David Clark: Rebuild the Internet

boarder8925 writes "David Clark, who led the development of the internet in the 1970s, is working with the National Science Foundation on a plan for a whole new infrastructure to replace today's global network. The NSF aims to put out a request for proposals in the fall for plans and designs that could lead to what Clark called a 'clean slate' internet architecture. Those designs, Clark said, could be tested on the National LambdaRail, the nationwide optical network that researchers are using to experiment with new networking technologies and applications."

Wont happend

[Bruj0]

"A whole new infraestructure" you say?.
We cant even start using the new ipv6 protocol. I dont think we are there yet. Try in 10 or so years.

Re:Wont happend

[drmerope]

Might be because we realized that the IPV6 protocol was unnecessary.

Once people were forced to NAT, it suddently dawned on the great mass of people that workstations shouldn't be getting public IPs for security and management reasons.

Nor for that matter should these up and coming embedded devices be placed on the public internet either. It just isn't appropriate.

Remember: The Internet was supposed to be a network of networks NOT _THE NETWORK_.

Most of the remaining IP allocation problems result from certain lingering gross misallocations such as the Class A block assigned to MIT.

Re:Wont happend

[J.+Random+Luser]

... certain lingering gross misallocations ...


6.0.0.0/8 DoD Network Information Center
7.0.0.0/8 Defense Information Systems Agency
8.0.0.0/8 Level 3 Communications, Inc
9.0.0.0/8 IBM Corporation
11.0.0.0/8 DoD Intel Information Systems
12.0.0.0/8 AT&T WorldNet Services
13.0.0.0/8 Xerox Palo Alto Research Center
15, 16.0.0.0/8 Hewlett-Packard Company
17.0.0.0/8 Apple Computer, Inc.
18.0.0.0/8 Massachusetts Institute of Technology
19.0.0.0/8 Ford Motor Company
20.0.0.0/8 Computer Sciences Corporation
21, 22.0.0.0/8 DoD Network Information Center
25.0.0.0/8 Royal Signals and Radar Establishment
26, 28, 29, 30.0.0.0/8 DoD Network Information Center
32.0.0.0/8 AT&T Global Network Services
33.0.0.0/8 DoD Network Information Center
34.0.0.0/8 Halliburton Company
35.0.0.0/8 Merit Network Inc.
38.0.0.0/8 Performance Systems International Inc.
40.0.0.0/8 Eli Lilly and Company
41.0.0.0/8 African Network Information Center
44.0.0.0/8 Amateur Radio Digital Communications
45.0.0.0/8 Interop Show Network
47.0.0.0/8 Bell-Northern Research
48.0.0.0/8 Prudential Securities Inc.
51.0.0.0/8 Department of Social Security of UK
52.0.0.0/8 E.I. du Pont de Nemours and Co., Inc.
53.0.0.0/8 cap debis ccs (c/o Mercedes Benz AG
54.0.0.0/8 Merck and Co., Inc.
55.0.0.0/8 DoD Network Information Center
56.0.0.0/8 U.S. Postal Service
57.0.0.0/8 SITA-Societe Internationale de Telecommunications Aeronautiques
1,2,3,4,5,14, 23, 27, 31, 36, 37, 39, 42, 46, 49, 50 are reserved to IANA

It would be tempting to say: Nothing to see here people... please move along..., but amongst all the squatters is one new allocation, a single class A net allocated this year for the entire African continent. It works too, I've already had two 419s from it ;-)

Re:Wont happend

[ajs318]

The solution is to get equally aggressive, demanding that any patents they obtain be struck down; either as "obvious to an expert in the field" {because hey, you thought of the same idea when you read the description}, "not novel" {because there is some prior art} or "not capable of industrial application" {because they're just some petty minded thing that doesn't deserve to be patented}.

If you have money, flout disputed patents right, left and centre. Your legal defence, should you require one, is that you believe the "patent" is without merit. Settle any bullying demands for royalties with a rubber cheque. Claim expenses for everything you possibly can. Maybe try to patent the exact same thing in your own name and, if you succeed, formally dedicate the "duplicate" patent to the Public Domain.

