Can we save the OPEN Internet? with focus on The Two-Port Internet Problem and what to do about it Terry Gray Designated Prophet of Doom University of.

Slides:

Advertisements

Similar presentations

Duke University SDN Approaches and Uses GENI CIO Workshop – July 12, 2012.

Advertisements

All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.

Firewalls, Networking and Monitoring Rolly Gilmour Object: to discuss issues relating to the Operation of the Grid and Grid middleware in a campus network.

Network Security Essentials Chapter 11

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

L. Alchaal & al. Page Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

Enabling IPv6 in Corporate Intranet Networks

ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.

Campus LAN Overview. Objectives Identify the technical considerations in campus LAN design Identify the business considerations in campus LAN design Describe.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

MSIT 458: Information Security & Assurance By Curtis Pethley.

Network Research An Operator’s Perspective Terry Gray University of Washington Associate Vice President, Technology Engineering, C&C Affiliate Professor,

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Rethink the design of the Internet CSCI 780, Fall 2005.

Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.

Network Architecture (R02) #3 Multicast and Deployment Jon Crowcroft,

1 State of the Network 1 May 2007 Computing Support Meeting Terry Gray Assoc VP, Technology & Architecture C&C.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Internet Protocol Security (IPSec)

Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.

Guoliang YANG Problem Statement of China Telecom.

Rutgers IT Complex Michael R Mundrane 4 December 2001 Rutgers University Computing Services.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Lecture 1 Internet CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger and Daniel Zappala Lecture 1 Introduction.

RSIP Address Sharing with End-to-End Security Mike Borella, 3Com Corp. Gabriel Montenegro, Sun Microsystems March 2000.

1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

1 MICHAEL BANIC VP ENTERPRISE MAKETING. THE NEW DATA CENTER NETWORK.

JPL Campus Advanced ServicesCdL Claudia de Luna (818) December 4, 2000 JPL Campus Network Advanced.

IPv6 Home Networking Architecture - update IETF homenet WG Interim meeting Philadelphia, 6 th Oct 2011 draft-chown-homenet-arch-00.

Copyright ©Universalinet.Com, LLC 2009 Implementing Secure Converged Wide Area Networks ( ISCW) Take-Aways Course 1: Cable (HFC) Technologies.

Valentino Cavalli Workshop, Bad Nauheim, June Ways and means of seeing the light Technical opportunities and problems of optical networking.

Firewall Network Processor™: Technical Concept and Business Solutions FNP™ – is a trademark of Fractel Inc. December 2008 Columbus.

Lecture 1 Internet CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger and Daniel Zappala Lecture 2 Introduction.

1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.

Using E2E technology for LHC Apr 3, 2006 HEPiX Spring Meeting 2006

IPv6 for ISP Industry Sify Technologies Ltd Somasundaram Padmanabhan Network Engineering IPv6 Awareness Workshop.

Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.

Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.

A Framework for Internetworking Heterogeneous High-Performance Networks via GMPLS and Web Services Xi Yang, Tom Lehman Information Sciences Institute (ISI)

Bluesocket vWLAN Overview. Its ALL about n……

Kevin Meynell EARNEST Workshop, 24 May Session D Conclusions Question 1 (no specific response) –Ask the question why do NRENs still exist? –Provide.

Virtual Private Networks (VPNs) Source: VPN Technologies: Definitions and Requirements. VPN Consortium, July 2008.VPN Technologies: Definitions and Requirements.

1 IPv6 for the Network Edge Steve Deering March 20, 2000.

Routing integrity in a world of Bandwidth on Demand Dave Wilson DW238-RIPE

Advanced Networks: The Past and the Future – The Internet2 Perspective APAN 7 July 2004, Cairns, Australia Douglas Van Houweling, President & CEO Internet2.

Unleashing the Power of IP Communications™ Calling Across The Boundaries Mike Burkett, VP Products September 2002.

Chapter 9: Implementing the Cisco Adaptive Security Appliance

Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation.

Security at Line Speed: Integrating Academic Research and Enterprise Security.

CITA 310 Section 3 Additional Topics. Common IPv4 Classes ClassFirst numberSubnet maskNumber of networks Number of addresses Class A0 – ,777,216.

IPv6 - The Way Ahead Christian Huitema Architect Windows Networking & Communications

Computer Networks & FirewallsUniversity IT Security Office - Tom Davis, CISSP University IT Security Officer Office of the Vice.

