未来网络发展与新技术挑战 - EOLfree.eol.cn/edu_net/edudown/20metting/2704lixing.pdf ·...
Transcript of 未来网络发展与新技术挑战 - EOLfree.eol.cn/edu_net/edudown/20metting/2704lixing.pdf ·...
1
未来网络发展与新技术挑战
清华大学
李星
2014-11-27
2
大纲
•回顾
•挑战
•机遇
•人才
3
20周年
4
1983-1991
• Bitnet
• Uunet
• Internet
› machanzi
55
1994年
You need a router!(思科1994年北京办事处的广告图片)
6
CERNET 拓扑
X.25
4500
2500
2500
25002.4K-9.6K
10 PoPs
Shenyang
Xi’an
ChengduShanghai
Beijing
Guangzhou
Nanjing
Wuhan
Shenyang
Xi抋n
Chengdu
Shanghai
Beijing
Guangzhou
Nanjing
Wuhan
1994 1995 1997
2004 20142000
徐闻
长春
哈尔滨
乌鲁木齐
拉萨
西宁兰州银川
呼和浩特
台北
沈阳
南昌
西安 徐州
武汉 合肥
郑州
石家庄
北京
南宁
广州
福州
杭州
上海
南京
天津
贵阳
海口三亚
湛江
无锡
大连
太原 济南 烟台
成都
长沙
重庆黄梅
九江
昆明
青岛
汕头
唐山
汉中
宜昌
珠海
深圳
惠州
柳州
百色 厦门Backbone Regional
GigaPop
Pop
桂林
深圳
77
CERNET主干网带宽的发展
年份 主干带宽
1994年 2.4K X.25
1995年 64K DDN
1997年 4M SCPC
2000年 155M SDH
2002年 2.5G DWDM
2004年 2.5G/5G DWDM
2005年 2.5G/5G/10G DWDM
2007年 2.5G/10G/20G DWDM
2014年 10G/100G DWDM
20年速率增长4千万倍
8
1994 (1)
• TCP/IP› X.25/FR
› DDN
› VSAT
• ATM
9
1994 (2)
• Single router
• Cascade routers
R7主干网 地区网
R71主干网 地区网R7
10
1997 (1)
• DDN
• VSAT
11
1997 (2)
•包月
•流量计费
国内国际出
国际入
12
2010
• SDH
• Ethernet
13
2011
• 10G/100G mixed
• 100G-only
14
CNGI-CERNET2 拓扑
BJ
SHGZ
2003 20061997
IPv6-only backbone
15
2004
• Dual stack
• IPv6-only
16
CERNET IPv6过渡技术演进
Translation
IVIBi-direction Stateless
Translation
IETF Behave WG
Dual-StackNFSCNET
IPv6 only
CERNET2 • 200 universities
• 2M subscribers
Tunnel
IPv6 over IPv4CERNET-6Bone
Tunnel
IPv4 over IPv6IETF softwire WG
IPv4CERNET
• 2000 universities
• 20M subscribers
1994 2000 2004 2005 20111998 2007
MAP-T/MAP-EDouble stateless translation
IETF Softwire WG
17
net-compass/cool-audio
18
挑战
• Net-neutrality
› Business model
• Ossification of the Internet protocols
› NAT and slow deployment of IPv6
• Fragmentation of the Internet
› Pervasive surveillance and national firewalls
19
OTT Customer demand
Data traffic
Data ARPU
Network service challenges
20
Network service microeconomics
Flat rate
Lost revenue
opportunity
Multiple services
offers are enabled
by policy-enforced
QoS
Best effort public Internet Service enabled E2E
users
price price
users
21
Traffic mix
Research
Elephant flows
Enterprise flow
Mice flows
Student and staff
ant flows
22
Internet2网络结构
23
互联网的基本性质
• 带宽是有限资源
• 用户对带宽的使用是幂率分布
• 大带宽的应用依然符合泊松分布
24
Ordinary User Heavy User
Non-VIP User VIP User
Address Switching
Power Law80% users
20% traffic
20% users
80% traffic
Non-VIP service VIP service
(a)
(b)
地址交换概念
25
缺失的链条
• 没有区分用户
› Different address, different
service
» VIP
» Non-VIP
• 没有良好定义的带宽预约控制
