How in the Hell Do You Lose a Layer?!! UIUC-CSL John Day Oct 2015 “There is something fascinating about science. One gets such wholesale returns on conjecture out of such a trifling investment of fact.” - Mark Twain “Life on the Mississippi” In a network of devices why would we route between processes? - Toni Stoey, RRG 2009 In the Beginning, There was The Beads-on-a-String Model phone CO CO phone • The Nature of their early technology led the Phone Companies to Adopt what could be called, a “Beads-on-a-String” architecture. – Deterministic, Hierarchical, master/slave. • Perfectly reasonable for what they had. • The model not only organized the work, – But was also used to define markets: Who got to sell what. – Interfaces between boxes were market boundaries – This was what was taught in most data comm courses prior to the 1980s. • And for some, in a fundamental sense, never left. © John Day, 2014 Rights Reserved Packet Switching • In the early 1960s, Paul Baran at The Rand Corporation writes a series of reports investigating the networking requirements for the DoD. • Donald Davies at NPL in the UK had the same idea • He finds that the requirements for data are very different than those for voice. • Data is bursty. Voice is continuous. • Data connections are short. Voice connections have long durations. • Data would be sent in individual packets, rather than as continuous stream, on a path through the network. • Packet switching is born and • By the late 1960s, the Advance Research Projects Agency decides building one would reduce the cost of research and so we have the ARPANET. © John Day, 2014 Rights Reserved But was Packet Switching a Major Breakthrough? • Strange as it may seem, it depends on how old you were. • If your formative years had occurred prior to the mid-60s (pre-boomer), your model of communication was defined by telephony. – Then this is revolutionary. • If you are younger (boomer), your model is determined by computers. – How to do communications? Data is in buffers • Pick up a buffer and send it. – What could be more obvious! • That it was independently invented (and probably more than twice) supports that. • But there was a more radical idea coming! © John Day, 2014 Rights Reserved The Cyclades Architecture (1972) Host or End System Application TS: End-to-End Reliability Transport Router Network Data Link Physical Cigale Subnet • CYCLADES brings the layering from operating systems, but its different. • Data Link – corrects media errors, not propagated to a wider scope. • Network – relays using a connectionless datagram network, Cigale • Transport recovers from loss due to congestion creating a reliable flow. • Yielding a simpler, cheaper, more effective and robust data network. • Since the Hosts won’t trust the network anyway, the network does not have to be perfect, (and can’t be); it makes a “Best-Effort; need only be sufficiently reliable to make end-to-end cost effective • This represents a new model, in fact, a new paradigm completely at odds © John Day, 2014 with the beads-on-a-string model. Rights Reserved A Note about Layers • The advent of packet switching required much more complex software than heretofore, and so the concept of layers was brought in from operating systems. – From Dykstra’s THE Operating System, 1968 • In operating systems, layers were seemingly a convenience, one design choice, merely used for modularity. • Most networking courses teach that layers are for controlling complexity, for modularity in a stack. – This is true, but not the primary reason for them. The primary reason is: • In networks, Layers are a necessity, • And are more general. The (really) Important Thing about Layers (From first lecture of my intro to networks course) • • • Layers are a locus of distributed shared state of different scopes At the very least, differences of scope require different layers. It is this property that makes the earlier telephony or datacomm “beads-on-a-string” model untenable. – Or any other proposal that does not accommodate scope. – (control and data planes only feasible in beads-on-a-string models) • This was why CYCLADES used layers. Increasing Scope Host or End System Router The New Model Had 4 Characteristics • It was a peer network of communicating equals not a hierarchical network connecting a mainframe master with terminal slaves. • The approach required coordinating distributed shared state at different scopes, which were treated as black boxes. This lead to the concept of layers being adopted from operating systems and • There was a shift from largely deterministic to non-deterministic approaches, not just with datagrams in networks, but also with interrupt driven, as opposed to polled, operating systems, and physical media like Ethernet, and last but far from least, • This was a computing model, a distributed computing model, not a Telecom or Data comm model. The network was the infrastructure of a computing facility. • These sound innocuous enough. They