To address four key challenges—end-to-end traffic management, backward compatibility, data-plane security and privacy, and adaptability of the communication layer—this paper proposes Hermes, a proxy-centric architecture that pioneers a network-function offloading paradigm. Hermes decouples network functionalities from applications and unifies their management within reconfigurable proxies, leveraging a proxy overlay layer, HTTP tunneling/proxying, protocol translators, and a policy-based routing engine. It enables cross-subnet L3 policy routing, seamless protocol evolution, and lightweight deployment of novel architectures (e.g., Named Data Networking). Evaluation shows sub-2-ms per-hop proxy overhead; under 1,000 concurrent connections, Hermes significantly reduces end-to-end latency and amortizes connection establishment costs. Results validate improved reliability, consistent policy enforcement, and robust support for heterogeneous network architectures.

We introduce Hermes, a general-purpose networking architecture that aims to improve service delivery over the Internet. Hermes delegates networking responsibilities from applications and services to proxies and is designed as a portable, adaptable solution to four fundamental challenges of efficient service delivery over the Internet: end-to-end traffic management, backward compatibility, data-plane security and privacy, and adaptable communication layers. The design centers on an overlay of reconfigurable proxies and HTTP tunneling and proxying techniques, utilizing assisting components to extend proxy functionality when needed. Through prototyping and emulation, we demonstrate that Hermes improves key performance metrics across multiple use cases: it provides backward compatibility through protocol translation and tunneling, improves reliability by delegating retry logic to proxies, enables unified policy-based Layer 3 routing across network segments, and serves as an efficient substrate for future architectures like NDN, facilitating their operation over the Internet. Beyond evaluating Hermes across various use cases, we measured the overhead of Hermes'HTTP tunneling and proxying mechanisms and found it to be modest, typically under 2 ms per hop. With workloads of up to 1000 concurrent requests, we also show that Hermes proxies can amortize connection setup time and reduce end-to-end latency compared to direct no-proxy baselines.