- Is Web caching bad for the Internet? Debate on this question raged within the Internet engineering community last week, as leading Web-caching vendors caught flack for a communications protocol they developed to support load balancing and network-traffic redirection.
At issue is the Network Element Control Protocol (NECP), a general-purpose technology that supports secure, flexible communications between servers, switches and network devices. NECP is supported by some of the hottest companies in the Internet industry: Akamai Technologies, Foundry Networks, Inktomi, Alteon WebSystems, Novell, Radware and Network Appliance
These companies have submitted NECP to the Internet Engineering Task Force for publication as an informational document. NECP is embroiled in controversy because some IETF leaders say one likely use of NECP - as an interception proxy - violates the Internet's fundamental design.
An interception proxy functions as a middleman between an end user and the server the person is trying to reach. The interception proxy pretends to be the destination server, providing content or a network service faster to the end user. One benefit of interception proxies is they require no end-user configuration.
However, interception proxies violate the IP standard by breaking the end-to-end nature of the communications technology and causing interoperability problems. The proxies also alter communications without the knowledge or approval of end users or destination servers.
Interception proxies are used by AOL and other ISPs to manage traffic from dial-up customers accessing the Internet. In fact, 25% of the world's ISPs use interception proxies, according to Peter Danzig, vice president of technology at Akamai.
Despite their widespread use, interception proxies are a hot button in the IETF. A recommendation from one prominent participant in the debate was for the IETF to refuse to publish NECP because it supports interception proxies. That comment sparked more than 100 e-mail postings last week.
The debate pits IP purists, who argue that the IETF should not encourage the use of interception proxies, against pragmatists, who argue that standardisation of this common practice is useful.
Keith Moore, who recently ended his term as co-director of the IETF's applications area, launched the NECP debate with a blistering attack on interception proxies posted to the IETF's main mailing list. Moore questioned the legal and "moral" implications of interception proxies and asserted that they degrade the interoperability of the Internet.
"I raised this objection to make a point," Moore says. "Interception proxies increase the complexity of the Internet and cause more problems than they solve. . . . This is not something that we want to encourage."
Moore doesn't object to interception proxies on LANs, where a company might use them to balance traffic between its servers or on a content-provider network, where the traffic interception is done on behalf of a customer. He objects to ISPs using interception proxies in the backbone of the Internet without users' knowledge or approval.
Moore considers this practice immoral because the interception proxy impersonates other hosts and forges network traffic.
"The problem is when an unauthorised third party, such as an ISP, puts an interception proxy between its dial-up customers and the 'Net,'" Moore says. "They're imposing themselves between the [end user] and the content provider - two parties that expect integrity of communications."
Though Moore's views on NECP are extreme, many IETF participants share his concern about interception proxies.
"[Moore's] point of view is very widespread within the IETF," says John Dilley, a distributed systems architect at Akamai and co-editor of a document that outlines known problems with Web proxies and caching. "Interception proxies violate the spirit of TCP, which is an end-to-end transport protocol."
Dilley says ISPs use interception proxies because they make sense from a business perspective and no viable alternative exists. "The market voted," he says, adding that Akamai uses explicit rather than interception proxies in its network. "I don't think anyone really loves that they can do this. They do it because they must."
Dilley says the IETF should develop a protocol that lets browsers automatically discover local proxy servers, which would eliminate the need for ISPs to deploy interception proxies. One such protocol - called Web Proxy Auto Discovery - was proposed by Microsoft, Sun and other companies, but it has not gained much support within the IETF.
Ted Schroeder, a system architect with Alteon, says NECP has become a scapegoat in a larger debate on interception proxies. "The truth is, we have [interception proxies] all over the world. Whether you like them or not, they will continue to exist. And a lot of companies are making a lot of money building them," he says.
A 2-year-old initiative, NECP is an open protocol that replaces several proprietary protocols used by Web-caching devices to communicate with servers and switches. Although it was created for Web-caching and load-balancing applications, NECP can be used for other applications because it allows any server to talk to any network device.
NECP will be supported in products due out this year from Radware, Network Appliance and others.
"What NECP is really about is enhancing the interoperability and efficiency of load balancers and servers," says Edward Sharp, business development manager at Network Appliance. "This is particularly important as we get into advanced content types such as streaming media, where you can conceive of requests coming in for a 1M-byte stream staying open for two hours as someone requests a movie."
Despite the heated debate surrounding NECP, the IETF is expected to publish it as an informational document after references to interception proxies are removed along with a few other changes to the text.
"I doubt that we will literally block publication," says IETF chair Fred Baker. He says publishing such documents is valuable in terms of preserving the IETF community's memory about common networking practices, regardless of whether the practices are good or bad.
"Everybody that counts is in on this protocol," says Akamai's Danzig. "For the IETF to reject it at this point doesn't serve the purposes of the Internet. It puts them at odds with the architects of the Internet.''