Highly Available, Resillient and Robust Internet Infrastructure Components

May 06 2018

Alternatives to current legacy core infrastructure have to be developed in order to structurally increase resilience and robustness of Internet at a systemic level. This would provide an opportunity for fixing Internet's known fundamental architectural weaknesses and applying lessons learned in the lowest possible layer, resultantly, the whole dynamics of currently considered undefeatable threats such as distributed denial of service by botnets and mass surveillance can be changed as well providing a lasting answer from the catalogue of threats dangerous to Internet resiliency. Another benefit is in the high availability of Internet services, be it network or application related. Therefore, the NGI goal should be to ensure high availability, resilience, openness and disruption tolerance by providing a resilient, robust and secure routing and transport layer.

NGI Study Reports recognize alternative core infrastructure with following traits/components to be a feature of Next Generation Internet. A primary challenge for these innovations would be to evolve from testbed and technical specification form, and be deployed in a realistic manner. Improving Maintainability and Deployability is therefore vital to achieve that means – without a strong global deployment strategy inside operating systems, routers and management software, alternative infrastructures do not stand a chance.

  • Partitioning/scope isolation
    The ability to segment parts of the network in such a way that issues in one part have no side effects in other parts, which would allow for uninterrupted use outside of any affected areas.
  • Redundancy
    Multiple independent alternatives should be provided to avoid quality degradation and single points of failure. For instance, ubiquitously combining multiple user access networks in parallel, a practice generally referred to as multihoming.

  • Abuse Handling
    An important part of maintaining high availability is streamlining and automating how incidents are detected and handled across the network, especially in strongly connected parts or functions. Such a practice would make the overall system more secure because it allows for increased responsiveness to changing operational conditions, particularly in time of emergency.

  • Rooting out spoofing and amplification attacks
    Internet is not very immune to attacks and with minimum efforts can be weaponised to attack itself, citing an amplification attack example that old Internet protocols are still in common usage which will happily answer every request with a response over 4000 times larger. Spoofing therefore has to be kept out from NGI as it provides attackers a huge advantage over those that have to keep their systems up and running.

  • Smarter asset distribution (less fragile and invasive)
    Distributed alternatives to obtaining digital assets from a single source should be provided to make the NGI more robust in the context of various threats, outbreaks and downtimes. Given the common and transverse nature of this issue critical to and affecting all actors from service-providers and ISPs to clients, complementary alternatives therefore should be developed and provisioned in parallel. This could be from the server-end through means like geo-distributedness, through network or service-provider means such as CDN and VPN, or at client-side through caching and providing alternative native as well as 3rd party software to access web resources as discussed in detail in this discussion.

There are a number of ongoing and relevant smaller and larger initiatives that may contribute to the goal of alternative infrastructure, such as the SCION architecture, ARPA2, DPDK and Open Optical Packet Transport.

Facebook Twitter Linkedin