Slashdot Mirror
DARPA Aims to Redo the Internet Protocol
Xaleth Nuada writes "The Defense Advanced Research Projects Agency's (DARPA) is looking to redo the entire Internet Protocol. With the DoD increasingly adopting network-centric warfare the shortcomings in the current IP have become resoundingly clear. Everything works fine for static hardwired networks. But not for dynamic wireless ones. The benefits for your average geek? How about REAL wireless networking? Easier network set-up? Increased wireless security protocol? Increased reliability in sending information?" Don't forget massive incompatibility and upgrade hassles. :)
Given the scale of the re-work proposals (replacing the Von-Nuemann architecture...), I'd be surprised if there wasn't some effort made to embed snooping and tracing into all packets transmitted. This *is* the DoD after all!
On the other hand, given how slowly IPv6 is making its way into the wider world, we probably don't have too much to worry about for the time being!
Simon
Physicists get Hadrons!
Perhaps they can include, as a side project, a revamp of some of the transport layer protocols. How about something to replace SMTP with a protocol designed to help lessen the wide-spread proliferation of Spam? Perhaps we should all just switch to Jabber and get rid of that whole email thing.
-- Stu
/. ID under 2,000. I feel old now.
Given the choice between adapting to bits of the old with patches and workarounds on top, and completely redoing something and starting from scratch, I'd rather see the latter - especially with something so embedded as IP.
Doing the former only puts it off, and will force a change further down the line, which leads to the possibility (likelihood?) of a rush job.
While we're at it let's kill off SMTP too and make a spamless email system =)
(Witness the MacOS9 -> OSX migration for a 'complete rewrite' success story)
Well, one of the improvements IPv6 does is better support for ad-hoc networking. Are they saying we need something even better than what that?
Or are they just talking about IPv6? IPv6 is just that -- Internet Protocol version 6.
Beware: In C++, your friends can see your privates!
stop complaining- it'll work on the old IP systems via tunneling. Was that really so hard?
In the future, I would want to not be isolated from my friends in the Space Station.
``Now, off to RTFA.''
or so I thought, but TFAHBS (The Fine Article Has Been Slashdotted). Anyway, some more thougts:
The claim seems to be that IP isn't suitable for mobile (ad hoc?) networks. But how can it not be? Basically, the fields that matter are the destination address and the length. I think that those are necessary and sufficient for communication. Source address could also come in handy if you want to hear if something went wrong. I don't see how this would be suitable for static networks but not dynamic ones. Or how it would be more vulnerable to cyberwarfare than an alternatives. I mean, it reveals the recipient (I think for some protocols you don't need to have a valid source address), but how else would you get the packet delivered?
Now, if this were about deficiencies in TCP or the routing system as it is employed, I would agree there are some. But we needn't redo IP, I think.
Please correct me if I got my facts wrong.
The link is down (Slashdotted probably) so I haven't read the article. Nonetheless, does DARPA really want to displace IP for the entire Internet or just for their own purposes? If it's the latter, then it shouldn't be nearly as difficult. It is afterall the military. I imagine it would be easier to get soldiers to comply with the new standard.
EvilCON - Made Famous by
Internet 2?
Indefinitely Detained US Citizen
They blame the packet nature of the network for lots of the problems but I see not other perposal given. How on earth do you build a network as large as the internet based on a non-packet archetecture? I am studing computer science right now at school and haveing completed two telcom courses and nobody has ever discused a conection-oriented technology that or even a conection-oriented concept that could cope with a network as large as the internet with as many hosts. Do any of you in slashdot land have a clue how they might even start to go about doing this? The other posibility is its a new twist on a conectionless network but how on earht is that possible with out some sort of packet archetecture to send over it, otherwise you'd have no way to change path with conditions and changeing conditions are UNAVOIDABLE on any network I have ever seen.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Obviously the writer of the article and Gibson don't understand how the system works at all... they're with the normal public thinking that e-mail is being transfered from place to place as some whole document and not understanding the basics of packets or anything in TCP/IP.
