Randy commented on my last post: "I always like the format you use for these comments! Any thoughts on whether the idea of outsourcing middlebox functions makes any sense?"
Here is my answer:
Yes:
- framework provides the same functionality without breaking the two principles mentioned in the introduction
- performance will be competitive only if the middlebox will be close or on the network path, i.e. where the middlebox is anyway
- user benefits from being able to choose between the middlebox service and direct service
- extra conceptual overhead
- how to gradually deploy?
- because middlebox is not phyisically on the network path blocking IP packets, certain attacks on computers are still possible
- user needs to configure their computer to use middlebox service (half will forget and leave the network vulnerable)
- middleboxes might be deployed to actually prevent certain kinds of services, with middlebox being outsourced this can be circumvented
- NAT on traditional boxes offer anonymity, invisibility from the outside
No comments:
Post a Comment