Vint Cerf on Why TCP/IP Was So Long in Coming

whitehartstag writes "TCP/IP is 25 years old this year. Vint Cerf says there was a long development cycle for both TCP/IP and for X.25, and we'd have been using TCP/IP much sooner if TCP/IP had been more marketable. 'Over the years, we can come up with many examples both of where the best technology did (or did not) win and of how marketing has defined a service. For example, many of the "best" features of frame relay, such as the ability to use Switched Virtual Circuits (SVC) in addition to Permanent Virtual Circuits (PVC) were never widely marketed because the pricing was too complex. Rather, the PVC was a simple replacement for a leased line at a fraction of the cost with better performance.'"

where's the content?

[jessecurry]

I know that there isn't much real content on the web anymore, but that's not even an article. Where the hell is the content?

A little more here...

[XanC]

Apparently the "article" is a response to a comment (the only comment, mind you) attached to this "article" [networkworld.com], which is similarly content-free.

Re:A little more here...

[Megaweapon]

Plus the submitter's name+link goes to the same site, so I'm guessing this is just more NetworkWorld clickbait for Slashdot.

Re:A little more here...

[LMacG]

NetworkWorld Accountant: Ad revenue seems to be off this week. Quick, somebody submit a story to Slashdot! (Before Computerworld does the same thing!)

Re:

[account_deleted]

Comment removed based on user account deletion

Ack - Hi Vint

[asleeplessmalice]

Apparently Vint Cerf wasn't consulted for the original article, yet he commented on it by 7:42 am on the day it was published: 1/22/08 (although the article URL includes a datestamp of 1/21/08).

I wonder if his advanced monitoring capabilities include /.?

Re:where's the content?

[jd]

You need to run the article through a ROT13 filter, followed by the Bible Code decoder and finally the Redneck filter, to get the URL of the real article. This encryption technique was developed to prevent the real server being slashdotted.

The Da Vinci Codec

[Anonymous Coward]

Only to find out that the original TCP/IP specification was designed by Leonardo Da Vinci and hidden in a strangely effeminate painting.

Which, of course, explains why it took so long to get implemented.

Re:

[Tablizer]

I know that there isn't much real content on the web anymore, but that's not even an article. Where the hell is the content?

It's split up. One packet went to Australia, another to Zimbabwe, and another to
       

United States of America's Government Conspiracy

[Hucko]

Well, someone has intercepted the Australian packet because it hasn't made it here yet. I've been waiting patiently at the end of our pipe.

Re:United States of America's Government Conspirac

[charlesnw]

Don't you mean at the end of your tube? Cause the internet is a series of tubes. :) Congress said so. It must be true.

Re:

[Hucko]

I'm Australian and we just sacked the bloke who loved your Congress...... besides tubes are generally referred to as pipes here.

Re:United States of America's Government Conspirac

[SJ2000]

The packet was deemed 'inappropriate' by the new government internet censoring system, that's why you never received it :P

Re:

[xoundmind]

Slashdot: "Content-free since 1997"

Seems normal.

[jd]

Pricing complexities are why multicast is taking so long to reach the home, even though it has been enabled clear across the entire backbone up to the local ISP level for over a decade. The virtual circuits costing issue is presumably part of why MPLS is also somewhat of a rarity. Of course, this does raise some questions, one of which is why - when the early Internet and IPSS were Government-funded, mostly Government-run, intended to be fault-tolerent and suitable for military use - cost was a factor at all. Big business did not enter the X.25 or TCP/IP markets until very late in the game, and most initially used gateways off their own internal network protocol. The Internet's native protocols should have had no impact at that time.

So why is it normal for the immaterial to matter more than the significant? It is normal, but it is also irrational and nonsensical.

Re:

[somersault]

I guess this moderator thinks that 'troll' means "I didn't understand a word you just said".

Re:

[techpawn]

I guess this moderator thinks that 'troll' means "I didn't understand a word you just said".

No no no! Didn't you get the memo? For the time being Moderators are to use Overrated, Flamebate, and Troll until the new options of -1 Unpopular, -1 Shut-up, and -1 I-just-don't-like-you are rolled out. It's just a workaround, so be patient.

Re:

[jd]

I think you may have missed the -1 CowboyNeil option.

no

[Lanboy]

The ARPANET was an accademic network for sharing defense research. The story about its survivability for nuclear war is simply untrue.

