Slashdot Mirror

here are some other records (taken from here:

Current Records
IPv6 Category

Single Stream Class: 46,156 terabit-meters per second by a team consisting of members from the California Institute of Technology (Caltech) and CERN across 10,949 kilometers of network.

Multiple Stream Class: 46,156 terabit-meters per second by a team consisting of members from the California Institute of Technology (Caltech) and CERN across 10,949 kilometers of network.

IPv4 Category

Single Stream Class: 69,073 terabit-meters per second by a team consisting of members from the SUNET, the organization for the national higher research and education network (NREN) of Sweden, and Sprint across 16,343 kilometers of network.

Multiple Stream Class: 104,528 terabit-meters per second by a team consisting of members from the California Institute of Technology (Caltech) and CERN by sending 859 gigabytes of data across 15,766 kilometers of network in 1037 seconds (just over 17 minutes), for an average rate of 6.63 gigabits per second.

Which internet are you using?

Internet2

Only one Internet? What about Internet 2?

Yes, because keeping everything proprietary and under tight restrictions is guaranteed to make you rich and powerful.

(I'm going to use success rather than power from now on, since I imagine that is the goal for more people)

Success, alas, is the exception to anything. If any one strategy guaranteed success everyone would do it and nobody would be having this discussion.

Since success is a crap shoot anyway, I would rather become successful (which is a relative term anyway) doing something I believed in and enjoy doing. If I were working for a dilbertesque software company that tried to lock everyone into their proprietary solutions, litigate away competition, and produced crappy software I might be more successful. I might even be driving a Mercedes instead of a Civic and live in a huge house instead of renting a duplex. But you know what, I wouldn't be believing in what I do every day and I would likely be miserable. I might not even be that successful since I don't know where I would find motivation.

No thanks, I'll just keep my non-competitive University job where I love what I do, I get to play with cool open source technology, and I get to keep my lofty ideals. I'm happier this way. And, dare I say, more successful :)

Finkployd

Project Liberty is more along the lines of federated authentication, not identity validation. If you're looking at federatted authentication, you might also want to look at Shibboleth by Internet2.

Project Liberty is more along the lines of federated authentication, not identity validation. If you're looking at federatted authentication, you might also want to look at Shibboleth by Internet2.

http://ca.freeicp.org -- for the Web CA
http://www.freeicp.org -- for the (rather old) main project wiki
See also the paper they published at NIST's 2nd PKI Research Workshop.

Liberty Alliance is working closely with the Shibboleth project (part of Internet2's Middleware Initiative) which is is similar but doesn't even have a centralized server with account info. It is purely a federation, and the central "wayfarer" server just helps point the users' browser to the right local authentication servers, and the user can use that along with browser redirection magic to do single sign on to web servers in the federation. It also is designed to be able to preserve pseudonymity ("the user is authorized to access these journal articles because they are a member of the Ohio State university community").

Your momma's so fat it took me 3 days to download her using internet2.

In particular, if you divide their bandwidth to the Internet, by the number of students, I bet you get a lot less than gigabit.

No, an internet connection doesn't really need to be fibre based. But internal network activity will benefit, and fibre will give them room to grow.

Plus, this will prepare them for an Internet2 upgrade in the future.

I don't see the necessity for most of this stuff...

Now, I haven't been back in school several years, but would this partly be so that students can be involved in the Internet2 project?

Again, I don't know a whole lot about how students are allowed to be involved on a personal level, but Internet2 sounds like a plausible fit.

Check out Internet 2. Transfer speeds of amazing proportions. Come one, come all! Step right up.

Right now. Read the article, because it's obvious a great number of people haven't. This isn't running over Internet2 (which it seems a lot of people think is happening), because as far as I know, Sprint doesn't connect to Internet2. You can find the list of corporate sponsers here, and Sprint isn't one of them. The article shows that it went from the SUNET core to the Sprintlink network (which is Sprint's dedicated IP network, so if you connect to AS1239, you're connected to it). If you've got OC192 capabilities at your site (and trust me, there's a number of people who do), you too can enjoy these benefits.

