The increasing demand for low-latency, high-
bandwidth connectivity has introduced novel challenges to de-
livering strong resilience guarantees in production network envi-
ronments. Closed hardware platforms, known as middleboxes,
that lack visibility and support for state retention remain a
key challenge for continuous service delivery during network
failures. These middleboxes rarely employ recovery mechanisms
of their own, inspiring renewed interest in the field of NFV in
recent years due to this gap within the industry. The increasing
availability of VNF capabilities in modern infrastructures offers
an opportunity to exploit the flexibility of software and use
hybrid architectures to improve resilience. Katoptron is a high-
availability service that propagates state between unmodified
hardware middleboxes and backup PNF or VNF appliances.
The platform utilises targeted packet mirroring to allow network
devices to organically construct equivalent state and thus allow an
easy transition between hardware and software. To demonstrate
its viability, we have evaluated Katoptron against a wide range of
common hardware middlebox use cases built using multiple open-
source packet processing frameworks. Results show upwards of
90% matching state with no observable delay to normal traffic
or impact on its functionality.