Embed Size (px)
Citation preview
The
Inte
rnet
Arc
hite
ctur
e:Its
Fut
ure
and
Why
it M
atte
rs
Dav
id C
herit
onC
ompu
ter S
cien
ce D
epar
tmen
tSt
anfo
rd U
nive
rsity
Inte
rnet
Arc
hite
ctur
e•
Wha
t: pr
inci
ples
, pro
toco
ls a
nd s
truct
ure
for
high
ly s
cala
ble
digi
tal c
omm
unic
atio
n•
Prin
cipl
es–
Appl
icat
ion
stat
e at
end
poin
ts•
fate
-sha
ring
and
othe
rwis
e so
ft ne
t. st
ate
(D.C
lark
88)
–O
ne th
in-w
aist
(IP)
for s
impl
e en
d-to
-end
con
nect
ivity
•M
ultip
le ty
pes
of tr
affic
–N
o of
f-pat
h co
mpo
nent
s–
Libe
ral i
n w
hat y
ou re
ceiv
e; c
onse
rvat
ive
in w
hat y
ou
send
An
amaz
ing
acco
mpl
ishm
ent
no th
anks
to m
e
Inte
rnet
Arc
hite
ctur
e: w
hat i
t pro
vide
s
•Pr
oper
ties
–Su
rviv
abilit
y: In
term
edia
te n
odes
can
cra
sh a
nd re
boot
w
/o lo
ss o
f app
licat
ion
stat
e–
Sim
ple
to a
chie
ve c
onne
ctiv
ity fo
r diff
eren
t app
licat
ions
•Ju
st im
plem
ent I
P pl
us tr
ansp
ort/a
pplic
atio
n pr
otoc
ols
–H
ave
path
, will
com
mun
icat
e–
Inte
rope
rabi
lity:
not
nee
d fo
r per
fect
impl
emen
tatio
n•
Appl
icat
ions
bui
ld/re
ly o
n th
ese
prop
ertie
sSo
, arc
hite
ctur
e pr
ovid
es p
rope
rtie
s,bu
t onl
y if
you
are
faith
ful t
o it
The
Futu
re•
Inte
rnet
-ena
bled
dev
ices
are
eve
ryw
here
•In
tern
et c
onne
ctiv
ity is
ubi
quito
us•
Inte
rnet
ban
dwid
th is
ple
ntifu
l•
Spec
ial-p
urpo
se n
etw
orks
go
extin
ct–
No
sepa
rate
tele
phon
e, T
V, S
CAD
A ne
twor
ks•
All c
ritic
al s
yste
ms
on th
e pu
blic
Inte
rnet
–G
loba
l fin
anci
al s
yste
ms
–Po
wer
dis
tribu
tion
syst
ems
–Ai
r tra
ffic
cont
rol
–. .
.Tr
ium
ph: u
nifie
d ge
nera
l-pur
pose
com
mun
icat
ion
or is
it: a
dis
aste
r wai
ting
to h
appe
n?
Air T
raffi
c C
ontro
l on
the
Publ
ic In
tern
et!
Cra
zy?
No,
bec
ause
ther
e is
no
alte
rnat
ive:
–In
tern
et te
chno
logy
: Eth
erne
t sw
itche
s, IP
rout
ers,
etc
.•
Mar
ket:
best
, low
est-c
ost p
rodu
cts
•St
affin
g: g
ood
peop
le k
now
IP, e
tc.
–Pu
blic
Inte
rnet
: Rea
lly a
col
lect
ion
of IS
Ps•
Cos
t: lo
wes
t cos
t WAN
con
nect
ivity
•Av
aila
bilit
y: e
xper
t ope
rato
rs w
ith lo
ts o
f red
unda
nt c
onne
ctiv
ity
•Bu
t how
abo
ut s
epar
atio
n at
laye
r 1?
–D
iffer
ent c
olor
s fo
r Int
erne
t ATC
(I-A
TC)
–Bu
t whe
re d
oes
the
cont
rol p
lane
for t
he o
ptic
al ru
n?•
Sing
le p
oint
of f
ailu
re o
r pub
lic In
tern
et?
I-ATC
is in
evita
ble!
And
frig
hten
ing
The
Inte
rnet
Arc
hite
ctur
e: W
hy it
mat
ters
?