Please name the "Local ISPs" that have multicast configured. I count Two out of Five core providers with multicast enabled.

I wouldn't call MPLS somewhat of a rarity. Simply put I disagree entirely.

Re:

[jd]

Any ISP that uses RIPv2, OSPFv3 or ISIS on their internal network - or to connect to other networks - uses multicast for the routing protocol. Core providers broadcasting multicast services that are visible to AmericaFree.tv are listed in table format [multicasttech.com]. It's longer than two entries. Translations of BGP entries to providers are . Local ISPs that actually provide multicast to the home are a rarity, but as of 2002, there are a handful [multicast-isp-list.com].

I never said anything about nuclear war, I specified fault tolerence. There

Argh! Typo!

[jd]

The translation list is here [multicasttech.com].

Re:

[Tim the Gecko]

Any ISP that uses RIPv2, OSPFv3 or ISIS on their internal network - or to connect to other networks - uses multicast for the routing protocol.

True, but irrelevant in considering whether a customer might one day get IP multicast on an ISP connection. The routing protocols you mention (and OSPFv2 as well) use multicast packets with TTL=1 to exchange information across a LAN. Not at all the same thing - no multicast forwarding tree in sight!

as of 2002.

Which says everything you need to know about interdomai

Re:no

[jd]

Customers are almost certain never to get IP Multicast, but (probably) not for technological reasons. It's easy to bill per stream, for unicast streams, but harder for multicast. And, let's face it, there are certain segments of the entertainment industry - not just the *AA's - that have a vested interest in providing heavily metered audio/video streams. Multicasting has the potential to slash revenue by an order or two of magnitude. It's also easier to guague interest (for advertising reasons) for unicast connections than for multicast. And since unicast demands more on the CPU and on the pipe, machine manufacturers and ISPs have financial incentives to encourage customers to use the least-efficient delivery format possible.

If the customers are the only ones who could gain, and everyone else would lose, then who is going to be insane enough to switch on multicast routing to the home?

Re:

[Drishmung]

The benefit of multicast is to the network provider. Where the same stream needs to be sent to many (thousands) of customers, multicast has a huge benefit. In fact, for 'push' content delivery it is the only viable means of networking.

And cable has been able to deal with the pricing issues for decades. The content is encrypted, with multiple keys---one for each subscriber. Anyone else can receive the multicast, but it does them no good without the key. When you join the stream, you not only join at an IP le

Re:

[jd]

I guess you are correct, but then we get back to the problem of why this option doesn't currently exist for consumers. Hang on, I think my brain is going to explode.

Mod parent up - Grandparent retarded.

[bdwebb]

I read the grandparent post and literally began to experience physical pain. I'd say a good 60% of every enterprise WAN I configure or interact with on a daily basis is MPLS or is in the process of migrating to MPLS.

The multicast argument was the portion that really brought the pain train, Terry Tate style. I don't even want to begin to discuss why that argument is so wholly retarded. It looks like you had the same opinion so I'll plagarize your comment and say that I, also, "disagree entirely" but I wou

Where's the beef?

[jd]

If you're using MPLS on a WAN, I'm scared. MPLS is for extranets, the WAN is concealed. MPLS on a WAN is therefore a contradiction in terms. Either you're dealing with a WAN or you are dealing with an extranet. You are never dealing with both at the same time. You are almost never dealing with MPLS at the enterprise-level, because that level of detail is normally hidden. You have an entry point onto the extranet, but how that extranet is formed is transparent.

Of course, none of this matters if you're not

Re:

[3vi1]

You may have a lot of experience, but I think you're generalizing your ATM vs. MPLS argument from the perspective of a small business. A lot of companies, including mine, have moved to MPLS for their WAN. (And, I don't miss the ATM days at all.)

Of course, our revenue is about the same as Microsoft, so I'm talking about a very large network (70+ large international manufacturing sites, multiple data centers, 10-20k users).

Re:

[OeLeWaPpErKe]

In case anyone wants to know. Let's have some calculations, shall we ? IF we were to bring multicast (like people here want, random senders, random receivers) to the home, we'd need the following resources in the router's memory.

