Slashdot Mirror
David Clark: Rebuild the Internet
boarder8925 writes "David Clark, who led the development of the internet in the 1970s, is working with the National Science Foundation on a plan for a whole new infrastructure to replace today's global network. The NSF aims to put out a request for proposals in the fall for plans and designs that could lead to what Clark called a 'clean slate' internet architecture. Those designs, Clark said, could be tested on the National LambdaRail, the nationwide optical network that researchers are using to experiment with new networking technologies and applications."
"A whole new infraestructure" you say?.
We cant even start using the new ipv6 protocol. I dont think we are there yet. Try in 10 or so years.
http://securityportal.com.ar
What will the powers that be put in there to make it easy to track and control everything we do with it?
Click here or a puppy gets stomped!
...is this project going to actually provide revolutionary designs to ease or eliminate the problems we face today, or is this just a matter of reinventing the wheel?
I realize that it's quite tempting for computer developers to want to clean up a system after it's done, but such work only ever works if you have a clear understanding of the problems faced under the current codebase as well as an absolute need to fix the issues with the current system. Simply saying, "it'll be better/cooler/faster" just doesn't cut it. Those things can be obtained from evolutionary development. Revolutionary means that you are uprooting all the existing users. The payoff MUST be tremendous or they ignore it!
Javascript + Nintendo DSi = DSiCade
Clark said he would like to see two things addressed in any replacement for the current internet. The first is a coherent security architecture. The second is a healthy economic infrastructure for network service providers, who will need a bigger piece of the pie in the new internet than the one they are getting now if they are going to help pay for building it.
I read this as users having no anonymity and paying through the nose for it.
Can I just keep the old internet?
The internet might have its problems, but it's here now and everybody is on it. Unless they add a backward compatibility layer (doubtful if they are designing a 'clean slate' architecture), it becomes a chicken and the egg phenomenon, no matter how much better the technology might be. Nobody will want to use this architecture until enough people adopt it, and enough people will need to adopt it before joe average uses it. All the while the existing internet is there.
PHP and MySQL which can do anything!
Obligatory
Get your Unix fortune now!
"Fuck it! I'll rewrite it from scratch."
That approach is always more fun
"A super-high-speed internet could even allow people a world apart to collaborate inside elaborate 3-D virtual arenas, a process called tele-immersion."
I believe the technical term for this is MMORPG. It appears to work pretty well with our current internet.
All joking aside, I don't think anything will change any time in the near future. IPv6 is probably the most radical change the internet will see for possibly decades to come, and that can't even catch on. People are simply not going to pay to have the internet re-architected when it is working well enough as it is; why reinvent the wheel while its still rolling. Things along these lines have been proposed before, and I'm sure will be proposed again, and I'm sure that one day, the internet will eventually be rewired. However, this is still far ahead of its time.
Cars still ride on wheels, power still goes out with storms, and cell phones still lose service underground. What makes anyone think the internet is going to be any different.
I'll agree with him that Internet2 hasn't lived-up to what it should have been, and trying something completely different would be a very good idea.
However, I don't agree that the current internet is in-need of replacement. Creating TCP/IP packets requires significant processing power, and a simpler protocol would mean more devices being online, but by the time anything new becomes accepted, a $1 chip will be able to do it all.
If you want to improve the internet, put explicit congestion notification back into all TCP stacks, as it was before the BSD stack left it out... Goodbye massive packet loss due to minor congestion. Require all vendors to support jumbo frames... And many more small changes (to the existing internet).
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
"It's a trap!"
I've been to IPv6 summits. I've also served as the senior technology officer for several telecom companies (one of which was a very first CIX-W router connected ISP and frustration to Paul Vixie in our rather unique connection to the early Santa Clara peer point).
Through my experience, I've advocated IPv6, yet I've found significant resistance from nearly all sectors of business (except from South Korean and South American investors - go figure). Some of the problems IPv6 plans (and this "new infrastructure" pipe dream) face include:
Don't think I'm not wild about IPv6. I geek out and run it over AX.25 amateur networks for fun (what better way to learn a protocol). Yet the days of getting capital markets worked up in a frenzy, ready to throw hundreds of millions at network replacement are gone. Unless this latest dream is based on new tax revenues from all of us (which only creates messes like the original unaccountable NSFNET regionals), it won't go anywhere.
