|
A middlebox or network appliance is a computer networking device that transforms, inspects, filters, or otherwise manipulates traffic for purposes other than packet forwarding.〔 Common examples of middleboxes include firewalls, which filter unwanted or malicious traffic, and network address translators, which modify packets' source and destination addresses. Dedicated middlebox hardware is widely deployed in enterprise networks to improve network security and performance, however, even home network routers often have integrated firewall, NAT, or other middlebox functionality.〔 The widespread deployment of middleboxes and other network appliances has resulted in some challenges and criticism due to poor interaction with higher layer protocols. Lixia Zhang, the Jonathan B. Postel Professor of Computer Science at the University of California, Los Angeles, coined the term "middlebox" in 1999. == Types of middleboxes == The following are examples of commonly deployed middleboxes: * Firewalls filter traffic based on a set of pre-defined security rules defined by a network administrator. IP firewalls reject packets "based purely on fields in the IP and Transport headers (e.g., disallow incoming traffic to certain port numbers, disallow any traffic to certain subnets, etc.)"〔 Other types of firewalls may use more complex rulesets, including those that inspect traffic at the session or application layer.〔 * Intrusion Detection Systems monitor traffic and collect data for offline analysis for security anomalies. Because IDSes unlike firewalls do not filter packets in real-time, they traditionally are capable of more complex inspection than firewalls, which must make an accept/reject decision about each packet as it arrives.〔 * Network Address Translators replace the source and/or destination IP addresses of packets that traverse them. Typically, NATs are deployed to allow multiple end hosts to share a single IP address: hosts "behind" the NAT are assigned a private IP address, and their packets destined to the public Internet traverse a NAT which replaces their internal, private address, with a shared public address.〔 * WAN Optimizers improve bandwidth consumption and perceived latency between dedicated endpoints.〔 Typically deployed in large enterprises, WAN optimizers are deployed near both sending and receiving endpoints of communication; the devices then coordinate to cache and compress traffic that traverses the Internet. * Load balancers provide one point of entry to a service, but forward traffic flows to one or more hosts that actually provide the service. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「middlebox」の詳細全文を読む スポンサード リンク
|