I am not a network engineer... but I am pretty sure that if you wanted to assure the delivery of email you would do it at a HIGH level in the stack, not at the transport level. If they are talking about packets, it has already been done. I am not sure that the Gibson in the article really understands what he wants.
It's pretty clear they've got the ideas and concepts all screwed up here.
Why don't you embrace your slashbotness instead of living in a dreamworld?
It sounds to me more like some general had a brief introduction to computing theory, but didn't relate it to any real current technology.
The alternative to Von Neuman (Code and Data in the same memory) is to have code and data in seperate memory areas. This makes it very difficult to make computers where the code can change. Sure, there's no buffer overflows, but there's no security patches either. It might be fine for embedded devices, but I'll not have it on my desktop. The Page (or Segment) executable flag of more modern memory management units does the job fine, without all the hassle.
The OSI model is already not used anywhere except to compare proposed network models to; it's way too complex.
He talks about replacing packet switching so that messages are delivered on time & with certainty. Presumably he means some kind of virtual circuit switching, but he also talks a lot about constantly shifting ad-hoc networks. Circuit switchinfg & ad-hoc networks don't mix well. You have to know what the path is going to be before you can reserve it. It's probably better to just turn on the QoS and AH already implemented in IPv6.
Hmmmm good way to obsolete most older technology and force people into 'upgrading' into more controllable ( read DRM ) systems ..
---- Booth was a patriot ----
Uh, ever heard of the two armies problem?
No, it's not a wireless add on to IP.
802.11 is a signaling protocol, and it relates to layers 1 and 2 of the OSI model. IP exists at layer 3.
As far as 'email' having assured delivery, why would you have to muck with the whole stack to do this? Just write a better email engine and client software.
The beauty of the OSI model is that you can do whatever the heck you want at any given layer, without having to change the other layers. Each layer has a specific, defined, well known input/output method (template, if you will)...between that input and output you could transmogrify data any way you want....it doesn't matter...so long as you output it to the next layer in the expected manner.
USE the OSI model to your advantage, Mr. Government Geek.
"seconded. I don't see what is the problem with von Neumann architecture, and the article is pretty vague about that."
e ) try to fix these problems. (And I'm guessing that strict seperation of code and data might ease formal proof?)
The von Neumann archicture doesn't distinguish between instructions and data, allowing a program to modify another program or itself. (Think viruses/trojans.) But I think memory protection has patched this pretty well.
It also has a memory bottleneck. Other models, such as Harvard, (http://en.wikipedia.org/wiki/Harvard_architectur
I don't know of any great solution to the problem of starving the processor with slow memory access etc. but I think this is where you would look for one...
Since then the laws have been changed to give intellectual property rights to the company that develops a new technology, even when funded by the government. This could be a roadblock to rolling out any new internet, since the public will not have access to the technologies, and business may have a hard time convincing potential customers to give up their perfectly good installed systems for a new one.
Moreover, the DoD limited the speed with which the original internet was adopted by restricting it to non-commercial uses only. Adoption accelerated after Congress passed a law transfering the project to the NSF and explicitly allowed commercial use.
So without intervention by congress, this new internet may never amount to more than another research project at DARPA.
--Mike---
Flaws in the basic building blocks of networking and computer science... "It is time to ask the harder questions about the ways of computer architecture we've been using for the past 30 years. Is it time to scrap the von Neumann architecture?"
This is the only interesting part of the article. I couldn't care less what they do with the OSI layers. As long as someone writes about it as well as Stevens wrote about TCP/IP, it'll take me a month of reading and programming to get under my belt. We all learned Pascal, then C++, then C++ again when the standard came out, then Java, and Lisp, and Smalltalk, and Perl, andd Python, and C#, and a half-dozen more languages as the need came up. Now, you have to learn a few new networking layers and protocols. No big deal -- you should be pretty damned familiar with learning different implementations of stuff you already understand.
