Middleboxes No Longer Considered Harmful

This paper underscores the vital role of middle-boxes - specifically, NAT boxes and firewalls - in the modern Internet. Traditional networking principles dictate that such middle-boxes violate not only the end-to-end principle but also the notion that end hosts must be uniquely identifiable throughout a network. The authors claim, however, that these components provide essential security mechanisms, address space utilization and performance enhancements (in the case of caching). Instead of trying to achieve compliance with the "rules" of the Internet, the authors present a Delegation Oriented Architecture (DOA) that seamlessly incorporates middle-boxes. Essentially, DOA provisions unique endpoint IDs in a flat name-space and the ability for the sender and receiver to specify intermediaries that must be traversed (for example, a NAT that must process the packet).

In my mind, the proposed DOA architecture has several issues, starting with the fact that the intermediary specification still appears to defy the end-to-end principle. More importantly, the overhead introduced in the DOA packet header is considerable and I'm not sure how the authors underplayed this issue. Finally, the idea that DHT look-ups (going by previous papers, these are already intricate) will be required on a regular basis raises doubts over the performance and scalability of this architecture. The concept was interesting but the motivation is not very convincing (do we really want to introduce so much overhead just to maintain the sanctity of some networking "rules" or middle-boxes?) and the potential drawbacks are not sufficiently addressed.