Keynote: Geoff Huston
Do you see a future for open IP networks where competing service operators utilize a common infrastructure? If not, what is the alternative?
The idea of a common infrastructure as a substrate for competition has become well established in the electricity industry, where a number of power generation enterprises provide to their customers over a single common grid. A similar system has been used in the rail industry, where a common rail network has been used as the basis of competitive train operators.
So far in the networking world we’ve generally been heading down a path of separate infrastructure. Different inter-metro trunk fibre systems, different metro networks, different access networks. For mobile telephony the overhead of this separation has been relatively low, as the infrastructure cost of mobile base stations compared to the revenue opportunities is low. It also matches the aspirations of some of the players in the industry, particularly where the infrastructure owners are also competitive service providers.
Obviously, such operators have no interest in providing access to their network to their competition, as they would regard this as an instance of leverage where their initial investment in infrastructure is devalued by supporting competitors who did not have to carry such an investment on their books as a liability. I am of the opinion that a common network infrastructure is very much in the public interest. Duplicated infrastructure where each competitive provider is forced to construct a complete network is prohibitively expensive. Such a duplication model has not been used in the electricity industry, the rail industry, or the road industry and it has no real prospect of working efficiently in the IP industry. If industry players are forced down this path then the level of competition drops off due to the high barriers of entry, and the infrastructure owner is in a position to extract monopoly rentals off the infrastructure.
A number of countries have already gone down a path of ”structural separation” where the infrastructure owner is forced to operate its infrastructure network in a neutral fashion and offer the same services and prices to all customers, including its own retail enterprise. An alternative model is for a public enterprise to operate a common neutral infrastructure, This model is being developed in Australia with a $43 Billion infrastructure operation termed the ”National Broadband Network”.
I have not seen a model so far where competitive provision of infrastructure using private investment has proved viable. The characteristics of such an investment, notably long term low rates of return on the initial investment, have not proved to be attractive to the investment market, and the operator has invariably been forced to hike up the prices to generate attractive rates of return. Or attempt to continue to use the existing in-the-ground assets in order to avoid the investment completely, as is the case with the ADSL2 deployments.
So what is the model for this common infrastructure? Is it a layer 2 model, using VLAN-styled technology where each provider rolls out its own IP network as an instance of a VPN overlay? Or is it a full IP network where each ISP is in effect a billing and value added service delivery vehicle and the underlying network is neutral? At this point in time the industry appears to be more comfortable with a model of separation of providers, using the VLAN approach to the common access infrastructure, and each provider operates its own IP network as a distinct entity. But there is a lingering doubt that this is the most efficient and effective model for public infrastructure. A common IP network opens up some very interesting possibilities in terms of shifting the competitive model away from duplication of routing infrastructure into a model of differentiation in services and quality of customer care, but it has its challenges in working out how best to provide external services.
Why do we need to secure the routing infrastructure? Can you describe the threat?
There are many ways to be Bad on the Internet. If the challenge is to be bad in ways that are not readily detectable and not readily preventable, then the two most vulnerable aspects of the Internet lie in the Domain Name System (DNS) and in the routing system. Applications trust the integrity of both systems in order to allow the user to communicate with the party that they are intending to communicate with.
This form of infrastructure attack does not depend on misleading the user (as is done with phishing attacks) or altering the operation of the user’s computer (as is the case with viruses and malware). This form of attack happens without having to interact with the host platform at all. For example, in order to subvert the integrity of the application one approach is to attempt to subvert the operation of the DNS and provide an incorrect mapping of name-to-address. The application will then attempt to rendezvous with the wrong server and if this is a fake instance of the intended server then the attack has taken place.
Another approach is to leave the DNS alone but to get the routing system to deliver the packets to the wrong location in the network. This latter approach is a routing attack. An attacker could inject a false route that matches the IP address of a well known service into the routing system. The service transactions that were intended to take place with this server would then be redirected to the target point as described in the false routing information. Depending on the attack this could result in a falsified transaction, or an eavesdropping attack or a simple denial of service attack. Routing attacks can be global, or they can be highly localised.The scope of the attack depends on the precise nature of the false information that is being injected into the routing system, or the nature of the information that is being deliberately masked out.
How big is this problem? Is the number of attacks against routing increasing?
There have been a number of high profile incidents in the recent past that illustrate the vulnerability of the Internet to this form of attack. One of these was the so-called ”YouTube” attack that in early 2008 managed to take the entire YouTube service offline for some hours. Other forms of attack have been used in conjunction with the sending of spam, in an effort to hide the identity of the spam source. Routing attacks are potentially very harmful, and when viewed on a more general level in the context of attacks that could be mounted at the level of a highly organised effort at widespread disruption, they have the potential to be very effective. For this reason the effort to improve the security of the routing system is one that is being taken very seriously by a number of national authorities.
You have spoken at Internetdagarna before – what do you think about the conference?
This is a very enjoyable conference. It brings together the diverse parts of the Internet in Sweden, looking at domain names, services, operations, technology and users into a single event. The Internet is still an unfolding story and there is much to do at every level of the Internet. What form of broadband structure is appropriate? How are we going to deploy IPv6? How can we make the network more secure? This conference is one that talks about these current issues and many more.
You have been active in IETF for a long time; is IETF still relevant? Can it act quickly enough for today’s Internet?
The technology that underlies the Internet continues to change and evolve. The requirements for change come from a wide variety of sources. Whether its a desire to make the technology more secure, or to allow it to be used for new services, or to revise existing technologies to improve their efficiency, there is a continual flow of new ideas and proposals coming into the IETF, and the IETF is still the main venue of standardisation of the ”core” of the Internet’s technology.
As the Internet grows it does get harder to deploy changes. There are more people involved, more considerations to take into account, more processes and an ever greater number of stakeholders. This does mean that the process of change and evolution has slowed down over the years and the IETF has certainly felt that. These days it may take some years to generate a standard for a critical technology such as routing or the DNS. But perhaps this is now too slow, and the IETF is not keeping up with its mission to ensure that the standards it produces are timely as well as practical and useful. Now may be a good time to see how we can improve some of the IETF’s processes to see how we can ensure that the IETF continues to play a useful role in the future of the Internet.
Missa inte! Geoff Huston – Keynote 4 nov, klockan 09.00 eller ”Secure and stable routing – How do we secure the routing infrastructure?” 4 nov klockan 13.40 på Internetdagarna 2009, Anmäl dig här Gå till programmet.