› VIP bock: /30 30Mbps
• 没有准入控制
› Soft-switch
› Blocking ratio
26
End
system
Softswitch
End
system
Admission
Control
Gateway
(a)
Other AS Own AS
(b)
(c)
(d)
(e)
(f)
地址交换技术模块
http://info.scichina.com:8083/sciFe/EN/article/downloadArticleFile.do?attachType=PDF&id=413824
27
交换技术比较
电路交换 虚电路交换无连接分组交换
地址交换VIP 尽力而为
28
地址交换技术案例
29
网络体系结构发展
ISDN
X.25
FR
ATM
IPv4
IPv6
OSI
DECNET
AppleTalk
IPX
电路交换
虚电路交换
无连接分组交换
FN
SNA
FI IP
非IP
SDN
80/443
30
固化
•地址
› IPv4地址没有了
› IPv6地址申请一次就够了
•域名
› App对于域名不敏感
•协议
› 退化为TCP 80/443
31
互联网演进过程的窄腰形态变化
32
Hourglass (1)
33
Hourglass (2)
34
Hourglass (3)
35
Hourglass (4)
36
RFC、草案
• RFC6052, IPv6 Addressing of IPv4/IPv6 Translators, 2010-10• RFC6144, Framework for IPv4/IPv6 Translation, 2011-04• RFC6145, IP/ICMP Translation Algorithm, 2011-04• RFC6219, The China Education and Research Network (CERNET) IVI
Translation Design and Deployment for the IPv4/IPv6 Coexistence and Transition, 2011-05
• RFC6791, Stateless Source Address Mapping for ICMPv6 Packets, 2012-11
• draft-ietf-softwire-map-t-04, Mapping of Address and Port using Translation (MAP-T)
• draft-ietf-softwire-map-09, Mapping of Address and Port with Encapsulation (MAP)
• draft-ietf-softwire-map-dhcp-06, DHCPv6 Options for configuration of Softwire Address and Port Mapped Clients
37
IVI dIVI
MAP-T
MAP
MAP-DHCP
MAP-T
LW4o6
MAP-E
464XLAT
DS-Lite
IVI
dIVI-PD
NAT64
RFC2766
RFC6052, RFC6145
RFC6146
RFC6333 (14)
RFC6346
RFC2529
RFC1933
RFC3056
RFC6877
RFC5969
RFC5214
RFC4380
IETF 过渡标准演进
38
双重翻译、封装
IPv4
IPv6
Transport
Link
IPv4
Transport
Link
IPv4
Transport
Link
IPv6
Transport
Link
ORIPv4
Native IPv6 InfrastructureCE BR
MAP MAP
MAP-E MAP-T
RFC2473 RFC6145
39
无状态、有状态
40
IPv6过渡技术实施案例
IPv4 VMs
IPv6 VMs
41
习近平总书记指示
•“网络安全和信息化是事关国家安全和国家发展、事关广大人民群众工作生活的重大战略问题”
•“没有网络安全就没有国家安全,没有信息化就没有现代化”
•“建设网络强国的战略部署要与‘两个一百年’奋斗目标同步推进”
42
•Internet will be entering a turbulent period›斯诺登揭开NSA黑幕
›美国道义与威信丧失
›欧盟着手建立“欧洲通讯网”
斯诺登事件
43
Who will decide your rights in the cyberspace
• 1970s – 1990s:
Rules have been set through “RFC” by a small group of
engineers.
• 1998 – up to now:
Rules have been set through “ICANN” (Private Org) and
IETF, IAB, RIRs, others (CNNIC, JPNIC, KRNIC, etc) through
“Policies” in the name of “consensus”
• Future:
Will Rules be set by “Gov’ts or Private Orgs” through
“national treaties or policies”????
44
• 1998. 2 Green Paper
• 1998. 6 White Paper
• 1998. 10 ICANN Board
• 1998. 11 ICANN Bylaws
Agreement with US Government (NTIA/DOC)(National Telecommunications and Information Administration)
Self-Governance, Self-Regulation (International) ??