I really think that copyright and patent law needs to be updated. Unless you licence your invention BSD-style -- allowing anyone to use it, requiring only attribution -- or dedicate it formally to the Public Domain, then you should have to pay a tax on it. After all, if you own land, you have to pay rates -- and in certain circumstances, e.g. if it is needed for construction of a new road, the government can take it off you by force. Rates pay for local services. Copyright and patent taxes could be used to pay for enforcement {which would be considerably less expensive under an open licence}. If they want to call it "intellectual property" and treat it like property, then they should not object to it being subject to Compulsory Purchase Order, nor to paying property taxes on it!

I predict some opposition from GPL supporters, but it must be remembered that the GPL is a stopgap measure that would not be needed if it were not for abuse of copyright. However, I do not think that the addition of a clause explicitly requiring distribution of source code would be particularly onerous. Rather, it would be a simple reaffirmation of the Common Law Property Right wherein we are privy to any secret embodied in any article we rightfully own.

Re:Wont happend

I guess you never heard of virtual hosts? HTTP 1.1 requires sending the host you want to connect with, and most modern web servers like Apache can key off that, so you can run 2 completely different web sites from the same web server. Don't give me bullshit that you still want to run an HTTP 1.0 browser.

Stop your bitching. NAT is a great measure that basically saved the Internet for you and me. There will always be clever workarounds that will extend the life of IPv4 probably forever.

And yes, cell phones and PDAs should *NOT* be exposed to the internet. They should all be behind firewalls owned by the service providers. Normal users can't even update their computers with Windows Update, which is a one-click process. How the hell do you expect them to keep up with updating their cell phones after wave after wave of exploits come?

You are an idiot.

Re:Wont happend

[James+Youngman]

Might be because we realized that the IPV6 protocol was unnecessary. Once people were forced to NAT, it suddently dawned on the great mass of people that workstations shouldn't be getting public IPs for security and management reasons.

You're confusing addressability with reachability. It's right that workstations should not in general be directly reachable from random other points on the internet, but that doesn't mean that this should be done only via NAT. Normal firewalling is the right way to limit reachability.

NAT imposes a number of design constraints and generally makes a lot of complex things even more difficult than they need to be.

For example, I once had to diagnose problems with an FTP transfer between two machines. This would have been easy if it were not for the fact that there were three layers of NAT (two of which translated both source and destination addresses) between the two. These NAT layers were translating the source address of the original DNS query twice, the destination address of the DNS query (three times), the source address of the DNS response packet (three times), the destination address of the DNS response packet (twice), the contents of the DNS response itself (twice), the source (twice) and destination (thrice) addresses of the resulting TCP connection for the FTP control channel, modifying the PORT commands passing over the control channel (twice, I think), and the source (three times) and destination (twice) addresses of the FTP data connection.

Suffice to say that when the FTP transfers weren't working, diagnosing where the problem lay was rather complex, especially as more than one organisation was involved (two of the NAT layers were in one organisation, and the third was in another).

You can't implement NAT fully without performing data changes at the application-level protocol layer (for example FTP PORT commands), and that's evil (in the hackish sense of the word).

And the important question is

[ShatteredDream]

What will the powers that be put in there to make it easy to track and control everything we do with it?

Not gonna happen

[btgreat]

"A super-high-speed internet could even allow people a world apart to collaborate inside elaborate 3-D virtual arenas, a process called tele-immersion."

I believe the technical term for this is MMORPG. It appears to work pretty well with our current internet.

All joking aside, I don't think anything will change any time in the near future. IPv6 is probably the most radical change the internet will see for possibly decades to come, and that can't even catch on. People are simply not going to pay to have the internet re-architected when it is working well enough as it is; why reinvent the wheel while its still rolling. Things along these lines have been proposed before, and I'm sure will be proposed again, and I'm sure that one day, the internet will eventually be rewired. However, this is still far ahead of its time.

