Slashdot Mirror
David Clark: Rebuild the Internet
boarder8925 writes "David Clark, who led the development of the internet in the 1970s, is working with the National Science Foundation on a plan for a whole new infrastructure to replace today's global network. The NSF aims to put out a request for proposals in the fall for plans and designs that could lead to what Clark called a 'clean slate' internet architecture. Those designs, Clark said, could be tested on the National LambdaRail, the nationwide optical network that researchers are using to experiment with new networking technologies and applications."
...is this project going to actually provide revolutionary designs to ease or eliminate the problems we face today, or is this just a matter of reinventing the wheel?
I realize that it's quite tempting for computer developers to want to clean up a system after it's done, but such work only ever works if you have a clear understanding of the problems faced under the current codebase as well as an absolute need to fix the issues with the current system. Simply saying, "it'll be better/cooler/faster" just doesn't cut it. Those things can be obtained from evolutionary development. Revolutionary means that you are uprooting all the existing users. The payoff MUST be tremendous or they ignore it!
Javascript + Nintendo DSi = DSiCade
Clark said he would like to see two things addressed in any replacement for the current internet. The first is a coherent security architecture. The second is a healthy economic infrastructure for network service providers, who will need a bigger piece of the pie in the new internet than the one they are getting now if they are going to help pay for building it.
I read this as users having no anonymity and paying through the nose for it.
Can I just keep the old internet?
The internet might have its problems, but it's here now and everybody is on it. Unless they add a backward compatibility layer (doubtful if they are designing a 'clean slate' architecture), it becomes a chicken and the egg phenomenon, no matter how much better the technology might be. Nobody will want to use this architecture until enough people adopt it, and enough people will need to adopt it before joe average uses it. All the while the existing internet is there.
I think it's more like "ok, no one's buying our ipv6 idea; let's see what else we can come up with".
I've been to IPv6 summits. I've also served as the senior technology officer for several telecom companies (one of which was a very first CIX-W router connected ISP and frustration to Paul Vixie in our rather unique connection to the early Santa Clara peer point).
Through my experience, I've advocated IPv6, yet I've found significant resistance from nearly all sectors of business (except from South Korean and South American investors - go figure). Some of the problems IPv6 plans (and this "new infrastructure" pipe dream) face include:
Don't think I'm not wild about IPv6. I geek out and run it over AX.25 amateur networks for fun (what better way to learn a protocol). Yet the days of getting capital markets worked up in a frenzy, ready to throw hundreds of millions at network replacement are gone. Unless this latest dream is based on new tax revenues from all of us (which only creates messes like the original unaccountable NSFNET regionals), it won't go anywhere.
*scoove*
"Anything you can do all at once, you could do with incremental changes," said Robert Kahn, who helped design the architecture for Arpanet, the precursor to the internet.
Kahn agrees with you, you both are against a clean sheet redesign, right?.
The thing is, although incremental improvements are easier to stomach, the question is always this: just where do we want to be? A clean sheet redesign gives us a target for successive inremental improvements, and allows a very direct cost/benefit analysis.
The question I have for you: What's the harm? Are you against digital video simply because it was a clean break from analog video?
Don't fix what ain't broken.
Sure, there's almost always better ways to do things that are only illuminated by hindsight, but that doesn't mean that the old way should just be tossed out and replaced.
Besides, the Internet is one of those amazing flukes of history. It's a very open, public, and free world unlike anything before it. Does anyone really think that something designed now in the age of terrorism, by committee, using government money (NSF) would be carefully designed to protect those initial design elements that make the Internet what it is today?
Hexy - a strategy game for iPhone/iPod Touch
The premise of the existing Internet was benign cooperation. The previous /. story on the 12 minute Windows heist clearly demonstrates that that model is no longer valid.
I think it is a good time to take a look at all of the layers and see if something better is possible. I am not suggesting that Clark et. al. be given Carte Blanche to build a new Internet. The naysayers may well be right that any significant change would be practically impossible. But I do think it is a very good idea to investigate what changes are possible and what benefits those changes could provide. I'd hope that practical concerns of getting from here to there would also be explored.
We don't see the world as it is, we see it as we are.
-- Anais Nin
I suggest you re-examine the history of electronic mail and then re-evaluate your understanding of what it means to be a network of networks...
It does not in fact merely mean routable ip networks. The internet was meant to bridge many networks that did not use IP by means of a gateway hosts that did speak IP.
I agree that no one specifically was thinking of NAT as we know it when network of networks was coined, but it is a simple extension of the principle.
