Defining a future network:
An international research agenda
David Clark
MIT CFP
MIT Communications Futures Program
Bi-annual meeting, May 30-31, 2007
Philadelphia, PA
What I want to cover

A review of the activity.


Status report on progress.


The NSF initiative, in particular.
Pointers to related work.


For some time, we at MIT have been
interested in what a future Internet might look
like.
International activities.
Some examples of research.
The research challenge


The Internet is a tremendous success, but…
Can we meet tomorrow’s needs by incremental
improvement of today’s design?



What are the compelling requirements that
justify the research?


Hypothesis: NO!
Which implies two further questions:
Why do I think this assertion is true?
What features might define a global network of
the future?

What approaches do the research community have to
address these challenges?
Isn’t today’s net good enough?
Must start with serious discussion of requirements:

It’s not just about cool new apps.
Security and robustness.

Been trying for 20 years--try differently?
Recognize the importance of considerations
beyond the technical.



The economic landscape.
The social context.
The international scope.
Easier to manage.


Really hard intellectual problem.
No framework in original design.
Security and reliability
Define the objective broadly.

“Classic” security, availability, resilience.
Hard because:


Many problems are in the end-hosts.
We don’t have agreement about the objective.
Many problems involve a balance of interests.
 Among actors, states and societies.



Different contexts call for different answers.
We don’t have a coherent approach.
Economic landscape
In 1975, it was not clear to the early designers that
we were designing the landscape of investment
and competition.

Now it is.
Could we do a better job to shape:





Regulation (or lack of)?
Continued investment and innovation?
Options for user choice?
Deployment of new services?
Health of the value chain?


Consider the role of facilities providers, for example.
Role of advertising?
Social context
Failure to understand and respond to larger social
concerns will lead to the eventual rejection of new
concepts, and doom the venture.

The opposite can lead to success.
Examples of important issues.

Loss of anonymity and privacy.




Issues around access to information.




Data mining and profiling.
Correlation and linking across people.
Tomorrow: location and presence.
Excessive controls, limits on speech, IPR, forgery.
Instability of personal information.
Access and ease of use.
Variation in local values.
Technology drivers
Computing technology, not network technology…
New computing technology.




Whatever computing is, that is what the Internet
should support.
The Internet grew up in a stable “PC” time.
The cellular industry evolved independently.
Tomorrow: many different views; sensors, cell
phones, embedded processors, $100 laptops, etc.
Rich space of services and servers.

Design alternatives will have important influence on
personal choice, control, innovation, etc.
Define a broad scope to research
A problem with the word “Internet”.

It is too constraining, but otherwise nobody knows what you are
talking about…
Future networking is not just about a new kind of packet.

Robust content distribution



Management and sharing of personal information
Real time multi-media distribution




Naming, security, resilience
Multicast
Network-embedded storage and computation
Location mgt (human and object)
Identity mgt. (human and object)

Distributed name management
FIND: An NSF challenge question
1) What are the requirements for the global
network of 10 or 15 years from now, and
what should that network look like?
To conceive the future, it helps to let go of
the present:
2) How would we re-conceive tomorrow’s
global network today, if we could design it
from scratch?

This is not change for the sake of change, but
a chance to free our minds.
Status
Three phases:



Phase 1 (current phase): exploratory grants,
meetings to facilitate interaction and collaboration.
Three annual award cycles.
Phase 2: awards for integrated proposals.
Phase 3: demonstration of ideas on experimental
infrastructure. (GENI)
First year awards made in summer 2006.
Second year proposals now being evaluated.
Starting to develop process of collaboration and
consensus.
Model of collaboration
FIND embodies an “unusual” approach (in
the NSF context) to collaboration and
cooperation in achieving a large vision.


Traditional: give a single large grant, and
hope.
Now: use traditional “small grant” merit review
process and then create means to encourage
working together post-grant.
Now, we must make this collaboration
happen internationally.
International activities
EU--Eiffel proposal; FIRE
Country-specific activities in Europe
Korea
Japan
FIND and GENI
FIND is a research agenda

There are others:



Cyber-trust
SING (theory of networks)
And there are others outside NSF
GENI is infrastructure to demonstrate research.


A big idea going after big funding.
Support multiple experiments.


Network architecture to distributed systems (think
PlanetLab).
Shape and schedule dictated by the funding strategy.

At least two years to funding, so have to launch in parallel.
High-level services
Information management

Naming, security, resilience, distribution and dissemination
Management and sharing of personal information
Real time multi-media distribution

Multicast
DTNs
Network-embedded storage and computation
Management of distributed services
Location mgt (human and object)
Identity mgt. (human and object)

Distributed name management
Toward a new framing of security

Old computer science saying:



There is no problem we cannot solve with a
layer of indirection.
My first modification: “except performance”.
New tussle saying:

Each layer of indirection creates a new point
of control over which we can fight.
By creating an indirection, we create a tussle point.
 Did you really need to create another?

Security as a control problem

Who controls:





DNS bindings?
Address to destination bindings?
URL to content binding?
Address to “identity” binding?
This is rather different from the “security
means good encryption” framing.
A different vocabulary

I am talking about security using words
such as “stakeholder”, “control” and
“power”.



These are not CS words.
These words are familiar to sociologists and
political scientists.
It is worth learning how to speak their
language.
Resilience and availability
Security community has tradition of looking
to resistance. Resilience may be a better
path.



Diverse failover modes
Reduced interdependence under attack
Integration with management




No silent failures
Support for variability
Resilient social structures
Other disciplines?
Deterrence
Social form of question: what is the role of policing in the
Internet?
Technical form of question: what should it be possible to
see where?
Models of policing:

Wait to be called.






Can end-node gather evidence? Witnesses?
Can application design prevent classes of crime?
Feet on the street, cameras.
CDC
Contract law and arbitration.
Bodyguards.
Denial of Service attacks
Proposal: distinguish “public” and “closed” servers.
For public: must diffuse.

Speculation: diffusion will be key part of future.
For closed, outsource protection.

Who do you trust?
Possible research questions:


Do private address spaces help?
Virtual nets?



Must protect the real assets underneath…
Re-architect protocols for these goals?
Can we cure zombies and bot-nets?
Protecting the end node:
The OS will never be secure.

So how to cope?
A topic that triggers great disagreement.

Controls in the network to prevent unwanted traffic
flows.






Firewalls, indirection schemes, capabilities, virtual networks
Quarantine infested end-nodes
Redesign applications
Redesign session initiation
Diffuse attacks
Virtual machines for different activities
Management
(I don’t have as much to say…)
Instrumentation and data gathering.
Knowledge plane

Cross-domain sharing of objectives and
diagnosis.
High-level language for configuration.

We are in the assembly language stage.
Hypothesis--stop calling it management.
New ideas:
Instrument the data plane.
Cross-layer interfaces (rethink layers).


We know what these look like in the data
plane.
We don’t think about it in the management
and control planes.

Example: time to repair.
More centralized management/control
systems.
New network technology
Wireless




Mobility and ubiquitous access
Not well supported in current Internet
Great diversity in approach and function
Raises technical and social issues.

Location, identity, security.
Optical technology



Not just cheap pipes,(but predictions of 10-4 cost/performance)
Rapid reconfiguration of core
No bottlenecks at edge
What are suitable technology choices for different parts of the world?
Network level innovation
Addressing and forwarding


Do we need global addressing?
Should we revisit state setup?
Routing



Should we compute it more centrally?
Should we allow competing route computations?
Should we use diffusion routing?
Aggregates

Should the design include tools to deal with aggregates of packets?
Congestion control

Explicit feedback?