-> A place to put a multicast address (that'd be 4 bytes for ipv4, 16 bytes for ipv6)
-> A place to put, associated with each multicast address, a series of interfaces to replicate the traffic to (that'd be a bit per interface in the router and per multicast address) (let's say

Re:

[jd]

You only need an address for each group address subscribed to by a downstream node. Since you have access to port numbers, you can place as many streams on a single address as you like (up to 65535), although obviously you lose some benefit from the multicasting if you overload too many streams onto a single group address. Well, unless you use source-specific multicast (SSM), in which case so long as the content is differentiated by source address, you can stuff everything onto a single group if you really

Re:

[jrumney]

Multicast is ... a bitch. It can't be aggregated, it can't be split, it can't be simplified, ... it sucks. It'll never work.

I'm glad you don't design routers.

Re:

[jd]

Maybe he does. I've not seen 3Com for a while and Bay went belly-up. If he was the chief designer for those two, it would explain what happened to them.

Re:

[charlesnw]

Um... Nortel bought Bay Networks. 3com is alive and well and while isn't the most common router by far, its still used a fair amount. Especially in smaller organizations.

Re:

[warrigal]

The simple facts are that X.25 didn't match the customers' topology needs and it wasn't reliable enough. Even during the early '90s a telecom's sales engineer told us (with disarming frankness) that he wouldn't recommend it for line of business applications. Too unreliable. All those Z80s out there on the network trying to cope.

About the same time I was given the job of proposing an X.25 backbone for a large client. Imagine trying to design a network with remote word processors running echoplex across it t

Re:

[amorsen]

The virtual circuits costing issue is presumably part of why MPLS is also somewhat of a rarity.

Is MPLS that much of a rarity? Business point-to-point or point-to-multipoint lines around here tend to be delivered either by MPLS or 802.1ah. Most MPLS-based lines are generally more expensive than raw Internet lines, but that's simply because MPLS is awfully expensive per VRF, so providers don't like having lots of VRF's.

(Of course it's also possible to do virtual routing without MPLS. That's how I make a livin

TCP/IP still needs a rewrite

[Anonymous Coward]

Unfortunately, for all of us, IPv6 is heading our way like some rusty old stream train. Its rickety and badly designed, but massive, and will squash anything in the way.

IPv4 at least was designed well, and has lasted a long time. However, IPv6 has no firewall/NAT support (if you are in a company, you have to have a firewall, else you run afoul of a lot of corporate regs like SOX, HIPAA, and if doing credit cards, PCI). You can't tunnel or VPN (if you do, you pretty much do IPv4 routing as a kludge.) Fin

Re:

[jd]

IPv6-over-IPv6 seems to work ok. Some of the earliest routing protocols provided firewalling and NATting within the routing protocol itself (Telebit's router provided superb NAT and Firewall capabilities as an integrated facility). Permanent addresses lead to fragmented heirarchies and exploding routing tables, which is a major problem with IPv4.

Amen Brother.

[Lanboy]

I personally believe it will never be adopted. The government keeps having meetings where they set dates for implementation, that get turned into dates to have implementation plans. Meanwhile the clock is ticking and its ten years later. The internet has changed from when they drafted IPv6, who is going to make thier customers flash thier home routers?

Time to punt and send folks back to committee. It is just as crufty as the OSI network stack. If they had just gone with the first draft and added more addres

Re:TCP/IP still needs a rewrite

[bendodge]

It seems to me like most of the things you listed as missing were things IPv6 was specifically designed to get rid of.

Re:TCP/IP still needs a rewrite

[gclef]

So much misunderstanding crammed into such a small post. I'm impressed.

However, IPv6 has no firewall/NAT support

IPv6 partisans strongly discourage NAT, but there is nothing in IPv6 that will prevent it. Firewalling is still possible in IPv6, and is assumed to continue.

You can't tunnel or VPN

Where in the world did you get that from? There are several tunneling protocols supported as standard in IPv6. 6-in-6, IPSec, GRE...take your pick.

Finally, it doesn't support a person having their own permanent IP range. You are forced to use a subset of the range of whomever you are connecting to, and if you change ISPs or peers, you have to completely re-IP your servers.

This is untrue. ARIN (and most other RIRs) changed their allocation policy a year and a half ago. At present, if you qualify for Provider-Independent space in IPv4, you will also qualify for PI-space in IPv6.

Re:

[rickb928]

"if you change ISPs or peers, you have to completely re-IP your servers"

I missed that the first time. Sounds like we got another IPv6-slam in TFA.