weren’t. • Not by a long shot! © John Day, 2014 Rights Reserved A Nasty Brawl Was Shaping Up The Phone Companies Against the Computer Companies and Everyone against IBM © John Day, 2014 Rights Reserved IBM had Two Problems Computing and Memory Prices were headed South . . . Fast. Computing Power and Capacity were headed North . . . Fast. By the late 70s, it was clear that IBM’s days as the dominant computer maker were numbered 107 Log H/W Prices CS Educated Check Signers (Linear) 103 60’s 70’s 80’s Time 90’s 2000 And if that weren’t enough. © John Day, 2014 Rights Reserved In Networking IBM Found Itself at a Dead-End You can always make a peer architecture hierarchical But you can’t go the other way. Mainframe But IBM and the PTTs had carefully stayed out of each other’s turf. Had IBM made SNA a peer network and subset it for the 70s hierarchical market, the Internet would have been nothing but an interesting research project. © John Day, 2014 Rights Reserved The Beads-on-a-String Model • Meanwhile the Phone Companies continues with what it is familiar with. – Emulating the phone system in computers – Who cares about this academic connectionless stuff? We have real networks to build. – How do you charge for usage in a best-effort service? • Asymmetrical/Connections/Deterministic – And a tendency toward hierarchy • This Model Can not Represent Scope. • Purpose of the architecture is to define who owns what boxes (protect the monopoly). – If you hear, X is in the network and X isn’t involved with moving bits or managing moving bits, then it is beads-on-a-string. The Network as seen by the new Networking Model Host Interface Router Router Host DCE Packet -mode DTE Terminal Start-stop DTE PAD DCE Interface The Network as seen by the PTTs © John Day, 2014 Rights Reserved While the New Model Made Perfect Sense to Computing, It Was a Threat to Phone Companies. • Transport Seals Off the Lower Layers from Applications. — Making the Network a Commodity, with very little possibility for value-add. — They can still offer value-added service, but can’t claim its within their monopoly • TPC counters that Transport Layers are unnecessary, their networks are reliable. Transport The Network And they have their head in the sand, “Data will never exceed voice traffic” © John Day, 2014 Rights Reserved 1972 Was an Interesting Year • Tinker AFB joined the ‘Net exposing the multihoming problem. Host 8 IMP 6 IMP • The ARPANET had its coming out party at ICCC ‘72. • As fallout from ICCC ‘72, the research networks decided it would be good to form an International Network Working Group. – ARPANET, NPL, CYCLADES, and other researchers – Chartered as IFIP WG6.1 very soon after • Major project was an Internetwork Transport Protocol. – Also a virtual terminal protocol – And work on formal description techniques There Were Two Proposals • INWG 39 based on the early TCP and • INWG 61 based on CYCLADES TS. • And a healthy debate, see Alex McKenzie, “INWG and the Conception of the Internet: An Eyewitness Account” IEEE Annals of the History of Computing, 2011. • Two sticking points – – • How fragmentation should work Whether the data flow was an undifferentiated stream or maintained the integrity of the units sent (letter). These were not major differences compared to the forces bearing down on them. After a Hot Debate • A Synthesis was proposed: INWG 96 • There was a vote in 1976, which approved INWG 96. • As McKenzie says, NPL and CYCLADES immediately said they would convert to INWG 96; EIN said it would deploy only INWG 96. • “But we were all shocked and amazed when Bob Kahn announced that DARPA researchers were too close to completing implementation of the updated INWG 39 protocol to incur the expense of switching to another design. As events proved, Kahn was wrong (or had other motives); the final TCP/IP specification was written in 1980 after at least four revisions.” – Neither was the final answer. The real breakthrough came two years later. • But the differences weren’t the most interesting thing about this work. The Similarity Among all 3 Is Much More Interesting • This is before IP was separated from TCP. All 3 of the Proposed Transport Protocols carried addresses. • This means that the Architecture that INWG was working to was: TCP IP SNDC Internetwork Transport Layer Network Layer SNAC LLC MAC Data Link Layer • Three Layers of Different Scope each with Addresses. • If this does not hit you like a ton of bricks, – You haven’t been paying attention. • This is NOT the architecture we have today. INWG’s Internet Model Internet Gateways Host Host Application Application Internet Transport Internet Transport Network Network Data Link Data Link Network 1 Network 2 Network 3 • An Internet Layer addressed Hosts and Internet Gateways. • Several Network Layers of different scope, possibly different technology, addressing hosts on that network and that network’s routers and its gateways. – Inter-domain routing at the Internet