It’s a boring Sunday, and you’ve decided to while away the time in a wonderfully unproductive game of Tetris. At some point, you’re accidentally (or purposefully) going to plug an empty space, temporarily throwing away your chances at scoring a line. “It’s all right,” you think, “I’ll just finish these lines on top first, and then I can get to that later”. But inevitably, you end up plugging another vital space, and then another. Pretty soon, the bricks have mounted high enough for you to start worrying. Today, the internet is that game of Tetris, and the bricks are stacked uncomfortably high.
This might sound familiar: “The internet is running out of IP addresses!”. Even in the early days of the internet, scientists were beginning to realize that this system was getting too popular too fast — they predicted that the world would run out of IP addresses by 1994. Of course, that didn’t happen. The internet had plenty of addresses to spare in 1994, and continues to chug along happily even today. This is just another hole we’re going to come back to later. Meanwhile, we’re finishing the other rows — like security.
The internet isn’t secure. While you’re hitting the Report Spam button on your email account, someone’s watching an adware program spew out its horrifying results, and some other poor soul can’t tell that his PC is part of a botnet, helping send you the spam you’re reporting. Firewalls are nice, but the fact that you’re still receiving spam and fighting off phishing attacks speaks for itself. And the root of all these problems (predictably enough) is stupidity.
The dumb network
In networking-speak, a dumb network is essentially a bunch of terminals and wires. It doesn’t care about the information travelling on it — just that it’s taking the information where it needs to go. The terminals themselves — the computers — are pretty smart, so the onus was on them to interpret the data and present it to users.
There is much to love about the dumb network — mostly, it’s economical. A dumb network is ridiculously easy (and hence cheap), to deploy — a router here, a cable there, and one more happy customer gets connected to the web. It’s also extensible — because a dumb network is like a clean slate, you can add more functionality to it as you go along: perfect for a network that grew as fast as the internet did. And finally, by putting the onus of processing data on the terminals, you’re creating a network that lets data travel quickly, without obstructions.
The internet is a packet-switched dumb network, which means that the information you send along the pipes is broken up into packets, sent along different paths to the destination, and then re-assembled at the other end. This is all very well for data; send voice over a line like that, however, and you get gibberish at the other end — if anything. It took ten years for VoIP to work around this mess; but even now, it’s too unreliable to replace the good old wired phone line.
Still, VoIP gets the job done. Ish. The real problem with the dumb network is that it isn’t secure.
The trusting network
The internet was designed by a bunch of scientists, for the scientific community. It was a good-natured network that had faith in its users, and wouldn’t believe that people would actually send malicious data to each other. Then it got misused — malicious people used it to spread malicious code, and the internet suffered a bad reputation. Now, of course, it’s become somewhat smarter. By installing firewalls and packet sniffers (software that checks packets for malicious data) on servers, routers and your PCs, the internet has made it much harder for evil code to get to you, unless you’re conned into letting it in yourself.
But there still remains one part of the net that’s still good-natured and trusting at its core — DNS. It was originally designed to be the digital equivalent of the friendly guy at the concierge’s desk. You would ask it for a web address, and it would helpfully tell you where to go. Then came cache poisoning, by which hackers could fool DNS servers into believing they’re sending you to the fun part of town, but you really end up in a dark alley with your head bashed in. And somewhere underneath all the security protocols, this flaw still exists.
It’s time to re-do the internet, and turn it into a smart, secure network.
What we need
The new internet needs to be faster and more reliable — IP telephony shouldn’t suffer the way it always has, and must eventually become the alternative to the classic telephone line that it’s supposed to be.
And yes, it would also be nice if the new internet could let our devices have their own unique IP addresses, instead of an internal address that a router or server assigns to it. We’d also like the internet to be “ready” for when we want to use our mobile phones as our primary computing devices.
However, before researchers are to give us the internet we desire, they need a sandbox to test their designs — a guineapig network.
In 2005, the National Science Foundation (NSF) in the US asked researchers to come up with a new plan for the internet. To help them test their designs, the NSF started the Global Environment for Networking Innovation (GENI), which would be the guinea-pig internet for them to use. Several supporting projects have spawned since, each with their own view of what the internet should be.