If one is able to find any privacy or anonymity in this new Internet, it will be because of some undiscovered security hole, which will be quickly repaired, rather than any kind of conscious design decision. Probably one reason they are accepting proposals before rolling it out is to avoid the sort of accidental security holes that enable pr0n, peer-to-peer filesharing and left-wing political activism.
Microsoft, a leading contributor both to this nation's technology base and to the campaign coffers of its leaders, will embrace this new technology and extend it in such a way that the development and dissemination of Open Source software will be, if not mathematically and physically impossible, at least as difficult as factoring a 2048-bit public key.
Imagine, if you will, Trusted Computing implemented at the router level, in such a way that any packets that go farther than one hop are certified not only to support protocols whose patent licenses are fully paid-up and on file with the legal department in Redmond, but whose content is compliant with the Windows standard. The faintest whisp of a Public License, GNU or otherwise, will result in the dropping not only of the individual packet, not only in the cancellation of the entire file transmission, but, within microseconds, the physical location of the offending server. The identities of its rogue administrators will be fetched instantly from the database maintained by the Homeland Security Department. (You will have to submit fingerprints and DNA samples to obtain a Windows server license, as after all, Internet servers can be used to disseminate explosives recipes or the formulas for nerve gases.) The supercomputers that constantly monitor the cameras mounted on every lampost in the United States of (God Bless It!) America will be ordered to recognize the criminals' faces, and when they are spotted trying to flee to the Amazon jungle, orbiting lasers will vaporize their bodies, leaving nary but a whisp of smoke.
When a close family friend tries to comfort one of the grieving mothers for the loss of her son, she will desperately proclaim "No, I have no children! You must have mistaken me for someone else. Please leave me alone!" before she scurries rapidly away.
National firewalls such as those employed by The People's Republic of China are expensive and difficult to maintain. They are notoriously leaky, and easy to circumvent by anyone determined enough to find out how. But worse, they impede the economic potential of emerging economies such as China, which necessarily bottleneck technical data and eCommerce in order to have a single chokepoint for the Four Horsemen of the Infocalypse (Taiwan, Tibet, Hong Kong and Pornography).
Imagine, if you will, the potential of our New Internet: not only by technical design, but by international treaty (enforced by the threat of military intervention on the part of the UN Security Council), each nation will have a national firewall which is as transparent to the air to fully-licensed Windows Media Video files of Barney the Dinosaur and paid-up Wal-Mart orders, yet absolutely impenetrable to content not sanctioned by Homeland Security, the Republican Party, the 700 Club and the Boy Scouts.
I, for one, am weary of our present Internet, cesspool that it is of moral depravity and copyright infringement. I long for the days of yore, when men were men, women wore hoopskirts, and racial minorities were separate but equal. And so, I raise my right hand and shout with an enthusiastic "Heil!":
Copyright © 2005 Michael David Crawford.This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
Request your free CD of my piano music.
Thanks for making "secure by default" less important.
Thanks for retarding IPv6 development.
Thanks for necessitating the invention of UPnP.
Thanks for screwing up peer to peer connections for legitimate things like videoconferencing and file transfers.
Thanks for continuing to allow ISPs to treat IP addresses like some sort of rare element.
Thanks for mangling things like FTP.
NAT is the greatest evil to befall the Internet.
Want to run a webserver behind NAT? Forward the port through NAT. Want to run *two* webservers behind NAT? Say goodbye to half of your visitors behind stupid proxies that only relay requests to port 80.
NAT is bad because it is a complex layer of translation software, NOT a firewall. Its job is to try to fit packets through places where they shouldn't be going, not the other way around. A stateful firewall is a much better solution. Even Windows XP SP2 gets it right in that regard.
Unless you *like* translation gateways everywhere, the idea of a network of networks is a silly idea. MITM attacks and the general waste of resources are the two biggest problems with that concept.
Embedded devices like, say, a PDA shouldn't be on the Internet to receive phone calls or send email? What do you have against the Internet that a stateful firewall and a well written network stack wouldn't fix?
Remember that famous quote about the Internet treating a nuclear strike as routing errors and simply routing around it?? The same applies here - if US control of the root DNS becomes a problem to the rest of the world, expect the rest of the world to set up their own root servers and then the US-controlled Internet becomes an Intranet that may or may not have visibility to the rest of the world.
Define, as part of the standards, that when certain standards have been upgraded in important ways, within five years all essential infrastructure software must be upgraded so that it understands the new version.