*scoove*
I don't remember who's idea it was, but if we have all future internet devices use encryption (like IPSec and IPv6), then if we have a portion of the ip address be a crypto hash of the devices public key, then it would make spoofing harder. Of course part of the ip address would still have to be reserved for routing purposes for efficiency.
Don't fix what ain't broken.
Sure, there's almost always better ways to do things that are only illuminated by hindsight, but that doesn't mean that the old way should just be tossed out and replaced.
Besides, the Internet is one of those amazing flukes of history. It's a very open, public, and free world unlike anything before it. Does anyone really think that something designed now in the age of terrorism, by committee, using government money (NSF) would be carefully designed to protect those initial design elements that make the Internet what it is today?
Hexy - a strategy game for iPhone/iPod Touch
The premise of the existing Internet was benign cooperation. The previous /. story on the 12 minute Windows heist clearly demonstrates that that model is no longer valid.
I think it is a good time to take a look at all of the layers and see if something better is possible. I am not suggesting that Clark et. al. be given Carte Blanche to build a new Internet. The naysayers may well be right that any significant change would be practically impossible. But I do think it is a very good idea to investigate what changes are possible and what benefits those changes could provide. I'd hope that practical concerns of getting from here to there would also be explored.
We don't see the world as it is, we see it as we are.
-- Anais Nin
If one is able to find any privacy or anonymity in this new Internet, it will be because of some undiscovered security hole, which will be quickly repaired, rather than any kind of conscious design decision. Probably one reason they are accepting proposals before rolling it out is to avoid the sort of accidental security holes that enable pr0n, peer-to-peer filesharing and left-wing political activism.
Microsoft, a leading contributor both to this nation's technology base and to the campaign coffers of its leaders, will embrace this new technology and extend it in such a way that the development and dissemination of Open Source software will be, if not mathematically and physically impossible, at least as difficult as factoring a 2048-bit public key.
Imagine, if you will, Trusted Computing implemented at the router level, in such a way that any packets that go farther than one hop are certified not only to support protocols whose patent licenses are fully paid-up and on file with the legal department in Redmond, but whose content is compliant with the Windows standard. The faintest whisp of a Public License, GNU or otherwise, will result in the dropping not only of the individual packet, not only in the cancellation of the entire file transmission, but, within microseconds, the physical location of the offending server. The identities of its rogue administrators will be fetched instantly from the database maintained by the Homeland Security Department. (You will have to submit fingerprints and DNA samples to obtain a Windows server license, as after all, Internet servers can be used to disseminate explosives recipes or the formulas for nerve gases.) The supercomputers that constantly monitor the cameras mounted on every lampost in the United States of (God Bless It!) America will be ordered to recognize the criminals' faces, and when they are spotted trying to flee to the Amazon jungle, orbiting lasers will vaporize their bodies, leaving nary but a whisp of smoke.
When a close family friend tries to comfort one of the grieving mothers for the loss of her son, she will desperately proclaim "No, I have no children! You must have mistaken me for someone else. Please leave me alone!" before she scurries rapidly away.
National firewalls such as those employed by The People's Republic of China are expensive and difficult to maintain. They are notoriously leaky, and easy to circumvent by anyone determined enough to find out how. But worse, they impede the economic potential of emerging economies such as China, which necessarily bottleneck technical data and eCommerce in order to have a single chokepoint for the Four Horsemen of the Infocalypse (Taiwan, Tibet, Hong Kong and Pornography).
Imagine, if you will, the potential of our New Internet: not only by technical design, but by international treaty (enforced by the threat of military intervention on the part of the UN Security Council), each nation will have a national firewall which is as transparent to the air to fully-licensed Windows Media Video files of Barney the Dinosaur and paid-up Wal-Mart orders, yet absolutely impenetrable to content not sanctioned by Homeland Security, the Republican Party, the 700 Club and the Boy Scouts.
I, for one, am weary of our present Internet, cesspool that it is of moral depravity and copyright infringement. I long for the days of yore, when men were men, women wore hoopskirts, and racial minorities were separate but equal. And so, I raise my right hand and shout with an enthusiastic "Heil!":
Copyright © 2005 Michael David Crawford.This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
Request your free CD of my piano music.
Holy crap, I go offline for 12 hours and you guys are giving me this kind of jobs?? I quit! Nothing like signing on to /. and seeing your name in the top headline.
