The Trouble With Middleboxes – Part 3

In the first two parts, we discussed both the resource limitations of middlebox architecture, and the difficulties associated with maintaining symmetric traffic flow through them for proper stateful operation. In this third part, we turn our attention towards operational challenges and costs associated with middleboxes that can serious impair their potential value in deployment. As […]

Read More The Trouble With Middleboxes – Part 3

The Trouble With Middleboxes – Part 2

In the first part of this series, we looked at how the CPU/RAM resource limitations of security middleboxes severely restrict their ability to scale and migrate from perimeter defense to datacenter-based architectures.  When aggregating large numbers of networked assets and/or the traffic from large numbers of endpoints into the cloud, even the most basic stateful […]

Read More The Trouble With Middleboxes – Part 2

The Trouble With Middleboxes – Part 1

According to RFC-3234, “A middlebox is defined as any intermediary device performing functions other than the normal, standard functions of an IP router on the datagram path between a source host and destination host”.  The overwhelming number of network security appliances such as firewalls (FW) and intrusion prevention systems (IPS) are middleboxes. Unlike routers and switches […]

Read More The Trouble With Middleboxes – Part 1