And this is different than IPv4 how? In the US, this is the norm. I know, my dear friends that manage my access like to change ISPs about 4 times more often than they change cell phone providers. And for even dumber reasons. They don't even geta free CSU/DSU most of the time, and of course the new provider needs us to use 'theirs', so they can manage it. And

Are you sure?

[Sits]

I've had very little luck trying to make a BSD use NAT on site local packets (which are explicitly defined as not being internet routable). However given how big the typical ipv6 subnet seems to be this issue falls by the wayside the moment you get one.

Your point still stands though - ipv6 is trying to do away with NAT and rightly so. If you don't have an address squeeze it seems horrible that you would use NAT - better to use a decent firewall...

Re:

[TheThiefMaster]

Yeah, you can use an IPv6 firewall that blocks all incoming traffic except for replies to outgoing traffic and exceptions made for specific servers, and you have the same "firewall" protection as an IPv4 NAT with none of the protocol breakage caused by NAT. Two machines could use the same port without one or both getting changed by NAPT for example, and having the server's own IP be the same one that clients have to connect to helps as well.

Goodbye NAT?

[fm6]

IPv6 partisans strongly discourage NAT...

My first response to this was, "Say what"? But I did a little Googling and it seems you're quite correct. I'm not as literate on IPv6 issues as I should be, but this strikes me as pretty dumb.

The main thesis of this argument seems to be that the primary purpose of NATs is to work around the IP address shortage, which IPv6 eliminates. But there's another big reason to want an IP address in a private space: security. Do you want every script kiddie on the planet bang

Re:

[DaleGlass]

Huh?

You can do exactly the same stuff with a firewall as you do with NAT. If you want to forbid all incoming connections by default, and only allow specific ones, you can do so very easily with a firewall.

The only difference is that with NAT you have one IP address, and port 80 (for example) either is directed to a specific computer on the network, or isn't.

In comparison, with IPv6, no NAT, and a firewall you'd be able to control whether each computer on the internal network accepts connections on port 80 o

Re:

[QuantumRiff]

There is no personal IP range, which is a darn good thing. Can you imagine the load that would put on routers, having a few billion routes changing constantly? However, with the "autoconfiguration" if I'm not mistaken, the last 64 bits of your IP would pretty much always stay the same, its the first bits that would change.

Besides, in a way your IP address will always be the same, and much shorter.. ::1 is much shorter than 127.0.0.1 to type!

Re:

[jo42]

IPv6 has no firewall/NAT support

Let's see...

[gawd@mssux:~] rpm -qa | grep iptables
iptables-1.3.5-1.2.1
iptables-ipv6-1.3.5-1.2.1
[root@ws01:~]

Horse Poop.

Re:

[myz24]

this is obviously chopped.

Re:TCP/IP still needs a rewrite

[TheBracket]

A lot of your "missing" features of IPv6 are exactly what it was meant to eliminate! You absolutely can firewall IPv6 (just as you can firewall a regular routed IPv4 space; a default stateful "outbound only" IPv6 firewall is every bit as secure as a similar IPv4/NAT setup). OpenBSD's pf has supported firewalling IPv6 for years; I'm pretty sure ipfw on FreeBSD has it, too. Iptables on Linux also seems to support it.

NAT isn't something to be missed. The number of nasty kludges required to get protocols that require two peers each behind a NAT to communicate is ridiculous, and a lot of protocols (VOIP, P2P, most games, etc.) can be simplified quite a bit when you take out the various NAT-hole punch routines.

Juniper already ship IPv6 capable VPN kit, you can do it on various open source platforms with things like tinc, and Windows Server 2008 supports it.

In other words, IPv6 is taking a long time, but it's getting there - and support for essential features is developing decently well. I'd recommend getting familiar with it now; even if it never materializes in its current form, it's a good idea to play with lots of different setups and be ready for anything!

Re:

[petermgreen]

can be simplified quite a bit when you take out the various NAT-hole punch routines.
Assuming people use statefull packet inspection firewalls with a "outbound and replies to outbound only" policy the hole punch routines will have to stay.

Re:

[Agripa]

Assuming people use statefull packet inspection firewalls with a "outbound and replies to outbound only" policy the hole punch routines will have to stay.