Layer; Intra-Domain routing at the Network Layer. • Data Link Layer smallest scope with addresses for the devices (hosts or routers) on segment it connects • The Internet LOST A LAYER!! So What Layer Did They Lose? • It is not obvious. • At first glance, one might say the Network Layer. – The Protocol is called IP after all! – Removing the ARPANET, “removed” the Network Layer, – Everything just dropped down. • But the IP Address names the Interface, something in the layer below, just like ARPANET addresses did! – At best, IP names a network entity of some sort, at worst, a data link entity – Actions speak louder than words • We must conclude that, . . . They Lost the Internet Layer!!! The Internet is a beads-on-a-string Network like the PSTN How Did They Lose a Layer? • Partly, because the ARPANET was the only network in their world – And it was a black box to everyone but BBN • The other “networks” in the their space: Ethernet, SatNet, PRNet – Weren’t really networks but multi-access media • As they transitioned from NCP to TCP in the late 70s with just the ARPANET and Ethernets, you can watch it disappear. - In the late 1970s, people talk about Internet Gateways, but ~1983 the term disappears and one only hears: Router. • Cerf’s “The Catenet Model of Internetworking” (IEN#48, 1978) contains no layer diagrams, just beads on a string pictures, and names the interface. • We could mark the end of the Internet as an internet as Jan 1, 1983, the day they turned off NCP. • The day many mark as the beginning of the Internet! Wait A Minute! Names the Interface? • • • • • Remember Tinker AFB? The answer was obvious. Do what OSs do! Directory provides the mapping between Application-Names and the node addresses of all Applications reachable without an application relay. Routes are sequences of node addresses used to compute the next hop. Node to point of attachment mapping for all nearest neighbors to choose path to next hop. (Because there can be multiple paths to the next hop.) This last mapping and the Directory are the same: – Mapping of a name in the layer above to a name in the layer below of all nearest neighbors. Application Name Node (Logical Address) Point of Attachment (Physical Address) Directory Here Route And Here Path Not in the Internet • The Internet only has a Point of Attachment Address, an interface. – – • There are no node addresses or application names. – – – • Which is named twice! No wonder there are addressing problems Domain names are macros for IP addresses Sockets are Jump points in low memory URLs name a path to an application This makes router table size 3-4 times larger than necessary and similarly the number of addresses needed. Application Name Application Socket (local) Node Address IP Address Point of Attachment Address MAC Address As if your computer worked only with absolute memory addresses. (kinda like DOS, isn’t it?) The Big Mistake: Splitting IP from TCP • The Rules say if there are two layers of the same scope, the functions must be completely independent. • Are Separating Error and Flow Control from Relaying and Multiplexing independent? No! • Problem: IP fragmentation doesn’t work (and never has). – IP has to receive all of the fragments of the same packet to reassemble. – Retransmissions by TCP are distinct and not recognized by IP. • Must be held for MPL (5 secs!) • There can be considerable buffer space occupied. • There is a fix: MTU Discovery. – The equivalent of “Doc, it hurts when I do this!” “Then don’t do it.” – Not a “big” problem, but big enough to be suspicious. But it is the Nature of the Problem That is Interesting • The problem arises because there is a dependency between IP and TCP. The rule is broken. – It tries to make it a beads on a string solution. • A Careful Analysis of this Class of Protocols shows that the Functions naturally cleave (orthogonally) along lines of Control and Data. Data Transfer Data Transfer Control Delimiting Seq Frag/Reassemb Relaying/ Muxing Retransmission and Flow Control SDU Protection • TCP was split in the Wrong Direction! • It is one layer, not two. – Creating IP was a bad idea. Not to mention it names the wrong thing too! • Are There Other Implications? Watson’s Seminal Result (1978) The Pouzin Society • Richard Watson proves that the necessary and sufficient conditions for distributed synchronization requires only that 3 timers are bounded: • Maximum Packet Lifetime • Maximum number of Retries • Maximum time before Ack • Watson develops delta-t to demonstrate the result, which has some unique implications: – Assumes all connections exist all the time. – TCBs are simply caches of state on connections with recent activity • Watson shows that TCP has all three timers and more. – delta-t is more robust under harsh conditions and more secure than TCP. – Synchronization has nothing to do with a 3-way handshake. • SYNs, FINs are unnecessary. • Also defines the bounds of networking or InterProcess Communication: – It is IPC if and only if Maximum Packet Lifetime can be bounded. © John Day, 2013 All Rights Reserved – If MPL can’t be bounded, it is remote storage. 