我的书签
添加书签
移除书签Ossification
The internet is a network of networks. There is equipment set up on theInternet in many different places along the way to make sure this network ofnetworks works as it is supposed to. These devices, the boxes that aredistributed out in the network, are what we sometimes refer to as middle-boxes.Boxes that sit somewhere between the two end-points that are the primary partiesinvolved in a traditional network data transfer.
These boxes serve many different specific purposes but I think we can say thatuniversally they are put there because someone thinks they must be there tomake things work.
Middle-boxes route IP packets between networks, they block malicious traffic,they do NAT (Network Address Translation), they improve performance, some tryto spy on the passing traffic and more.
In order to perform their duties these boxes must know about networking andthe protocols that are monitored or modified by them. They run software forthis purpose. Software that is not always upgraded frequently.
While they are glue components that keep the Internet together they are alsooften not keeping up with the latest technology. The middle of the networktypically does not move as fast as the edges, as the clients and the servers ofthe world.
The network protocols that these boxes might want to inspect, and have ideasabout what is okay and what is not then have this problem: these boxes weredeployed some time ago when the protocols had a feature set of thattime. Introducing new features or changes in behavior that were not knownbefore risks ending up considered bad or illegal by such boxes. Such trafficmay well just be dropped or delayed to the degree that users really do notwant to use those features.
This is called “protocol ossification”.
Changes to TCP also suffer from ossification: some boxes between a client andthe remote server will spot unknown new TCP options and block such connectionssince they do not know what the options are. If allowed to detect protocoldetails, systems learn how protocols typically behave and over time it becomesimpossible to change them.
The only truly effective way to “combat” ossification is to encrypt as much ofthe communication as possible in order to prevent middle-boxes from seeing muchof the protocol passing through.