The
arch
itect
ure
allo
ws
us to
sta
te p
rope
rties
of t
he
Inte
rnet
and
mee
t app
licat
ion
requ
irem
ents
•E.
g. h
ow to
con
figur
e to
mee
t I-A
TC re
quire
men
ts?
If re
ality
dep
arts
from
arc
hite
ctur
e, p
rope
rties
are
lost
or
unk
now
n•
E.g.
Ad
hoc
firew
allin
gan
d N
AT b
reak
end
-to-e
nd
conn
ectiv
ity a
nd re
liabi
lity
If th
e ar
chite
ctur
e is
wro
ng -
can
fail
cata
stro
phic
ally
•Th
e la
rges
t, m
ost a
ttrac
tive
“ass
et” t
o at
tack
in th
e hi
stor
y of
man
kind
It m
atte
rs to
o m
uch
to b
e ig
nore
d or
wro
ng
Unf
ortu
nate
ly, i
t is
both
Igno
red?
Man
y vi
olat
ions
of t
he a
rchi
tect
ure:
•W
hat c
onne
ctiv
ity c
an a
new
wid
e-ar
ea In
tern
et
appl
icat
ion
assu
me?
–Po
rt 80
HTT
P w
here
the
head
ers
“look
like
” nor
mal
H
TTP
head
ers,
goi
ng th
roug
h N
AT•
Or m
aybe
not
hing
bec
ause
of D
DoS
, rou
te fl
aps,
etc
.–
No
end-
to-e
nd a
ddre
ssin
g or
relia
bilit
y•
Dep
ende
nces
on
off-p
ath
DN
S se
rver
, roo
t CA
Wro
ng?
•C
urre
nt In
tern
et c
ould
not
wor
k w
ithou
t the
abo
veA
New
& B
ette
r Int
erne
t Arc
hite
ctur
e is
requ
ired
Trus
t and
Tec
hnol
ogie
s•
New
tech
nolo
gies
dev
elop
, foc
used
on
impr
ovin
g fe
atur
es, p
erfo
rman
ce a
nd c
ost,
how
ever
:•
The
limit
of m
ost t
echn
olog
ies
is T
RU
ST•
250
MPH
car
: can
bui
ld it
, who
do
you
trust
to d
rive?
•N
ucle
ar p
ower
pla
nt: m
ost e
ffici
ent p
ower
but
lim
ited
by tr
ust i
n w
ho b
uild
s an
d w
ho o
pera
tes
•G
M F
oods
–w
e ca
n gr
ow th
em, w
ill yo
u ea
t?C
halle
nge:
Int
erne
t arc
hite
ctur
e tr
uste
d to
sup
port
cr
itica
l inf
rast
ruct
ure
syst
ems
Inte
rnet
ATC
Req
uire
men
tsVe
ry h
igh
avai
labi
lity,
eve
n un
der a
ttack
:•
Mul
tiple
dis
join
t pat
hs b
etw
een
end-
syst
ems
with
fast
fail-
over
•Pr
otec
tion
agai
nst D
DoS
•Pa
cket
trac
e-ab
ility
–w
hat s
ourc
e•
NO
T Pe
rform
ance
–lo
w d
ata
rate
•N
OT
Con
fiden
tialit
y –
in fa
ct, o
pen
to b
e sa
fe!
Oth
er c
ritic
al s
yste
ms
have
sam
e re
quire
men
tsN
one
supp
orte
d by
cur
rent
arc
hite
ctur
e;O
h, b
ut …
the
wor
k on
Inte
rnet
sec
urity
!
You
wan
t sec
urity
, I h
ave
a “s
olut
ion”
It’s
just
that
it:
•H
as a
sin
gle
poin
t of f
ailu
re•
Is n
ot te
stab
le•
Rel
ies
on n
egat
ive
acks
, not
pos
itive
ack
s•
Req
uire
s a
cost
ly c
ompl
ex im
plem
enta
tion
that
is
not
und
erst
anda
ble
by m
ost p
eopl
e•
Doe
s no
t sca
leD
ead-
on-a
rriv
al in
the
Inte
rnet
com
mun
ity?