-- David Clark
When you're done with the old Internet, can we have it?
Hugs,
The Developing World.
Crumb's Corollary: Never bring a knife to a bun fight.
NAT doesn't seem to completely solve the addressing problem. According to this report by Cisco to Congress (warning: pdf), we're going to run out of addresses for real somewhere between 2015 and 2025.
Yeah, I know they're a vendor, but this is a really reasonable report. They counter a lot of the hype, but they say we're going to need IPv6 eventually, so let's start now, before the Japanese and Koreans have built all the infrastructure and Americans are left to buy from them.
Thanks for making "secure by default" less important.
Thanks for retarding IPv6 development.
Thanks for necessitating the invention of UPnP.
Thanks for screwing up peer to peer connections for legitimate things like videoconferencing and file transfers.
Thanks for continuing to allow ISPs to treat IP addresses like some sort of rare element.
Thanks for mangling things like FTP.
Second, absolutely mandate IPSec. Don't just "mandate" it and then ignore it, as happened with IPv6, but make it a pre-requisite for all users. That gives e-commerce a lot more assurance on secure transactions and authentication, which seems to meet one of their requirements.
Third, mnandate QoS. QoS not only guarantees network quality, which would interest a LOT of corporate users, but also provides a mechanism for increasing profit. Simply offer different levels of guaranteed quality at different prices. This meets another requirement.
Fourth, the biggest new market is in mobile devices and wireless networking. So support them! What is the point of the IETF churning out megabytes of specs on mobile IP and mobile networks, or of software developers supporting all these new protocols, if none of the ISPs or network engineers give a damn? It would also provide an additional service, therefore an additional revenue stream, therefore also meeting the profit requirement.
(Mobile networks are where all the wireless users are going to stay using the same router, but the router itself is moving through the network. If you were to have WAPs on aircraft or trains, where you are static relative to the vehicle, but the vehicle is moving between ground stations, this is probably the way you'd want to implement it.)
Fifth, it is possible to balance anonymity with accountability. Accountability merely requires that machines are who they claim they are and (where user identification is relevent) users are who they claim they are. It does NOT require that anyone actually posesses enough information to actually identify those machines or users, only that when a claim is made, it is verifiable in some way.
We already have Kerberos for authentication, so it would seem a fairly trivial extension to use that as your authentication mechanism. The token does not reveal your identity, but it can be verified with a Kerberos server in the heirarchy used for authentication by that user, to prove that the user did identify themselves correctly.
If that isn't good enough, use X.509 certificates at both host and user levels. Lots more money to be made there. It doesn't kill anonymity, as you can perfectly well have a certificate that doesn't say anything useful or self-incriminating. It would still be useful for accountability, though, as no two entities, no two machines and no two users should have identical certificates. At the very least, the key used to examine the certificate would be different, even if the content itself was identical.
This would be more than good enough to ensure that Joe Bank Manager's personal checking account could not be logged into by Sammy Script-Kiddy - there's your accountability - but would not require people in politically dangerous countries (such as the US) to reveal anything that would compromise their safety, meeting a lot of the anonymity requirement.
As for the "upgrades" cost - that's just because most providers (backbone or ISP) are too cheap to do it right the first time. Optic Fibre has been around a LONG time, and to upgrade an optic link just requires upgrading the transceivers at each end - so long as the fibre is of good enough quality. At present speeds, a single fibre can carry about 4-5 terabits per second, and typical bundles have about 20 or so fibres, giving you 100 terabits per second.
Lets say that, when the US Government was still runnin
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
What the...? Are you confused by the name? I2 is just another semi-private backbone. That's all. It's occasionally a testbed, but mostly it's just a bunch of fast routers, nothing magical. It serves much the same purpose as the early Internet: connecting universities and a few large organizations.
LOAD "SIG",8,1
Define, as part of the standards, that when certain standards have been upgraded in important ways, within five years all essential infrastructure software must be upgraded so that it understands the new version.
This should apply to essential infrastructure like routers, DNS servers, SMTP servers, and so on. If a server does not understand a protocol that has been around for five years, that's reason enough to refuse connection.
