Upload
damian-blair
View
15
Download
1
Embed Size (px)
DESCRIPTION
Building Networks: Engineering for Objectives. Fred Baker Cisco Fellow. Economic news. The economists think it’s good news Enterprise starting to show growth Slow but apparently solid Service Provider market should follow growth of its customer markets - PowerPoint PPT Presentation
Citation preview
1© 2002, Cisco Systems, Inc. All rights reserved.
KeynoteTerena 2002
Building Networks:Engineering for Objectives
Fred Baker
Cisco Fellow
222© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Economic news
• The economists think it’s good news
• Enterprise starting to show growth
Slow but apparently solid
• Service Provider market should follow growth of its customer markets
Not so important to NRENs per se, but important to the service provider marketplace
333© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Questions from the Service Providers:
• What will spur more utilization, and therefore revenue?
New applications that consume bandwidth
• How can I reduce service to traffic that is costing me money?
New applications in which users are servers but don’t pay for the bandwidth
444© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Technology on the upswing
• So I’m thinking:
“If I were a service provider, and I was starting to plan future deployments, what would be at the top of my list?”
• Key issues: “more bang, less buck”
It would come down to how I might best meet increasing customer needs while reducing the cost of deploying and managing the service.
I would also be looking at ways to extract more money from existing services.
5© 2002, Cisco Systems, Inc. All rights reserved.
KeynoteTerena 2002
Advancement into Next Generation Applications
666© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Growing applications
• Peer to Peer application models
Morpheus, Gnutella, etc
• Multiparty Games
Interactions modeled on Flight Simulator, video combat games
777© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Service model mismatch
• Service Providers:
“We want to entertain you”
Client/Server applications in which many users access relatively few servers at hosting sites
Video on Demand
• Application Designers:
“Facilitate us entertaining ourselves and each other”
Peer to peer model
Server in the home
Morpheus, Gnutella, Gaming
888© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Authentication/Authorization dichotomy
• Worms, viruses
Intent is to destroy the network
Access control required to analyze and eliminate
• Unauthorized Access
Use your machine for unintended purposes
• Peers in games
Can I signal directly rather than to a server?
• Can I control who I send content to, or who uses it?
Intellectual property issues
999© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Client/Server Access control
• We trust people to access servers and do limited operations on them
101010© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Peer-peer access control model
• Model with all the same access control and therefore accountability
• Utilizes compute capability of peer computers to perform game
111111© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Here’s the hard part
• I have to be able to address the peer computers across perimeter security (global addresses)
• I have to be able to keep out the bad guys
Good intrusion detection and avoidance
• I have to be able to convince Mom, Dad, and the service provider that this is OK
• We have to manage IPR issues related to content
• There is no global PKI, and won’t be in my lifetime
12© 2002, Cisco Systems, Inc. All rights reserved.
KeynoteTerena 2002
Advancement into Critical Infrastructure
131313© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Networks coming to the party
• Emergency Telecommunications System (ETS)
• ITU I.225.3 Communications Networks
DISA Converged VoIP network
US NCS telecommunications network
141414© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Today’s Internet
• The optical internet backbone
Gigabit to terabit links
U N I V E R S I T YU N I V E R S I T Y
• Access networksxDSL, cable modem, ISDN, asynchronous dial
20,000 instantaneous sessions per GBPS backbone bandwidth
Campus Networks (LANs)UoSAT-12
Internetin Airlines
151515© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
What are their objectives?
• Preferential treatment
• Security
• Non-traceability
• Restorability
• International connectivity
• Interoperability
• Mobility
• Ubiquitous coverage
• Survivability
• Voice service
• Broadband service
• Scalable bandwidth
• Affordability
• Reliability
161616© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Preferential treatment
• Specific [telephone] calls get reserved bandwidth or preempt other calls
• Data streams have variable drop thresholds
Able to change routing and applications in the face of serious failure or loss
171717© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
“Security”
• Authentication
• Authorization
• Control of traffic's use of bandwidth
• Privacy using advanced encryption
181818© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Interesting Routing
• “Non-traceability”
Specialized requirement for anonymity servers
• “International connectivity”
Connects to international carriers
• “Interoperability”
Connects to government networks
• Ubiquitous coverage
Works everywhere
191919© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
“Mobility”
• Transportable
• Redeployable
• Mobile
202020© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
“Survivability”
• Robust under extreme load
• Ability to re-route preferentially
212121© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Target services
• Voice service
• Web data distribution
• Database transaction services
• Instant messaging
• Broadband service
222222© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
“Scalable bandwidth”
• An interesting point
They don’t ask for specific bandwidth or interconnection services
They want to be able to use whatever exists
232323© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
“Reliability”
• Perform consistently
• Availability
• Meets design requirements and specifications
• Usable with high confidence
252525© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Data stream routing
• OSPF DSCP routing?
• Secure routing technologies
262626© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
VPNs of various types
• CPE IPSEC VPNs
• BGP/MPLS VPNs
• L2TP Occasional Access VPNs
272727© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Voice call management
• Key point: Interoperable with SS7
Able to tunnel calls from SS7 domain to SS7 domain
Able to originate or terminate calls that might operate in those domains
PSTN
PSTN
282828© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Security
• Strong authorization
• Strong authentication
• Various layers
292929© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Resilience to attack
• Issues:
Denial of service
Intrusion detection
• There is room for a service offering here
Sell as a service that you will detect potential attacks and notify the customer
Expect this to include offering assistance:
Customer will want attack mitigation
Law enforcement will want attack tracing
303030© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Scalable Key Infrastructure
• Need
Stateless authenticator with no active attribute database
Peer exchange of attributes
Authenticator
Authenticated exchange of attributes
313131© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Lawful intercept
• Traffic data = netflow?
• Content intercept
323232© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Real-time collection of traffic data
Each Party shall…
… compel a service provider, within its existing technical capability, to:
i. collect or record …
traffic data, in real-time, associated with specified communications in its territory transmitted by means of a computer system.
“
”http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm
333333© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Cybercrime treaty, Article 21
Each Party shall …
a. collect or record …
b. compel a service provider…
i. collect or record …
ii. co-operate … in the collection or recording of,
content data, in real-time, of specified communications in its territory transmitted by means of a computer system.
“
”http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm
353535© 2002, Cisco Systems, Inc. All rights reserved.Terena 2002
Technology deployment necessary
• Many of these technologies exist, but are not generally thought of as “services”
• Need to think through service provider deployment issues
Often not “quick fixes”