Before I do that, I wanna give you a few examples of these middleboxes. One example is an intrusion prevention system, and here is a Cisco product for this particular network function and it's a security appliance. And what it is doing is, it is monitoring all the connections that are there in the corporate network to the outside world, and it is detecting and blocking suspicious traffic. And what needs to happen is, as the system administrator, the network administrator in a particular organization. They have to configure signatures in the intrusion prevention system to detect for suspicious traffic and these boxes can work in both inline mode. That is, it can filter out suspicious traffic as they come in, or they can also act in passive mode. Which is saying that, I take these packets and analyze it, is to look for critical malware that might be trying to access information within an organization. So both of these are possible, so it's a question of how you configure this particular product. And for example, in this table that I'm showing you here, there are different traffic signatures that have been pre-configured for this IPS system. And so these are the signatures that are being looked for by this box, and when they occur, then those packets are gonna be filtered out and analyzed and appropriate actions are gonna be taken. And this particular screen screenshot that I'm showing you here, is a search result for botnets, showing 10 signatures that characterize the botnet attack traffic. And so, the role of the system administrator is to select all or any of the signatures to be search in the packet traffic and that's how you would use an intrusion prevention system. So you don't have to know the details of the intrusion prevention system as a system administrator. But what you have to know is what are the ways in which you can set up the IPS signatures so that this box can do the right thing for you. Another example is an HTTP proxy, it is not for filtering or traffic, but it is for improving performance, now how does it do that? Well, in an organization, people may be accessing the content on the wide area network. For example, if you're going to CNN or many of these public sites that they wanna get information from. And if you wanna do that, the content that is coming in, you don't have to every time go to this outside entity to get the content. You can cache it and the cache the web content and so that can reduce the page-load time and it also reduces the bandwidth consumption. And it can also be used for filtering out certain websites that are prohibited for the employees to access. So these're a web security appliance and you can use it as a way by which you can use it for HTTP proxy as well as for security within an organization. So that's another example for you. Not only are middleboxes needed in dealing with the kinds of things that I mentioned already, but it is also something that is needed in core cellular networks. Because as I said, it is the case that the access to a corporate network can come from a device that is a mobile device. And if that is the case, then you have to have a way by which you can do the appropriate thing in the core cellular networks as well. And there's several different middleboxes that do the things that are needed. There is serving gateways and that is responsible for routing and forwarding of packets and it also executes handoff between neighboring base stations. If you're a mobile user and you go from one place to another geographically then there's a handoff that is happening and the serving gateways do the necessary things in terms of handing off between neighboring base stations. And there are packet gateways, and it is acting as an interface between the cellular network and the Internet. And there's network address translation that needs to happen between internal IP subnet and the Internet. And traffic shaping is another thing that might happen in order to make sure that the network is being utilized in the best possible manner. And mobility management is another function that is important in core cellular network. There are several different terminologies that are used in the core cellular networks, one of the things that you may have heard is LTE, or Long Term Evolution. There's a key control node of an LTE, is Mobility Management Entity and it performs the selection of these gateways. Serving gateways as well as the packet gateways, and it is also setting up the connection when the device is roaming. So all of these are things that are being done by middleboxes which have this name Mobility Management Entity. And then, when you think about home subscriber server, every subscriber has to have a unique identity. Again, you see certain jargons coming in and acronyms coming in, an acronym IMSI, which stands for International Mobility Subscriber Identifier. And this acronym is a way by which every mobile user is given a unique identity, a 64 bit identity. And that information that is used in terms of how you handoff from one gateway to another gateway and so on. And it is used for user identification, addressing, and it is also the profile information associated with a particular subscriber, given this number can be indexed into the subscription service. So, these are all things that I'm just mentioning as additional things that you would need when you consider the fact that. Now, users of a corporate network may be using mobile devices and they are coming in through cellular networks. And in that case, you have additional middleboxes over and beyond the middleboxes that are serving for connecting to the wide area network we need in order to support these kinds of functionalities in a corporate setting. And how are these middleboxes different from routers or switches? Well, primarily a router or a switch, what it is doing is also doing packet inspection. But packet inspections that are being done by a router or a switch is only from the point of routing the traffic, no analysis, no state is associated with the packet. On the other hand, middleboxes are also looking at network traffic, but they are stateful because the packet processing is dependent on fine-grained state and the state may be updated very frequently. It may be updated per packet or per connection and so on. And so middleboxes perform complex and varied operations on packets as opposed to a router and switch.
