Hermes: A General-Purpose Proxy-Enabled Networking Architecture
Behrooz Farkiani, Fan Liu, Ke Yang, John DeHart, Jyoti Parwatikar, Patrick Crowley
TL;DR
Hermes introduces a general-purpose, proxy-enabled networking architecture that overlays end-user devices with reconfigurable proxies controlled by a central plane to address four core Internet service-delivery challenges: end-to-end traffic management, backward compatibility, data-plane security/privacy, and an adaptable communication layer. By carrying IP traffic over HTTP using MASQUE-tunneled overlays, Hermes provides backward-compatible translations, reliable delivery in noisy or unstable networks, unified Layer 3–7 policy enforcement, and a flexible substrate for experimental architectures like NDN. The prototype, built with Envoy-based proxies, an overlay controller, and assisting components, demonstrates modest per-hop tunneling overhead (typically under $2$ ms) and shows latency reductions at scale through pooling and multiplexing, while maintaining compatibility with existing infrastructure. Overall, Hermes offers end-to-end control and observability across networks without requiring changes to applications, enabling more reliable, policy-driven service delivery and serving as a practical platform for future Internet architectures and experiments.
Abstract
We introduce Hermes, a general-purpose networking architecture that aims to improve service delivery over the Internet. Hermes delegates networking responsibilities from applications and services to proxies and is designed as a portable, adaptable solution to four fundamental challenges of efficient service delivery over the Internet: end-to-end traffic management, backward compatibility, data-plane security and privacy, and adaptable communication layers. The design centers on an overlay of reconfigurable proxies and HTTP tunneling and proxying techniques, utilizing assisting components to extend proxy functionality when needed. Through prototyping and emulation, we demonstrate that Hermes improves key performance metrics across multiple use cases: it provides backward compatibility through protocol translation and tunneling, improves reliability by delegating retry logic to proxies, enables unified policy-based Layer 3 routing across network segments, and serves as an efficient substrate for future architectures like NDN, facilitating their operation over the Internet. Beyond evaluating Hermes across various use cases, we measured the overhead of Hermes' HTTP tunneling and proxying mechanisms and found it to be modest, typically under 2 ms per hop. With workloads of up to 1000 concurrent requests, we also show that Hermes proxies can amortize connection setup time and reduce end-to-end latency compared to direct no-proxy baselines.