As for limitations and vulnerabilities... It's IPv4. They went for speed. I doubt they tried to encrypt the data, they didn't put it in a VPN, and AS1239 is a major backbones of the Internet, so it's out there for all to see. Combating the limitations of IPv4 wasn't really the point of all this.

Did they check for any inband compression? They data they're sending isn't randomised.

Did you just make that up? I googled 'inband compression' and 'in band compression' and got less than 10 hits for each. Anyway the rules state the data must be the same when it reaches the destination and be verified by a checksum and that the data must vary in content.

"According to the Internet2 LSR contest rule #5A, IPv4 TCP single stream"

The Internet2 Detective is a small binary that will check to see if your host is connected to Internet2.

http://detective.internet2.edu/

Here's your answer:

Internet 2

If you are wondering, "hrm, am *i* on intarwebs 2?"...most likely, no, but they have a tool to check for you, just nab it and try.

We use it heavily on campus and are quite active in the Access Grid. Great stuff.

As for fragmenting down, it might be easier to do that with a router that you actually have software control over (i.e. an old, low power linux box). I don't really have any experience with this on a home network, so...

Sujal

I think it looks very interesting, and it is much better than both Passport and Liberty Alliance in that you control your own data and decide yourself what you want to share (if I have understood it correctly).

I haven't seen it been discussed a lot on /., and:
2004-02-22 20:10:08 Shibboleth For User Info Exchange (developers,privacy) (rejected)

Fool, I2 is just another backbone. It's nice because it makes transfers between many US universities quite fast.

Universities are blocking BitTorrent because it's consuming gigantic quantities of bandwidth. 13% of Internet2 bandwidth is P2P traffic, for example--and more than half that is BitTorrent (32 terabytes). And this is on an academic, educational network. Somehow I doubt all those data are DNA sequences and radiotelemetry :) Let's be completely unrealistic for a moment and posit those are all legal, noninfringing file transfers. It's still not in my university's charter to finance me downloading the latest Moe show of etree. It's just not. And given I go to the University of California (currently broke), it's one of the first things they should be cutting down on.

The Internet 2 project provides gimongous amounts of bandwidth between Major Research Universities in the US and Canada. If you've got a gigabit outbound connection and decent file sharing, you quickly run out of stuff to pirate :-) After all, Hollywood and Bollywood together don't put out more than a few movies per day, and they take about 5 minutes per DVD at those speeds - IF there's an application that can use the bandwidth effectively. Add in a hundred new audio CDs per day, and you're still done with piracy by 1am. The Internet2 front page currently references the Bittorrent article...

Internet-2 is a research network, not a commercial network. It is not mainly used for email, although it could be. Since it is not a commercial network, most malicious use (like SPAM) is kept to a minimum. You can read about it at the Internet-2 website.

You should contact some of the people doing the Internet2 project.

They've got to have a bunch of high-bandwidth tests.

If you have trouble contacting them, I have a friend that works with them through Educause.

T

The people who were giving the demo were the Internet2 crew - they would know what bits you needed to make this work.

If you look at what is proposed, it describes clients sending tokens like this:

GET http://www.webserver.com/webpage.html HTTP/1.1
Authorization: JabberTicket 54yudvjhssa76dta6sgdst78r4sadsfjdhs...

now apart from the nitpicking complaint that they should use example.com as the test domain (follow link to see why), its obvious that this needs client-side support. With browser rollouts being mindnumbingly s l o w, that means they are probably targeting web services, or non-browser clients, or must be building a browser extension?

Secondly, the spec for the client request for a ticket doesnt include any authentication info whatsoever. Ok, this means they must be doing that in 'some other protocol' (presumably Jabber + SASL). They could be a bit clearer... this part basically requires you to have a fairly complete XMPP implementation in order to get at the apparently simple ticket service.

Mark me down as unconvinced. Take a look at Shibboleth and OpenSAML to see what others are doing in this space - they are already doing single sign on, and it already works (OpenSAML does have the downside of being affected by a free-to-license RSA patent).