Government Initiatives (US Government)
45
美国政府计划移交互联网管理权
46
NTIA (ICANN SG meeting)
• US government’s role in IANA is purely clerical• 4 key principles – and that's it
› Support and enhance the multistakeholder model› Maintain the security, stability, and resiliency of the Internet DNS› Meet the needs and expectation of the global customers and partners of
the IANA services, and› Maintain the openness of the Internet
• Governments are only one stakeholder and cannot be in charge• Answer to the transition lies in IANA's 'customers'• US domestic politics is a factor• The bigger picture is developing countries and the
multistakeholder process• ICANN accountability is something for the community to figure
out
47
NTIA (IGF USA July 16)
• Our work on Internet policy is guided by three simple principles› First, we support the Internet as a platform for economic growth. In doing so,
we focus on both increasing the number of Internet users worldwide and encouraging more intensive use by existing users.
› Second, we support the Internet as a platform for innovation. In doing so, we seek to develop policies that are flexible, creative, and rapidly adaptable to fast changing technology.
› Third, we view the Internet as our client, not any one set of stakeholders. So, in developing policy, we must balance the competing interests of users by focusing on what policies best support economic growth and innovation.
• The two key concepts we apply in support of growth are maintaining and increasing the trust of users to the Internet and expanding the global reach of the Internet economy.
• To support innovation, we want to make sure that policymaking is flexible and adaptable, which is why we are such a strong supporter of the multistakeholder model of Internet governance.
48
NTIA (American Enterprise Institute July 22)
• Let me explain why this is the right move at the right time› First, as ICANN has performed the IANA functions over the years, it has matured as an organization and has taken important steps to improve its accountability and transparency as well as its technical competence.
› Second, as witnessed so strongly in the past several months, international support has continued to grow for the multistakeholder model of Internet governance. And as a result, many of the Internet’s key stakeholders, including Internet firms like Google; communications providers like AT&T and Cisco; and civil society groups such as Human Rights Watch and Public Knowledge support this transition as the right course, at the right time.
49
CFCAA principles
• 平等开放。互联网将世界变成了地球村,让各国人民互联互通。
• 多方参与。互联网是人类共同的家园,大家都来描绘装扮,才能“五色交辉,相得益彰;八音合奏,终和且平”。 (政府、互联网企业、技术社群、网民 )
• 安全可信。没有人愿意生活在谣言四起、隐私暴露、犯罪横行的网络空间里。包括中国在内的很多国家,都是网络监控、网络攻击、网络窃密的受害国。
• 合作共赢。英国作家萧伯纳有句名言:“你有一个苹果,我有一个苹果,我们彼此交换,每人还是一个苹果;你有一种思想,我有一种思想,我们彼此交换,每人可拥有两种思想。”
Lu Wei in ICANN London
China's Minister for Cyberspace Affairs Administration
50
Comparison of the 4-printciples
USG
• Support and enhance the multistakeholder model
• Maintain the security, stability, and resiliency of the Internet DNS
• Meet the needs and expectationof the global customers and partners of the IANA services, and
• Maintain the openness of the Internet
CNG
