Ars Technica prominently featured QUIC today. I don't know too much about QUIC and after falling down the rabbit hole for an hour or so, I emerged with a basic understanding of it.
The idea is that TCP is too slow and middle boxes are too aggressive in muddling with TCP flows, so QUIC runs on UDP. It assumes the useful functions of TCP and brings them up a layer, so the application deals with managing window sizes, acknowledgements, and congestion.
The philosophy of QUIC interests me more than the technical implementation. What some of us know on more personal terms - systems and networks are opposing forces - has reared its head within a modern standard. In my experience, network engineering's wants and needs are at odds with systems engineering's wants and needs. In my opinion QUIC is a modern manifestation of this opposition, standardized!
We stand at the precipice of convergence, where networks and systems join forces. SDx, NFV, DevOPs/Infrastructure as Code, etc., are supposed to be the new guiding principle of our (systems and networks) future, but Google saw the problem with this idealism and the IETF clearly digs it, and now we have HTTP/3. A protocol explicitly designed to work around not just TCP's limitations, but the limitations imposed on TCP traffic by network nodes. Namely firewalls.
If syn, syn-ack validation is no longer an option, a foundational feature of firewalls is rendered moot. If all data above layer 4 is encrypted, many of the NGFW investments in DPI are rendered moot. The security push for zero trust is an interesting one and it seems like QUIC might mainstream some of those ideas. Maybe the network can knock off some of its feature creep (ossification, as the QUIC folks like to call it) and go back to a more commoditized state. I'm down for that.
No comments:
Post a Comment