The Internet's Broken. Who's Going To Invent a New One?

aarondubrow writes: "The Internet has evolved to support an incredibly diverse set of needs, but we may be reaching a point at which new solutions and new infrastructure are needed in particular to improve security, connect with the Internet of Things and address an increasingly mobile computing landscape. Yesterday, NSF announced $15 million in awards to develop, deploy and test future Internet architecture in challenging real-world environments. These clean-slate designs explore novel network architectures and networking concepts and also consider the larger societal, economic and legal issues that arise from the interplay between the Internet and society.

Each project will partner with cities, non-profit organizations, academic institutions and industrial partners across the nation to test their Internet architectures. Some of the test environments include: a vehicular network deployment in Pittsburgh, a context-aware weather emergency notification system for Dallas/Fort Worth, and a partnership with Open mHealth, a patient-centric health ecosystem based in San Francisco."

Waves!!!

[jeff13]

I've got it!!! We could send some sort of waves out that would be easily picked up by some sort of antenna. We could have stations transmit these waves so there's no gap, and best of all they would cover wide areas as the waves would bounce of the atmosphere. People would only have to buy a receiver set with the antenna and all the programing could be paid for with advertising alone! No more bills! ;p

How is it broken, exactly?

[mark-t]

Honestly, the only thing I can think of that might qualify as really so "broken" that it simply needs replacing with something different is ipv4.

A replacement for that has been invented already, but nobody seems to want to use it. I can't imagine it would be any different with anything else people might try and point out about the internet that they think is broken would get any better public reception.

Re:How is it broken, exactly?

[NapalmV]

How about starting with TCP & UDP? They were somehow designed on the assumption that all participating machines are well behaved good citizens. In practice this ain't happening (see SYN flood for example, there are "mitigation" measure but none is a definitive "fix"). These need to be replaced with something that would be resistant to mischief by design.

Re:How is it broken, exactly?

[ArcadeMan]

Everything these days should be designed from the ground up with the assumption that the requested actions are hostile in nature.

Re:How is it broken, exactly?

[im_thatoneguy]

That sounds great in theory, but at this point I'm kind of reserved to the fact that "resistant to mischief" just means we would have a year or two of peace before the inevitable flaws were so totally exploited that we were right back where we started.

Re:How is it broken, exactly?

And add to that TLS/SSL. Layering encryption on top of an insecure protocol like TCP results in a network layer that provides authentication and privacy, but fails to provide robustness. A secure transport layer should provide all three: robustness, authentication and privacy, and I would add a fourth: authorisation.

Of course this is all protocol that can be fixed by adding another IP protocol value to the proto field in IPv4 or IPv6.

There is a problem in IPv4, that is partially but not sufficiently mitigated in IPv6, and that is the lack of topological addresing. The IPv4 address, with CIDR, in no way reflects the topological location of a subnet, and even in IPv6, large national routing tables have to be maintained to find the optimal route to a single-homed network. This is a small enough problem today that every PE router at the edge of the multihomed internet can simply have a large lookup table, but scales quickly out of control when you start talking about mesh networks, where every node is potentially and likely multihomed. The addresses are also centrally allocated by a very expensive bureaucracy, I won't say corrupt, but the cost per IPv6 address is certainly high considering their abundance and the seemingly low effort required to store an allocation into a database.

With topological addressing, the node addresses would be allocated dynamically based on the position in the topology and supplementary information like GPS coordinates or public key (in onion networks).

The DNS system is an enormous problem. The architecture is very flaky, totally insecure especially with the addition of DNSsec. relies on a very expensive, and in this case, I will say corrupt bureaucracy for the allocation of names and is a generally ill thought out and ineffective way for locating network objects.

HTTP is a massive failure for end-to-endedness, breaks peer to peer expectations of the internet, adds massive protocol inefficiencies that buy next to nothing in the way of added function, and is generally ill specified. A good protocol is one that both allows reservation for future extensions in an efficient manner, and tightly constrains how the protocol must be spoken to the bit. By contrast HTTP allows vast latitude in the spelling of protocol messages, resulting in a large probability for implementation failure and failure for two implementations to interoperate, and yet has very inefficient and unreliable extensions due to the lack of foresight in designing efficient reservations into the original protocol.

Every protocol built on top of TCP fails robustness tests, as it necessarily inherits the irrobustness of TCP. Yet every protocol built on UDP, where one could implement robustness, fails because of the epic clusterfuck that is NAT. And yet there are utter morons out there who are considering (there are RFCs published) NAT for IPv6.

Re:How is it broken, exactly?

[WaffleMonster]

How about starting with TCP & UDP?

I would rather start above layer 4 with DNS, SNMP, NTP, SIP and other niche UDP based offenders giving away insane DOS amplification to any script kiddie in the world who wants to cause havoc. These are relatively trivial problems to fix from protocol design perspective and provide highest returns on investment even after factoring in lag time to get changes propagated thru a good enough percentage of worlds network stacks.

They were somehow designed on the assumption that all participating machines are well behaved good citizens. In practice this ain't
happening (see SYN flood for example, there are "mitigation" measure but none is a definitive "fix").

