Modern networks often deploy a range of middleboxes, which are network appliances configured to perform a variety of services or functions. Exemplary middleboxes include wide area network (WAN) optimizers, proxies, caches, intrusion detection systems (IDS), intrusion prevention systems, network-level and application-level firewalls, application-specific gateways, and load-balancers. A service router may be considered a middlebox that performs not only forwarding or routing functions like a switch or a router, but also additional higher-value functions or network applications, such as packet tagging, firewall, intrusion detection/prevention, encryption, load-balancing, and WAN acceleration. According to several studies reporting on the rapid growth of middlebox deployment, the middlebox market for network security appliances alone was estimated to be 6 billion dollars in 2010, and expected to rise to 10 billion in 2016. In today's networks, a number of middleboxes may be comparable to a number of routers. Thus, middleboxes have become an important part of modern networks, and it is reasonable to expect that they will remain so for the foreseeable future. Middleboxes may be vital parts in various networks, such as enterprise, internet service provider (ISP), and datacenter networks.
However, today's middleboxes may be expensive and closed systems, with little or no hooks and application programming interfaces (APIs) for extension or experimentation of functionalities. Each middlebox may be built on a particular choice of hardware platform, and may support only a narrow specialized function (e.g., intrusion detection or WAN optimization). Further, different middleboxes may be acquired from independent vendors and deployed as standalone devices with little uniformity in their management APIs. Thus, it may be desirable to improve the architecture of middleboxes or service routers to better consolidate diverse functions.