Middlebox

A middlebox is a device in the Internet that provides transport policy enforcement. Examples of these devices include firewalls, network address translators (both within and between address families), signature management for intrusion detection systems, and multimedia buffer management.

Firewalls and NATs present problems for many Internet protocols, especially when UDP packets need to travel across the firewalls and NATs. The Internet Engineering Task Force is working on standardizing a protocol to allow these problems to be addressed.

Three approaches are discussed in [1]:

• a "Call Agent" using a MIDCOM MIB and/or Simple Middlebox Control (SIMCO) protocol
• Smart Middlebox: Self-configuring firewall modules
• Path-Coupled Signaling, to be developed and standardized at the IETF. This would involve the NSIS Transport Layer Protocol (NTLP) from the Next Steps in Signaling (NSIS) working group.

See also

• Firewall (networking)
• Network address translation
• End-to-end connectivity
• Interactive Connectivity Establishment (ICE): A Methodology for Network Address Translator (NAT) Traversal for Offer/Answer Protocols, a protocol in the IETF mmusic working group
• Session Traversal Utilities for NAT (STUN)
• NSIS Signaling Layer Protocol (NSLP)
• Traversal Using Relay NAT (TURN)

External links

• RFC 3304 - Middlebox Communications (MIDCOM) Protocol Requirements
• RFC 3234 - Middleboxes: Taxonomy and Issues
• RFC 3989 - Middlebox Communications (MIDCOM) Protocol Semantics
• RFC 4540 - NEC's Simple Middlebox Configuration (SIMCO) Protocol Version 3.0
• Solving the Middlebox Problem
• Next Steps in Signaling (nsis) - IETF working group
• Middlebox Communication (midcom) Working Group of the Internet Engineering Task Force
• Multiparty Multimedia Session Control (mmusic) Working Group of the Internet Engineering Task Force
• Nat Traversal techniques for IP Communications - White Paper