1
Dr. Lawrence RobertsCEO, Founder, Anagran
Internet EvolutionInternet Evolution
2
The Beginning of the Internet ARPANET became the Internet
• 1965 – MIT- 1st Packet Experiment -Roberts• 1967 - Roberts to ARPA – Designs ARPANET• 1969 – ARPANET Starts – 1st Packet Network• 1971 – ARPANET Grows to 18 nodes
• 1983 – TCP/IP installed on ARPANET – Kahn/Cerf • 1986 – NSF takes over network - NSFNET• 1991 – Internet opened to commercial use
Roberts at MIT Computer
ARPANET 1971
3
Internet Early History
1
10
100
1,000
10,000
100,000
1969 1971 1973 1975 1977 1979 1981 1983 1985 1987
Ho
sts
or
Tra
ffic
in
bp
s/1
0
Hosts
TrafficTCP/IPNCP
EMAIL FTP
ICCC Demo
Aloha-Packet Radio
SATNET - Satellite to UK
Spans US
Ethernet
DNSPacketRadioNET
“Internet”Name first used- RFC 675
TCP/IP Design
X.25 – Virtual Circuit standard
Roberts term at ARPA Kahn term at ARPACerf term at ARPA
4
Original Internet DesignIt was designed for Data
File Transfer and Email main activitiesConstrained by high cost of memory– Only Packet Destination Examined– No Source Checks– No QoS – No Security– Best Effort Only– Voice Considered– Video not feasible
Not much change since thenARPANET July 1977
5
Voice Totally moving to packets– Low loss, low delay required
Video Totally moving to packets – Low loss, low delay jitter required
Emergency Services No Preference Priority
Security Cyberwar is now a real threat
TCP unfairness – multiple flows (P2P, Clouds, …) – Congests network – 5% of users take 80% of capacity
Changing Use of InternetMajor changes in Network Use
6
Internet Traffic Grown 1012 since 1970
In 1999 P2P applications discovered using multiple flows could give them more capacity and their traffic moved up to 80% of the network capacity
World Internet Traffic - History
0.000000001
0.00000001
0.0000001
0.000001
0.00001
0.0001
0.001
0.01
0.1
1
10
100
1000
10000
1970 1975 1980 1985 1990 1995 2000 2005
Pe
taB
yte
s p
er
mo
nth
Normal Traffic
P2P
TCP
ARPANET NSFNET COMMERICAL
Double each year
Electronics – Double every 18 months
7
Where will the Internet be in the next decade
2008 2018
% World Population On-Line 22% 99% Total Traffic PB/month 3,200 191,000Traffic per User GB/month 2.2 26GB/mo/user Developed areas 2.7 156GB/mo/user Less Dev. areas 0.5 3
People in less developed areas will have more capacity than is available in developed areas today! Users in developed areas could see 3-10 hours of video per day (HD or SD)Requires a 60 times increase in capacity (Moore’s Law increase)
8
Network Change Required
Fairness– Multi-flow applications (P2P) overload access networks
Network Security– Need User Authentication and Source Checking
Emergency Services– Need Secure Preference Priorities
Cost & Power– Growth constrained to Moore’s law & developed areas
Quality & Speed– Video & Voice require lower jitter and loss, consistent speed– TCP stalls slow interactive applications like the web
9
Technology Improvement – Flow Management
Historically, congestion managed by queues and discards– Creates delay, jitter, and random losses – TCP flow rates vary widely, often stall– UDP can overload, if so all flows hurt
Alternatively, flows can be rate controlled to fill link– Keep table of all flows, measure output, assign rates to each flow– Rate control TCP flows to avoid congestion but maintain utilization– Limit total fixed rate flow utilization by rejecting excessive requests– Assign rate priorities to flows to insure fairness and quality
Flow Management requires less power, size, & cost– There are 14 times as many packets as flows– Flows have predictable rate and user significance
10
Flow Management Architecture
Input Output
Discard
Switch
Load Measurements
Flows measured and policed at input
Unique TCP rate control – Fair and precise rate/flow
Rates controlled based on utilization of both output port and class
All traffic controlled to fill output at 90%+
No output queue – Minimal delay
Voice and video protected to insure quality
Assign Rate, QoS, Output Port, & Class
Assign Rate, QoS, Output Port, & ClassFlow State MemoryFlow State Memory ProcessorsProcessors
Rate of Each Flow Controlled at Input
Rate of Each Flow Controlled at Input