We have integrated sites into Athens (SSO for the UK EDU/GOV sectors), which is similar to Shibboleth in scope, and doesn't require browser changes.

You didn't pay much attention in your high school government class, did you? Or maybe you were too involved in the details of the government to see the bigger picture.

There is nothing more to the constitution than "I will give up some of my freedoms and in return you will give up some of yours." The whole document, from Preamble to Amendment XXVII, is simply working out how the citizens, state governments, and federal government will divy up the available freedoms. That's it. That's the whole document. The minutae, the paragraphs of information, are just working out *how* those rights get split up. Just like the minutae of IP (packet sizes, routing, port numbers, backbone wiring) is just working out *how* the packets get from A to B. The citizens say, "We will give up our right to make laws directly, and in return the two governments give up the right to hold office longer than we want them to." The state government says, "I will give up my right to have my own army, and in return, the federal government will give up its right to not defend me." And so on. Anything else that's involved (such as the laws themselves, or the governmental departments, or the government-sponsored programs) is just building upon that one foundation. Everything goes back to the constitution, and anything that doesn't agree with it gets rewritten or thrown out by the Supreme Court. Just like additional protocols, like email, news, HTTP, UDP, and LAN are built upon the IP foundation to create a working system.

Take a step back and look at it as a big picture. We agreed to form a bunch of states. We agreed to combine those states into a federation called The United States. We agreed on a single currency for all the states. We agreed on a method for choosing our leaders. What happens if members of the system don't agree to the above? In small cases, the members are taken out of the system (prison). In more extreme cases, the whole system collapses into civil war (for reference, see 1861-1865). What happens when a computer doesn't agree to the IP, and refuses a packet? That computer is taken out of the system. In more extreme cases, many computers refuse packets, and the system falls apart. The bit doesn't get from A to B, and the internet is down.

The whole point of the article is the big picture. It doesn't matter what we call the internet. It's just a big system, and the authors of the article are simply defining what that system is, since most of the commercial sector seems to have lost track.

Oh, and Internet2 is not a seperate internet. It's a consortium of people working out new systems for the internet. Read the FAQ.

The only alternative at this point is to start a new internet, completely seperate from the existing network. Maybe the spammers and advertisers could be kept at bay for another decade or so.

You mean like this?

You might try looking for universities that operate a GigaPoP like the one at Pittsburgh Supercomputing Center (associated with CMU and Pitt). One CMU undergrad did an internship there (see the image and caption titled "Undergrad Excellence") and was hired after graduation.

You'll find other GigaPoPs listed on the Internet2 site.

Right from the Internet2 website: list of lead Universities working on Internet2.

One piece of this that is not getting much attention right now (that would probably be of interest to /. readers) is the registration system. I'm not getting into the politics of this, the DRM or the "right or wrong" arguments.

In this initial rollout PSU and Napster decided to limit the service to students living in the residence halls. It does not matter which of the 21 campuses you are on, just that you live in a res hall.

We also needed to ACTIVELY protect the privacy of the students, not just to comply with FERPA but because we are not in the business of providing marketing data to private institutions.

The way we went about this was to use the Internet2 Middleware Initiative's Shibboleth software. Similar to Liberty in that it is a federated single sign on system that uses SAML, it is one of the unsung heros in this.

Without getting into TOO much low level detail of how Shib works (which is available at the above link for those interested), here is a quick overview of what we are doing:

Basically PSU students are redirected to Napster's shibboleth protected registration webpage (this shib component is an Apache auth module) which sends them back to a PSU server to do the actual authentication. The student authenticates to the web server (kerberos backended userid and password). This server is also a component of Shib and it redirects the user (actually an http post) back to the Napster reg system along with a SAML authentication assertion.

The SAML authentication assertion is a blob of XML data that contains an opaque handle for the user (used in the next step) and a URI back to the last piece of Shibboleth at PSU called the Attribute Authority. This assertion is also digitally signed with an x.509 cert (w3c's XML-Signature spec) so that Napster knows it can trust this (not tampered with, generated from a rogue "man in the middle" server, etc).

