Presentation is loading. Please wait.

Presentation is loading. Please wait.

What’s wrong with the Net? Mark Handley UCL Department of Computer Science.

Published byAusten Porter Modified over 8 years ago

Similar presentations

Presentation on theme: "What’s wrong with the Net? Mark Handley UCL Department of Computer Science."— Presentation transcript:

1 What’s wrong with the Net? Mark Handley UCL Department of Computer Science

2 The success of the Internet

3 The success of the Web

4 People Online DATENUMBER% POP SRC August 2001 513.41 million 8.46Nua Ltd August 2000 368.54 million 6.07Nua Ltd August 1999 195.19 million 4.64Nua Ltd Sept 1998147 million 3.6Nua Ltd November 1997 76 million1.81Reuters December 1996 36 million.88IDC

5 The net is a success! The problem:  In almost every way, the Internet only just works!

6 The net only just works? It’s always been this way: 1975-1981: TCP/IP split as a reaction to the limitations of NCP. 1982: DNS as a reaction to the net becoming too large for hosts.txt files. 1980s: EGP, RIP, OSPF as reactions to scaling problems with earlier routing protocols. 1988: TCP congestion control in response to congestion collapse. 1989: BGP as a reaction to the need for policy routing in NSFnet.

7 Changing the net. 1st Jan 1983.  Flag day.  ARPAnet switched from NCP to TCP/IP.  About 400 machines need to switch. As the net got bigger, it got harder to change.

8 Before web... Prior to the 1990s the Internet was primarily academic and scientific.  Common goals.  Low cost of failure. Then came the web, and commercialization of the Internet.  Exponential growth.  Financial costs of failure.  ISPs struggling to keep ahead of demand.  Huge innovation in applications.

9 Development Cycle “We need this feature immediately to keep our network functioning” “Here’s something we hacked together over the weekend. Let us know if it works.”

10 Running out of addresses... The current version of the Internet Protocol (IPv4) uses 32 bit addresses.  Not allocated very efficiently.  MIT has more addresses than China. IPv6 is supposed to replace IPv4.  128 bit addresses.  We don’t need to be smart in address allocation.  How do we persuade people to switch?

11 Network Address Translators Scarcity of addresses has made addresses expensive. NATs map one external address to multiple private internal addresses, by rewriting TCP or UDP port numbers. 10.0.0.2 10.0.0.3 128.16.0.1 From 128.16.0.1, TCP port 345 From 128.16.0.1, TCP port 678 From TCP port 222 From TCP port 222 Public Internet NAT

12 Network Address Translation Introduces asymmetry: can’t receive an incoming connection. Makes it very hard to refer to other connections:  Signalling, causes the phone to ring.  On answer, set up the voice channel. Application-level gateways get embedded in NATs.  It should be easy to deploy new applications!

13 The sky is falling!!! No. But we’re accumulating problems faster than they’re being fixed.

14 Imminent problems Address space exhaustion. Congestion control. Routing. Security. Denial-of-service. Spam. Architectural ossification.

15 Congestion Control The Internet only functions because TCP’s congestion control does an effective job of matching traffic demand to available capacity. TCP’s Window Time (RTTs)

16 Limitations of AIMD Very variable transmit rate is fine for bulk-transfer, but hard for real-time traffic.  TCP-Friendly Rate Control (TFRC)  Datagram Congestion Control Protocol (DCCP)

17 Limitations of AIMD Failure to distinguish congestion loss from corruption loss.  Wireless Limited dynamic range.  R ≈ s RTT p

18 AIMD: Limited Dynamic Range One loss every half hour, 200ms RTT, 1500bytes/pkt.  9000 RTTs increase between losses.  peak window size = 18000 pkts.  mean window size = 12000 pkts.  18MByte/RTT  720Mbit/s.  Needs a bit-error rate of better than 1 in 10^12.  Takes a very long time to converge or recover from a burst of loss.