Traffic measured on both the output port and in up to 4000 Classes
Traffic measured on both the output port and in up to 4000 Classes
11
Flow Rates Control with Intelligent Flow Delivery (IFD)
Instead of random discards in an output queue:Anagran controls each flows rate at the input IFD does not ever discard if the flow stays below the Fair RateIf the flow rate exceeds a threshold, one packet is discardedThen the rate is watched until the next cycle and repeatsThis assures the flow averages the Fair RateThe flow then has low rate variance (s=.33) and does not stall
Fair RateFair Rate
Discard 1 packetDiscard 1 packet
12
IFD Eliminates TCP Stalls, Equalizes Rates
With Flow Management No stalled flows Less peak utilization 3 times faster response times Video and Voice protected
Above graphs are actual data captures Above graphs are actual data captures
Normal Network Rates often stall Peak utilization high Response time is slow Jumble hurts Video & Voice
13
Impact of Flow Management at Network Edge
Web access three times fasterTCP stalls eliminated – all requests completeVoice quality protected – no packet loss, low delayVideo quality protected – no freeze frame, no artifactCritical apps can be assigned rate priority
When traffic exceeds peak trunk capacity:– Eliminates the many impacts of congestion– Smooth slowdown of less critical traffic– Voice and video quality maintained
14
Fairness - In the beginning
A flow was a file transfer, or a voice callThe voice network had 1 flow per user– All flows were equal (except for 911)– Early networking was mainly terminal to
computer– Again we had 1 flow (each way) per user– No long term analysis was done on fairness
It was obvious that under congestion:
Users are equalthus
Equal Capacity per Flowwas the default design
15
Fairness - Where is the Internet now?
The Internet is still equal capacity per flow under congestionComputers, not users, now generate flows today– Any process can use any number of flows– P2P takes advantage of this using 10-1000 flows
Congestion typically occurs at the Internet edge– Here, many users share a common capacity pool– TCP generally expands until congestion occurs– This forces equal capacity per flow – Then the number of flows determines each users capacity
The result is therefore unfair to users who paid the same
P2P FTP
16
Typical Home Network Access
Internet Service Providers provision for average useAverage use today is about 100 Kbps per subscriberWithout P2P all users would usually get the peak TCP rate With >0.5% P2P users, average users see much lower rates
1,00
0 U
sers
10
Mb
ps
pea
k r
ate
100 Mbps INTERNET100 Kbps Average / User
17
Internet Traffic Recently
Since 2004, total traffic has increased 90% per year, about average – P2P has increased 91% per year – Consuming most of the capacity growth– Normal traffic has only increased 22% per year –Significantly slowdown from past
Since P2P slows other traffic 5:1, users can only do 1/5 as much This may account for the normal traffic growth being about 1/3 what it should be with normal growth
World Internet Traffic - History
0
500
1000
1500
2000
2500
3000
3500
2000 2002 2004 2006 2008
Pe
taB
yte
s p
er
mo
nth
Normal Traffic
P2P
18
Deep Packet Inspection (DPI) Fails to Stop P2P
DPI currently main defense – but recently has problems with encrypted P2P– Studies show it detects < 75% of P2P – reducing the P2P users from 5% to 1.3%– As P2P adds encryption, DPI detection misses 25% already and encryption growing– Remainder of P2P simply adds more flows, again filling capacity to congestion
Upstream Capacity UsageAsymetric DSL ISP
0
5
10
15
20
25
No Regulation DPI Filtering Equalization
Mb
ps Wasted
P2P Users
Ave. Users
Result – Even ½ % P2P still overload the upstream channel– This slows the Average Users acknowledgements which limits their downstream usage
User Equalization based on flow rate management solves problem
19
A New Fairness Rule
Inequity in TCP/IP – Currently equal capacity per flow– P2P has taken advantage of this, using 10-1000 flows– This gives the 5% P2P users 80-95% of the capacity– P2P does not know when to stop until it sees congestion