The last step is when Napster makes an SSL wrapped call to the Attribute Authority requesting attributes about the student who is trying to get in. Remember up to this point all they know is his opaque handle (long string of numbers which uniquely identifies the user, but provides no information). The Attribute Authority looks as the cert of the requesting server, sees that it is Napster and queries LDAP for the data about the user that it is allowed to release. This is configurable to be anything we have, name, email, address, department, semester standing, etc. HOWEVER we only pass TWO things to Napster. (1) an entitlement string that identifies whether or not that user is allowed to get this service, and (2) a persistent opaque handle, which is basically the userID encrypted with the name of the target site and a secret seed value.

The entitlement string is generated at PSU and is populated in the user's LDAP entry based on the criteria that was set (res hall students only for now) and the persistent opaque handle gives Napster something to look at to make sure each students only registers once, but they still have no idea who that user is or anything about them other than that they are a student at PSU in a res hall.

Now if the student chooses to use their PSU email address when creating their Napster account, or gives them their CC number because they want to purchase songs that is their decision. The doubleplus good factor here is that PSU does not give that data up. We merely assert on the user's behalf that they are allowed to sign up under this agreement.

This Shibboleth stuff is running on Linux at both places and with the exception of requiring Java at the Origin end (PSU), is entirely comprised of open source software. The Napster guys we worked with were also very clueful and were definitely down with Linux, using it except where Windows was necessary (WMA streaming)

So I are very pleased at what

One piece of this that is not getting much attention right now (that would probably be of interest to /. readers) is the registration system. I'm not getting into the politics of this, the DRM or the "right or wrong" arguments.

In this initial rollout PSU and Napster decided to limit the service to students living in the residence halls. It does not matter which of the 21 campuses you are on, just that you live in a res hall.

We also needed to ACTIVELY protect the privacy of the students, not just to comply with FERPA but because we are not in the business of providing marketing data to private institutions.

The way we went about this was to use the Internet2 Middleware Initiative's Shibboleth software. Similar to Liberty in that it is a federated single sign on system that uses SAML, it is one of the unsung heros in this.

Without getting into TOO much low level detail of how Shib works (which is available at the above link for those interested), here is a quick overview of what we are doing:

Basically PSU students are redirected to Napster's shibboleth protected registration webpage (this shib component is an Apache auth module) which sends them back to a PSU server to do the actual authentication. The student authenticates to the web server (kerberos backended userid and password). This server is also a component of Shib and it redirects the user (actually an http post) back to the Napster reg system along with a SAML authentication assertion.

The SAML authentication assertion is a blob of XML data that contains an opaque handle for the user (used in the next step) and a URI back to the last piece of Shibboleth at PSU called the Attribute Authority. This assertion is also digitally signed with an x.509 cert (w3c's XML-Signature spec) so that Napster knows it can trust this (not tampered with, generated from a rogue "man in the middle" server, etc).

The last step is when Napster makes an SSL wrapped call to the Attribute Authority requesting attributes about the student who is trying to get in. Remember up to this point all they know is his opaque handle (long string of numbers which uniquely identifies the user, but provides no information). The Attribute Authority looks as the cert of the requesting server, sees that it is Napster and queries LDAP for the data about the user that it is allowed to release. This is configurable to be anything we have, name, email, address, department, semester standing, etc. HOWEVER we only pass TWO things to Napster. (1) an entitlement string that identifies whether or not that user is allowed to get this service, and (2) a persistent opaque handle, which is basically the userID encrypted with the name of the target site and a secret seed value.

The entitlement string is generated at PSU and is populated in the user's LDAP entry based on the criteria that was set (res hall students only for now) and the persistent opaque handle gives Napster something to look at to make sure each students only registers once, but they still have no idea who that user is or anything about them other than that they are a student at PSU in a res hall.

