Title: Vision for Trustworthy Computing, Bill Gates, 15 Jan 2002
1Vision for Trustworthy Computing,
Bill Gates, 15 Jan 2002
- now, when we face a choice between adding
features and resolving security issues, we need
to choose security.
2Internet Technologies
- An example of how the system works
- Assume
- FTP is our application example.
- Ethernet is the underlying technology at the
data link layer. - Two slides of revision for some of you.
3Application(say FTP) TCP IP Ethernet
Driver Physical Layer
Ethernet
4SS
User Data
SS
SS
App. User
Header Data
SS
SS
TCP App. User Header
Header Data
SS
SS
IP TCP App.
User Header Header
Header Data
SS
SS
Ethernet IP TCP App.
User Ethernet Header
Header Header Header Data
Trailer
SS
46 to 1500 bytes for Ethernet
5Original Internet Principles
- End-to-End Design Based on the assumption that
end-points can trust one another. - To move the functionality
- away from the network, and,
- towards the edges of the system.
- Reduces the complexity of the network.
- Reduces the cost of future upgrades
- New applications can be added without modifying
the network.
6Original Internet Principles
- Packet Switched Communication facility
- Different Networks connected through Routers
(used essentially for routing only). - Internet communication to continue despite loss
of networks or routers. - Cater to distributed management of resources.
7Original Internet Principles (continued)
- Addresses that are simple, hierarchical and that
can be overloaded for both naming a node and for
routing to it. - Higher level functionality at the edges and dumb
network - A single data delivery service (IP) to cater to
both connectionless, unreliable datagram service
(UDP) as well as to a reliable stream service
(TCP).
8New Environment
- Untrustworthy end-points
- Denial of service attacks
- Spam e-mails
- More demanding applications
- Requirement for high throughput
- Requirement for guaranteed delivery (e.g. audio
or streaming video) - ISPs view wide BW and/or guaranteed data
transport services as a competitive
differentiator.
9New Environment
- Islands of wide BW and/or guaranteed service
along with content servers, designed for
technologists. - Responses to the new environment
- Modify the end-nodes
- Add functions to the core of the network
- Firewalls
- NATs
- Traffic Filters
10The Internet
- Internet Characteristics
-
- Architecture
- as it exists today
11Table1Internet Traffic Characteristics
C clientDNS Domain Name SystemS
ServerMBONEMulticast Backbone
Source Antonio Rodriquez-Moral, LIBRA. Bell
Labs Technical Journal, 2(2) 42-67, Spring 1997.
12Table2 Routing Persistence
Source Vern Paxson, End-to-End Routing
Behaviour in the Internet, IEEE/ACM Transactions
on communications, 5(5), October 1997.
13Table3 Internet Traffic Characteristics
- Round Trip Delay (RTT)
- Most RTTs are within 70-160 ms
- ITU-T G.114 limit RTT to 300 ms or less
- HoweverSurveys show some people tolerate large
RTTs of 800 ms - Packet Loss
- Very bursty
- Affects contiguous packets
- Order of Packet Arrival
- Studies underway, butPaxson study shows out-of
sequence arrival not unusual
Source Ulyees Black, Advanced Internet
Technologies, pages 70-71, 1999.
14Packet Loss
- Data transmission masked by TCP
- Audio/Video ears and eyes catch it
- Audio System G.T23.1 masks a loss of up to 10
if the loss is random and independent. It uses
the previous packet to simulate the lost packet. - But the packet loss in Internet is bursty.
15Packet Loss
- Forward Error Correction system uses the
technology used in mobile wireless system --by
sending many copies of the coded voice. If even
one copy arrives safely, the operation is
effective. - Since UDP is used for audio/video, the
out-of-sequence arrival is also a problem.
16Internet Example of a small part
HA
HB
HX
For point-to-point (relay-type) connections
through T1/SONET lines, PPP (Point to Point
Protocol) is used. SLIP (Serial Line IP) is now
rarely used.
Ethernet
R1
45 Mbps
T1 Line
R2
155 Mbps
SONET
Internet
SONET
T1 Line
H1
R4
R3
HN
H2
Ethernet
17T Lines
- Frame carries 24 channels of 8 bits 1 bit for
sync.193 bits - T1 8000 frames per second
- 1.544 Mbps gt DS1
- T2 4 DS1s
- 6.312 Mbps gt DS2
- T3 7 DS2s
- 44.376 ? 45 Mbps gt DS3
- T4 6 DS3s
- 274.176 Mbps
18T Lines
- ANSI Synchronous Optical Network SONET
- ITU-T Synchronous Digital Hierarchy SDH
- SONET rates
- OC1 51.84 Mbps
- OC3 155.520 Mbps
- OC12 622.080 Mbps
- OC-24 1.244 Gbps
- OC-48 2.488 Gbps
- OC-192 9.953 Gbps
19FTP
SMTP
TELNET
DNS
RIP
BGP
OSPF
UDP
TCP
ICMP
IP
RARP
ARP
PPP
ETHERNET
Physical Layer
20- UDP Ports
- RIP 520
- DNS 53
- TCP Ports
- BGP 179
- DNS 53
- SMTP 25
- TELNET 23
- FTP 21
- HTTP 80
- Lotus Notes 1352
- HTTP PROXY 8080
- Ethernet Type
- ARP 080616
- RARP 803516
- IP 080016
- IP Protocol
- OSPF 89
- UDP 17
- TCP 6
- ICMP 1