19 High-speed Congestion Control High-speed TCP (S. Floyd) Scalable TCP (T. Kelly) FAST (S. Low) Fair queuing + packet pair (S. Keshav) ATM ABR service. XCP (D. Katabi)

20 Routing BGP4 is the only inter-domain routing protocol currently in use world-wide. Lack of security. Ease of misconfiguration. Policy through local filtering. Poorly understood interaction between local policies. Poor convergence. Lack of appropriate information hiding. Non-determinism. Poor overload behaviour.

21 Replacing BGP? BGP works! BGP is the most critical piece of Internet infrastructure. No-one really knows what policies are in use.  And of those, which subset are intended to be in use. No economic incentive to be first to abandon BGP.

22 Security We’re reasonably good at encryption and authentication technologies.  Not so good at actually turning these mechanisms on. We’re rather bad at key management.  Hierarchical PKIs rather unsuccessful.  Keys are a single point of failure.  Key revocation. We’re really bad at deploying secure software in secure configurations.  No good way to manage epidemics.  Flash worm: infect all vulnerable servers on the Internet in 30 seconds.

23 Denial of Service The Internet does a great job of transmitting packets to a destination.  Even if the destination doesn’t want those packets.  Overload servers or network links to prevent the victim doing useful work. Distributed Denial of Service becoming commonplace.  Automated scanning results in armies of compromised zombie hosts being available for coordinated attacks.

24 Denial of Service Traditional security mechanisms are useless for defending against DoS.  Attacker can force you to do expensive crypto operations. Many DoS point solutions have side-effects that can be exploited by an attacker:  Sendmail SPAM blocking.  BGP Flap Damping. The death of ping.

25 Security and DoS We need architectural solutions, not point mechanisms. What are the right steps forward, architecturally, that doesn't turn this into the "Information SuperSkyway" (where you have to present your ID in triplicate, board an inconveniently scheduled and uncomfortable packet-herder, have an accredited professional guide you along prescribed and often-congested channels, to get approximately where you wanted to go)? - Leslie Daigle, IAB

26 Architectural Ossification The net is already hard to change in the core. IP Options virtually useless for extension.  Slow-path processed in fast hardware routers. NATs make it hard to deploy many new applications. Firewalls make it make to deploy anything new.  But the alternative seems to be worse. ISPs looking for ways to make money on “services”.  They’d love to lock you into their own private walled garden, where they can get you to use their services and protocols, for which they can charge.

27 Summary In almost every way, the net only just works. This is a critical time.  The net is moving out of it’s infancy.  The problems are significant.  We get to influence it’s future.

Download ppt "What’s wrong with the Net? Mark Handley UCL Department of Computer Science."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.

Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
The Internet The last 30 years and the next 30 years. Mark Handley UCL Department of Computer Science.

The Internet The last 30 years and the next 30 years. Mark Handley UCL Department of Computer Science.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.

11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.
CSE5803 Advanced Internet Protocols and Applications (7) 1 7.1 Introduction The IP addressing scheme discussed in Chapter 2 are classful and can be summarised.

CSE5803 Advanced Internet Protocols and Applications (7) Introduction The IP addressing scheme discussed in Chapter 2 are classful and can be summarised.
ISOC-Chicago 2001John Kristoff - DePaul University1 Journey to the Center of the Internet John Kristoff +1 312 362-5878 DePaul University.

ISOC-Chicago 2001John Kristoff - DePaul University1 Journey to the Center of the Internet John Kristoff DePaul University.
1 A Course-End Conclusions and Future Studies Dr. Rocky K. C. Chang 28 November 2005.

1 A Course-End Conclusions and Future Studies Dr. Rocky K. C. Chang 28 November 2005.
Network Layer IS250 Spring 2010

Network Layer IS250 Spring 2010
Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –

Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –
Routing of Outgoing Packets with MP-TCP draft-handley-mptcp-routing-00 Mark Handley Costin Raiciu Marcelo Bagnulo.

Routing of Outgoing Packets with MP-TCP draft-handley-mptcp-routing-00 Mark Handley Costin Raiciu Marcelo Bagnulo.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Firewall Slides by John Rouda

Firewall Slides by John Rouda
1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.

1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.

Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.

Similar presentations

Ads by Google