Paul Vixie On the Unevenly Distributed Intelligence of Internet Infrastructure 96
CowboyRobot writes "Writing for ACM's Queue magazine, Paul Vixie argues, "The edge of the Internet is an unruly place." By design, the Internet core is stupid, and the edge is smart. This design decision has enabled the Internet's wildcat growth, since without complexity the core can grow at the speed of demand. On the downside, the decision to put all smartness at the edge means we're at the mercy of scale when it comes to the quality of the Internet's aggregate traffic load. Not all device and software builders have the skills and budgets that something the size of the Internet deserves. Furthermore, the resiliency of the Internet means that a device or program that gets something importantly wrong about Internet communication stands a pretty good chance of working "well enough" in spite of this. Witness the endless stream of patches and vulnerability announcements from the vendors of literally every smartphone, laptop, or desktop operating system and application. Bad guys have the time, skills, and motivation to study edge devices for weaknesses, and they are finding as many weaknesses as they need to inject malicious code into our precious devices where they can then copy our data, modify our installed software, spy on us, and steal our identities."
It's TCP/IP, baby. (Score:2, Interesting)
It's just the way TCP/IP was designed, back in the ARPANET days, you know.
Putting all the intelligence in the hosts allows for more resiliency, since it takes a lot to the bring the whole infrastructure down this way.
Mobile networks are quite the opposite, though (smarter infrastructure, a little more dumb terminals).
Software defined networks are definitely a way to bring some intelligence back in the infrastructure of IP networks.
We'll see if it will enable a smarter Internet or not.
Maybe, just maybe... (Score:1, Interesting)
Paul Vixie can pontificate on the Unevenly Distributed Intelligence at Dice that has resulted in this abomination known as Beta Slashdot...
A different view. (Score:3, Interesting)
"they need to inject malicious code into our precious devices where they can then copy our data, modify our installed software, spy on us, and steal our identities."
Not on my networks, which comprise about 1 million people at the moment.
All of our infrastructure is open source and we don't have those issues. Been opeperating a standatf 3.x kernel on 25 routers with millions of people accessing them, along with the server software, also LINUX based running Apache, Tomcat Servlets, and PostGRES...OpenLDAP and TLS for the internal key management infrastructure.
so I don't see a problem with the internet as designed, works very well. It doesn't need change.
You are trying to change the internet for your own malicious purposes, in my opinion, than actually address the problem:
1) Internet security as far as functionality is concerned, works extremely well. I travel and I go to many places, and there has only been once in the past two years I couldn't access my VPN server due to a real internet outage. I say outage because the local admin at your so called "smart edge" made a few bad investment decisions, proprietary gear bankrolled with back doors.
2) Most of the problems you do see with sites, internet infrastructure is entirely not related to the internet as designed per se, but a frustration with governments who don't like what the internet is doing. That is, an obstruction to their spheres of power and political and industrial espionage which they require to gain an edge to stay in power.
The internet has a nasty habit of revealing the connections of two sets of laws that normally can't be seen by the plebs: That is the ones that say you have to spend 5 years in prison for 1 ounce of pot, complete with a criminal record so you will never be hired again vs. If you're say a Banker, and rob whole countries you get a pay raise and pat on the back or send you send the plebs to thier doom. For example, when the French found they couldn't get any of their gold back from the Fed they invaded Mali to stabilize their banks.
So I don't see any problems with the internet.
I do see a problem with governments and the internet coexisting together though, but that is not a technology problem.
As I see it, one or the other has to go and so far the internet is fighting a losing battle.
Re:A different view. (Score:2, Interesting)
Backdoors in this case of the edge network for this administrator are well know.
http://gigaom.com/2013/12/29/n... [gigaom.com]
Governments don't like the internet. They want it changed.
http://www.zdnet.com/surprise-... [zdnet.com]
So far one man, worth millions, with a great future ahead of him "decided to hang himself" over that same legislation.
http://www.globalresearch.ca/i... [globalresearch.ca]
People are seeing the connections through whistle blowers and alternative media.
http://www.infowars.com/hillar... [infowars.com]
http://www.theguardian.com/wor... [theguardian.com]
French Invade Mali after Fed refusal of Gold...
I am sure it is JUST a cooincidence Gold is the only major export of MALI:
http://www.silverdoctors.com/j... [silverdoctors.com]
Troll.
So be it.
Re:It's TCP/IP, baby. (Score:4, Interesting)
Putting all the intelligence in the hosts allows for more resiliency, since it takes a lot to the bring the whole infrastructure down this way.
It's the way to go. Any intellegence added to the core should merely be simple tweaks to enable more intelligence at the edges. For example, one might plausibly argue that making core routers select second/third most-preferred destination routes for a packet based on a TTL % on IP packets would allow end-systems to experimentally find the fastest performing route through the internet by trying different values on their TTLs/option fields. One could not reasonably argue for expecting core devices to maintain per-connection or even per-client/netblock state in an attempt to find alternate routes for each client connection.
Software defined networks are definitely a way to bring some intelligence back in the infrastructure of IP networks. We'll see if it will enable a smarter Internet or not.
From what I've seen of SDN it's a bunch of people who think they can abstract network services in a simple model, but who have no compreshension of the intrinsic differences in the heterogeneous mixture of devices employed, so they haven't even scratched the surface of being able to build a taxonomy/capabilities-enumeration for things like, for example, how many CAM entries are available for edge switch filters on a given switch model. Without that information, SDN applications have no way of doing any serious budgeting before launching a request into the network gear, and since the device might happily take the commands and provision a halfway-functional service that is dropping 5% of packets, rather than reject the request, and SDN has no real provisions for testing services before putting them in production, SDN is doomed to be confined to data centers where equipment has been carefully kept homogeneous.
Most people using SDN that I;'ve seen are doing so for enterprise (including server farm) LAN, not core internet.