It isn’t hard to guess which side of the fence Stanford’s Clean Slate Design project is on. The group is creating a set of technologies that they hope will form the backbone of the new internet — from a framework for a mobile internet, to an infrastructure for virtual worlds such as Second Life. Scientists will be able to use these basic frameworks to design their own visions of the internet, and then test those designs using GENI.
On the other hand, there’s the PlanetLab project, which aims to create overlay technologies, which will sit on top of the world’s existing internet infrastructure, and by becoming more popular, will squish out the old technology. Something like this has already been in existence, in the form of the university-only Internet2. The underlying philosophy is that there are several parts of the internet that get the job done just fine, so why throw all that away?
So what does a more realistic internet look like?
Middle ground While we wait for the competing projects to come up with a brand new internet we can use and love, there are two upcoming technologies that we should see pretty soon. You already know about the first — IPv6. The other is called flow routing.
Right now, packets on the internet travel like they always have — taking different paths to their destination, where they are reconstructed. In a flow-based network, packets that need to travel together — voice, audio and video, for example — will travel together. The new flow routers will work like regular routers, except when they see packets that say that they’re part of a flow. For these packets, the routers will choose paths that allow the packets to reach their destination in order.
Of course, a flow router won’t be able to do its work without packets that have information flows. And this is where IPv6 comes in. IPv6 packets have traffic class fields, which will tell routers how to priorities them. As a bonus, these packets will also carry authentication and security headers, which will let routers and PCs find out whether the packets are coming from the right server.
Finally, IPv6 opens up a whole new world of IP addresses, which means that every device — from PC to phone to hearing aid — can have its own unique address, and not have to hide behind access points ever again. This means it’s theoretically possible to have an IP address that never changes. So, if you’re using a service that authenticates you based on your IP address, you don’t have to worry about losing your authorization by moving to a new network.
However, even though IPv6 was standardized in 1998, only 0.236 per cent of all internet users are using IPv6, according to a Google report published in October 2008 (read the PDF at http://tinyurl.com/6c634k). It may be disappointing news now, but it does offer a simple solution to our IPv6 adoption problem. The people on IPv6 may not necessarily be using it intentionally — their ISPs began to support IPv6, so they gave customers IPv6-capable routers. And since the newest generations of Windows, Mac OS X and Linux are all set to prefer IPv6 if it’s available, more people went online with the new protocol without even realizing it. Which means that it isn’t the people who need to be convinced, it’s the ISPs.
So after all this talk, it may well be that the future of the internet is simple — slightly smarter, with a new protocol and updated routers. Which may be a good thing, because we may not want a smart internet after all...
The stupidity of smartness
We point nasty fingers at dumb networks, but the truth is that even smart networks aren’t beyond reproach. When you load routers with software that authenticates and analyses and directs and decides, you’re actually getting in the way of data moving swiftly. But there’s a possibility that’s even worse. We complain about the internet today, because it’s an old design that hasn’t been improved because it got too large — but twenty years in the future, people will say the same thing about a smart network. Take the telephone network, for instance — it’s the original smart network, fully aware of the signals that travel along it — it has now solidified into a behemoth that’s too expensive to upgrade, and too complicated to easily add new functionality.
Tom Evslin, who helped build the original MSN, and AT&T’s first internet service, thinks that any effort to make the internet smarter “will cost incalculably more in loss of future flexibility and scalability.” He argues that the dumbness of the internet is what enables it to support new and wonderful applications, and should thus stay that way. He isn’t the only one to think this way, either. Vinton Cerf, Google’s Chief internet Evangelist, and father of the internet, says that it’s the terminals that need to get smarter, not the network.
And then, there are the “political” implications. A fully redesigned internet may well turn out to be what the New York Times calls a “gated community where users would give up their anonymity and certain freedoms in return for safety.” Scary thought, yes?
And when you think about it, a lot of news about internet outages seems overblown. In October, a worm called Conficker infected 15 million Windows PCs, prompting renewed fears of a “digital Pearl Harbour”, which will supposedly bring the internet to a standstill. But if Conficker was the harbinger of doom, why didn’t you stop surfing? Did you even notice that the internet “was under attack”? Truth is, Conficker didn’t bring down the internet, it exploited vulnerability in an OS. A Windows OS. If there’s any terminal that needs to get smarter about security, it’s the Windows terminal.
Bottom line: whatever the internet ends up being, we shouldn’t accept a design that emerged from panic.