Sure. But without network address translation, protocols like IPSEC will work end to end and proxies for inspecting and rewriting packet payload will not be necessary. UPNP will no doubt still be used (and a serious security risk) for punching holes in the firewall but at least the few-to-many address mapping problem which breaks many protocols will be g

Re:

[Watson Ladd]

You are just wrong half the time, and half wrong all the time. First off, a firewall is a piece of software that prevents packets from getting through. It can work with IPv6 just fine. Tunneling and VPN is what IPSec is for in tunnel mode. IPv6 mandates IPSec support, so I don't see how that is a kludge. Finally the mobility of IP addresses across ISPs leads to exploding routing tables. It's just not an option.

Re:

[modmans2ndcoming]

umm...a firewall is not the same thing as a Nat.

IPv6 supports firewalls... AKA, the ability to create a checkpoint that looks at all packets entering/exiting the local network and deciding if that packet should be allowed to enter. What it does not allow is Network Address Translation, AKA, handing the mail off to a guy at the gate and letting that guy look up on a list what the mail address translates to as far as his system, and then delivering it.

Cisco seems to think [networkworld.com] you are wrong as well.

Historical analysis

[rjamestaylor]

To read the historical analysis on the adoption rate of TCP/IP versus....??...is interesting to, well, um... you know, ... crap. No one.

Anyway, thank Gore we're not stuck in an X.25 world!

TCP/IP wastes bandwidth

[EmbeddedJanitor]

A very significant factor for the slow uptake of TCP/IP was that most early networks were slow and point-to-point (head office to branches for realtime links and uucp etc for emial). IP wrapping is relatively expensive in terms of extra bytes etc, but that wrapping gives flexibility. When you only had 1200 baud point-to-point connections then you didn't need the flexibility of IP nor the extra wrapping cost.

IP only started to shine once significant numbers of networks got interconnected.

Re:

[morgan_greywolf]

WANs, yes. LANs based on 10MBit Ethernet was fairly popular -- but most of them ran proprietary protocols like IBM's NetBIOS and, later, Novell's IPX/SPX.

And anyway, by your logic X/Y/Zmodem wouldn't have existed because these protocols also wasted bandwidth. These were the basis of early store-and-forward networks like FidoNet.

Re:

[warrigal]

When you look at TCP/IP you have to wonder if it was ever intended for WAN use. The extravagant use of bandwidth in contrast with IBM's SNA/SDLC is a pointer. It wasn't all that long ago that you tied datacenters together with 64K links.

Re:

[Guppy06]

And cue the Grammar Nazis while you're at it.

Re:

[mini me]

If he had spent more time developing TCP/IP, Manbearpig would still be out there.

PVC tubes

[Nonillion]

So I guess we can look forward to Ted (series of tubes) Stevens describe the Internet as a "series of PVC tubes". :P

Best feature but no market?

[Lanboy]

Frame SVCs wore never in huge demand. As Vint says, customers wanted cheap leased line replacements, and the ability to do hub and spoke and mesh networks cheaply. What do SVCs buy you? you already have to pay for the local loop. Cheaper Virtual circuits? Eventually the market moved to zero cir pvcs, which were as cheap as you needed.

Besides, there were carrier SVC networks, the protocol was called SMDS, and no one bought it.

Frame Relay faster????

[Whitemice]

"Rather, the PVC was a simple replacement for a leased line at a fraction of the cost with better performance."

Eh? I'll take a leased line over a PVC anyday in regards to performance. My experience with Frame Relay has been that performance is subpar, the provider overbills, burst capability is crap [and doesn't work with most QoS scenarios - as in you have to disable bursting]. I also question the cheaper part as we just switched from a 15 location frame-relay (256/512) WAN to point-to-point T1s for 1/

Re:

[misleb]

Do you really have a point-to-point between each location or just a hub and spoke?

Re:

[Whitemice]

Hub-n-Spoke, just like we had with frame-relay. It should have been a mesh given that it was frame-relay but the telco wanted basically the same monthly fee for each additional PVC as it was for the frame-connection itself. An additional PVC was "effectively" an additional circuit. So it was really point-to-point over a frame-relay cloud where you couldn't burst and with crappy latency just for extra fun.

To be fair they fixed the latency issue after a couple of years. Wow, I was impressed.

Tech

[Teflon_Jeff]

It's just another example of the less effective technology winning out.

Can you say Beta max?