Middleboxes, such as caches, firewalls, and intrusion detection systems, form a vital part of network infrastructure today. Administrators deploy middleboxes in diverse scenarios from enterprise networks, to datacenters, to access networks. However, middleboxes are universally deployed under what we call the `unilateral model', where middleboxes are deployed and configured by administrators alone, for the benefit of hosts in a single domain alone. In this thesis, we present two new deployment models for middleboxes which offer new capabilities for middlebox usage as well as new business models for middlebox deployment. Netcalls is an extension to the Internet architecture that allows end host applications to invoke and configure middleboxes in any network their traffic traverses; for example, we present a web server that invokes inter-domain DDoS defense when it detects that it is under attack. APLOMB is a system that allows enterprise networks (as well as individual end hosts) to tunnel their traffic to and from a cloud service that applies middlebox processing to their traffic, avoiding the costly and management-intensive burden of administering middleboxes in a local network. Netcalls and APLOMB allow ISPs and cloud providers (respectively) to monetize their deployment of middleboxes by offering them as a service to third-party clients; all the while presenting new capabilities, in the case of netcalls by enabling application interaction and in the case of APLOMB by providing better scalability and easier management. We discuss both of these proposals and their benefits in detail; we then discuss challenges and opportunities towards their deployment and adoption.




Download Full History