Defining a future network:An international research agenda

David Clark

MIT CFP

MIT Communications Futures Program

Bi-annual meeting, May 30-31, 2007

Philadelphia, PA

What I want to cover A review of the activity.

For some time, we at MIT have been interested in what a future Internet might look like.

Status report on progress. The NSF initiative, in particular.

Pointers to related work. International activities.

Some examples of research.

The research challenge The Internet is a tremendous success, but… Can we meet tomorrow’s needs by incremental

improvement of today’s design? Hypothesis: NO! Which implies two further questions:

What are the compelling requirements that justify the research? Why do I think this assertion is true?

What features might define a global network of the future? What approaches do the research community have to

address these challenges?

Isn’t today’s net good enough?

Must start with serious discussion of requirements: It’s not just about cool new apps.

Security and robustness. Been trying for 20 years--try differently?

Recognize the importance of considerations beyond the technical. The economic landscape. The social context. The international scope.

Easier to manage. Really hard intellectual problem. No framework in original design.

Security and reliability

Define the objective broadly. “Classic” security, availability, resilience.

Hard because: Many problems are in the end-hosts. We don’t have agreement about the objective.

Many problems involve a balance of interests. Among actors, states and societies.

Different contexts call for different answers. We don’t have a coherent approach.

Economic landscape

In 1975, it was not clear to the early designers that we were designing the landscape of investment and competition. Now it is.

Could we do a better job to shape: Regulation (or lack of)? Continued investment and innovation? Options for user choice? Deployment of new services? Health of the value chain?

Consider the role of facilities providers, for example. Role of advertising?

Social contextFailure to understand and respond to larger social

concerns will lead to the eventual rejection of new concepts, and doom the venture. The opposite can lead to success.

Examples of important issues. Loss of anonymity and privacy.

Data mining and profiling. Correlation and linking across people. Tomorrow: location and presence.

Issues around access to information. Excessive controls, limits on speech, IPR, forgery.

Instability of personal information. Access and ease of use. Variation in local values.

Technology drivers

Computing technology, not network technology…New computing technology.

Whatever computing is, that is what the Internet should support.

The Internet grew up in a stable “PC” time. The cellular industry evolved independently. Tomorrow: many different views; sensors, cell

phones, embedded processors, $100 laptops, etc.

Rich space of services and servers. Design alternatives will have important influence on

personal choice, control, innovation, etc.

Define a broad scope to research

A problem with the word “Internet”. It is too constraining, but otherwise nobody knows what you are

talking about…

Future networking is not just about a new kind of packet. Robust content distribution

Naming, security, resilience Management and sharing of personal information Real time multi-media distribution

Multicast Network-embedded storage and computation Location mgt (human and object) Identity mgt. (human and object)

Distributed name management

FIND: An NSF challenge question

1) What are the requirements for the global network of 10 or 15 years from now, and what should that network look like?

To conceive the future, it helps to let go of the present:

2) How would we re-conceive tomorrow’s global network today, if we could design it from scratch? This is not change for the sake of change, but

a chance to free our minds.

Status

Three phases: Phase 1 (current phase): exploratory grants,

meetings to facilitate interaction and collaboration. Three annual award cycles.

Phase 2: awards for integrated proposals. Phase 3: demonstration of ideas on experimental

infrastructure. (GENI)

First year awards made in summer 2006.Second year proposals now being evaluated.Starting to develop process of collaboration and

consensus.

Model of collaboration

FIND embodies an “unusual” approach (in the NSF context) to collaboration and cooperation in achieving a large vision. Traditional: give a single large grant, and

hope. Now: use traditional “small grant” merit review

process and then create means to encourage working together post-grant.

Now, we must make this collaboration happen internationally.

International activities

EU--Eiffel proposal; FIRE

Country-specific activities in Europe

Korea

Japan

FIND and GENI

FIND is a research agenda There are others:

Cyber-trust SING (theory of networks)

And there are others outside NSF

GENI is infrastructure to demonstrate research. A big idea going after big funding. Support multiple experiments.

Network architecture to distributed systems (think PlanetLab).

Shape and schedule dictated by the funding strategy. At least two years to funding, so have to launch in parallel.

High-level servicesInformation management

Naming, security, resilience, distribution and dissemination

Management and sharing of personal informationReal time multi-media distribution

Multicast

DTNsNetwork-embedded storage and computationManagement of distributed servicesLocation mgt (human and object)Identity mgt. (human and object)

Distributed name management

Toward a new framing of security

Old computer science saying: There is no problem we cannot solve with a

layer of indirection. My first modification: “except performance”.

New tussle saying: Each layer of indirection creates a new point

of control over which we can fight. By creating an indirection, we create a tussle point. Did you really need to create another?

Security as a control problem

Who controls: DNS bindings? Address to destination bindings? URL to content binding? Address to “identity” binding?

This is rather different from the “security means good encryption” framing.

A different vocabulary

I am talking about security using words such as “stakeholder”, “control” and “power”. These are not CS words. These words are familiar to sociologists and

political scientists. It is worth learning how to speak their

language.

Resilience and availability

Security community has tradition of looking to resistance. Resilience may be a better path. Diverse failover modes Reduced interdependence under attack Integration with management

No silent failures Support for variability Resilient social structures Other disciplines?

DeterrenceSocial form of question: what is the role of policing in the

Internet?Technical form of question: what should it be possible to

see where?Models of policing:

Wait to be called. Can end-node gather evidence? Witnesses? Can application design prevent classes of crime?

Feet on the street, cameras. CDC Contract law and arbitration. Bodyguards.

Denial of Service attacks

Proposal: distinguish “public” and “closed” servers.For public: must diffuse.

Speculation: diffusion will be key part of future.

For closed, outsource protection. Who do you trust?

Possible research questions: Do private address spaces help? Virtual nets?

Must protect the real assets underneath… Re-architect protocols for these goals? Can we cure zombies and bot-nets?

Protecting the end node:

The OS will never be secure. So how to cope?

A topic that triggers great disagreement. Controls in the network to prevent unwanted traffic

flows. Firewalls, indirection schemes, capabilities, virtual networks

Quarantine infested end-nodes Redesign applications Redesign session initiation Diffuse attacks Virtual machines for different activities

Management

(I don’t have as much to say…)

Instrumentation and data gathering.

Knowledge plane Cross-domain sharing of objectives and

diagnosis.

High-level language for configuration. We are in the assembly language stage.

Hypothesis--stop calling it management.

New ideas:

Instrument the data plane.

Cross-layer interfaces (rethink layers). We know what these look like in the data

plane. We don’t think about it in the management

and control planes. Example: time to repair.

More centralized management/control systems.

New network technologyWireless

Mobility and ubiquitous access Not well supported in current Internet Great diversity in approach and function Raises technical and social issues.

Location, identity, security.

Optical technology Not just cheap pipes,(but predictions of 10-4 cost/performance) Rapid reconfiguration of core No bottlenecks at edge

What are suitable technology choices for different parts of the world?

Network level innovationAddressing and forwarding

Do we need global addressing? Should we revisit state setup?

Routing Should we compute it more centrally? Should we allow competing route computations? Should we use diffusion routing?

Aggregates Should the design include tools to deal with aggregates of packets?

Congestion control Explicit feedback?