The lean and antifragile data centre

In this third part of my interview with Pete Cladingbowl we consider how the current Internet may be transcended with richer architectures and models that better align to physical and social reality.

Part 3 – A new Internet architecture & politics

Many data centres service Internet users. When you look at today’s Internet, what do you see?

When we look at the Internet as infrastructure, we see significant achievements in what we can do for individual networks and data centres. The problem is the system as a whole has fundamental flaws when it comes to isolating users (and their flows) from each other.

The Internet is a hot bed of innovation with a constant steam of new business and services being created. Yet it has some serious limitations in terms of security, scalability and performance. These problems come from its core engineering, a single address space, lack of sufficient IPv4 addresses, its “best endeavours” offer of quality.

The Internet we have today is a first generation technology. Why would you expect it to perform better? Basic building blocks like Border Gateway Protocol (BGP) were “designed” on a napkin over lunch. That was great for the need at the time and it has severed us very well, but is not good enough for the future. It’s time to move on.

The Internet needs a rebuild. We don’t need to throw it away, but rather need to overlay it with new structures. For instance, a basic structure is when we connect to it, we are forced to be connected to everything. Every device is out there ready to be trolled and attacked. We need new methods so that we can be connected to just one place.

What might a future Internet look like?

We see with Recursive Internet Architecture (RINA) a new kind of internetwork, one that naturally aligns to social units. There is the subnet of the individual’s body and personal area network (PAN), their home and family, then the school or workplace. These software-defined subnets are protected in RINA: you can’t get in without being invited.

You can connect to more subnets at wider scopes as needed, more like how people always have connected in the physical world. New architectures like RINA mean we can move back to protecting ourselves, and our friends and families. These are the true “social networks”, not from an application perspective, but reflecting social and geographic connections between people.

A real Internet is a internetwork of independent subnetworks, at all scales. It should not be lots of networks glued edge-to-edge into one “flat” ubernetwork, and all forced to into a protocol monoculture. The result with the Internet is an atrocious security situation: a child on WiFi is exposed to everything in the world, all of the time, with no choice or control.

Soon you will have a PAN over you and inside you, to monitor your health and wellbeing. You don’t want that to connect to any and every LAN as you walk down the street. There has to be some security around which access points it associates to and can route through. That means we need to have a new fundamental organising unit that has built-in security.

I believe that the Internet of the future will have strong perimeter security aligned to our physical and social reality, with layers of security to protect us from attackers. This is a proactive security, different from a reactive firewall. Today you are connected to everything until you disconnect. That model has to change.

In future you will decide whether to connect your PAN to your family network. Going wider, you can choose to link your family network to your sports club one, to your school, to your company. You can even connect it to Google’s security domain, no problem. But then you (or your avatar) decides whether to establish an association with the Web page server that Google has proposed. It needs to be an opt-in for a packet flow to even be possible so control is with the end user not the service or content provider.

This new paradigm means we have to start thinking of network security as being inseparable from physical security. Today we are happy to connect to the Internet, but that’s like handing the keys to your digital front door to everyone in the world. We can’t fix things by adding layers of protection to the “rooms” inside the virtual building.

Security needs to be designed-in. What else needs to change?

There will be other parallel changes we see. For instance, we are running out of IPv4 addresses, and IPv6 routing isn’t going to scale due to fundamental design problems. So the core of the current Internet is going to crash due to router table size growth, and we’re seeing it already happening.

The way we manage quality will also change. At any one instant there are a gazillion “back cygnets” of buffers filling inside the Internet, and you can’t see them. The result is an embarrassment from an engineering perspective – we can’t do basic things like reliable voice and video. Whilst we can send a probe to Mars, we can’t flow a reliable video stream to a house. Who doesn’t suffer from the “mother buffer”, that circle counting down the time needed to fill the buffer?

The places from which we manage these flows will also shift from being purely “edge” based. We will see content delivery network (CDN) caches and home gateway and media servers take a greater role, for instance, in orchestrating flows by integrating the compute, content and control..

The idea of one monolithic Internet is also disappearing fast. With new architectures like RINA we can attach to any number of overlay (inter)networks simultaneously. There will be content delivery networks which define their own subnets. Communities will build private ad-hoc networks. There will be different types of transmission capacity used as building blocks, not just fixed broadband lines and cellular connections.

In the future we will connect to parts of the world for a period of time for a purpose, not all the time to everyone. Integrity, availability, security, performance, privacy and confidentiality will become engineered-in, rather than afterthoughts.

This all sounds like a radical change to cyberspace! Where might it lead us?

Let’s take an example. In RINA there is the idea of “virtualised communications container” called a Distributed Inter-process communications Facility (DIF). As a rough approximation, what a hypervisor does for cloud computing, this does for cloud communications. The control over these DIFs (a kind of software-defined subnetwork) will become much more important.

These virtual subnets define a new kind of cloud geopolitics, with its associated power games, shifting alliances and borders. You can think of it as being the digital version of the emergence of nation states, where we had kings who conquered countries, so they could rule more territory. This “virtual” terrain, defined by DIFs, likewise offers an extremely powerful organising mechanism that will allow individuals and communicates to self-organise rather than be connected by corporations.

Part 4: A new intelligent network emerges