Middlebox
Encyclopedia
A middlebox is a device in the Internet that
provides transport policy enforcement. Examples of these devices
include firewalls, network address translators
(both within and between
address families), signature management for intrusion detection
systems, and multimedia buffer management.
Firewalls and NATs present problems for many Internet protocols,
especially when UDP packets need to travel across the firewalls and NATs.
The Internet Engineering Task Force
is working on standardizing
a protocol to allow these problems to be addressed.
Three approaches are discussed in http://www.ibr.cs.tu-bs.de/projects/nmrg/meetings/2004/bremen/quittek.pdf:
provides transport policy enforcement. Examples of these devices
include firewalls, network address translators
Network address translation
In computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....
(both within and between
address families), signature management for intrusion detection
systems, and multimedia buffer management.
Firewalls and NATs present problems for many Internet protocols,
especially when UDP packets need to travel across the firewalls and NATs.
The Internet Engineering Task Force
Internet Engineering Task Force
The Internet Engineering Task Force develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite...
is working on standardizing
a protocol to allow these problems to be addressed.
Three approaches are discussed in http://www.ibr.cs.tu-bs.de/projects/nmrg/meetings/2004/bremen/quittek.pdf:
- a "Call Agent" using a MIDCOM MIBManagement information baseA management information base is a virtual database used for managing the entities in a communications network. Most often associated with the Simple Network Management Protocol , the term is also used more generically in contexts such as in OSI/ISO Network management model...
and/or Simple Middlebox Control (SIMCO) protocol - Smart Middlebox: Self-configuring firewall modules
- Path-Coupled Signaling, to be developed and standardized at the IETF. This would involve the NSIS Transport Layer Protocol (NTLP) from the Next Steps in Signalling (NSIS) working group.
See also
- Firewall (networking)
- Network address translationNetwork address translationIn computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....
- End-to-end connectivity
- Interactive Connectivity EstablishmentInteractive Connectivity EstablishmentInteractive Connectivity Establishment is a technique used in computer networking involving network address translators in Internet applications of Voice over Internet Protocol , peer-to-peer communications, video, instant messaging and other interactive media...
(ICE): A Methodology for Network Address Translator (NAT) Traversal for Offer/Answer Protocols, a protocol in the IETF mmusic working group - Session Traversal Utilities for NAT (STUN)
- NSIS Signaling Layer Protocol (NSLP)
- Traversal Using Relay NATTraversal Using Relay NATTraversal Using Relays around NAT is a protocol that allows for an element behind a Network address translator or firewall to receive incoming data over TCP or UDP connections. It is most useful for elements behind symmetric NATs or firewalls that wish to be on the receiving end of a connection...
(TURN)
External links
- RFC 3304 - Middlebox Communications (MIDCOM) Protocol Requirements
- RFC 3234 - Middleboxes: Taxonomy and Issues
- RFC 3989 - Middlebox Communications (MIDCOM) Protocol Semantics
- RFC 4540 - NEC's Simple Middlebox Configuration (SIMCO) Protocol Version 3.0
- Solving the Middlebox Problem
- Next Steps in Signaling (nsis) - IETF working group
- Middlebox Communication (midcom) Working Group of the Internet Engineering Task ForceInternet Engineering Task ForceThe Internet Engineering Task Force develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite...
- Multiparty Multimedia Session Control (mmusic) Working Group of the Internet Engineering Task ForceInternet Engineering Task ForceThe Internet Engineering Task Force develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite...
- Nat Traversal techniques for IP Communications - White Paper