So having talked about network functions, and the need for these network functions for an organization, we're gonna next talk about middleboxes for realizing network functions as standalone services that's gonna be the crux of this particular lesson. Now basically, this terminology middlebox is sometimes also called network appliances, and what they do is they provide specific network functions. For instance, there'll be a middlebox that provides your firewall service, there could be a middlebox that gives you a load balancing. There could be a middlebox that does intrusion prevention. So these are different kinds of middleboxes. And what has happened is that there's an opportunity obviously for a company to make some money and there are enterprises like Cisco that make these middleboxes as standalone hardware boxes. And use an enterprise you can simply buy the middlebox and will provide us a particular network function that you want. An example of middleboxes that are deployed in an enterprise. Here's the wide area internet and here is the organizational footprint. And within the organization footprint, whether it is the regional office or enterprise data center. What you might find are these middleboxes or maybe an intrusion prevention middlebox, there could be a load balancer that is taking an incoming network traffic and then forming it out to a set of servers within the enterprise that could be WAN accelerators. WAN accelerator is something that is making sure that the latency for accessing information through the internet is cut down by different techniques. And VPN is a virtual Private network that allows different geographical footprints of the organization talk to one another using this virtual private network, which makes it appear as though all of these organizations are in the same network space, even though they're going through the wide area network. So these are the things that might happen. So to make it more concrete, what I'm gonna do is I'm gonna give you a concrete example of a retail organization, let's say like Walmart. And it has to do inventory management and provide the services for its employees. And so these inventory information may be on premises, but the enterprise data center may be doing long term batch processing of demand prediction and things like that. And so it within a regional office there are certain things that's going on in the enterprise data center something else may be going on. And if you think about the end clients that are communicating with the on-premise application, the number of these clients may grow and shrink. And we are talking about people who are accessing the information as employees as well as people who are accessing the Walmart site in order to get certain services for themselves as end consumers. So all of them are accessing this information and this information access has to scale horizontally behind the big traffic, so you can obviously design the system for big traffic because it's very useful. And so what you wanna do is you wanna be able to horizontally scale based on the need and that's where a load balancer comes in. And then the other thing that you wanna do is, you wanna limit the ports for traffic, to make sure that spurious information don't come in or leave the organization through the internet and that's where firewall comes in. And then you also have to detect and look for suspicious activities, and that's where intrusion prevention comes in. When you're communicating between the enterprise and the data center, that is doing long term analysis like demand prediction and so on, you need a virtual private network for encryption of the traffic, and giving the illusion of a continuous IP address space between machines that are internal to this enterprise, and machines that are internal to this data center. That's where a VPN comes in. And when accelerator is essential to reduce the band bandwidth that we're using, in order to cater to the demands that are coming in both from the employees as well as from the clients of an organization like Walmart and any reduction in the band bandwidth usage amounts, reducing the cost of operation. And therefore that is super important to do that as well. And so you can see that these are the middleboxes that I mentioned earlier and how it comes together in making an organization such as a Walmart such as a Google scale, in terms of the services it provides and also preventing malicious things from happening within an organization. And also the office personnel may access content on the internet and the firewall checks and filters websites based on the what accesses that are being made by employees. And so that's where the firewall is not only looking at incoming traffic, but is also looking at what is going out from the firewall to make sure that they're being blessed by the organization. And the WAN accelerator, it contains proxies that can cache content and reduce the WAN bandwidth purposes that are trying to access the information from the outside world. So middleboxes or network appliances are basically networking devices that analyze and modify traffic. And it not just for packet forwarding but it is really analysis of these packets. And they're typically implemented as specialized hardware components as they said. And the world of middleboxes is proliferated like anything and lots of middleboxes, and I've already given some examples of that. So for instance, if you think about an NAT, network address translator, what it is doing is it was showing you here what might be happening within your home. For instance, you may have several different devices, including your mobile device, laptop and printers and so on. And they all need a network presence, but you don't want. You have a single network presence maybe Comcast is what What you have and and so through Comcast things are coming in through a single port. But once it comes in, you want to send it to the appropriate entity that is making the request, and that's where the network address translation comes in. And similarly firewall or something that is sitting between the wide area internet and the local area network that guards your organization and it is doing all the things that it needs to do. So it's again, a box like this and similarly VPN is a gateway that allows an employee for instance to access information in a corporate network through the wide area network. But the VPN is in between these two entities that makes it appear as though even though the employee is accessing it from home, it is within the corporate firewalls, right? So that's the idea behind VPN. And similarly load balance or something that scales the services depending on the load. These are different kinds of middleboxes. So the important point I wanna get across through this slide is the fact that there's a proliferation of middleboxes. And so lots of appliances have come aboard, and that is a nightmare from the point of the network management, which is what we'll talk about next.
