Middlebox
From Wikipedia, the free encyclopedia
A middlebox is a device in the Internet that provides transport policy enforcement. Examples of these devices include firewalls, network address translators (both within and between address families), signature management for intrusion detection systems, and multimedia buffer management.
Firewalls and NATs present problems for many Internet protocols, especially when UDP packets need to travel across the firewalls and NATs. The Internet Engineering Task Force is working on standardizing a protocol to allow these problems to be addressed.
Three approaches are discussed in [1]:
- a "Call Agent" using a MIDCOM MIB and/or Simple Middlebox Control (SIMCO) protocol
- Smart Middlebox: Self-configuring firewall modules
- Path-Coupled Signaling, to be developed and standardized at the IETF. This would involve the NSIS Transport Layer Protocol (NTLP) from the Next Steps in Signalling (NSIS) working group.
[edit] See also
- Firewall (networking)
- Network address translation
- End-to-end connectivity
- Interactive Connectivity Establishment (ICE): A Methodology for Network Address Translator (NAT) Traversal for Offer/Answer Protocols, a protocol in the IETF mmusic working group
- Simple Traversal of UDP Through NATs (STUN)
- NSIS Signaling Layer Protocol (NSLP)
- Traversal Using Relay NAT (TURN)
[edit] External links
- RFC 3304 - Middlebox Communications (MIDCOM) Protocol Requirements
- RFC 3234 - Middleboxes: Taxonomy and Issues
- Solving the Middlebox Problem
- Next Steps in Signaling (nsis) - IETF working group
- Middlebox Communication (midcom) Working Group of the Internet Engineering Task Force
- White Paper Comparing different NAT traversal techniques - Newport Networks White Paper
- Multiparty Multimedia Session Control (mmusic) Working Group of the Internet Engineering Task Force
