The Internet today and tomorrow: social implications of evolving technologyDavid ClarkMIT CSAILNovember 2008
Internet today: backgroundThe forces that are shaping it are not just technical.Technical changes are real: wireless, embedded computers, location sensing.But perhaps more important is the deep embedding in society.Privacy and identity.Social networking as a platform.The role of the ISP.
Internet tomorrow: backgroundFIND (Future Internet Design) is a U.S. NSF program to look at what our global network of 15 years from now should be.Similar efforts in Asia and Europe.Challenges us to think about why we built what we built. A lot we got right (perhaps surprising)A lot is almost an accident.Could we, by design, mitigate some of the issues we debate today?
FIND: The Internet is a successSo why would we want to rethink its design?Its not the data plane. Packets have proven their generality, and we have polished the data forwarding function for years.It is not that some broad class of application is unsupported.Application designers have shown the broad utility of the Internet.The issues are centered in the broader context within which the Internet is positioned. The FIND project must consider a broad range of requirements.
Issues to considerSecurityAvailability and resilienceBetter managementEconomic viabilityMeet societys needsSupport for tomorrows computingExploit tomorrows networkingSupport tomorrows applicationsFit for purpose (it works)
The role of the ISPThey forward packets.They interconnect with their competitors.They invest and manage risk.They police (directly and indirectly).They provide critical societal infrastructure.The Internet cannot just be a creature of the private sector.They want to profit from investment.(Follow the money.)AdvertisingISPs vs. Google. Deep packet inspection.Manage usage and acceptable activities.
Neutrality and managementThe net is not neutral and never has been.We gave preference to interactive traffic in the early days of the NSFnet.ISPs block known security vulnerabilities.The real discrimination (follow the money) is at the points of interconnection.Peering, transit, bargaining, routing, etc. What the consumer sees is a side-effect of interconnection negotiations.
Traffic management?Usage does cost something. It is not free.But it is not expensive.For a typical big access ISP, might be $.05 or $.10 per GB. Note that this has nothing to do with peak rate.But for a rural ISP (think small WISP), might be 10 times that. Must deal with consequences of flat rate pricing. Typical residential usage today may be 1% loading.This is necessary. Otherwise nobody could afford broadband. Again, has little to do with peak rate.
What is acceptable?And how would we decide?Is it acceptable for someone to profile my behavior?If I opt in? If I get only select ads? If I can opt out selectively? If it is pre-anonymized so it cannot be directly traced back to me? Is it acceptable for ISPs to limit what I do and how much I send?If limit is just measured in bytes, yes. Could limit using dollars. Moving to price tiers.If limit is priority and service quality, yes.If limit is performance variation among servers, it happens today all the time. To what extent should the ISP police the network?Inevitable, so get on to the issues.
A final commentBeing a residential broadband provider is a good business. If big and (sub) urban.There is a sense that (especially with respect to cable guys), broadband is some marginal add-on to a highly profitable cable business. This is silly. ISPs pay for cable content. They get Internet content (over the top) for free. Sometimes they get paid. The issues are cost of delivery and who gets advertising revenues.They do not prefer one to another. They want them all.
Talk about tomorrowLook at some of these important objectivesWhat is wrong with the network of today?Why is it worth considering alternative designs?Describe some emerging proposals and approaches Sometimes conflicting, sometimes clear.(Sometimes my personal point of view.)So wander between requirements and mechanism.Mechanism is easier to think about.Requirements are more fundamental.
What was that list??Those were not requirements.They are a wish list.DesiderataAn aide-memoire It is a big jump from any of these items to the design of mechanism. And that is a big issue.
SecurityUse as a first example of a requirement.Hard and important. Why is the problem so hard?We dont agree on the definition of good securityA balance among stake-holders.We want different outcomes in different contexts.We cannot correct the insecurity of end-nodes. Old framework:Disclosure, integrity, availabilityHow does this relate to firewalls, VPNs? After the fact--not a part of the network
A different frameworkAttacks on communicationConfidentiality and integrity addressed with encryption.Availability?? The central objective of networks.What else? Attacks on the hostInfiltration (can lead to most anything)So either prevent infiltration or limit its consequences.Attacks on information. Denial of serviceA special case of availability.
AvailabilityFirst, as much as possible, make the what else attacks on communication into failures of availability.Limit the range of attacks and responses.Think: what is excluded?Mechanism: wrap an end-to-end confirmation of identity around a connection. Cleanly makes many attacks on/by the network into an availability problem.Second, develop a theory of availability.At a high level:All critical resources must be supported in a rich, heterogeneous, diverse form.It must be possible to detect and distinguish (to some degree) failures.The point of detection must be able to invoke different resources.In general, only the end-points can detect failures.
Examples of attacksByzantine packet handling. Re-routing, adding and dropping.Only end-node can detect, so end-node must be able to request re-routing. Explicit ImplicitMulti-homed end-nodesDNS corruption (pharming)No architectural support today to mitigate this.Design is redundant, but not in face of malice.
End-to-end checksTo turn misdirection attacks into availability problems, need a means to confirm with whom you are communicating. An issue of identity and shared information.What notion(s) of identity will be suitable? (See below.)You means the end-nodes, but not just the human. If the end-node can be trusted, software can help.Corrupted end-nodes are a central issue here. Can a trusted helper node help? To detect byzantine attacks, fault detection must be integrated into the carriage of data. Security and management are entangled.
Economic viabilityFundamentals:Different parts of the network are built by different actors.Physical facilities (fibers, towers, etc.) require capital investment. Investors must be motivated to invest.
Our preferences:Facilities owners must not control the future of the network. Just invest in it.
What happens today?How do facilities owners operate and interact?One answer is that they become ISPs.Measure/model usage Track customers and marketsControl routing. ISPs serve a critical business function today. They dont just move packets, but manage capital and risk. Important economic role.
But is this role fundamental?
Some specific requirementsISPs must be able to model usage and demand sufficiently well to make investment decisions.Users must be able to select among paths through the network that avoid failures.The network design must allow users a degree of choice among providers so as to impose the discipline of competition.
A new idea--virtual networksIn a virtual network, facilities (routers, links, etc.) are virtualized and then used by higher-level service providers to implement different networks, possibly using very different architectures.VPNs are a limited version of this idea today.A new form of competition.In a world of virtual networks, why would someone invest in expensive facilities?Owner does not control routing, so where should the links go?
Another new ideas: futuresIf investment in facilities is a up-front or sunk cost, with a long period of depreciation and cost recovery;And virtual networks anticipate flexible access to resources over a short term;Then there must be some way to insulate facilities investors from risk so that they will invest.Consider a futures market for bandwidth.Happens today with really expensive cables.
A new interfaceDo we need to standardize the interface that defines this futures market?Has a lot in common with other commodity markets.Not sure, but if we do, it is an odd sort of standard. Not moving packets, but money. Not just bandwidth, but in a location.Compare to spectrum auctions.
The alternatives?Mandatory facilities unbundling.As was called for in the Telecommunications Act of 1996 for access facilities.As is being done in Europe today for access facilities.Regulated rate of return or mandatory structural separation.Works where the motivation to invest is compelling. Public sector investment.Failure so far (a controversial statement, I know.)
Interfaces define the industryISPs exist because of IP, and the protocols that connect regions together.There is no fundamental reason why ISPs look the way they do.Protocols define the services that can be created across multiple regions.So by creating protocols, we create opportunities for service (e.g. revenue) creation. Which are possible, which are dangerous?
Region interconnectionOld idea: BGP.New ideas: Interconnection of advanced servicesDirect expression of business constraintsRouting overlaysFault localization and correctio