Transparent middlebox graceful entry and exit

What is claimed is: 1 . A middlebox, comprising: a processor configured to determine that a network connection between a client device and a server device is idle; a connection table configured to create a first connection entry at the middlebox for the client device and a second connection entry at the middlebox for the server device, where the first and second connection entries are initialized after determining that the network connection between the client device and the server device is idle; and a network control module configured to activate redirection of the network connection between the client device and the server device to the middlebox after determining that the network connection between the client device and the server device is idle. 2 . The middlebox of claim 1 , wherein the network monitoring module is further configured to receive network information at the middlebox from a hardware tap to monitor network state information. 3 . The middlebox of claim 1 , wherein the network monitoring module is configured to receive network information at the middlebox from a separate network monitoring device to monitor network state information. 4 . The middlebox of claim 1 , wherein the middlebox is in-band with the network connection between the client device and the server device. 5 . The middlebox of claim 4 , wherein the network control module is further configured to change rules at the middlebox from routing to redirection to activate redirection. 6 . The middlebox of claim 1 , wherein the middlebox is out-of-band with the network connection between the client device and the server device. 7 . The middlebox of claim 6 , wherein the network control module is further configured to direct a router device to redirect the network connection between the client device and the server device through the middlebox to activate redirection. 8 . The middlebox of claim 1 , wherein the processor is further configured to determine that no information has been sent between the client device and the server device for at least a predetermined period of time to determining that the connection is idle. 9 . The middlebox of claim 1 , wherein the processor is further configured to determine whether the network connection between the client device and the server device would benefit from the middlebox's intercession based on monitored packet loss and round-trip times and to trigger the idle determination, the connection entry creation, and the redirection activation based on said determination. 10 . The middlebox of claim 1 , wherein the state information includes one or more of an IP address, port numbers, transport control protocol (TCP) sequence numbers, TCP options, and a congestion window. 11 . A middlebox, comprising: a processor configured to determine a degree of mismatch between a sequence number in a first connection between the middlebox and a client device and a sequence number in a second connection between the middlebox and a server device; and a network control module configured to delay acknowledgment signals from the middlebox on a connection to decrease the degree of mismatch between sequence numbers and to establish a direct connection between the client device and the server device without mediation by the middlebox upon a determination that the degree of mismatch between sequence numbers is zero. 12 . The middlebox of claim 11 , wherein the respective sequence numbers for the connection between the middlebox and the client device and for the connection between the middlebox and the server device are initialized to a same initial sequence number. 13 . The middlebox of claim 11 , wherein the network control module is configured to delay acknowledgment signals in the first connection between the middlebox and the client device. 14 . The middlebox of claim 11 , wherein the network control module is configured to delaying acknowledgment signals in the second connection between the middlebox and the server device. 15 . The middlebox of claim 11 , wherein the middlebox is in-band with the network connection between the client device and the server device. 16 . The middlebox of claim 15 , wherein the network control module is configured to switch rules at the middlebox from redirection to routing to establish a direct connection between the client device and the server device. 17 . The middlebox of claim 11 , wherein the middlebox is out-of-band with the network connection between the client device and the server device. 18 . The middlebox of claim 17 , wherein the network control module is configured to direct an external router to redirect the network connections between the client device and the middlebox and between the server device and the middlebox to exclude the middlebox to establish a direct connection between the client device and the server device. 19 . The middlebox of claim 11 , wherein the processor is further configured to determine whether the network connection between the client device and the server device does not benefit from the middlebox's intercession based on monitored packet loss and round-trip times and to trigger the determination of a degree of mismatch, the delay of signals, and the establishment of a connection based on said determination. 20 . A computer readable storage medium comprising a computer readable program for removing a middlebox from an existing network connection, wherein the computer readable program when executed on a computer causes the computer to perform the steps of: determining that a network connection between the client device and the server device is idle with a processor; creating a first connection entry at a middlebox for the client device and a second connection entry at the middlebox for the server device, where the first and second connection entries are initialized after determining that the network connection between the client device and the server device is idle; and activating redirection of the network connection between the client device and the server device after determining that the network connection between the client device and the server device is idle.