No,
it ju
st n
eeds
goo
d “p
acka
ging
”
The
“Sol
utio
n”: P
KI C
ertif
icat
es•
Sing
le p
oint
of f
ailu
re–
Loss
of s
ecre
cy o
f priv
ate
key
of ro
ot C
A–
Floo
ding
atta
cks
•Is
not
test
able
–N
o w
ay to
test
if a
key
is s
ecre
t•
Use
s ne
gativ
e ac
ks, n
ot p
ositi
ve a
cks
–Se
nd o
ut n
acks
in C
RLs
as p
art o
f rev
ocat
ion
•C
ostly
com
plex
impl
emen
tatio
n–
PKE,
sig
ning
, X.5
09, o
ff-lin
e C
As, C
RLs
, etc
.•
Doe
s no
t sca
le: o
ff-lin
e ro
ot C
A fo
r “se
curit
y”Th
is is
Inte
rnet
sec
urity
? I d
on’t
feel
sec
ure!
Whe
re d
id w
e go
wro
ngD
ictio
nary
: sec
urity
==
safe
ty•
Secu
rity
was
hija
cked
to m
ean
conf
iden
tialit
y•
Con
fiden
tialit
y w
as h
ijack
ed to
mea
n en
cryp
tion
–Sa
me
for a
uthe
ntic
atio
n•
Encr
yptio
n on
ly “u
nder
stoo
d” b
y cr
ypto
grap
hers
•So
, Int
erne
t sec
urity
del
egat
ed to
cry
ptog
raph
ers
–C
rypt
ogra
pher
s ar
e al
gorit
hm d
esig
ners
•R
esul
t: St
anda
rdiz
ed m
etap
roto
cols
so p
oor
inte
rope
rabi
lity,
no
safe
ty, l
ots
of o
verh
ead,
si
ngle
poi
nt o
f fai
lure
, no
usef
ul p
rope
rties
Secr
ecy
does
not
sca
leA
sec
ure
syst
em n
eeds
a s
yste
m d
esig
n
You
wan
t e2e
relia
bilit
y, I
have
a “s
olut
ion”
It’s
just
that
it:
•D
oesn
’t pr
ovid
e en
d-to
-end
relia
bilit
y•
Incr
ease
s ex
posu
re to
floo
ding
DoS
atta
cks
•St
ill a
desi
gn-in
-pro
gres
s af
ter 1
0 ye
ars
•W
ill ta
ke fo
reve
r to
depl
oy•
Has
n’t b
een
eval
uate
d re
lativ
e to
alte
rnat
ives
Sure
ly, a
non
-sta
rter
in th
e In
tern
et c
omm
unity
No,
just
nee
ds s
ome
good
mar
ketin
g, a
rden
t fo
llow
ers
and
gove
rnm
ent m
anda
tes
The
“Sol
utio
n”: I
Pv6
•N
o en
d-to
-end
relia
bilit
y fo
r nam
ed e
ndpo
ints
–N
ame-
to-a
ddre
ss b
indi
ng c
an c
hang
e w
/ DH
CP
•Ex
posu
re to
floo
ding
DoS
atta
cks
–R
equi
res
doub
le fo
rwar
ding
/look
up b
andw
idth
•It
is s
till a
des
ign-
in-p
rogr
ess
afte
r 10
year
s–
Addr
essi
ng a
rchi
tect
ure,
renu
mbe
ring,
mob
ility,
flow
s•
It w
ill ta
ke fo
reve
r to
depl
oy a
nd m
akes
thin
gs
wor
se in
the
mea
n tim
e –
brea
ks IP
thin
wai
st–
Upg
radi
ng 2
00 m
illion
hos
ts?
IPv4
<->I
Pv6
?•
No
eval
uatio
n of
alte
rnat
ives
–Li
ke c
hang
e th
e tra
nspo
rt ch
ecks
um c
ompu
tatio
n?A
n en
orm
ous
effo
rt in
the
wro
ng d
irect
ion
Whe
re d
id w
e go
wro
ng?
