Document: Internet2 Security - Reconnections internet2-reconnections-overview-2006 Workshop 05.html http://security.internet2.edu/rtp/ Copyright © 2006 by Internet2 and/or [1]Released: May 12, 2006 the respective authors Questions and comments are welcome and may be directed to . Reconnections Workshop: Executive Overview ========================================== *1. PURPOSE * IT practitioners and researchers from the higher education community and industry gathered in the Fall of 2005 to discuss problems with the current Internet, what the Internet of 2015 should look like, and strategies for getting from here to there. As the conversation evolved, a central theme of "manageability" emerged. The workshop was convened to bridge the gap between the community responsible for running today's research and education networks and those shaping next generation networks. The hope is that by involving those with responsibility for deployment and management in the design stages, the fundamental concept of manageability can be incorporated more fully into the final result. *2. MOTIVATION* Security, manageability, reliability and scalability of networks are key challenges that have led to a broad use of expedient patchwork remedies due to architectural limitations in the current Internet. In particular, security requirements leading to the use of pervasive "traffic disruption appliances" such as firewalls, network address translation devices (NATs) and traffic shapers have caused major application level difficulties. Application developers, in an effort to preserve functionality or bypass security restrictions for users have responded with an increased use of tunnels and encryption. This has resulted in a dysfunctional spiral, that in turn, has reduced sharply the ability of network operations staffs to understand what is happening on their networks and to manage and control them appropriately. All signs are that this "arms race" between attackers and network operators will continue to escalate. The challenge for CIO's is that the network is fundamental to university operations, any disruption of service has significant impact, whether this is network failure or application failure. If we persist in responding by adding more complexity to the network core, the rate of silent application failure will continue to increase and our current troubleshooting challenges will only worsen. The consequence has been significant re-consideration of such original assumptions about the Internet as transparency, seamless end-to-end connectivity, high availability and core simplicity. *3. THEMES * Many themes emerged from the workshop. Four of the more significant ones were transparency, silent failure, social norms and economics. For reasons already noted the core design criterion for the current Internet of end-to-end transparency has been significantly compromised by increased security needs. One remedy that was discussed might be in "trust mediated transparency." Where degrees of trust can be established so can degrees of transparency. As transparency has slipped away, application failures that result directly from policy enforcement have increased sharply. Users are unable to get useful feedback when firewalls and router access control lists cause traffic to be dropped and when traffic shapers cause their throughput to drop -- their applications experience silent failure. The original Internet was conceived, implemented and deployed in a largely homogeneous community. The issues were overwhelmingly technical, not social. The broadened scope of today's Internet invites everyone to participate, but this ubiquitous interconnection and the ephemeral and anonymous nature of the digital persona lays bare the opportunity to avoid traditional social restraints. Some believe that key issues in the social contract must be brought to the Internet. We desire an economic climate that encourages growth, innovation and visionary risk-taking, but the basic nature of a packet switched network makes the development of economic models for its use inherently difficult. What do ISPs sell? What do we buy? Many vendors are starting to believe the core Internet value proposition is that control of the network infrastructure allows for some degree of control of the content passing through it. How do we provide vendor-neutral economic opportunities? *4. CLEAN SLATE APPROACH * With DARPA funding, a select group of institutions collaborated to define a next generation Internet architecture (http://www.isi.edu/newarch/) . The final report of this group was published in December, 2003. With this work as a reference point the NSF recently announced the GENI initiative to build a testbed to assess revolutionary network designs. FIND is a separate, broader research effort, which would benefit from the use of this infrastructure. Together, these projects form the biggest opportunity yet to challenge some of the basic assumptions on which the original Internet was built. *5. RECOMMENDATIONS * This workshop did not provide answers to the ultimate question of future Internet design, but it did shed light on the issues, and possible next steps. The wide range of suggestions and presentations at Reconnections confirmed the need for some immediate efforts to fix certain aspects of the current Internet, and the enticing opportunities that result from throwing away the requirement for backward compatibility. It is hard to envision a strategy of incremental improvement that would lead to an elegant solution to today's conflicting connectivity requirements, especially since creating such a solution appears to be very challenging even in a clean-slate context. The Internet must change. To what extent that change is evolutionary vs. revolutionary remains to be seen, but even evolutionary efforts need to be guided by a better sense of the ideal goal. Hence the importance of approaching the problem along parallel tracks with a shared vision for the future. *6. DETAILS * Details of the conference, participants and references can all be found at http://security.internet2.edu/rtp/ Questions and comments are welcome and may be directed to . 1: http://security.internet2.edu/rtp/%20 2: mailto:reconnections-comments@internet2.edu