This should apply to essential infrastructure like routers, DNS servers, SMTP servers, and so on. If a server does not understand a protocol that has been around for five years, that's reason enough to refuse connection.
If this becomes part of the standards, we won't have to support ancient legacy forever. When countries with languages other than English want readable domain names, we won't have to live forever with kludges like punycode, such kludges will stay just for five years, after that real solutions can be used instead. If/when solutions to serious problems like spam and DDoS are found and standardised, we can count on the infrastructure to support the solutions within five years. Stuff like IPv6 could spread quickly and smoothly.
Of course, having to upgrade introduces some inconvenience and expenses. But having to support ancient legacy is also inconvenient and expensive. In spite of the upgrade inconvenience, in the long run this kind of limit should save lots of money for everyone.
Terrorists can't threaten a country's freedom and democracy. Only lawmakers and voters can do that.
When I was a grad student, creating new operating systems (from scratch) was all the rage. We were trying to replace UNIX (in it's various forms: BSD, SunOS, AT&T SYSV, Linux hadn't caught on yet). It just seemed ready to be replaced.
I think a lot was learned from creating those OS's. But, what ended up happening is that the *NIX's easily incorporated the interesting features in those research operating systems and so it was difficult to get hardly anybody to give up UNIX for a totally new OS.
A "clean slate" internet would probably follow the same path. It's worth doing but don't be surprised if nobody adopts your new internet but instead incorporates the most successful features into the existing Internet.
>As with anything, the most cost effective transition will begin on its own when the time is right.
I disagree. I work for Canada's largest IT consulting company and in my experience the transition will begin when people become forced to transition, cost effective or not.
This guy must be getting support from a telco.
Telecommunications providers hate the Internet. Not only is the Internet too cheap, it's not set up for detailed billing. The US Internet backbone cost about $1bn to build, and costs about $100 million per year to run. For something that handles over 100 million users, that's nothing. All the intelligence is in the end nodes, so telcos don't get to add "value added services" for which they can overcharge.
What telcos want is an environment they control, like cell phones. With charges for everything from ring tones to SMS messages. That's what Clark is talking about here.
The telcos tried this idea back in the 1980s, and it was called TP4, or "ISO 8073 COTP Connection-Oriented Transport Protocol - X.224" X.224 is very much like TCP, but without the adaptive retransmit machinery to work well over unreliable links. You're supposed to run X.224 over a reasonably reliable virtual circuit provided by a telco. For which you pay by the packet, like X.25 or ISDN. Bad idea. Windows NT4 actually had support for X.224, and some older Cisco routers understand it, but it's dead.
This is not a place we, as users, want to go.
Guys, guys GUYS!
I see many posts here about how we need to "mandate" this and "require" that and blah blah blah...
But the Internet, by design, is lasse faire! There is no "mandating" ANYTHING! Anybody can hook up to their neighbor, who hooks up to some guy across town, who is hooked up to a couple other folks...
The Internet is DECENTRALIZED and OPEN. The closest it gets to mandating anything is the much-disputed RBLs. I, for example, block all email from most Asian countries - nothing personal, but it sure drops the SPAM load with virtually no complaints. But, I can't mandate what the Chinese or Koreans do with their network - I can only mandate what they do with respect to MY networks.
The Internet is merely a commonly agreed upon set of standards for communications across disparate networks, and it's performing the task of connecting networks the world over with grace and flair.
Don't tell me that just because Windows systems get infected in 12 minutes, that the Internet is broken. Sorry. The Internet is working fantastically. It's Windows that's broken. It's not up to the task of functioning on a globally accessable network.
So far, every significant "problem" I've heard with the Internet hasn't been with the Internet, but with the systems at its fringes. SPAM. zombies. Worms. Viruses. Exploits. All are simply side effects of a "zero friction network" as espoused by the all-knowing Bill Gates in his 90's book, "The Road Ahead", combined with systems not able to cope with the ramifications.
Bill Gates, Larry Ellison, Scott McNealy, Linus Torvalds, and all the others are learning now what that truly means, and over the next decade or so, we'll see major advances in developing the kind of security needed to handle this frictionless network.
In short: the Internet is doing just fine, people! It's the systems hooked up to it that have problems!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
NAT is a horrible solution. When I see someone actively _advocating_ more NAT I know that either they're selling a NAT product ("Cutting your face off is a great idea, and with new faceCutOff DX we guarantee only a few weeks of agony!") or they haven't looked very hard at the problem.
The Internet is a Peer-to-Peer network. Yesterday's big application, the "web app" didn't need this feature, but tomorrows potential big applications almost all do. If you disable them by using NAT, you're back where businesses were in 1996 when they started to realise that they should be on the web but had no clue how. Oops.