• Equality and Openness
• Multistakeholder
• Security and Trust
• Cooperation for win -win game
51
习近平巴西演讲首提互联网治理体系
• 当今世界,互联网发展对国家主权、安全、发展利益提出了新的挑战,必须认真应对。
• 虽然互联网具有高度全球化的特征,但每一个国家在信息领域 的主权权益都不应受到侵犯,互联网技术再发展也不能侵犯他国的信息主权。
• 在信息领域没有双重标准,各国都有权维护自己的信息安全,不能一个国家安全而其他 国家不安全,一部分国家安全而另一部分国家不安全,更不能牺牲别国安全谋求自身所谓绝对安全。
• 国际社会要本着相互尊重和相互信任的原则,通过积极有效的国 际合作,共同构建和平、安全、开放、合作的网络空间,建立多边、民主、透明的国际互联网治理体系。
52
IANA功能
53
DNS root
54
DNSSEC
DNS 权力体系 DNSSEC 权力体系
shamir 机密共享机制
Trust anchor
55
DANE
•服务由域名识别 && DNSSEC 正好构建了 PKI 体系
•通过开源插件实现
56
Internet Registry Hierarchy
ASO
(and Address Council)
IANA
Marina del Rey, CA, US
LIR
LIR
LIR
LIR LIR
NIR
APNIC
Brisbane, Australia
ISP ISP
ISP ISP
ISP
ARIN
Reston, VA, US
LIR LIR LIR LIR LIR
RIPE-NCC
Amsterdam, The Netherlands
ICANN
57
BGPv4
58
CERNET BGP
校园网1.1.0.0/20
CERNET 其它ISP
R
R NAT
ip route 1.1.0.0/20 A
ip route 0.0.0.0/0 B
A
B
ip pool 3.3.3.0/24
校园网1.1.0.0/20
公有AS号码
CERNET 其它ISP
R
R NAT
eBGPA
B
ip pool 3.3.3.0/24
国内路由表
1.1.0.0/20
iBGP
CERNET
和国内路由
其它ISP’s routing
国内路由表条数: 44,276
全球路由表条数:478,889
60
BGP Hijacking
United States
Pakistan Telecom
PCCW HK
AS3549
AS174
AS2914
AS17557
AS3491
AS36561
www.youtube.com
NTT America
Cognet
208.65.153.0/24
欺骗路由
YouTube.com is here
208.65.153.0/22
真实路由
61
BGP MITM
62
•争议
› 董仲舒:独尊儒术,内强皇权,外化庶民
› IETF:RPKI,Centralization of IANA/ICANN or U.S.A ?
•焦点:
› Internet Governance(互联网治理)» 1. 分治 VS 集权?
» 2. 权力如何分配?
» 3. 一个权力中心还是多个权力中心?
THE CONFUCIANISM WORSHIP ALONE
63
rPKI
64
• Numerous Academic Genre(诸子百家)› 道
»无为而治
–我无为,而民自化;我好静,而民自正;我无事,而民自富;我无欲,而民自朴 。
– 治大国若烹小鲜 -------《道德经》
› 兵
»知己知彼,百战不殆。
»昔之善战者,先为不可胜,以待敌之可胜。 ------《孙子兵法》
»进攻者希望并采取行动,而防御者则等待行动。防御的规则以进攻的规则为依据,而进攻的规则又以防御的规则为依据。” ------《战争论》
› 儒
»中央集权,三纲五常
–齐景公问政于孔子。孔子对曰:‘君君、臣臣、父父、子子。’公曰:‘善哉!,信如君不君,臣不臣,父不父,子不子,虽有粟,吾得而食诸’
–君为臣纲,父为子纲,夫为妻纲 -------《礼纬·含文嘉》
网络治理
65
66
Snowden
IETF87
IETF88
68
In IETF88 Technical Plenary, there were five hums
• The IETF is willing to respond to the pervasive surveillance attack?
› Overwhelming YES. Silence for NO.
• Pervasive surveillance is an attack, and the IETF needs to adjust our threat model to consider it when developing standards track specifications.
› Very strong YES. Silence for NO
• The IETF should include encryption, even outside authentication, where practical.
› Strong YES. Silence for NO
• The IETF should strive for end-to-end encryption, even when there are middleboxes in the path.
› Mixed response, but more YES than NO.
• Many insecure protocols are used in the Internet today, and the IETF should create a secure alternative for the popular ones.
› Mostly YES, but some NO.
69
Encryption and authentication
• Encryption› Meta data› Content
• Choices› Clear text if you CAN, encryption if you MUST› Encryption if you CAN, cleartext if you MUST.
Cleartext authentication
encryptionEncryption
authenticationGFW
Trust
anchor
• .
70
71
IAB Statement on Internet Confidentiality (1)
• The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. Encryption should be authenticated
where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance as described in RFC 7258.
72
IAB Statement on Internet Confidentiality (2)
• We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and weurge firewall policy administrators to permit encrypted traffic.