SYN flood has never offered an attacker amplification..it was limited to a cheesy device to overload host TCP implementations. Cookies have since been universally deployed rendering these attacks useless. Today they are only useful for covert signaling and masking source of non-amplified attack... More importantly these things only work at all because operators are lazy and refuse to implement Ingress filtering. It isn't IP's fault.

These need to be replaced with something that would be resistant to mischief by design.

I'm all ears ... what do you propose?

Personally I think the premise is invalid. All the network need do is deliver packets with some degree of probability of being delivered. I think it is architecturally correct to leave the edge to sort out how to conduct business in in a mischief avoidant manner.

Otherwise as far as I am aware the only way to stop "mischief" is to turn the Internet into a trusted network. A trusted network is not a free and open network...neither is it particularly practical as we have seen again and again the demonstrated futility of managing planet scale trust anchors.

If ever there was an example of the road to hell being paved with good intentions this type of "secure the Internet" thinking I assert fits that bill.

I think our time is better spent looking above IP layer to fix what is most broke and that which causes most actual damage to actual users. (e.g. SMTP)

No one!

[plopez]

We just let the Free Market, may its name ever be praised, sort it out. As stated in the immaculate scripture given to us by the
Profits (sic) Rand and Smith points out we just need to deregulate and the miracle will follow. Praise be!

Re:No one!

[geekoid]

Smith actually new we would need regulation. What people quote from him was about a economic based society that could only exist inside the head of an economic philosopher, and he knew that.

So don't blame Smith, blame the jack asses that either don't read him, or don't understand them.

These people cherry pick his quotes out of context... just like they do with the bible..hmm I see a pattern.

Internet2

[antdude]

What about Internet2? :P

Re:Commercial Internet

[Obfuscant]

1. Require a business license to get a .com

A business license from whom? Not everyplace requires a business license to have a business.

2. Require 501 non-profit status to get a .org

Good. Limit .org to US only.

Look at how well this worked for .edu. (must be an accredited, four year, degree-granting organization).

Really? The local community college has a .edu name. As I recall, phoenix.edu too.

Re: Buzzword bingo 2.0!

[lazybeam]

Don't get caught up in the synergy!

Re:Just no.

[dnavid]

The internet has nothing wrong with it that we couldn't fix with a combination of net neutrality and convincing American ISPs to get off their asses and bring us up to speed with the rest of the third world.

Net neutrality and speed increases would not solve the intrinsic problems with DNS architecture, NAT proxies breaking things, gigantic non-aggregate BGP tables, limited IPv4 address space, limitations of TCP protocol, ICMP mismanagement, lack of standards to address continuous disruption in mobile environments, and a whole mess of other problems that are currently addressed by patchwork solutions, or simply no solutions.

As for this BS marketroid term "Internet of Things"... Please people, just... Don't let them win. The internet has always had "things" on it. Whether that "thing" means your PC or your phone or your microwave. The idea of having every device in your house online should terrify you, not delight you, so fuck upgrades that make it easier for your fridge to tell the NSA that you eat the same things as Joe Terrorist.

At one time, people said the same thing about PC connectivity to the internet. Who are you that you need to connect to the global internet. The internet is for mainframes and important computers; why would you want anyone else to be able to connect to your computer, and why should we allow you to connect to everyone elses?

Paranoia notwithstanding, it should be up to individuals to decide what they connect and how they connect and what capabilities they decide to leverage. But if you think its bad for your fridge to be connected to the internet, I have no idea why you would allow your computer to be connected to it either. That's infinitely more dangerous.

Internet is broken. Health care is broken.

[SensitiveMale]

Immigration is broken. The VA is broken. Congress is broken.

Can we please stop labeling everything as being "broken."

Re:Commercial Internet

[gewalker]

Surprisingly, Phoenix University is accredited, although it has been placed on notice -- i.e., subject to losing its accreditation as documented on their website

Of course, this indicates that accreditation is not exactly a true Gold Standard.

What?

[s.petry]

Wait a second, analogy time and I'll even use a car analogy.

Any time 2 more more cars are driving down a street, there is the potential for one person to cut the other off, crash into them, or slam on their brakes in front of them. When it's critical that you can commute from point A to point B, and assuming you own point A and point B you make a private road to reduce the chances of a shithead messing up your commute. If you don't own both points and are forced onto public roads, you expect that there may be a shithead. Cops can stop them, but maybe not before your day gets ruined.

Claiming automatic driving cars are the answer is a crock. I can break an automatic driving car and make it manual, or even better I could even build a mini-bike and mess up a whole Freeway really fast. I can even stand near a Freeway and throw bricks into people's path, so I don't have to be on the Freeway to mess your day up.. just close.

This is human nature, documented long before we had cars or even roads (read Plato's The Republic if you are a doubter, it'll change your life).

Cars above is obviously your data and computers, roads are networks, private roads are VPNs, and Cops are Firewalls. I could have gone into more detail about traffic lights and such but no need.

Considering my amazing car analogy, why would you think you could possibly design a set of public roads without a shithead driving on them? Seriously, I want to know.