Now if the student chooses to use their PSU email address when creating their Napster account, or gives them their CC number because they want to purchase songs that is their decision. The doubleplus good factor here is that PSU does not give that data up. We merely assert on the user's behalf that they are allowed to sign up under this agreement.

This Shibboleth stuff is running on Linux at both places and with the exception of requiring Java at the Origin end (PSU), is entirely comprised of open source software. The Napster guys we worked with were also very clueful and were definitely down with Linux, using it except where Windows was necessary (WMA streaming)

So I are very pleased at what

Most call it the "Internet land-speed record"
More info at http://lsr.internet2.edu/
Also, the fastest router from juniper networks, to my knowledge, is the m160, capable of forwarding 160 GB/s. But, that is spread out over several interfaces.
-n

...the Internet2 Land Speed Record, which is included in the the Guinness Book of World Records. The actual marks are bandwidth x distance

Wow, you could not be any more wrong. Ever heard of Internet2 or Abilene? Look into it, it'll be delightfully refreshing.

The point about the routers is that they can force every one downstream of them to comply with the Trusted system. Any ISP using it denies service to any user without a Trusted PC. Backbone routers could enforce it on all ISP's and thus enforce it on ALL end users.

How does it exchange this proverbial trusted computing authorization across autonomous systems? Doing this at the access layer is not difficult, it just requires dynamic ACLs (WHICH ARE NOT NEW). Doing this across the backbone is a completely different story and requires a rewrite of how autonomous systems interoperate.

Wow, you could not be any more wrong. Ever heard of Internet2 or Abilene? Look into it, it'll be delightfully refreshing.

The point about the routers is that they can force every one downstream of them to comply with the Trusted system. Any ISP using it denies service to any user without a Trusted PC. Backbone routers could enforce it on all ISP's and thus enforce it on ALL end users.

How does it exchange this proverbial trusted computing authorization across autonomous systems? Doing this at the access layer is not difficult, it just requires dynamic ACLs (WHICH ARE NOT NEW). Doing this across the backbone is a completely different story and requires a rewrite of how autonomous systems interoperate.

Internet2 is a research network for developing and testing new protocols/applications/technologies related to networking. It consists primarily of universities and other research facilities, but there are several companies (like mine) that are also participating in it.

There are much higher hardware standards for the routing equipment and overall Internet2 is currently operating at around 100x the speed of the "conventional" internet. (My company has a video and audio collaboration package that just rocks with that bandwidth, for instance)

I2 is not intended to replace "the" Internet, but just serve as a proving grounds for many of the technologies that might be part of "the" Internet soon.

For more information, just check out www.internet2.edu and read the "About Us" sections.

Aww, good for those Internet2 users. All 15 of them.


There are around 130,000 Internet2 (actually Abilene) at my university

Finkployd

We are using federated identity in the higher education world via an Internet2 called Shibboleth which is very similar to Liberty (both based on SAML). It has been somewhat successful in our setting.

The rational for why we wanted is was that we (Penn State University) have a very strong central authentication and account management system. That is all well and good for internal services but like any university we license resources from external entities. Such as Webassign (popular web resource for Physics students), and various library resourses like OCLC, JSTOR, etc. Shibboleth allows our students to not have to create accounts on these resourses (and remember different userids and passwords) but use their PSU access id and password.

So to carry this over to the commercial side of things with liberty, they have the concept of an identity providor. This could be your bank, your isp, whatever. You only have to create an account with them, then you can use liberty to "assert" your identity to other commercial sites. Along with that you can choose to pass attributes like your credit card number, your shipping address, whatever. The benefit being that you do not have this data stored on mutiple databases at various companies, nor do you have multiple accounts to deal with at various companies.

Finkployd

WS:Federation does.

In the federated identity world, the showdown is going to come between Liberty and WS:Fed. Liberty currently has the advantage of actually existing, and the spec followed a very open and transparent development model that was very inclusive (as spec development goes). WS:Fed on the other hand was developed behind closed doors by Microsoft and (to a lesser extent) IBM, and is just now applying for standards body recognition.