25 A Chance to Get Things on Track • We knew in 1972, that we needed Application Names and some kind of Directory. • Downloading the Host file from the NIC was clearly temporary. • When the time came to automate it, it would be a good time to introduce Application Names! • Nope, Just Automate the Host File. Big step backwards with DNS. • Now we have domain names – Macros for IP addresses • And URLs – The path to the Application is named, but Nothing names the Application. © John Day, 2014 Rights Reserved Then in ‘86: Congestion Collapse • Caught Flat-footed. Why? Everyone knew about this? – Had been investigated for 15 years at that point • With a Network Architecture they put it in Transport. – Worst place. • Most important property of any congestion control scheme is minimizing time to notify. Internet maximizes it and its variance. • Thwarts any attempt at doing Quality of Service. • And implicit detection makes it predatory. – Virtually impossible to fix • Whereas, © John Day, 2014 Rights Reserved Congestion Control in an Internet is Clearly a Network Problem Internet Gateways Host Host Application Application Internet Transport Internet Transport Network Network Data Link Data Link Network 1 Network 2 Network 3 • With an Internet Architecture, it clearly goes in the Network Layer – Which was what everyone else thought. • Time to Notify can be bounded and with less variance. • Explicit Congestion Detection confines its effects to a specific network and to a specific layer. © John Day, 2014 Rights Reserved Would be Nice to Manage the Network • All Management is Overhead! We need to minimize it. – Then need Efficiency, Commonality, Minimize Uncertainty • With a choice between a object-oriented protocol (HEMS) and a “simple” approach (SNMP), IETF goes with “simple” to maximize inefficiency – Must be simple, has Largest Implementation of the 3: SNMP, HEMS, CMIP. – Every thing about it contributes to inefficiency • UDP maximizes traffic and makes it hard to snapshot tables • No means to operate on multiple objects (scope and filter). Can be many orders of magnitude more requests • No attempt at commonality across MIBs. • Polls?! Assumes network is mostly failing! • Use BER, with no ability to use PER. Requests are 50% - 80% larger • Router vendors played them for suckers and they fell for it. – Not secure, can’t use for configuration. – (Isn’t ASN.1 an encryption algorithm?) – Much better to send passwords in the clear. – It is all about account control © John Day, 2014 Rights Reserved IPv6: Makes Matters Worse • Primary Problem: Router Table Size; secondarily address exhaustion. • 1992 Rejection of IPv7 (CLNP), which named the node and was already deployed and operational in the routers. (the transition was over.) – By continuing to name the interface, avoided reducing router table size by a factor 3 – 4 times (as well as address usage) Reducing router table size was Major Problem • They kind of cut off their nose to spite their face – This decision above all was totally irresponsible, but not uncommon. – Not only does it make solving multihoming an unscalable mess, but makes mobility the cumbersome mess MIPv6 creates. – Long list of problems today, and loc/id split only dug the hole deeper. • But did get more addresses, but can only route on /64, the rest are for NSA. – Barely able to route 1 IPv4 address space, no idea how to route 4.3 billion. – But that is okay, as we will see a global address space is unnecessary in a wellformed architecture. (More addresses isn’t a problem). • Yes, there is good news a-comin’! © John Day, 2014 Rights Reserved Never Get a Busy Signal on the Internet! 2010 They Discovered Buffer Bloat! No Interface Flow Control Flow Control • Golly Gee Whiz! What a Surprise!! • With Plenty of Memory in NICs, Getting huge amounts of buffer space backing up behind flow control. • Well, Duh! What did you think was going to happen? – If you push back, it has to go somewhere! – Now you can have local congestion collapse! • If peer flow control in the protocol, pretty obvious one needs interface flow control as well. © John Day, 2014 Rights Reserved But What About Security? • Security? • Don’t you read the papers?! – It is terrible! And getting worse. – IPsec makes IP connection-oriented, so much for resiliency to failure. – Everything does their own, so very expensive. • Privacy? Can’t fix it, so same reaction as for QoS – You don’t need it in the brave new world. • They say the Reason is that Never Considered It at the Beginning. – Later we will see how ignoring security can lead to better security. • There have been a lot of “after the fact” attempts to improve it. – With the usual results: greater complexity, overhead, new threats. © John Day, 2014 Rights Reserved Taking Stock • The Internet has: – – – – – – – – – Botched the protocol design Botched the architecture Botched the naming and addressing When they had an opportunity move in the right direction with application names, they didn’t. They did DNS. When they had an opportunity to move in the right direction with node addresses, they didn’t. They did IPv6. More than Botched Network Management Botched the Congestion Control twice Once so bad it probably can not be fixed. Botched Security! • By my count this makes them 0 for 9! • It defies reason! Do these guys have an anti-Midas touch or wha!? © John Day, 2014 Rights Reserved But It’s a Triumph! (By that argument, so was DOS) • • • • But It Works! So did DOS. Still does. ‘With Sufficient Thrust even Pigs Can Fly!’ - RFC 1925 As long as fiber and Moore’s Law stayed ahead of Internet Growth, there was no need to confront the mistakes. – Or even notice that they were mistakes. • Now it is catching up to us, is limiting, and it can’t be fixed. – Fundamentally flawed from the start, a dead end. – Any further effort based on IP is a waste of time and effort. • Throwing good money after bad – Every patch (and that is all we are seeing) is making it more expensive and less predictable and taking us further from where we need to be. © John Day, 2014 Rights Reserved So Why Is TCP Dominant? • The Usual Reason: • He with the deepest pockets wins. – It was the taxpayers’ money, so who cares!? • DARPA was spending orders of magnitude more on networking than everyone else combined and then gave it away for free. – Even then, it was loose change to the DoD • Hey! It was Free! – I guess you get what you pay for. • There is conclusive evidence that business left to its own devices came very close to getting it right. – For starters, they didn’t lose a layer, which helps a lot. – Not entirely, but close enough to be fixed. • Ironically, one could conclude that the mess we find ourselves in is another case of the Meddling of Big Government! ;-) © John Day, 2014 Rights Reserved The Internet Never Got Past Application Or do whatever you want TCP IP Subnet Or do whatever you want We Were Missing Something, but What was It? Were Layers the Wrong Model? They Weren’t Sure, But 7 Looked Good But As Things Developed Things got more complex Application Application Presentation Session Transport Presentation SNIC Session SNDC Transport SNAC Network LLC Data Link MAC Physical Physical And While Better It Wasn’t The Full Answer A Quick Review 1: Start with the Basics Two applications communicating in the same system. Application Processes A B Application Flow IPC Facility Port Ids Communication within a Single Processing System This is establishes the API. The Application should not be able to distinguish a slow correspondent from operating over the Network. How Does It Work Now? Application Processes Port Ids FA EFCP FA Distributed IPC Facility EFCP • Turns out that Management is the first capability needed to find the other application. Then of course to do that one needs, • Some sort of error and flow control protocol to transfer information between the two systems. Simultaneous Communication Between Two Systems i.e. multiple applications at the same time • Requires two new capabilities EFCP EFCP EFCP EFCP EFCP EFCP Mux Mux • First, Will have to add the ability in EFCP to distinguish one flow from another. • Typically use the port-ids of the source and destination. Connection-id Dest-port Src-port Op Seq # CRC Data • Will also need an application to manage multiple users of a single resource. 4: Communication with N Systems Systems A Little Re-organizing A Virtual IPC Facility? Res Alloc Finder IAP Dir So we have a Distributed IPC Facility for each Interface, then to maintain the API we need an application over all of them. The user shouldn’t have to figure out which wire to use. But this isn’t going to scale and get expensive fast. We need a cheaper way to do this. 5: Communicating with N Systems (On the Cheap) Dedicated IPC Systems Host Systems By dedicating systems to IPC, reduce the number of lines required and even out usage by recognizing that not everyone talks to everyone else the same amount. Communications on the Cheap • But relaying systems over a wider scope requires carrying addresses • And creates problems too. – Can’t avoid transient congestion and bit errors in their memories. • Will have to have an EFCP operating over the relays to ensure the requested QoS reliability parameters EFCP EFCP Dest Addr Src Addr Common Relaying and Multiplexing Application Header Relaying Application Relaying PM Interface IPC Processes Interface IPC Processes The IPC Model (A Purely CS View) User Applications Relaying Appl Mux Mux EFCP EFCP EFCP EFCP EFCP EFCP Distributed IPC Facilities EFCP EFCP The Implications • Networking is IPC and only IPC. – We had been concentrating on the differences, rather than the similarities. • All layers have the same functions, with different scope and range. – Not all instances of layers may need all functions, but don’t need more. • A Layer is a