Presentation is loading. Please wait.

Presentation is loading. Please wait.

Can we save the OPEN Internet? with focus on The Two-Port Internet Problem and what to do about it Terry Gray Designated Prophet of Doom University of.

Published byAlexia Lorena Underwood Modified over 9 years ago

Similar presentations

Presentation on theme: "Can we save the OPEN Internet? with focus on The Two-Port Internet Problem and what to do about it Terry Gray Designated Prophet of Doom University of."— Presentation transcript:

1 Can we save the OPEN Internet? with focus on The Two-Port Internet Problem and what to do about it Terry Gray Designated Prophet of Doom University of Washington Deke Kassabian Resident Optimist University of Pennsylvania

2 AGENDA Framing the Problem --Terry Campus Solutions Discussion --Deke

3 Premises Problems with the current Internet are driving researchers to other alternatives, e.g. “personal lambda” networks Trends are unfavorable The “open” Internet may (have already?) become a small subset of the total Internet

4

5 Definitions Open Internet: one free of TDAs TDA = Traffic Disruption Appliance, e.g. Firewall, NAT box, or inline IPS Neutrality: no pkt fwd prefs for ISP's $$ gain 2-port Internet: the notion that you can only depend on the web ports (80 and 443) to be open between arbitrary end points Layer 2 solution: wide-area Ethernets Layer 1 solution: dedicated wavelengths

6 End-to-End Principle Internet technology – Keep core simple; put complexity at edges Internet policy – Keep core open; put constraints at edges Except... we didn't

7 Issues with current Internet Blocked or throttled ports e2e performance (esp. >1Gbps) TCP vs. UDP (congestion/performance) limits Worsening mean-time-to-diagnosis Lack of deterministic (and simple) behavior Content filtering (now in over 40 countries!) Policy enforcement surprises

8

9 Causes Security concerns led to firewalls everywhere Security+Address Autonomy led to NAT boxes Deep-Pkt-Inspection grows; limits performance TDAs add complexity, slow diagnosis

10 Consequences Unhappy users Flight to Layer 1 or 2 networks More apps that tunnel thru port 80 or 443 More VPNs –just to traverse firewalls Growing performance concerns Applications needing many ports may break

11 Out of Scope Zittrain discusses what happens when the edges become closed... and/or controlled from a central point, e.g. Tivo, X-box Jonathan Zittrain

12 Focus on the 2-port problem --Scenarios-- Researchers working in developing countries Researchers collaborating with other schools Researchers collaborating with industry Researchers collaborating with people at home

13 Where is the Problem? Research Backbones Commercial Backbones Regional R&E Nets Campus Nets Commercial Tier 2/3 Nets Enterprise & Home Nets

14 Solution Space Layer 1 – Dedicated point-to-point fiber – Dedicated Wavelengths – UCLPs Layer 2 – Wide-area Ethernet VLANs Layer 2.5 – Enterprise MPLS

15 Layer 3 Solutions Edge (Host/App) based solutions: – Virtual Private Network overlays (VPNs) – Modification of apps to tunnel over port 80/443 Network/Core-based solutions: – Reverse trend toward blocking / throttling – Consortial "open" backbone networks, with selective local access – Dynamic firewall traversal protocols – Selective bypass via NAC as an alternative to *local* port blocking – Build new L3 Internet with protocols for "trust- mediated transparency".

16 Technical Goals (success metrics) low friction/impedance to collaboration (Internet apps "just work") high performance (thruput, latency, jitter) low complexity (low MTBF) high diagnosability (low MTTD) low cost high scalability high security

17 Political metrics (Viable deployment depends on?) CIO enthusiasm and cooperation Researcher enthusiasm and cooperation Research funding agency interest Institutional network administrator cooperation National and international ISP cooperation Number and clout of researchers adversely affected by status quo

18 Discussion Topics Are commercial ISPs blocking ports? Is p2p important to research? How does content-blocking affect research? Impact of Ipv6? For those w/TDAs, which is more cost- effective: a general firewall bypass or MPLS deployment, or point solutions using L1 or L2 technology?

19

Download ppt "Can we save the OPEN Internet? with focus on The Two-Port Internet Problem and what to do about it Terry Gray Designated Prophet of Doom University of."

Similar presentations

Duke University SDN Approaches and Uses GENI CIO Workshop – July 12, 2012.

Duke University SDN Approaches and Uses GENI CIO Workshop – July 12, 2012.
All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.

All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.
Firewalls, Networking and Monitoring Rolly Gilmour Object: to discuss issues relating to the Operation of the Grid and Grid middleware in a campus network.

Firewalls, Networking and Monitoring Rolly Gilmour Object: to discuss issues relating to the Operation of the Grid and Grid middleware in a campus network.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
L. Alchaal & al. Page 1 2002 Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.

L. Alchaal & al. Page Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.

ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.

4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.
Campus LAN Overview. Objectives Identify the technical considerations in campus LAN design Identify the business considerations in campus LAN design Describe.

Campus LAN Overview. Objectives Identify the technical considerations in campus LAN design Identify the business considerations in campus LAN design Describe.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
Network Research An Operator’s Perspective Terry Gray University of Washington Associate Vice President, Technology Engineering, C&C Affiliate Professor,

Network Research An Operator’s Perspective Terry Gray University of Washington Associate Vice President, Technology Engineering, C&C Affiliate Professor,
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Rethink the design of the Internet CSCI 780, Fall 2005.

Rethink the design of the Internet CSCI 780, Fall 2005.
Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.

Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Similar presentations

Ads by Google