Another noteworthy point is that Liberty by design is very similar to Shibboleth, an Internet2 Middleware initiative for higher education federated authentication/authorization that has been very successful. Both are built off of Oasis's SAML spec. Shibboleth however places far more emphasis on user privacy.

Finkployd

There actually is an internet2 project afoot, and it doesn't involve string.

Well internet #1 is done now.

Internet #2 is reserved for academia.

Looks like we need to form Internet #3, base it solely upon wireless technology, no wires or fiber allowed in the interconnections across land Vast networks of combinations of omni and high-gain directional antennas connected to wi-fi bridges and AP's can link together like a frog hopping from lilypad to lilypad. By the time your packets cross the country from "lilypad" to "lilypad", the additive latency will suck, but your data will eventually get there. Necessity will provide the fuel for true innovation (not MS's flavor of innovation)in finding solutions and workarounds to overcome the technical difficulties that will arise. We will be no slave to any telco or giant greedy ISP. Everyone who chooses to be a member and join, will have to contribute to the maintenance and betterment of this network and your contributions and behavior will judged by your fellow peers in the online community. If you don't play fair, you get ostracized and kicked out of the community.

Whaddya think?

To win a Landspeed Record (that is what we're talking about), you do not to get just a high bandwidth, but you got to have a high bandwidth across a big distance.

That's why the parameter you need to blow is "megabit-meters/second", not just megabit/second. At least that's what it says on the award I'm just holding in my hand (one of the older awards which was already shattered to pieces previous year ;-) ).

Currently, we offer Red Hat and Mandrake ISOs at I2-DSI. If people are interested in more trailers, send email to atchley at cs dot utk dot edu.

I made a web page that catalogs the reasons why I think that Verisign is wrong in itroducing *.COM and *.NET wildcard A records: Verisign NET and COM Wildcards Considered Unethical.

Anybody else feel like you just want to start over, with only good people involved, and remake the internet? None of this patent crap, none of this copyright bullshit, just pure standards that are actual standards. Uncompromised and pure. No restrictions on data, short of the physical line speeds.

Do away with the physical line speeds too and you've got Internet2...at least until it goes public one day.

...simple info on IPv6: http:// www.internet2.edu/resources/infosheetIPv6.pdf

Some companies provide loaner equipment to universities. It would be interesting to find something that is of interest/use on your campus and then get some hardware to play with. Videoconferencing equipment (end point stations and MCUs) might be a good start.

SIP and VOIP. This is something that is cool, fun and fairly accessible to folks with a decent network connection. And, if you have the energy, the administration on your campus might be interested to hear that it could save them money.

Games. Games are an interesting and fun topic. With a bit of thought, a talk could be constructed that mixed fun with learning (grin).

Internet2 Days. Advanced Networking. If you are at a school that is involved in Internet2, there are resources that are available.

Microsoft Resrach Group. Evil blah blah yes, whatever. Say what you will, but they are still smart people. Your login indicates that you might be interested in HCI, so Dumais's site might be a good start. Other companies are also listed in various places.

GRID. buzz buzz buzz. You say that no marketing hype is allowed. Well, for all the buzz about GRIDs, the folks that can give you the skinny are prob to be found here. Depending on your location, asking one of them might just get a visit.

As you are at a university (and I am assuming you are in the U.S.), you might find that someone from the NSF would be able to give you some interesting insights into what they consider to be important, interesting and fundable. Again, not sure how successful you would be at getting anyone to visit, but it is a a starter for ideas.

Lastly, many of the folks that you might want to have present will be busy. It might be worth considering an interactive presentation over video. Sounds cheezy, but many folks are used to this type of presentation.

Check out slide 22 (warning, PowerPoint ahead!) of this presentation

I mean, geez, the pr0n market alone, not to mention waReZ or college kids--this is Internet2 we're talking about-- and their MP3s, should have found this niche, filled it, and have seen new legislation about it by now, if the normal rules applied here...

--Kimota!

...simple info on IPv6: http://www.internet2.edu/resources/infosheetIPv6.p df