If this becomes part of the standards, we won't have to support ancient legacy forever. When countries with languages other than English want readable domain names, we won't have to live forever with kludges like punycode, such kludges will stay just for five years, after that real solutions can be used instead. If/when solutions to serious problems like spam and DDoS are found and standardised, we can count on the infrastructure to support the solutions within five years. Stuff like IPv6 could spread quickly and smoothly.
Of course, having to upgrade introduces some inconvenience and expenses. But having to support ancient legacy is also inconvenient and expensive. In spite of the upgrade inconvenience, in the long run this kind of limit should save lots of money for everyone.
Terrorists can't threaten a country's freedom and democracy. Only lawmakers and voters can do that.
#1 Change: User side one time only credit charges. The only way to do a transaction would be to use an encrypted transaction that would prevent fishing from being any good at all. This would be more of a banking change, and most people would hate it, but the whole CC# and Bank info phishing has to end, the transaction mechanism needs to change.
#2 Change: Add a decorator pattern to ALL explorer windows, making user that every popup has a BRIGHT ORANGE BORDER, turn off the ability to disable the X button. Pretty much make all popups automatically listed as unsecure. Tag all 3 party "unsigned" apps with a Bright RED BORDER, if it isnt trusted you should know, every time you run it.
#3 Change: Add a hardened Email System to the main email. Where hardened email can be flagged as less likely to be spam. The hardened email system would be unprofitable for spammers to use, Proof of work tolkens or a small monitary deposit required for emails that are "in play". This would leave the old email as functional, but would gradually replace it as old email wont be used by real people.
#4 Change: Reduce to number of auto-launched services, anything that it out of the "OS-normal" for launching would be in one big happy spot, where it could be removed. The operating system wouldnt have a "backdoor startup" or a way for the program to re-insrt itself into the system. and the OS would solidly isolate itself from getting nailed by a trojan.. keeping almost everything in a sandbox.
#5 Change: Prevent the system from being able to spy on you. yea, it gets rid of some legitamate monitoring applications, But make it an option in the control panel that is stupid obvious that no-one really wants to turn it on (except corporations that are monitoring their employees).
#6 Change: Have a nice big registry of "BAD Software" If people are online anyway, there should be a way to tag software as JUNK, or SPYWARE, or a dozen other bad bad things.. and when the software is being downloaded, it shoudl be checked against the big database and the user should be VERY appropraitly warned.
Ok that's six off the top of my head.. yea they are mostly focused on microsoft, but thats where most people are hosed anyway. The net isnt bad, but some SIMPLE changes would really make the experience much beter for everyone.
Storm
This guy must be getting support from a telco.
Telecommunications providers hate the Internet. Not only is the Internet too cheap, it's not set up for detailed billing. The US Internet backbone cost about $1bn to build, and costs about $100 million per year to run. For something that handles over 100 million users, that's nothing. All the intelligence is in the end nodes, so telcos don't get to add "value added services" for which they can overcharge.
What telcos want is an environment they control, like cell phones. With charges for everything from ring tones to SMS messages. That's what Clark is talking about here.
The telcos tried this idea back in the 1980s, and it was called TP4, or "ISO 8073 COTP Connection-Oriented Transport Protocol - X.224" X.224 is very much like TCP, but without the adaptive retransmit machinery to work well over unreliable links. You're supposed to run X.224 over a reasonably reliable virtual circuit provided by a telco. For which you pay by the packet, like X.25 or ISDN. Bad idea. Windows NT4 actually had support for X.224, and some older Cisco routers understand it, but it's dead.
This is not a place we, as users, want to go.
I only hope they didn't forget to hire Al Gore or else this won't work.
from the to-stupid-for-words dept.
Guys, guys GUYS!
I see many posts here about how we need to "mandate" this and "require" that and blah blah blah...
But the Internet, by design, is lasse faire! There is no "mandating" ANYTHING! Anybody can hook up to their neighbor, who hooks up to some guy across town, who is hooked up to a couple other folks...
The Internet is DECENTRALIZED and OPEN. The closest it gets to mandating anything is the much-disputed RBLs. I, for example, block all email from most Asian countries - nothing personal, but it sure drops the SPAM load with virtually no complaints. But, I can't mandate what the Chinese or Koreans do with their network - I can only mandate what they do with respect to MY networks.
The Internet is merely a commonly agreed upon set of standards for communications across disparate networks, and it's performing the task of connecting networks the world over with grace and flair.
