Date post: | 01-Jan-2016 |
Category: |
Documents |
Upload: | damian-blair |
View: | 15 times |
Download: | 1 times |
1© 2002, Cisco Systems, Inc. All rights reserved.
KeynoteTerena 2002
Building Networks:Engineering for Objectives
Fred Baker
Cisco Fellow
222© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Economic news
• The economists think it’s good news
• Enterprise starting to show growth
Slow but apparently solid
• Service Provider market should follow growth of its customer markets
Not so important to NRENs per se, but important to the service provider marketplace
333© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Questions from the Service Providers:
• What will spur more utilization, and therefore revenue?
New applications that consume bandwidth
• How can I reduce service to traffic that is costing me money?
New applications in which users are servers but don’t pay for the bandwidth
444© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Technology on the upswing
• So I’m thinking:
“If I were a service provider, and I was starting to plan future deployments, what would be at the top of my list?”
• Key issues: “more bang, less buck”
It would come down to how I might best meet increasing customer needs while reducing the cost of deploying and managing the service.
I would also be looking at ways to extract more money from existing services.
5© 2002, Cisco Systems, Inc. All rights reserved.
KeynoteTerena 2002
Advancement into Next Generation Applications
666© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Growing applications
• Peer to Peer application models
Morpheus, Gnutella, etc
• Multiparty Games
Interactions modeled on Flight Simulator, video combat games
777© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Service model mismatch
• Service Providers:
“We want to entertain you”
Client/Server applications in which many users access relatively few servers at hosting sites
Video on Demand
• Application Designers:
“Facilitate us entertaining ourselves and each other”
Peer to peer model
Server in the home
Morpheus, Gnutella, Gaming
888© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Authentication/Authorization dichotomy
• Worms, viruses
Intent is to destroy the network
Access control required to analyze and eliminate
• Unauthorized Access
Use your machine for unintended purposes
• Peers in games
Can I signal directly rather than to a server?
• Can I control who I send content to, or who uses it?
Intellectual property issues
999© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Client/Server Access control
• We trust people to access servers and do limited operations on them
101010© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Peer-peer access control model
• Model with all the same access control and therefore accountability
• Utilizes compute capability of peer computers to perform game
111111© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Here’s the hard part
• I have to be able to address the peer computers across perimeter security (global addresses)
• I have to be able to keep out the bad guys
Good intrusion detection and avoidance
• I have to be able to convince Mom, Dad, and the service provider that this is OK
• We have to manage IPR issues related to content
• There is no global PKI, and won’t be in my lifetime
12© 2002, Cisco Systems, Inc. All rights reserved.
KeynoteTerena 2002
Advancement into Critical Infrastructure
131313© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Networks coming to the party
• Emergency Telecommunications System (ETS)
• ITU I.225.3 Communications Networks
DISA Converged VoIP network
US NCS telecommunications network
141414© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Today’s Internet
• The optical internet backbone
Gigabit to terabit links
U N I V E R S I T YU N I V E R S I T Y
• Access networksxDSL, cable modem, ISDN, asynchronous dial
20,000 instantaneous sessions per GBPS backbone bandwidth
Campus Networks (LANs)UoSAT-12
Internetin Airlines
151515© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
What are their objectives?
• Preferential treatment
• Security
• Non-traceability
• Restorability
• International connectivity
• Interoperability
• Mobility
• Ubiquitous coverage
• Survivability
• Voice service
• Broadband service
• Scalable bandwidth
• Affordability
• Reliability
161616© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Preferential treatment
• Specific [telephone] calls get reserved bandwidth or preempt other calls
• Data streams have variable drop thresholds
Able to change routing and applications in the face of serious failure or loss
171717© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
“Security”
• Authentication
• Authorization
• Control of traffic's use of bandwidth
• Privacy using advanced encryption
181818© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Interesting Routing
• “Non-traceability”
Specialized requirement for anonymity servers
• “International connectivity”
Connects to international carriers
• “Interoperability”
Connects to government networks
• Ubiquitous coverage
Works everywhere
191919© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
“Mobility”
• Transportable
• Redeployable
• Mobile
202020© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
“Survivability”
• Robust under extreme load
• Ability to re-route preferentially
212121© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Target services
• Voice service
• Web data distribution
• Database transaction services
• Instant messaging
• Broadband service
222222© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
“Scalable bandwidth”
• An interesting point
They don’t ask for specific bandwidth or interconnection services
They want to be able to use whatever exists
232323© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
“Reliability”
• Perform consistently
• Availability
• Meets design requirements and specifications
• Usable with high confidence
252525© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Data stream routing
• OSPF DSCP routing?
• Secure routing technologies
262626© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
VPNs of various types
• CPE IPSEC VPNs
• BGP/MPLS VPNs
• L2TP Occasional Access VPNs
272727© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Voice call management
• Key point: Interoperable with SS7
Able to tunnel calls from SS7 domain to SS7 domain
Able to originate or terminate calls that might operate in those domains
PSTN
PSTN
282828© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Security
• Strong authorization
• Strong authentication
• Various layers
292929© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Resilience to attack
• Issues:
Denial of service
Intrusion detection
• There is room for a service offering here
Sell as a service that you will detect potential attacks and notify the customer
Expect this to include offering assistance:
Customer will want attack mitigation
Law enforcement will want attack tracing
303030© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Scalable Key Infrastructure
• Need
Stateless authenticator with no active attribute database
Peer exchange of attributes
Authenticator
Authenticated exchange of attributes
313131© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Lawful intercept
• Traffic data = netflow?
• Content intercept
323232© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Real-time collection of traffic data
Each Party shall…
… compel a service provider, within its existing technical capability, to:
i. collect or record …
traffic data, in real-time, associated with specified communications in its territory transmitted by means of a computer system.
“
”http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm
333333© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Cybercrime treaty, Article 21
Each Party shall …
a. collect or record …
b. compel a service provider…
i. collect or record …
ii. co-operate … in the collection or recording of,
content data, in real-time, of specified communications in its territory transmitted by means of a computer system.
“
”http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm
353535© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Technology deployment necessary
• Many of these technologies exist, but are not generally thought of as “services”
• Need to think through service provider deployment issues
Often not “quick fixes”