•Ba
ck in
the
1970
s -u
sing
IP a
ddre
sses
to
iden
tify
end-
syst
em s
tate
–an
IP a
ddre
ss id
entif
ies
an in
terfa
ce o
n ho
st o
n pa
rticu
lar (
sub)
netw
ork
at a
par
ticul
ar ti
me
–IP
v6 –
furth
er ti
es it
to a
par
ticul
ar IS
P’s
netw
ork
–Bu
t sta
te re
acha
ble
by d
iffer
ent i
nter
face
s/ne
twor
ks•
Agai
n in
the
1990
’s, b
y “b
elie
ving
” e2e
IP
addr
esse
s ha
d so
me
usef
ul s
eman
tics
Rel
iabi
lity
requ
ires
sem
antic
s;IP
add
ress
es a
re tr
ansi
ent r
outin
g ta
gs,
noth
ing
mor
e
You
wan
t rou
ting:
I ha
ve a
“sol
utio
n”
It’s
just
that
:•
It de
pend
s on
glo
bal t
rust
and
com
pete
nce
•It
mus
t be
oper
ated
at l
ess
than
1/1
000t
h of
real
sp
eed
to b
e st
able
•Fo
rces
you
to u
pgra
de y
our r
oute
r as
the
Inte
rnet
gr
ows
but p
rovi
des
you
no b
enef
it•
You
have
no
cont
rol b
eyon
d fir
st h
op (a
nd la
st I/
F)Su
rely
, we
wou
ld n
ever
impl
emen
t . .
.w
rong
aga
in!
The
“Sol
utio
n”: (
secu
re) B
GP
•gl
obal
trus
t and
com
pete
nce
–Sh
ared
wor
ld m
odel
: bel
ieve
upd
ates
from
you
r pee
rs–
Sign
ed u
pdat
es s
o yo
u ca
n “tr
ust”
your
pee
rs
•O
pera
ted
at 1
/100
0th
of re
al s
peed
for s
tabi
lity
–30
sec
ond
dam
ping
to a
void
osc
illatio
ns•
Non
-sca
labl
e co
st–
Ever
y ro
uter
sto
res/
reco
mpu
tes
all r
oute
s af
ter u
pdat
es•
You
have
no
cont
rol b
eyon
d fir
st h
op–
Sour
ce ro
utin
g is
dis
able
d by
ISPs
A la
rge
open
loop
dyn
amic
con
trol
sys
tem
Def
ying
con
vent
iona
l eng
inee
ring
or …
?
Inte
rnet
WAN
Tra
ffic
Load
•To
tal W
WW
ban
dwid
th, w
orld
-wid
e–
P. D
anzi
g20
00 e
stim
ate:
250
Gbp
s!–
P. D
anzi
g20
03 e
stim
ate:
250
Gbp
s!!
–W
WW
is h
alf o
f int
erne
t tra
ffic
•P2
P “fi
le s
harin
g” a
nd s
pam
is th
e re
st
•1/
2 si
ngle
tera
bit r
oute
r for
ent
ire k
now
n un
iver
se•
Not
an
issu
e ev
en if
larg
er b
y fa
ctor
of 1
0 or
mor
e•
Mor
eove
r–
10 G
Eth
erne
t com
ing
dow
n in
pric
e–
lots
of d
ark
fiber
Wid
e-ar
ea b
andw
idth
is n
ot th
e pr
oble
mw
ide-
area
bus
ines
s m
odel
s ar
e
This
is a
ll ve
ry d
epre
ssin
g fo
r I-A
TC
•Th
e In
tern
et a
rchi
tect
ure
is w
rong
•Th
e ne
w d
evel
opm
ents
do
not a
ddre
ss is
sues
•R
esea
rch
is fo
cuse
d “e
lsew
here
”•
Crit
ical
sys
tem
s w
ill fa
il w
ith te
rribl
e co
nseq
uenc
es
whe
n a
mas
sive
Inte
rnet
failu
re h
appe
nsC
an w
e av
oid
disa
ster
?Le
t’s re
boot
Cis
co: H
ow to
sel
l a ro
uter
•Ea
rly d
ays
of C
isco
: how
to g
et s
omeo
ne to
buy
a
rout
er?
–Al
read
y ha
d co
nnec
tivity
–In
tern
atio
nal E
ther
nets
•Se
lling
poin
t: ro
uter
s lim
it Et
hern
et b
road
cast
st
orm
s–
STP
loop
s, m
isco
nfig
sw
ould
brin
g do
wn
the
who
le
wid
e-ar
ea E
ther
net
–Yo
u do
n’t n
eed
a ro
uter
to fo
rwar
d pa
cket
s–
You
need
it to
(sel
ectiv
ely)
not
forw
ard
pack
ets
The
rout
er a
s a
poin
t of n
etw
ork
cont
rol
Rou
ting
as a
Bro
adca
st O
verla
y•
“Sha
red
wor
ld” m
odel
of r
outin
g –
topo
logy
info
se
nt e
very
whe
re•
Para
llel t
o L2
pac
ket b
cast
ever
ywhe
re o
n un
know
n ad
dres
s–
L2 p
rolif
erat
e pa
cket
vs.