Cars still ride on wheels, power still goes out with storms, and cell phones still lose service underground. What makes anyone think the internet is going to be any different.

Not a bad idea...

[evilviper]

I'll agree with him that Internet2 hasn't lived-up to what it should have been, and trying something completely different would be a very good idea.

However, I don't agree that the current internet is in-need of replacement. Creating TCP/IP packets requires significant processing power, and a simpler protocol would mean more devices being online, but by the time anything new becomes accepted, a $1 chip will be able to do it all.

If you want to improve the internet, put explicit congestion notification back into all TCP stacks, as it was before the BSD stack left it out... Goodbye massive packet loss due to minor congestion. Require all vendors to support jumbo frames... And many more small changes (to the existing internet).

Hashes of public keys as ip addresses?

[pizzarobot]

I don't remember who's idea it was, but if we have all future internet devices use encryption (like IPSec and IPv6), then if we have a portion of the ip address be a crypto hash of the devices public key, then it would make spoofing harder. Of course part of the ip address would still have to be reserved for routing purposes for efficiency.

Ok. some proposals for you.

[jd]

Either use IPv6 or one of the predecessor protocols. (One early suggestion for "IP-ng" was a protocol with adjustable-length addressing. Thus, the backbone would have very short addresses, and machines close to the edge would have longer ones. This was originally rejected as routers simply weren't advanced enough to cope with a routing system like that -and- handle IPv4, but this is a couple of decades later, and a "clean-slate" would mean you don't need to worry so much about compatibility issues.)

Second, absolutely mandate IPSec. Don't just "mandate" it and then ignore it, as happened with IPv6, but make it a pre-requisite for all users. That gives e-commerce a lot more assurance on secure transactions and authentication, which seems to meet one of their requirements.

Third, mnandate QoS. QoS not only guarantees network quality, which would interest a LOT of corporate users, but also provides a mechanism for increasing profit. Simply offer different levels of guaranteed quality at different prices. This meets another requirement.

Fourth, the biggest new market is in mobile devices and wireless networking. So support them! What is the point of the IETF churning out megabytes of specs on mobile IP and mobile networks, or of software developers supporting all these new protocols, if none of the ISPs or network engineers give a damn? It would also provide an additional service, therefore an additional revenue stream, therefore also meeting the profit requirement.

(Mobile networks are where all the wireless users are going to stay using the same router, but the router itself is moving through the network. If you were to have WAPs on aircraft or trains, where you are static relative to the vehicle, but the vehicle is moving between ground stations, this is probably the way you'd want to implement it.)

Fifth, it is possible to balance anonymity with accountability. Accountability merely requires that machines are who they claim they are and (where user identification is relevent) users are who they claim they are. It does NOT require that anyone actually posesses enough information to actually identify those machines or users, only that when a claim is made, it is verifiable in some way.

We already have Kerberos for authentication, so it would seem a fairly trivial extension to use that as your authentication mechanism. The token does not reveal your identity, but it can be verified with a Kerberos server in the heirarchy used for authentication by that user, to prove that the user did identify themselves correctly.

If that isn't good enough, use X.509 certificates at both host and user levels. Lots more money to be made there. It doesn't kill anonymity, as you can perfectly well have a certificate that doesn't say anything useful or self-incriminating. It would still be useful for accountability, though, as no two entities, no two machines and no two users should have identical certificates. At the very least, the key used to examine the certificate would be different, even if the content itself was identical.

This would be more than good enough to ensure that Joe Bank Manager's personal checking account could not be logged into by Sammy Script-Kiddy - there's your accountability - but would not require people in politically dangerous countries (such as the US) to reveal anything that would compromise their safety, meeting a lot of the anonymity requirement.

As for the "upgrades" cost - that's just because most providers (backbone or ISP) are too cheap to do it right the first time. Optic Fibre has been around a LONG time, and to upgrade an optic link just requires upgrading the transceivers at each end - so long as the fibre is of good enough quality. At present speeds, a single fibre can carry about 4-5 terabits per second, and typical bundles have about 20 or so fibres, giving you 100 terabits per second.