But, replacing the von Neumann architecture means changing just about everything I know. That's big. Everything is von Neumann. All the computational models, all the theory, all the basic underpinnings of what I know... it's all pretty much out the window once von Neumann goes. It's not just a dozen evenings at home with a book and reference implementation to relearn all of that stuff, either. It's relearning nearly all the Computer Science I know, and probably learning a whole bunch of new Maths to go with it.
That's gonna hurt.
Slashdot is jumping the shark. I'm just driving the boat.
The scary thing is, the underlying concept there is actually plausible. Think about the similarity between human social connections and the connections between neurons in the brain. You're not aware of being part of a collective consciousness called humanity, but the individual cells in your head aren't aware of being part of a larger consciousness either.
You have to wonder how many things we consider "miracles" or extreme luck could really be actions of a larger entity which can influence groups of people as effortlessly as you can flex your fingers.
Map the cells in the state tables to appear as conventional RAM to the host, and reprogramming becomes as easy as a memory write. Bad cell?, just route around it. The fact that it's all state driven allows you to build an automated rerouter almost trivially.
post Von Neuman computers are going to be wicked fast, if they can build IO to keep up with them.
--Mike--
They are of course fully entitled to invent as many protocols as they need for their own use, and it is probably a good thing, but unless it goes through the RFC process, it will never be accepted for general use by the public.
This is really a big non-event.
The issues they address in the first point were issues which I felt were meant to be addressed by IP6
Doesn't mean that it does so, or does so in a way that DARPA feels is sufficient. In particular, there's no protocol-layer method to restrict access, which was explicitly mentioned in the article. I think some of the stuff they're asking for (on-time, guaranteed delivery over an inherently unreliable network) is impossible, but it may be that a complete change in the way that you look at the problem can help.
Just the talk of "One of the limitations inherent in this approach is that when an application malfunctions, it can affect other programs" made me think they need to look harder at their OS.
The OS isn't going to help. There is no OS on the planet that can solve the issues they're talking about. Even in a protected mode OS there are vulnerabilities between security levels and between processes. Buffer overflows, privledge exploits, etc. are a common problem amongst all OS's and architectures (and if your OS/architecture doesn't have the concept of buffers or privledges then it's too simplistic to actually use -- shoo). Even implementing hardware to prevent execution of non-executable code is insufficient, since all you do then is point at some executable code that can be exploited (e.g. -- buffer overflow to point at system(), and then execute your commands that way).
What's the solution in either case? Hell if I know. That's the entire point of DARPA investigating this -- maybe there are solutions and we just need to spend some time working toward them. Certainly if you told someone in the 1950s about the Internet they'd think you were on crack, that no such thing could come about, but DARPA funded most of the original development there as well (and for largely the same purpose -- military comms).
I don't understand why there seems to be such a problem. If Yahoo! & AOL worked together on this, then @ least all mail going between those 2 sites could be verified. Thus, if somebody sends a message from 1 of those 2 places to the other, then that means that that mail is really from somebody, even if it is a spammer. Any other mail pretending to be from there can be deleted.
As this gains success, they could expand the efforts to include other companies.
testing out my trending skills
Sounds like the DoD has some simple requirements. I thought some of these were taken care of by ip6?
The main requirement seems to be self-configuring mobile networks and services.
I suppose nobody wants to renumber IP addresses every time a battleship moves from one theatre to another. Imagine having to move a whole division from one place to another, and having to reconfigure all the appropriate devices. What a nightmare. Plus, you wouldn't be able to find anything anymore.
They could move to zeroconf/rendevous for their network service naming, which is a bit better than a static address/conf file.
But they still have routing issues. Maybe they should adapt the cell network routing? Cell providers seem to have a better idea about how to dynamically route information to devices that change location often. Phones have a unique address which is tracked by the network...or at least it behaves that way.
Then there's the security side. How do you authenticate/authorize someone when they try and join the network? You don't want to lose a laptop then have someone be able to watch your operation. Biometric stuff won't work so well, because they can always cut off a hand and use it without the user attached (ugh).
Pretty interesting problems, really.
