Toward manageable middleboxes in software-defined networking

  • Zadkhosh, Ehsan (Information and Communication Technology Department, Malekashtar University of Technology) ;
  • Bahramgiri, Hossein (Information and Communication Technology Department, Malekashtar University of Technology) ;
  • Sabaei, Masoud (Department of Computer Engineering and Information Technology, Amirkabir University of Technology)
  • Received : 2018.10.18
  • Accepted : 2019.04.28
  • Published : 2020.04.03


Software-defined networking (SDN) acts as a centralized management unit, especially in a network with devices that operate under the transport layer of the OSI model. However, when a network with layer 7 middleboxes (MBs) is considered, current SDNs exhibit limitations. As such, to achieve a real-centralized management unit, a new architecture is required that decouples the data and control planes of all network devices. In this report, we propose such a complementary architecture to the current SDN in which SDN-enabled MBs are included along with contemporary SDN-enabled switches. The management unit of this architecture improves network performance and reduces routing cost by considering the status of the MBs during flow forwarding. This unit consists of the following two parts: an SDN controller (SDNC) and a middlebox controller (MBC). The latter selects the best MBs for each flow and the former determines the best path according to its routing algorithm and provides information via the MBC. The results show that the proposed architecture improved performance because the utilization of all network devices including MBs is manageable.


  1. V. Sekar et al., The middlebox manifesto, in Proc. ACM Workshop Hot Topics Netw., Cambridge, MA, USA, Nov. 2011, pp. 21:1-6.
  2. RFC3234, Middleboxes: Taxonomy and issues, 2002.
  3. RFC1812, Requirements for IP version 4 routers, 1995.
  4. SIGCOMM, ACM SIGCOMM workshop on Hot Topics in Middleboxes and Network function virtualization-HotMiddlebox, 2015, available at
  5. M. Honda et al., Is it still possible to extend TCP?, in Proc. ACM SIGCOMM Conf. Internet Meas. Conf., Berlin, Germany, Nov. 2011, pp. 181-194.
  6. ONF, $OpenFlow^{(R)}$ Switch Specification Ver 1.5.1, available at
  7. C. Cui et al., Network functions virtualisation, Course.Ipv6.Club.Tw.
  8. M. Casado et al., Ethane, ACM SIGCOMM Comput. Commun. Rev. 37 (2007), no. 4, 1-12.
  9. D.A. Joseph, A. Tavakoli, and I. Stoica, A policy-aware switching layer for data centers, ACM SIGCOMM Comput. Commun. Rev. 38 (2008), no. 4, 51-62.
  10. A. Gember et al., Stratos: A network‐aware orchestration layer for virtual middleboxes in clouds, 2013, arXiv:1305.0209.
  11. C. ‐Y. Hong et al., Achieving high utilization with software-driven WAN, in Proc. ACM SIGCOMM 2013 Conf. SIGCOMM, Hong Kong, China, Aug. 2013, pp. 15-26.
  12. A. Khurshid et al., Veriflow: Verifying network-wide invariants in real time, ACM SIGCOMM Comput. Commun. Rev. 42 (2012), no. 4, 467-472.
  13. P. Kazemian, G. Varghese, and N. McKeown, Header space analysis: Static checking for networks, in Proc. USENIX Conf. Netw. Syst. Des. Implement, San Jose, CA, USA, Apr. 2012, p. 5.
  14. A. Gember, T. Benson, and A. Akella, Challenges in unifying control of middlebox traversals and functionality, in Proc. Large‐Scale Distributed Syst. Middleware (LADIS), Madeira, Portugal, 2012, pp. 1-2.
  15. IETF, Service function chaining: Framework & architecture, Internet-Draft, 2014, pp. 1-24.
  16. IETF, Service function chaining problem statement, Internet-Draft, 2015, pp. 1-19.
  17. V. Sekar et al., Network‐wide deployment of intrusion detection and prevention systems, in Proc. Int. Conf. (Co-NEXT), Philadelphia, PA, USA, 2010, pp. 18:1-12.
  18. Z.A. Qazi et al., SIMPLE‐fying middlebox policy enforcement using SDN, ACM SIGCOMM Comput. Commun. Rev. 43 (2013), no. 4, 27-38.
  19. V. Sekar et al., Design and Implementation of a Consolidated Middlebox Architecture, in Proc. USENIX Conf. Netw. Syst. Des. Implement., San Jose, CA, USA, Apr. 2012, pp. 1-14.
  20. S.K. Fayazbakhsh et al., FlowT ags: enforcing network-wide policies in the presence of dynamic middlebox actions, in Proc. ACM SIGCOMM Workshop on Hot topics Softw. Defined Netwo. - HotSDN, Hong Kong China, Aug. 2013, pp. 19-24 .
  21. P. Patel et al., Ananta: Cloud scale load balancing, ACM SIGCOMM Comput. Commun. Rev. 43 (2013), no. 4, 207-218.
  22. J. Sherry et al., Making middleboxes someone else's problem, ACM SIGCOMM Comput. Commun. Rev. 42 (2012), no. 4, 13.
  23. W. Ma et al., SDN‐based traffic aware placement of NFV middleboxes, IEEE Trans. Netw. Serv. Manag. 14 (2017), no. 3, 528-542.
  24. E. Kohler et al., The click modular router, ACM Trans. Comput. Syst., 18 (2000), no. 3, 263-297.
  25. IEEE, 802.1D-2004 - IEEE Standard for Local and metropolitan area networks: Media Access Control (MAC) Bridges, 2004.
  26. mininet, available at
  27. pox, available at
  28. snort, available at
  29. T. Koponen et al., Onix: A distributed control platform for largescale production networks, in Proc. USENIX Symp. Operating Syst. Des. Implement., Vancouver, Canada, Oct. 2010, pp. 1-6.