Distributed Application that provides and manages IPC. – A Distributed IPC Facility (DIF) • This yields a theory and an architecture that is simple, elegant, and scales indefinitely, – i.e. any bounds imposed are not a property of the architecture itself. – And capabilities we didn’t expect. • Let’s See What the Theory Tells Us What a Layer Looks Like IPC IPC IPC Management Control Transfer Delimiting Applications, e.g., routing, resource allocation, Transfer access control, etc. Relaying/ Muxing Common Application PDU Protection Protocol Application-entities • Processing at 3 timescales, decoupled by either a State Vector or a Resource Information Base – – – • Application Process IPC Transfer actually moves the data ( ≈ IP + UDP) IPC Control (optional) for retransmission (ack) and flow control, etc. IPC Layer Management for routing, resource allocation, locating applications, access control, monitoring lower layer, etc. Remember that within a scope if there is a partitioning of functions, it will be orthogonal? Well, here it is. 47 What are the Protocols? The Pouzin Society RIB Daemon Flow Allocator EFCP Resource Allocation RMT IPC Management IRM CDAP • Only two – A data transfer protocol, EFCP, based on delta-t with mechanism and policy separated. This provides both unreliable and reliable flows. • Good Examples of separating mechanism and policy – The common application protocol based on CDAP: • Transition from an IPC Model to a Programming Model • 6 Fundamental Operations on Objects. • Assembler for Distributed Applications © John Day, 2013 All Rights Reserved 48 Only Three Kinds of Systems Interior Routers Hosts Border Routers • Middleboxes? We don’t need no stinking middleboxes! • NATs: either no where or everywhere, • NATs only break broken architectures • The Architecture may have more layers, but no box need have more than the usual complement. – Hosts may have more layers, depending on what they do. How Does It Work? Enrollment or Joining a Layer (N)-DIF A (N-1)-DIF • • Do what the Model Says: Nothing more than Applications establishing communication (for management) – Authenticating that A is a valid member of the (N)-DIF – Initializing it with the current information on the DIF – Assigning it a synonym to facilitate finding IPC Processes in the DIF, i.e. an address • More than one way to complete enrollment. How Does It Work? Establishing Communication A Look over there! B • Simple: do what the model says. – – – – – A asks IPC to allocate comm resources to B Determine that B is not local to A use search rules to find B Keep looking until we find it. Actually go see if it is there and whether we have access. Then tell A the result. • This has multiple advantages. – – – – – We know it is really there. We can enforce access control We can return B’s policy and port-id choices If B’s has moved, we find out and keep searching Decentralizes name resolution, rather than the centralized approach of DNS Naming in RINA IPC Process Flow Allocator EFCP IRM • DIF Allocator IPC Process-name is just an application-process-name (“global” scope) – An address is a synonym that names an IPC Process with scope restricted to the layer and maybe structured to facilitate use within the layer. • • A port-id is a Flow-Allocator-Instance-Id (local scope). A connection-endpoint-id (CEP-id) is an EFCP-instance-id (local scope). • Note that these are local to the IPC Process. • A connection-id is created by concatenating source and destination CEP-ids. • That’s It! Implications of the Model & Names (Routing Table Size) • Recursion either reduces the number of routes or shortens them. Metros Regionals Backbone This Bounds Router Table Size • • There will be Natural Subnets within a layer around the Central Hole. Each can be a routing domain; Each Subnet is one hop across the Hole. – The hole is crossed in the layer below. (N)Routing Domains Metros Regionals (N-1)-Routing Domains Backbone © John Day, All Rights Reserved, 2009 Implications of the Model & Names (Multihoming) (N)-IPC-Process (N)-Address Port -id (N-1)-IPC-Process • Yea, so? What is the big deal? – It just works • An IPC-Process inspects the destination address of the (N)-PDU and forwards it to its next hop. The current forwarding tables intend to deliver to left-hand (N-1)-IPC Process, but it goes down. There is a routing update that now recognizes that the path to that address is through the right (N-1)-IPC Process. – Normal operation. Nothing special to do. Even uses 50% to 75% fewer addresses and forwarding tables are commensurately smaller as well. – Yes, as we saw the (N-1)-bindings may fail from time to time. • Not a big deal. Because that is Implications of the Model & Names (Mobility) (N)-IPC-Process Port -id Address New Address (N-1)-IPC-Process • Yea, so? What is the big deal? – It just works just like multihoming only the (N-1)-port-ids come and go a bit more frequently. • O, worried about having to change address if it moves too far? Easy. • Assign a