1 / 36

Building Networks: Engineering for Objectives

Building Networks: Engineering for Objectives. Fred Baker Cisco Fellow. Economic news. The economists think it’s good news Enterprise starting to show growth Slow but apparently solid Service Provider market should follow growth of its customer markets

damian-blair
Download Presentation

Building Networks: Engineering for Objectives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building Networks:Engineering for Objectives Fred Baker Cisco Fellow

  2. Economic news • The economists think it’s good news • Enterprise starting to show growth • Slow but apparently solid • Service Provider market should follow growth of its customer markets • Not so important to NRENs per se, but important to the service provider marketplace

  3. Questions from the Service Providers: • What will spur more utilization, and therefore revenue? • New applications that consume bandwidth • How can I reduce service to traffic that is costing me money? • New applications in which users are servers but don’t pay for the bandwidth

  4. Technology on the upswing • So I’m thinking: • “If I were a service provider, and I was starting to plan future deployments, what would be at the top of my list?” • Key issues: “more bang, less buck” • It would come down to how I might best meet increasing customer needs while reducing the cost of deploying and managing the service. • I would also be looking at ways to extract more money from existing services.

  5. Advancement into Next Generation Applications

  6. Peer to Peer application models Morpheus, Gnutella, etc Multiparty Games Interactions modeled on Flight Simulator, video combat games Growing applications

  7. Service Providers: “We want to entertain you” Client/Server applications in which many users access relatively few servers at hosting sites Video on Demand Application Designers: “Facilitate us entertaining ourselves and each other” Peer to peer model Server in the home Morpheus, Gnutella, Gaming Service model mismatch

  8. Worms, viruses Intent is to destroy the network Access control required to analyze and eliminate Unauthorized Access Use your machine for unintended purposes Peers in games Can I signal directly rather than to a server? Can I control who I send content to, or who uses it? Intellectual property issues Authentication/Authorization dichotomy

  9. We trust people to access servers and do limited operations on them Client/Server Access control

  10. Model with all the same access control and therefore accountability Utilizes compute capability of peer computers to perform game Peer-peer access control model

  11. Here’s the hard part • I have to be able to address the peer computers across perimeter security (global addresses) • I have to be able to keep out the bad guys • Good intrusion detection and avoidance • I have to be able to convince Mom, Dad, and the service provider that this is OK • We have to manage IPR issues related to content • There is no global PKI, and won’t be in my lifetime

  12. Advancement into Critical Infrastructure

  13. Networks coming to the party • Emergency Telecommunications System (ETS) • ITU I.225.3 Communications Networks • DISA Converged VoIP network • US NCS telecommunications network

  14. The optical internet backbone Gigabit to terabit links Access networks xDSL, cable modem, ISDN, asynchronous dial 20,000 instantaneous sessions per GBPS backbone bandwidth Today’s Internet Campus Networks (LANs) UoSAT-12 Internet in Airlines

  15. Preferential treatment Security Non-traceability Restorability International connectivity Interoperability Mobility Ubiquitous coverage Survivability Voice service Broadband service Scalable bandwidth Affordability Reliability What are their objectives?

  16. Preferential treatment • Specific [telephone] calls get reserved bandwidth or preempt other calls • Data streams have variable drop thresholds • Able to change routing and applications in the face of serious failure or loss

  17. “Security” • Authentication • Authorization • Control of traffic's use of bandwidth • Privacy using advanced encryption

  18. Interesting Routing • “Non-traceability” • Specialized requirement for anonymity servers • “International connectivity” • Connects to international carriers • “Interoperability” • Connects to government networks • Ubiquitous coverage • Works everywhere

  19. “Mobility” • Transportable • Redeployable • Mobile

  20. “Survivability” • Robust under extreme load • Ability to re-route preferentially

  21. Target services • Voice service • Web data distribution • Database transaction services • Instant messaging • Broadband service

  22. “Scalable bandwidth” • An interesting point • They don’t ask for specific bandwidth or interconnection services • They want to be able to use whatever exists

  23. “Reliability” • Perform consistently • Availability • Meets design requirements and specifications • Usable with high confidence

  24. Key technologies

  25. Data stream routing • OSPF DSCP routing? • Secure routing technologies

  26. VPNs of various types • CPE IPSEC VPNs • BGP/MPLS VPNs • L2TP Occasional Access VPNs

  27. Key point: Interoperable with SS7 Able to tunnel calls from SS7 domain to SS7 domain Able to originate or terminate calls that might operate in those domains Voice call management PSTN PSTN

  28. Security • Strong authorization • Strong authentication • Various layers

  29. Resilience to attack • Issues: • Denial of service • Intrusion detection • There is room for a service offering here • Sell as a service that you will detect potential attacks and notify the customer • Expect this to include offering assistance: • Customer will want attack mitigation • Law enforcement will want attack tracing

  30. Need Stateless authenticator with no active attribute database Peer exchange of attributes Scalable Key Infrastructure Authenticator Authenticated exchange of attributes

  31. Lawful intercept • Traffic data = netflow? • Content intercept

  32. ” Real-time collection of traffic data • Each Party shall… • … compel a service provider, within its existing technical capability, to: • i. collect or record … • traffic data, in real-time, associated with specified communications in its territory transmitted by means of a computer system. http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm

  33. ” Cybercrime treaty, Article 21 • Each Party shall … • a.     collect or record … • b.     compel a service provider… • i.     collect or record … • ii.     co-operate … in the collection or recording of, • content data, in real-time, of specified communications in its territory transmitted by means of a computer system. http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm

  34. Conclusions

  35. Technology deployment necessary • Many of these technologies exist, but are not generally thought of as “services” • Need to think through service provider deployment issues • Often not “quick fixes”

  36. Working Smarter Fred Baker Cisco Fellow

More Related