Lets say that, when the US Government was still runnin

Re:NAT isn't a permanent solution

[drmerope]

Agreed. NAT isn't a permanent solution. I disagree that sooner is better though. As with anything, the most cost effective transition will begin on its own when the time is right.

I don't know what you mean by buying infrastrcture. We're not losing out on any technology or experience really. If any important services become IPv6 only... well then we'd have a little catch-up--but that is precisely what will deliver the consumer demand.

CISCO is right in their problem prediction but they want to accelerate the timing so as to make money now, not later. Money now == more valuable.

Fixing it

[tempest69]

Ok NO amount of change is going to get rid of human mistakes. However there are some big changes that need to occur to prevent some of this junk.

#1 Change: User side one time only credit charges. The only way to do a transaction would be to use an encrypted transaction that would prevent fishing from being any good at all. This would be more of a banking change, and most people would hate it, but the whole CC# and Bank info phishing has to end, the transaction mechanism needs to change.

#2 Change: Add a decorator pattern to ALL explorer windows, making user that every popup has a BRIGHT ORANGE BORDER, turn off the ability to disable the X button. Pretty much make all popups automatically listed as unsecure. Tag all 3 party "unsigned" apps with a Bright RED BORDER, if it isnt trusted you should know, every time you run it.

#3 Change: Add a hardened Email System to the main email. Where hardened email can be flagged as less likely to be spam. The hardened email system would be unprofitable for spammers to use, Proof of work tolkens or a small monitary deposit required for emails that are "in play". This would leave the old email as functional, but would gradually replace it as old email wont be used by real people.

#4 Change: Reduce to number of auto-launched services, anything that it out of the "OS-normal" for launching would be in one big happy spot, where it could be removed. The operating system wouldnt have a "backdoor startup" or a way for the program to re-insrt itself into the system. and the OS would solidly isolate itself from getting nailed by a trojan.. keeping almost everything in a sandbox.

#5 Change: Prevent the system from being able to spy on you. yea, it gets rid of some legitamate monitoring applications, But make it an option in the control panel that is stupid obvious that no-one really wants to turn it on (except corporations that are monitoring their employees).

#6 Change: Have a nice big registry of "BAD Software" If people are online anyway, there should be a way to tag software as JUNK, or SPYWARE, or a dozen other bad bad things.. and when the software is being downloaded, it shoudl be checked against the big database and the user should be VERY appropraitly warned.

Ok that's six off the top of my head.. yea they are mostly focused on microsoft, but thats where most people are hosed anyway. The net isnt bad, but some SIMPLE changes would really make the experience much beter for everyone.

Storm

Missing the whole picture

[phalovic]

One of the key points in the article (that has been missed so far) is that the research for this is being done on the National Lambda Rail. One key technology that hasn't been mentioned yet is DWDM (Dense Wave Division Multiplexing). This runs 30-40 different wavelengths over a single fiber. Each wavelength (lambda) can currently carry 10 Gb/s of data, 40 Gb/s in some cases, and 100 Gb/s is on its way. That means that a single fiber can carry up to 4 Tb/sec of data in the real near future (right now in some labs). The next important technology is ROADMs (Reconfigurable Optical Add/Drop Multiplexers). These devices allow individual lambdas to be inserted, extracted, or tapped from a fiber. Next is GMPLS (Generalized Multiprotocol Label Switching). This a switching framework that ties together the ROADMs and optical switches to allow a single lambda to be routed through an optical mesh network. Actually it sets up a per use circuit through the mesh for any particular lambda. Also, anything that can be converted to an optical wavelength can be routed over this kind of network, not just ethernet. Fibre Channel, SONET, high defition video and ethernet can all be routed over this kind of network at the same time.

And will it have a "Copyright Flag"?

Let me guess, it will contain the data equivalent of a "Broadcast Flag" right? (ie: copyright flag)