new synonym to it. Put it in the source address field on all outgoing PDUs. Stop advertising the old address as a route to this IPC-Process. Advertise the new one. • Want to renumber the DIF for some reason? Same procedure. • Again, no special configuration to do. It just works. The Skewed Necklace The Pouzin Society (DIF view) Base Station Metro Subnet Regional Subnet Mobile Infrastructure Network • • Traditional ISP Provider Network with normal necklace with an e-mall top layer. Notice: No special mobility protocols. No concept of a Home Router, No Foreign Routers, No Tunnels to set up. It just works. Clearly more layers could be used to ensure the scope allows sufficient time for updating relative to the time to cross the scope of the layer. – Space does not permit drawing full networks. © John Day, 2013 57 Rights Reserved Implications of the Model & Names (Choosing a Layer) • In building the IPC Model, the first time there were multiple DIFs (data link layers in that case), to maintain the API a task was needed to determine which DIF to use. A Virtual IPC Facility? Finder Res Alloc IAP – User didn’t have to see all of the wires – But the User shouldn’t have to see all of the “Networks” either. • This not only generalizes but has major implications. Implications of the Model & Names (A DIF-Allocator) • IPC Resource Manager (IRM) determines what DIFs applications are available. – If this system is a not member, it either joins the DIF as before – or creates a new one. IRMs – This is the generator function. • IOW, a Global Address Space is Not Necessary. • Which Implies that the largest address space only has to be large enough for the largest e-mall. • • • Given the structure, 32 or 48 bits is probably more than enough. This is a Powerful New Tool for scaling and security. Layers never need to get too big. So a Global Address Space is Not Required but Neither is a Global Application Name Space DIF-Allocator To Peers In Oher DIFs Actually one could still have distinct names spaces within a DIFs (synonyms) with its own directory database. • • • • Not all names need be in one Global Directory. Coexisting application name spaces and directory of distributed databases are not only possible, but useful. Needless to say, a global name space can be useful, but not a requirement imposed by the architecture. The scope of the name space is defined by the chain of databases that point to each other. Scope is Determined by the Chain of Places to Look • The chain of databases to look for names determines the scope of the name space. – Here there are 2 non-intersecting chains of systems, that could be using the same wires, but would be entirely oblivious to the other. – IOW, “Global” is relative! ;-) Stop For a Moment • In case you hadn’t noticed: ;-) • For us, testing the model, constantly challenging, questioning whether it is right, teasing out new principles is as important as finding something that works. – What we don’t understand is as important as what to build, if anything more. • If we don’t get the fundamentals right, they will come back and to haunt us! • As you have seen, it has been quite successful, most everything just works and problems we didn’t consider initially have simply fallen out. – It is amazing what a scientific approach, rather than a craft tradition can do. • Like Security How Does It Work? Security ISP • Security by isolation, (not obscurity) • Hosts can not address any element of the ISP. • No user hacker can compromise ISP assets. • Unless ISP is physically compromised. Hosts and ISPs do not share DIFS. (ISP may have more layers How Does It Work? Port:=Allocate(Dest-Appl, params) Security Access Control Exercised • • • Do What the Model Tell Us: Application only knows Destination Application name and its local port. The layer ensures that Source has access to the Destination – • • • All members of the layer are authenticated within policy. Minimal trust: Only that the lower layer will deliver something to someone. PDU Protection can provide protection from eavesdropping, etc. – • Application must ensure Destination is who it purports to be. Complete architecture does not require a security connection, a la IPsec. The DIF is a securable container. DIF is secured not each component separately. RINA is Inherently More Secure and Does It With Less Cost • A DIF is a Securable Container. (Small, 2011) – What info required to mount an attack, How to get the info – Small does a threat analysis at the architecture level • Implies that Firewalls are Unnecessary, – The DIF is the Firewall! • Many of the attacks on TCP simply don’t work because delta-t doesn’t overload the semantics of the port-id and decouples port allocation and synchronization. (Bodaparti, 2013) • RINA Security is considerably Less Complex than the Current Internet Security (Small, 2012) – Only do a rough estimate counting protocols and mechanisms. To Add Security Internet RINA Protocols 8 0 Non-Security Mechanisms 59 0 Security