Seen all those annoying worms that choose random IPv4 Internet addresses and attack them? If a hundred of those worms hit one address per second they'll hit most machines in a year. With a thousand infected machines they'll take a month, But with IPv6 they don't stand a chance. A million worms, trying 10 IPv6 addresses per second, won't find more than a tiny fraction of vulnerable machines in a year. Even inside your much smaller corporate network "guessing" IPv6 addresses isn't feasible.
Elsewhere in this thread someone has observed that ordinary customers don't switch at the point of least pain. They wait, and wait, until they can't tolerate any more pain and then switch. Then they say "Oh, that was better than I expected" and maybe write an article for their trade magazine, "Why switching was actually a pretty good idea".
The point of least pain came when more than one network hardware vendor had IPv6 native. That was several years ago. Anyone buying new kit after that point should have been negotiating for IPv6 and either getting it, or getting a discount to "do without" it for a few more years. Otherwise you're a sucker.
And yes, cell phones and PDAs *will be* exposed to the Internet. This is what conversion is about. Especially cell phones need to be reached independently of each other. Currently you do it with the phone number, and the difference to an IP address is the limitation of services that work with phone numbers as targets.
Mobile Phone (GSM) providers allow sending of SMS and MMS via SMTP to the target phones. This is (from a protocol stack point of view) an extension of the address space within a high level protocol: The phone number is just the user name in the email. There is no reason why this couldn't or shouldn't be done on the IP level itself. Malicously malformed MMS and SMS can corrupt a buggy phone operating system independently of the address space used to get them there. Look at the phreaks and their ways to hack into telephone equiment.
Any addressable system with an incorretly implemented service is attackable from remote. That is completely independent from the method of addressing. And phones have to be addressable to make sense to most people. (The limitation to 'most people' is necessary to block the uebercorrect who might be pointing out that there are people who never get a phone call anyway...)
The concern is that if the Koreans and Japanese have converted their infrastructure to IPv6, then they'll be buying their routers from Korean and Japanese countries. When it becomes a crisis in the US, we'll end up buying our infrastructure from them, because it will have been built, installed, and tested.
Right now the US has dominance in these markets. If we let the Koreans and Japanese get their first, we'll be letting competitors get there first.
At least, those are the concerns I've heard. I'm not sure I buy it; shouldn't Cisco et al be selling IPv6 routers to the Koreans right now? I'm hearing it from trade experts, not technology experts, so I'm still trying to figure out my opinion.
How in the hell did this get modded up to "5, Insightful"? The parent poster clearly has "-5, No Fucking Clue About Network Design".
What the AC is describing is not, in fact, Network Address Translation, but Port Address Translation, which is only a subset of NAT. I have absolutely no problems running multiple hosts behind NAT using the one-to-one address translation, which generally reduces the need for publicly-valid IP addresses to the number of hosts that need to be publicly-available, plus one for a PAT channel for internal hosts to get outside. That number can be even further reduced by using PAT in combination.
There is no reason for every host attached to the Internet to have a publicly-valid IP address, thanks to the magic of NAT, which is an extremely valuable security tool in the hands of a competent network designer. I have personally (and practically single-handedly) built Metropolitan Area Networks servicing thousands of users that did not need to use more than a handful of public addresses, with no loss of service to the end users, or the public, for that matter.
The big problem with NAT is that practically every manufacturer of routing or firewall gear uses different terminology and different implementation methodology, such that knowledge gained on one platform is frequently not transferable to others. Compounding this is the tendency for manufacturers of affordable routers to leave out vast swaths of NAT/PAT functionality in order to get you to buy more expensive routers, not to mention the tendency for ISPs to assume cluelessness on the part of the end user. There's also no good reason why routers and firewall devices that support NAT properly continue to cost such large amounts of money, other than manufacturer greed.
Yes, I know that this can be done with a host machine, but I prefer dedicated hardware devices with a minimum of moving parts for my network gear.
To paraphrase, what do have against NAT that a well-written, full implementation wouldn't fix?
And BTW, NAT is not a replacement for a proper stateful firewall, but all on it's own can provide a large amount of security for an organization. If nothing else, it can remove a large amount of the load from said firewall.
Of all of the ones you point out, this is the only one I would argue that the allocation might be deserved. Ham Radio is bloody useful under emergency conditions, and it's operators should be encouraged even outside emergencies.
//Information does not want to be free; it wants to breed.