Instead we should give equal capacity for equal pay – This is simply a revised equality rule – similar users get equal capacity– This tracks with what we pay– If network assures all similar users get equal service, file sharing will find the
best equitable method – perhaps slack time and local hosts
This is a major worldwide problem– P2P is not bad, it can be quite effective– But, without revised fairness, multi-flow applications can take capacity away
from other users, dramatically slowing their network use– It then becomes an arms race – who can use the most flows
20
P2P Control with Flow Management
These are actual measurements showing the effect of controlling P2P traffic as a classIn this case, all P2P was limited to a fixed capacity, then equalized for fairnessP2P was reduced from 67% to 1.6% Normal traffic then increased by 4:1
Normal & P2P Traffic - Before & After Anagran Control Measured from a University Wireless Area
0%10%20%30%40%50%60%70%80%90%
100%
5:48 5:52 5:57 6:01 6:05 6:09 6:13 6:17Time (AM)
Tra
ffic
% P2P Normal
Control OnControl Off
21
Why is it Important to Change Fairness Rule?
P2P is attractive and growing rapidlyIt cannot determine its fair share itself The network must provide the fair boundaryWithout fairness, normal users will slow down and stallMulti-flow applications will be misled on economics– Today most P2P users believe their peak capacity is theirs– They do not realize they may be slowing down other users– The economics of file transfer are thus badly misjudged– This leads to globally un-economic product decisions
User equality will lead to economic use of communications
22
Network Security
Wireshark users know the value of watching communicationToday the network is open and uncheckedAll security is based on “flawless” computer systemsThis needs to change - the network must helpFinding Bots is best done watching network trafficKnowing who is trying to connect can help stop penetrationAllocating high priority capacity requires authentication– Emergency services, critical services, paid services
High value services need authentication, not passwords– On-line banking, credit transactions, etc.
23
Authentication Security Program
New DARPA project will allow users to be authenticatedThe network can insure source IP address is not fakedThe network can assign user based priorities– Emergency services needs priority– Corporations have priority applications
The recipient can know who is trying to connect– Filter out request from un-authenticated sources– Control application access to specific users
Today security is based on fixing all computer holesNetwork assistance greatly reduces the threat
24
DARPA Secure Authentication Program
Sender ReceiverNC
NC
NCNC
AAA Server
User Log-in: NC identifies self to AAA, gets SH & Key
Each Flow Start: SH sent to NC
First Packet: NC checks user via SH with AAA, get Key & priority
Each Flow Start: SH checked by NC using Key
SH = Secure Hash (Identifies
user when hashed with Key) Each Flow Start: User can be checked with AAA using SH
• Network finds users priority & QoS info from AAA server• Receiver can check user ID if allowed & reject flow if desired• Intermediate NC’s can also check users priority & QoS• Result: Users ID securely controls network access & priority
NC=Network Controller
25
The New Network Edge – Flow Management
Flow Management at the ISP edge can:– Insure fairness – equal capacity for equal pay– Eliminate overload problems (TCP stalls and video artifact)– Add authentication security to network
All these benefits at much lower cost & power vs. DP
40 Gbps capacity in 1 RU with Anagran
26
Summary
Today’s IP Networks need improvementFairness is poor – 5% of users take 80% of capacity– The cause is the old rule of equal capacity per flow– This needs to change to equal capacity for equal pay
Response time and QoS suffer from random discards– Web access suffers from unequal flow rates, TCP stalls– Video suffers from packet loss and TCP stalls– Voice suffers from packet loss and excessive delay
Security could be improved if network did authentication– Avoid unknown users penetrating computers– Permit priority for emergency workers, critical apps
Flow Management allows these improvements at lower cost