Mechanisms 28 7 Copyright © 2012, Jeremiah Small. All Rights Reserved. “Internet” Congestion Control • As we saw a few minutes ago, the Internet didn’t realize this could happen, and that they put it the worst possible place an avoidance scheme that works by causing congestion. • TCP congestion control “pulses” the network with a saw-tooth oscillation based on randomly distributed round-trip times. • QoS must be done in the network and enforced all the way to the wire. – TCP thwarts any attempt at QoS that tries to do low jitter. • Can’t be fixed without inflicting great pain. How Does It Work? “Congestion Control” • In RINA, congestion control can not only be where it belongs, • Because Congestion Control is done where it belongs the congestion control strategy can be different for different layers and for different QoS classes within layers. How Does It Work? The Internet and ISPs • The Internet floats on top of ISPs, a “e-mall.” – One in the seedy part of town, but an “e-mall” – Not the only emall and not one you always have to be connected to. Public Internet ISP 1 ISP 2 ISP 3 How Does It Work? The Internet and ISPs • But there does not need to be ONE e-mall. – Notice all the layers are private. Public layers are a form of private. Facebook Boutique Public Internet My Net Utility SCADA Internet Rodeo Drive Internet Mall of America ISP 1 ISP 2 ISP 3 This Won’t Make Some Happy A Wall-less Garden? • • • • • • Suppose an ISP has its own e-mall and forms an alliance with a few CDNs and Data Centers, To give the ISP access to ~80% of the most popular destinations within its e-mall. For the rest, create a new Special DIF for customer. Among other things notice the implication for security: An attack has to come either from: » » » » The Customer’s Network The ISP, CDN or Data Center or A Special DIF. • An “Internet” is a Non-Sequitor A Special DIF My Provider’s E-Mall CDN ISP 2 DC Not Just a Network Model • A Layer is a Distributed Application that Does IPC • That Forced Us to Answer: What is a Distributed Application? • We now are working with a Unified Model for Application Processes Task s Operating Systems Laptop Printer Task sched Mem Mngt IPC Disk Distributed Applications OS - DAF WiFi -DIF Networks USB -DIF IRM IRM “But You Can’t Replace the WHOLE Internet!” • Wish I had a dollar for every time I have heard that! – What are they putting in the water these days? • They told us we would never replace the PSTN or IBM’s SNA. – Even in the late 1980s, people said data would never exceed voice. (!!) • Of course, it won’t be replaced overnight. Perhaps never. Does it matter? – You have already seen the transition plan. • The Internet is just another e-mall: A good place to test malware, conduct cyberwarfare, steal credit cards, find drug dealers, sacrifice your privacy, etc. . . . . . All sorts of useful things! • We build over it, under it, around it. Use it for what you want. • We build other e-malls along side it. – Give people a choice, after all competition is good, right? Transition? No, Adoption RINA supported Applications RINA Network RINA Applications Public Internet Rina Provider • Adopt. Don’t transition. – If the old stuff is okay in the Internet e-mall, leave it there. – Do the new capabilities in RINA • Operate RINA over, under, around and through the Internet. – The Internet can’t be fixed, but it will run better over RINA. – New applications and new e-malls will be better without the legacy and run better along side or over the Internet. • The Microsoft Approach or the Apple approach? – Microsoft tried to prolong the life of DOS. It still haunts them. 10 May 10 • A clean break with the past. The legacy is just too costly. • We need engineering based on science, not myth and tradition. © John Day, 2010 All Rights Reserved 74 Ongoing implementations • Three: Implementations: Java, C (user-space), C++/C (user-space and kernel) • Java: Boston University, Mostly for education and academic purposes • C: TRIA Network Systems, RINA software in user-space (Linux) • C/C++ version by the IRATI and PRISTINE consortiums1 split between user/kernel space on Linux over TCP/UDP, 802.1q (VLANs) and shared memory for Hypervisor/VM communication • Status: first version of high-level software architecture design document about to be released (will be published at IRATI website during May 2013) • The RINA Simulator can be found at: • https://github.com/kvetak/rina 1 More details in the RINA session after the break! There is Much More, And Much More to Discover! • An Invitation: Come explore it with us. – There is much to explore: • Believe it or not, this talk has left out a lot! • How it applies to different environments, especially wireless. • What are the dynamic properties? – Routing, congestion control • Start with Patterns in Network Architecture, Prentice Hall – – – – – Then the “Reference Model” (4 sections) and Check out related work at At www.pouzinsociety.org or www.irati.eu or csr.bu.edu/rina Thank You