Don't tell me that just because Windows systems get infected in 12 minutes, that the Internet is broken. Sorry. The Internet is working fantastically. It's Windows that's broken. It's not up to the task of functioning on a globally accessable network.
So far, every significant "problem" I've heard with the Internet hasn't been with the Internet, but with the systems at its fringes. SPAM. zombies. Worms. Viruses. Exploits. All are simply side effects of a "zero friction network" as espoused by the all-knowing Bill Gates in his 90's book, "The Road Ahead", combined with systems not able to cope with the ramifications.
Bill Gates, Larry Ellison, Scott McNealy, Linus Torvalds, and all the others are learning now what that truly means, and over the next decade or so, we'll see major advances in developing the kind of security needed to handle this frictionless network.
In short: the Internet is doing just fine, people! It's the systems hooked up to it that have problems!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
.. better, stronger, faster.
How in the world is this Offtopic?
pr0n and Sci-Fi are the backbone of the Internet. Name an advance in Internet technology that didn't come from the pr0n community first. I mean, what else do you use 'tabbed browsing' for? Business?
The opposite of progress is congress
One of the key points in the article (that has been missed so far) is that the research for this is being done on the National Lambda Rail. One key technology that hasn't been mentioned yet is DWDM (Dense Wave Division Multiplexing). This runs 30-40 different wavelengths over a single fiber. Each wavelength (lambda) can currently carry 10 Gb/s of data, 40 Gb/s in some cases, and 100 Gb/s is on its way. That means that a single fiber can carry up to 4 Tb/sec of data in the real near future (right now in some labs). The next important technology is ROADMs (Reconfigurable Optical Add/Drop Multiplexers). These devices allow individual lambdas to be inserted, extracted, or tapped from a fiber. Next is GMPLS (Generalized Multiprotocol Label Switching). This a switching framework that ties together the ROADMs and optical switches to allow a single lambda to be routed through an optical mesh network. Actually it sets up a per use circuit through the mesh for any particular lambda. Also, anything that can be converted to an optical wavelength can be routed over this kind of network, not just ethernet. Fibre Channel, SONET, high defition video and ethernet can all be routed over this kind of network at the same time.
Load balancing can be also be done with iptables. See also this thread on the netfilter mailing list.
My blog
You just don't get what he's saying, and you're not making any sense.
"The only time FTP has less overhead than TCP is when you're retrieving several files."
I'm going to make a guess here and assume you mean HTTP, not TCP.
First, take a look at the FTP RFC.
http://www.freesoft.org/CIE/RFC/959/index.htm
Then, take a look at the HTTP 1.1 RFC:
ftp://ftp.isi.edu/in-notes/rfc2616.txt
You tell me which has more overhead? A notable part of the difference is the encoding; FTP can transfer data straight binary - no MIME types or special encoding to send the data over the channel.
"the overhead of FTP can be significantly higher than HTTP (logon banners)."
Are you kidding?
" For HTTP, you send the request and sit back and wait for the data. "
If browsers were as simple as an FTP client, this might be true. But don't forget about all the banners and lots of extra data that gets communicated between your average browser and HTTP server these days. Not to mention cookies.
"With FTP, you have to login (USER, PASS), which both require you to wait for confirmation before you can PORT and RETR."
All of this is is likely done in less then 100 bytes of data transferred.
"Not to mention the overhead of establishing another TCP socket to pass the data over."
Here's a quick run down of how a TCP connection is established:
1. Packet sent from initiating machine. Very small packet (bytes) with the SYN flag set.
2. Recieving machine gets packet with SYN. Sends packet back (bytes) with the SYN and ACK flags set.
3. Initiating machine sends back another small packet (bytes) with the ACK flag set.
The amount of data necessary to open a raw TCP connection is so miniscule that it's almost not worth mentioning.
"If you need to retrieve a tree structure of files, download several files from a single server, or need to upload files, FTP is the way to do it. If you need to download only one file, or several files in parallel (typical webbrowsing), then HTTP is your friend."
You're looking at this from a user perspective, not a technical one.
FTP is very low overhead (read: almost zero,) it's a very intelligent design, and it works great over slow and unreliable connections to boot.
Nobody is saying we should replace HTTP with the FTP protocol.
- It's not the Macs I hate. It's Digg users. -