in the Presence of Middleboxes

Eric J. Brown, Mark K. Gardner, Umar Kalim, Wu-chun Feng
2011 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN)  
As a result, applications must often modify their behavior to accommodate the middleboxes. This is is especially true in the case of transient failure of stateful devices.  ...  The failure of a middlebox causes it to lose the state it maintained, causing the failure of the associated TCP connections.  ...  ACKNOWLEDGEMENTS: The authors would like to thank Colin Constable, Barnaby Crahan, Jayabharat Boddu, John Scudder, and Danny Jump from Juniper Networks for sponsoring the research and for providing feedback  ... 
doi:10.1109/icccn.2011.6006072 dblp:conf/icccn/BrownGKF11 fatcat:7bc3jsdcdjapnfnwydzfmpssmy

Revealing middlebox interference with tracebox

Gregory Detal, Benjamin Hesmans, Olivier Bonaventure, Yves Vanaubel, Benoit Donnet
2013 Proceedings of the 2013 conference on Internet measurement conference - IMC '13  
Middleboxes such as firewalls, NAT, proxies, or Deep Packet Inspection play an increasingly important role in various types of IP networks, including enterprise and cellular networks.  ...  In addition, tracebox can often pinpoint the network hop where the middlebox interference occurs. We evaluate tracebox with measurements performed on Plan-etLab nodes.  ...  We would also like to thank Randy Bush, Matsuzaki Yoshinobu, Marc Neuckens, Pierre Reinbold, Bruno Delcourt and Claire Delcourt for assistance in understanding the middleboxes present in their networks  ... 
doi:10.1145/2504730.2504757 dblp:conf/imc/DetalHBVD13 fatcat:h335rfquwjalbhyu6invrd3gny

De-Ossifying the Internet Transport Layer: A Survey and Future Perspectives

Giorgos Papastergiou, Gorry Fairhurst, David Ros, Anna Brunstrom, Karl-Johan Grinnemo, Per Hurtig, Naeem Khademi, Michael Tuxen, Michael Welzl, Dragana Damjanovic, Simone Mangiante
2017 IEEE Communications Surveys and Tutorials  
The survey is divided into five parts, each covering a set of point solutions for a different facet of the problem space: 1) designing middlebox-proof transports; 2) signaling for facilitating middlebox  ...  To this end, we identify the requirements for such a framework and provide insights for its development.  ...  ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their useful suggestions and comments.  ... 
doi:10.1109/comst.2016.2626780 fatcat:hrldvr7mdnc2lihsxpplk5eyo4

mmb: Flexible High-Speed Userspace Middleboxes [article]

Korian Edeline, Justin Iurman, Cyril Soldani, Benoit Donnet
2019 arXiv   pre-print
We compare mmb performance with other performance-enhancing middlebox solutions, such as kernel-bypass framework, kernel-level optimized approach and other state-of-the-art solutions for enforcing middleboxes  ...  This is exactly what we tackle in this paper by introducing mmb, a VPP middlebox plugin. mmb allows, through an intuitive command-line interface, to easily build stateless and stateful classification and  ...  The European Commission is not responsible for any use that may be made of that information.  ... 
arXiv:1904.11277v1 fatcat:m2m6ybjlznabpijx5xax5r2sku

OpenADN: A Case for Open Application Delivery Networking

Subharthi Paul, Raj Jain, Jianli Pan, Jay Iyer, David Oran
2013 2013 22nd International Conference on Computer Communication and Networks (ICCCN)  
In a cloud datacenter, the ASP does not have any control over the network infrastructure, thus making it hard for them to deploy middleboxes for their cloud-based application deployments.  ...  First, in modern enterprise and Internet-based application environments, a separate middlebox infrastructure for providing application delivery services such as security (e.g., firewalls, intrusion detection  ...  For example, the user may itself be a service that uses other services as is the case in service composition.  ... 
doi:10.1109/icccn.2013.6614165 dblp:conf/icccn/PaulJPIO13 fatcat:or723ofe35fgldtorthq2u5deu

Slick: Secure Middleboxes using Shielded Execution [article]

Bohdan Trach, Alfred Krohmer, Sergei Arnautov, Franz Gregor, Pramod Bhatotia, Christof Fetzer
2019 arXiv   pre-print
This motivated the design of Slick --- a secure middlebox framework for deploying high-performance Network Functions (NFs) on untrusted commodity servers.  ...  To securely outsource middleboxes to the cloud, the state-of-the-art systems advocate network processing over the encrypted traffic.  ...  To support ow-based abstractions, many state-of-the-art middleboxes [8, 9, 17, 28, 28, 40] support comprehensive applications and use-cases.  ... 
arXiv:1709.04226v2 fatcat:z5dfluok3bfy3ic3vzzfr7g4nu

Research Challenges for Network Function Virtualization - Re-Architecting Middlebox for High Performance and Efficient, Elastic and Resilient Platform to Create New Services -

2018 IEICE transactions on communications  
plane of a middlebox and enables the innovation of policy implementation by using SF chaining.  ...  In particular, we survey research activities in the areas of re-architecting middleboxes, state management, high-performance platforms, service chaining, resource management, and trouble shooting.  ...  It is a challenge to develop a fail-over mechanism that correctly restores states for middleboxes that are stateful.  ... 
doi:10.1587/transcom.2017ebi0001 fatcat:5u722sdhsjfrxcfz6vqn3cq3yu

MUST, SHOULD, DON'T CARE: TCP Conformance in the Wild [chapter]

Mike Kosek, Leo Blöcher, Jan Rüth, Torsten Zimmermann, Oliver Hohlfeld
2020 Lecture Notes in Computer Science  
For example, we observe hosts that do not correctly handle checksums and cases of middlebox interference for TCP options.  ...  We uncover a non-negligible set of hosts and paths that do not adhere to even basic requirements.  ...  We would like to thank Akamai Technologies for feedback on our measurements, Censys for contributing active scan data, and our shepherd Robert Beverly and the anonymous reviewers.  ... 
doi:10.1007/978-3-030-44081-7_8 fatcat:6agtloamvzblvh2msdbawgkwbi
« Previous Showing results 1 — 15 out of 1,038 results