• We also acknowledge that many network operations activities today, from traffic management and intrusion detection to spam prevention and policy enforcement, assume access to cleartext payload. For many of these activities there are no solutions yet, but the IAB will work with those affected to foster development of new approaches for these activities which allow us to move to an Internet where traffic is confidential by default.
73
74
事实?
75
76
77
The worst case scenario
• We end up with some or all of
› Competing DNS roots (the most likely new possibility),
› National regulations about traffic going in and out of the country and how internal ISPs can connect (we already have some of that)
› National (or ITU-based) allocation of addresses (both IPv4 and IPv6) that simply ignore the RIRs and global routing architecture so that we end up with addresses in some countries ignoring the ICANN/RIR allocations.
› Multiple organizations claiming to perform the IANA function,with competing and diverging copies of registries (even protocol registries).
7878
中国互联网用户规模
7979
世界互联网用户规模
8080
全球互联网服务的发展
8181
2025预测
8282
技术发展(1)
8383
技术发展(2)
84
地址需求
85
带宽需求
86
管理需求
87
应用需求
88
人才需求
Globalization Distributed Science Education Costs
Lifelong Learning Changing Competitive Landscape
Risk Management
89
开放(Open)
•开放的协议(Open protocol)
•开放的实现(Open implementation)
•开放的系统(Open system)
Open
Pro
cess
人才
90
先驱
91
NSF演变
• 《布什报告》与 NSF 成立› 以麻省理工学院、霍普金斯大学、哈佛大学、斯坦福大学、加州大学等一批重 点大学为依托,建立国家重点实验室,用于原子弹、雷达等武器和设施的研制,促使了联邦政府与大学之间广泛的科研合作。
› 现代科学已经从“小科学”的状态跃进大科学时代
• 《国防教育法》与 NSF 资助黄金时期› 1957 年苏联率先成功发射第一颗人造地球卫星,强烈刺激美国公众信心,总统和国会才开始意识到大学基础研究的重要性
• 《更新诺言》与 NSF 资助政策转向› 20 世纪 90 年代以来,随着苏联解体,美国成为世界唯一超级大国,美国科技政策重心转向刺激经济增长
› 《在国家的利益中:联邦政府和研究密集型大学》报告中强调“研究的重要部分,特别是基础研究的重要部分,是在高校进行的。这有多方面的好处,研究和 教育以极为高产的方式联接起来。高校研究者们提供的智力自由和被一代代有好奇心的年轻头脑不断更新,激励了研究事业的发展。”
1965 1970 1975 1980 1985 19951990
Timesharing
Graphics
Networking
Workstations
Windows
CTSS. Mutics
BSD Unix
SDS 940, 360, VMS
Seetchpad, Utah
GM/IBM, LucasFilm
E&S, SGI
Arpanet, Internet
Ethernet, Pup, DataKit
DECnet, LANs, TCP/IP
Lisp machine, Stanford
Xerox Alto
Apollo, SUN
Englebart, Rochester
Alto, Smalltalk
Star, Mac, Microsoft
gov res Ind res Ind devp $1M buss
transfer of ideas or people
93
《NSF2020年远景报告》
• NSF应通过引领变革性 研究、卓越的科学教育来确保美国在全球科学、工程和知识发展等方面的领先优势,从而达到促进经济发展、改善生活质量、保证国家安全等目标。
• NSF 在战略管理层面紧扣研究项目、研究设施、教育培训三大功能, 提出了“人才 ( people) 、构想(idea) 、工具( tool) 和组织卓越( organizational excellence) ”作为其预算战略目标。
94
三代网络工程师
电话/传输系统 路由器 程序员
95
SDO
96
OSS (1)
97
OSS (2)
98
OSS (3)
99
SDO, OSS
100
Loop
101101
Internet of ……
102
Permissionless innovation
• No one is “in charge” of the Internet. Instead, many people cooperate to make it work.
• Each person brings a unique perspective of the Internet, We believe a strong focus on enabling the broadly based dialogue is necessary, and that the “permissionless innovation” given as the goal of this effort is better served by first enabling infrastructure (web site, collection and a set of tools). Further efforts may emerge later, and those may require additional structure.
103
创造