1 © 2005 Cisco Systems, Inc. All rights reserved. M. Behringer: Pervasive Core Security To Route Or Not To Route? Michael H. Behringer Dirk Schroetter.

Network Architecture and Security Ten Years Out Internet2 Member Meeting; Fall 2005 Deke Kassabian – University of Pennsylvania Mark Poepping – Carnegie.

© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Campus Network Design.

GGF 17 - May, 11th 2006 FI-RG: Firewall Issues Overview Document update and discussion The “Firewall Issues Overview” document.

Barracuda NG Firewall ™

Direct-to-cloud Issues & Implications Dale McCarty.

NET 536 Network Security Firewalls and VPN

Transport Layer Systems Firewalls and NAT

Global One Communications

Presentation transcript:

Can we save the OPEN Internet? with focus on The Two-Port Internet Problem and what to do about it Terry Gray Designated Prophet of Doom University of Washington Deke Kassabian Resident Optimist University of Pennsylvania

AGENDA Framing the Problem --Terry Campus Solutions Discussion --Deke

Premises Problems with the current Internet are driving researchers to other alternatives, e.g. “personal lambda” networks Trends are unfavorable The “open” Internet may (have already?) become a small subset of the total Internet

Definitions Open Internet: one free of TDAs TDA = Traffic Disruption Appliance, e.g. Firewall, NAT box, or inline IPS Neutrality: no pkt fwd prefs for ISP's $$ gain 2-port Internet: the notion that you can only depend on the web ports (80 and 443) to be open between arbitrary end points Layer 2 solution: wide-area Ethernets Layer 1 solution: dedicated wavelengths

End-to-End Principle Internet technology – Keep core simple; put complexity at edges Internet policy – Keep core open; put constraints at edges Except... we didn't

Issues with current Internet Blocked or throttled ports e2e performance (esp. >1Gbps) TCP vs. UDP (congestion/performance) limits Worsening mean-time-to-diagnosis Lack of deterministic (and simple) behavior Content filtering (now in over 40 countries!) Policy enforcement surprises

Causes Security concerns led to firewalls everywhere Security+Address Autonomy led to NAT boxes Deep-Pkt-Inspection grows; limits performance TDAs add complexity, slow diagnosis

Consequences Unhappy users Flight to Layer 1 or 2 networks More apps that tunnel thru port 80 or 443 More VPNs –just to traverse firewalls Growing performance concerns Applications needing many ports may break

Out of Scope Zittrain discusses what happens when the edges become closed... and/or controlled from a central point, e.g. Tivo, X-box Jonathan Zittrain

Focus on the 2-port problem --Scenarios-- Researchers working in developing countries Researchers collaborating with other schools Researchers collaborating with industry Researchers collaborating with people at home

Where is the Problem? Research Backbones Commercial Backbones Regional R&E Nets Campus Nets Commercial Tier 2/3 Nets Enterprise & Home Nets

Solution Space Layer 1 – Dedicated point-to-point fiber – Dedicated Wavelengths – UCLPs Layer 2 – Wide-area Ethernet VLANs Layer 2.5 – Enterprise MPLS

Layer 3 Solutions Edge (Host/App) based solutions: – Virtual Private Network overlays (VPNs) – Modification of apps to tunnel over port 80/443 Network/Core-based solutions: – Reverse trend toward blocking / throttling – Consortial "open" backbone networks, with selective local access – Dynamic firewall traversal protocols – Selective bypass via NAC as an alternative to *local* port blocking – Build new L3 Internet with protocols for "trust- mediated transparency".

Technical Goals (success metrics) low friction/impedance to collaboration (Internet apps "just work") high performance (thruput, latency, jitter) low complexity (low MTBF) high diagnosability (low MTTD) low cost high scalability high security

Political metrics (Viable deployment depends on?) CIO enthusiasm and cooperation Researcher enthusiasm and cooperation Research funding agency interest Institutional network administrator cooperation National and international ISP cooperation Number and clout of researchers adversely affected by status quo

Discussion Topics Are commercial ISPs blocking ports? Is p2p important to research? How does content-blocking affect research? Impact of Ipv6? For those w/TDAs, which is more cost- effective: a general firewall bypass or MPLS deployment, or point solutions using L1 or L2 technology?