Network traffic management techniques have been developed that enhance performance of TCP based applications by applying various compression algorithms to data traffic between two routing devices on a network. The enhanced services such as data compression and data acceleration are provided within the same network stream established between two endpoints, instead of through tunnels or other data streams. This transparent data transfer technique allows for the network traffic to be monitored with normal networking tools.
In some cases, a first routing device between the two endpoints may compress traffic in between the first routing device and a second routing device. Further, the routing devices may alter packet sequence numbers. Once the traffic reaches the second routing device, the data packets may be decompressed and given the original sequence number.
Problems arise when a state tracking firewall, or intrusion prevention system (IPS) is interspersed somewhere within the traffic flow between the two endpoints. State tracking firewalls and IPS may drop TCP packets with modified sequence numbers. This prevents the compressed data packets from reaching a destination. On the other hand, if a routing device used to decompress data packets fails while using original sequence numbers, the endpoint may try to process the compressed data packets as if they were uncompressed, leading to data corruption.
Accordingly, what is needed is a technique for providing enhanced traffic services to traverse each section even when there is a state tracking firewall.
OVERVIEW
Embodiments of the disclosure may be used to optimize communications between a first routing device and a second routing device. The first routing device may receive a packet for forwarding towards a destination. The first routing device may modify the packet to announce the presence of the first routing device to other routing devices. Thereafter, a second routing device may receive the modified packet and recognize the presence of the first routing device. In turn, when sending a packet back towards a source address identified in the modified packet, the second routing device may modify such a packet to announce the presence of the second routing device to the first routing device. Thereafter, the first and second routing device may optimize traffic between the first and second routing device.
For example, the first packet may be modified such that a copy of a then current time-to-live (TTL) value in an IP header of the first packet is stored in a field of a TCP header of the first packet. The first packet may also be modified to include an indication of one or more data compression algorithms supported by the first routing device. Similarly, the second packet may be modified by the second routing device such that a copy of a then current time-to-live (TTL) value in an IP header of the second packet is stored in a field of a TCP header of the second packet. The delta TTL values may be computed or exchanged between the first and second routing devices. Once this occurs, the first and second routing device may optimize traffic between the first and second routing device. For example, routing devices may modify compress/decompress data payloads sent between the first and second routing devices.
Advantageously, as network traffic between the first and second routing devices may be optimized without modifying to a packet sequence number (e.g., in a TCP header structure) compressed traffic may pass through a state tracking firewall or intrusion prevention system (IPS) without being dropped. Further, by modifying the TTL value in this way, should one of the first or second routing devices fail, packets with optimized (e.g., compressed) traffic do not inadvertently reach a destination.