L3
prol
ifera
te ro
utin
g in
fo–
L2 p
rolif
erat
e pa
cket
gar
bage
vs.
L3
prol
ifera
te
rout
ing
garb
age
•D
amag
e: ro
utin
g bl
ackh
ole
or g
rey
hole
The
rout
er n
eeds
to fi
lter o
ut ro
utin
g m
isin
form
atio
n an
d se
lect
the
rout
e,w
ithou
t dep
endi
ng o
n al
l oth
er ro
uter
s
Feed
back
-bas
ed R
outin
g
•Ea
ch a
cces
s ro
uter
–
Get
s po
tent
ial r
oute
s fro
m “b
road
cast
” top
olog
y up
date
s–
Mon
itors
pac
ket t
raffi
c ov
er ro
utes
plu
s se
nds
prob
es to
ch
eck
pote
ntia
l rou
tes
–Fi
lters
out
bad
rout
es, o
nly
uses
rout
es k
now
n to
wor
k–
Con
trols
pac
ket p
aths
with
sou
rce
rout
ing
•U
se fe
edba
ck, l
ike
mos
t eng
inee
red
dyna
mic
co
ntro
l sys
tem
sLo
cal c
ontr
ol a
nd n
o ne
ed fo
r glo
bal t
rust
,as
sum
ing
sour
ce ro
utin
g
Sour
ce R
outin
g•
Con
trol t
he (l
oose
) rou
te e
ach
pack
et ta
kes
•W
RAP
: Wid
e-ar
ea R
elay
Add
ress
ing
Prot
ocol
–Sp
ecifi
es lo
ose
sour
ce ro
ute
for p
acke
t–
Shim
pro
toco
l ove
r IPv
4 •
But a
lso,
fost
ers
com
petit
ion
amon
g IS
Ps•
But a
lso,
sup
ports
NAT
Inte
r-rea
lm a
ddre
ssin
g•
But a
lso,
mor
e ad
dres
ses
than
IPv6
•An
d m
ost r
oute
rs a
nd h
osts
nee
d no
t cha
nge
Kee
p IP
v4, e
asie
r to
depl
oy a
nd s
olve
s m
ore
prob
lem
s, in
clud
ing
…
Net
wor
k fil
terin
g an
d tra
ceba
ck•
Prov
ides
inst
ant p
acke
t tra
ce-a
bilit
y–
Rec
ords
the
rout
e th
e pa
cket
take
s•
Vers
us o
ther
sch
emes
–An
ti-so
urce
spo
ofin
g (in
gres
s fil
terin
g) is
not
sca
labl
e–
Stat
istic
al te
chni
ques
do
not r
espo
nd fa
st e
noug
h•
Allo
ws
scal
able
net
wor
k-ba
sed
filte
ring
–Pu
sh fi
lters
bac
k al
ong
rece
ive
path
to in
gres
s po
ints
–R
educ
es fl
ood
atta
ck to
por
tion
of b
andw
idth
Res
earc
h: S
how
WR
AP/
filte
ring
can
scal
eR
ef. K
. Arg
yrak
i, W
RAP
, for
thco
min
g Ph
.D. t
hesi
sB
ut w
ith s
ourc
e ro
utin
g an
d FB
R, t
here
’s m
ore
. . .