Even implementing hardware to prevent execution of non-executable code is insufficient, since all you do then is point at some executable code that can be exploited (e.g. -- buffer overflow to point at system(), and then execute your commands that way).
You could create seperate data and return address stacks. You could write a very simple OS coupled with a very simple processor to create a much more hardened system. This might not be the highest performing OS. It would also have to be an RTOS to harden it against CPU hogging. But it's not impossible, it's just a question of whether leaving the greater software ecosystem is worth the cost in duplicated effort. For networking gear it might be.
The article is pretty bad though, it sounds like they are just tossing around technical jargon, without knowing what the words mean.
Yes, actually. Very few modern conflicts are fought by a single country on a given side, and interoperability is the name of the game amongst allies. In a recent (well, last 10 years) conflict, Supply issues meant that one of the forces on our side ran very low on ammunition. Other allied armies stationed in the same place had a surplus, but because of incompatibilities they were of no use. Now scale that up to the command and control infrastructure. It's vitally important that you use the same protocols as you opponents, since good communication is key to any kind of modern strategy. If the US military starts to use this, then other NATO countries will as well. Once the military is using it, then the rest of the government will start to as well (after all, the government needs to give orders to the military). Next, the civil service and corporations which have to deal with the government. Finally, individuals who need to deal with the corporations or government.
I am TheRaven on Soylent News
My dream is that a redesigned Internet Protocol will continue to be lean and mean, and not over-bloated with "if we only had this feature then we could do that".
Where have these guys *been* for the last, oh, *fifty* years? One guy doesn't know that guaranteed delivery isn't IP's job because that belongs to another layer, and seems to be unaware that adaptive routing has been in the Internet for decades; another apparently never heard of the memory mapping and protection that's been standard in most computers longer than many of today's hotshot programmers have lived. DHCP and the built-in address initialization stuff in IPv6 (cribbed from earlier work in OSI, btw) are apparently unknown at DARPA.
Did I miss something?
Since this is a DoD project, its primary use will be for military networks. Perhaps there will be a trickle down to an "Internet 4" system through technology sharing. I don't see this changing the internet we currently use anytime soon. What it will change is how battlefield command systems and forward deployed units will communicate with each other. Establishing a network connection via traditional microwave, satellite, wired, and wireless (this is the key....wireless) will now exchange data using the DARPA protocol instead of IP.
How nice would it be to have a soldier (or any other unit you wish to deem a "node" on your network) be able to "uplink" to the required military network (battlefield or otherwise) simply by broadcasting to the network. No need to configure a DHCP Server (in the case of dynamic allocation) to dish out an IP address...there is no more IP. I think that is what DARPA is attempting to achieve. They want the military to have a secure, easily scalable, and always available network infrastructure. How they plan to accomplish this...who knows, although it would probably be something similar to IPv6 where everything (network accessible device) has its own hardware created identifier. Perhaps like "DNA" for the hardware. Anyone own stock in Motorola? No? Perhaps it's time to buy some.
To know is to have knowledge....to understand is to be enlightened.
IPv4 and IPv6 have a slight ugliness people have come to take for granted. This could be fixed for IPv7.
:-)
The concept of "ports". Ports are actually in-host entity identifiers, while the IP address itself is an in-network entity identifier.
There should really be only one type of entity identifier, especially when it is 128-bit long.
The idea is that the last few bits of an IP address would typically serve the function of a "port". This way, a DNS server could translate names to much more specific entities than full hosts. It would allow hosting multiple FTP servers on the same host, for example, without the clients having to connect to different ports. It would dissolve the need for the silly ad-hoc workarounds with virtual web hosts.
This kind of addressing also allows much simplification of applications that would no longer need to use multiplexing over their connections. Instead, each application could allocate addressable "entities" and the multiplexing can be handled by the network layer.
Finally, it would eliminate the need for the UDP protocol entirely, as in-host identifying becomes part of the network layer itself.
TCP-layer becomes simpler as there is no need to handle in-host addressing as well.
Lets eliminate ports, for a simpler network protocol