Inst
ant f
ail-o
ver f
or h
igh
avai
labi
lity
•Ac
cess
rout
er m
aint
ains
two
or m
ore
edge
-di
sjoi
nt p
aths
to d
estin
atio
n•
Pack
ets
sent
on
each
pat
h–
Rec
all:
lots
of c
apac
ity•
Dup
licat
e su
ppre
ssio
n at
rece
ivin
g ro
uter
•At
leas
t one
pac
kets
get
s th
roug
h w
ith h
igh
prob
abilit
y•
Con
curre
nt re
cove
ry o
f fai
led
path
sR
esea
rch:
Sho
w F
BR
can
sca
leR
ef. D
. Zhu
, Fee
dbac
k-ba
sed
Rou
ting,
Hot
Net
s20
02, f
orth
com
ing
Ph.D
. the
sis
Nam
e-ba
sed
Rou
ting
•R
oute
to n
amed
end
poin
ts, n
ot a
ddre
sses
–Th
at’s
wha
t rea
lly id
entif
ies
end-
syst
em s
tate
•In
tegr
ate
nam
ing
into
rout
ing
syst
em–
Rou
ting
syst
em is
a d
irect
ory
serv
ice
•ad
dres
s to
nex
t hop
map
ping
–Ex
tend
to p
rovi
de n
ame
to n
ext h
op•
Rou
ting
prot
ocol
s ex
tend
ed to
dis
sem
inat
e na
me
bind
ing
toge
ther
with
topo
logy
info
•Pr
ovid
e m
ulti-
path
rout
ing
at th
e na
min
g le
vel
–Su
ppor
ting
repl
icat
ed s
ites
True
Inte
rnet
rout
ing
to e
nd-s
yste
m s
tate
,bu
t the
re’s
mor
e …
Hig
hly
Avai
labl
e N
amin
g Sy
stem
•If
you
can
nam
e it,
you
can
reac
h it
–N
amin
g in
rout
ers
so n
o of
f-pat
h de
pend
ence
•R
edun
danc
y of
nam
ing
serv
ice
mat
ches
re
dund
ancy
of c
onne
ctiv
ity–
If K
mul
ti-ho
med
, the
n K
sepa
rate
nam
e se
rver
s•
Atta
ck-re
sist
ant t
o D
DoS
•Sc
alin
g by
leve
l of i
ndire
ctio
n–
Nam
es to
rout
ing
aggr
egat
es, r
outin
g ag
greg
ates
to
next
-hop
Res
earc
h: S
how
NB
R c
an s
cale
Ref
. M. G
ritte
r, C
onte
nt-b
ased
Rou
ting,
USI
TS
2000
, for
thco
min
g Ph
.D. t
hesi
s
Nam
e-ba
sed
Con
nect
ions
•C
onne
ctio
n en
dpoi
nt id
entif
ied
by n
ame,
not
add
r-i
.e. s
peci
fy n
ame
on c
onne
ct s
etup
and
reco
nnec
t•
Nam
e-ba
sed
chec
ksum
–Ju
st d
eriv
e ch
ecks
um b
ase
from
end
sys
tem
nam
es–
Verif
y pa
cket
del
iver
ed to
righ
t end
-sys
tem
, at s
ame
cost
•W
orks
fine
with
NAT
–no
dep
ende
nce
on a
ddre
sses
–M
akes
NAT
sta
te “s
oft”
•D
eplo
yabl
e as
a T
CP
optio
nPr
ovid
es tr
ue e
nd-to
-end
relia
bilit
y,A
nd a
llow
s th
e In
tern
et to
sup
port
NA
T
I-ATC
: Map
ping
app
licat
ion
secu
rity
onto
Phy
sica
l Sec
urity
•Tr
ue e
nd-to
-end
relia
bilit
y to
nam
ed e
nd s
yste
ms
•M
ultip
le d
isjo
int r
edun
dant
pat
hs b
etw
een
node
s–
Non
-sto
p pa
cket
del
iver
y•
Ope
n au
then
ticat
ion
–M
ultip
le m
essa
ges
by in
depe
nden
t pat
hs–
Det
ectio
n of
forg
ed a
ttem
pts,
like
EC
C•
Cle
ar in
dica
tion
to n
etw
ork
oper
ator
s ho
w to
con
figur
eC
an w
e tr
ust t
his
arch
itect
ure?
AB
So, a
dver
sary
atta
cks
the
I-ATC
•C
rack
the
keys
/enc
rypt
ion:
sor
ry, t
here
is n
one
•Fo
rge
a m
essa
ge:
–Ig
nore
d be
caus
e of
trac
e-ab
ility
–D
etec
ted
as a
con
flict
with
inde
pend
ent t
rue
upda
tes
•Bl
ow u
p a
rout
er:
–no
pro
blem
, use
an
alte
rnat
ive
rout
e in
stan
tly•
DD
oSflo
odin
g at
tack
:–
repe
lled
by n
etw
ork-
base
d fil
terin
gA
ttack
is, a
t wor
st, a
loca
l fai
lure
Why
, why
, why
?
•W
hy is
it s
o ha
rd to
mak
e ar
chite
ctur
al p
rogr
ess
•N
amed
-bas
ed In
tern
et p
ropo
sed
in 1
991
(RFC
128
7)?
The
Inte
rnet
Rel
igio
n
True
bel
ieve
rs d
o re
cite
:•
The
Inte
rnet
has
bee
n ve
ry s
ucce
ssfu
l so
DH
CP/
IP/T
CP/
BGP/
DN
S m
ust b
e ba
sica
lly ri
ght
•M
inor
tech
nica
l ext
ensi
ons
are
the
sure
st
mea
ns to
pol
itica
l agr
eem
ent
–D
NSs
ec, s
ecur
e BG
P,
•Po
litic
al s
olut
ions
are
sol
utio
ns:
–Th
ere
are
man
y po
ssib
le te
chni
cal s
olut
ions
; the
har
d pa
rt is
get
ting
agre
emen
t, co
mpr
omis
e is
the
key
If yo
u be
lieve
it, i
t will
wor
k!A
ll yo
u ne
ed is
faith
The
Ages
of t
he In
tern
et A
rchi
tect
ure
•Ag
e of
Pio
neer
s: 1
970s
–Bo
b Ka
hn, V
intC
erf,
D. C
lark
, Jon
Pos
tel,
Len
Klei
nroc
k, …
–D
esig
n an
d bu
ild it
as
“pro
of o
f con
cept
”•
Age
of E
mbe
llishe
rs: 1
980s
–E.
g. D
eerin
g/C
herit
on(IP
Mul
ticas
t)•
Age
of R
elig
ious
Def
ende
rs: 1
990s
+–
Ret
urn
to n
etw
ork
“tran
spar
ency
” –th
e fla
t ear
th s
ocie
ty–
Def
endi
ng a
gain
st e
xces
sive
(re)
inve
ntio
n•
Yes,
we
need
sta
ndar
ds, s
tabi
lity,
etc
but
now
it’s
…Ti
me
for a
New
Age
The
Age
of N
etw
ork
Rea
son
Arch
itect
ural
des
ign
base
d on
car
eful
spe
cific
atio
n on
prin
cipl
es a
nd p
rope
rties
•Se
man
tics
–E.
g. w
hat d
oes
“end
-to-e
nd re
liabi
lity”
mea
n?•
Qua
ntita
tive
anal
ysis
of s
cala
bilit
ySo
lid re
ason
ing,
not
(jus
t) gu
t ins
tinct
, fai
th
and
trad
ition
You
may
not
agr
ee e
ntire
ly, b
ut …
Hop
eful
ly, I
’ve
conv
ince
d yo
u th
at:
•W
e ne
ed th
e rig
ht a
rchi
tect
ure
and
we
do n
ot
have
it n
ow–
Tech
nica
l cho
ices
do
mat
ter
•W
e ne
ed to
be
faith
ful t
o th
e rig
ht a
rchi
tect
ure
•M
any
effo
rts a
re fr
ight
fully
off
base
So fa
r:•
Stud
ents
and
I id
entif
ied
som
e of
the
prob
lem
s•
Expl
ored
som
e po
tent
ial s
olut
ions
–An
d pe
rform
ed p
relim
inar
y ev
alua
tion
Ther
e is
muc
h m
ore
arch
itect
ural
wor
k to
do
Con
clus
ions
The
Inte
rnet
arc
hite
ctur
e:•
is a
suc
cess
–G
ood
enou
gh to
ann
ihila
te th
e co
mpe
titio
n•
is a
dis
aste
r–
Not
goo
d en
ough
to h
andl
e cr
itica
l sys
tem
s•
i.e. b
ad e
noug
h to
ann
ihila
te u
s!
The
futu
re In
tern
et:
•Fr
ight
ful a
d ho
c-er
yor
arc
hite
ctur
ally
faith
ful
The
futu
re In
tern
et a
rchi
tect
ure
•Po
litic
al s
ham
“sol
utio
ns” o
r sci
ence
It m
atte
rs: I
-ATC
, You
bet
you
r life
it d
oes
![The Design Philosophy of the DARPA Internet Protocols [Clark 1988] Nick McKeown CS244 Lecture 2 Architecture and Principles](https://img.pdfslide.us/doc/110x75/56649ccc5503460f94995d3c/the-design-philosophy-of-the-darpa-internet-protocols-clark-1988-nick-mckeown.jpg)
