Can the Internet Be Saved?

Citing spam, viruses, and unreliable connections, scientists plan a 'moon shot': reinventing the whole thing


Larry L. Peterson is lost in the Net. Trying to send a packet of information from Brooklyn to Princeton, he has run into a glitch. It's an important glitch, because Mr. Peterson, chairman of Princeton University's computer-science department, is trying to send a packet that many would consider rather vital: himself.

"I have a really hard time finding my way around here," he shouts above the roar of the New York City subway, where he has missed his stop on an uptown C train. He zipped right by the station because it wasn't clearly marked and, at the time, he was engrossed in explaining the surprising similarities between the Internet and this mass-transit system. Both were cobbled together out of a series of smaller networks, switching from one to another has always been a problem, and both packets and people have trouble finding the best route to their destinations.

"The signs in here are confusing," Mr. Peterson says, hurrying along a subterranean walkway linking a subway station to New Jersey Transit, the rail line leading to Princeton. "Signs" posted in machines designed to route Internet traffic are equally vague, he notes. Settling into a seat on the New Jersey train, he takes a breath. Thinking about both types of networks, he adds: "There may be a better way to design all this."

Mr. Peterson is in the vanguard of a widespread effort to find that better way, at least so far as the Internet is concerned. Identity theft, viruses, and attacks on Web sites are on the rise — a few weeks ago the country of Estonia was practically shut down, digitally, by deliberate attempts to jam government computers. Spam, which was less than 50 percent of e-mail traffic back in 2002, is now close to 90 percent, according to Commtouch Software Ltd., an Internet-security company.

Moreover, the Internet has great difficulty coping with the sharp increase in mobile devices like cellphones and laptops, and handling bandwidth-hungry traffic such as video, now demanded by an increasing number of users.

All of this has highlighted flaws in a system that was designed 30 years ago for use by a few friendly academic institutions. "The Internet is like a big wonderful house that was built in the 1970s," says Ellen W. Zegura, chairwoman of computer sciences at the Georgia Institute of Technology. "It's really important to you and you love it, but it may not do things you need it to do today. And while I'm not saying the house has termites, there are signs of decay."

Last month the National Science Foundation officially began an effort to renovate that house, and possibly build a completely new one. It's called the Global Environment for Network Innovations, or GENI, and could cost $300-million. "This is our moon shot," says Mr. Peterson, part of the GENI planning group. "It's the computer field's version of the International Space Station. It's our chance to do big science."

The people pushing for change are the very people at universities and colleges who built the Internet in the first place. Researchers at the Massachusetts Institute of Technology, the University of California at Berkeley, and the University of Southern California, among others, have joined Mr. Peterson in the GENI planning process. Industry players such as chip-maker Intel are also on board.

And GENI is just one of a suite of "clean slate" projects that have sprung up in this Internet-research community. "We're basically asking: If you could build the Internet today, with no constraints, what would it be?" says Nick W. McKeown, a computer scientist at Stanford University who is leading one such effort. "We keep patching the existing network to keep up with current needs. But patches on top of the basic problems only work to a certain extent. People apply the patches differently, making the overall system uneven, incredibly complex, and rather brittle. We may get better results if we change the underlying structure."

Not everyone agrees, however, that a moon shot is the only way to identify and correct Internet flaws. "I'm not sure that I would equate saying 'the Internet is broken' with 'we need a giant material facility to fix it,'" says Vinton G. Cerf, who co-invented the basic Internet transmission format in 1974 (it's now known as TCP/IP) and today holds the title of "chief Internet evangelist" at Google. "There may be a lot of things you can fix using the existing system."

Trouble Underneath

The drive for a better Internet reflects, in large part, the staggering growth of the current version. In the United States alone, the number of adults using it has shot up from about 35 percent of the population in 1998 to 70 percent at the end of 2006, according to the Pew Internet & American Life Project.

They use it for communication, for finding information, and for commerce. "All of this makes the Internet more and more like an essential utility," says Allison Mankin, a computer scientist who works on future-Internet-design projects, including GENI, at the NSF. And as with other utilities like telephone service and electrical power, disruptions in service also disrupt daily lives.

At the moment, serious problems with the Internet may not be apparent to the average user because, over all, e-mail still works and Web pages still load. But keeping all that going is a struggle. Internet providers — ranging from universities with a few network-access points to huge telecoms like AT&T with thousands of such points plus the fiber-optic cables serving as Internet trunk lines — spend huge amounts of money and manpower every day to keep traffic flowing smoothly.

That means human beings have to adjust routers — the machine nodes that collect and pass along Internet traffic — every day, changing settings and redirecting routes. And paradoxically, all of these tweaks to smooth flow in one place often create traffic disruption elsewhere, as local changes have unanticipated long-distance ripples. More than half of the outages on the Internet, in fact, are caused by operator error.

Sitting in a quiet, sun-dappled lounge at one end of Princeton's computer-science building, professor Jennifer Rexford notes that one of the most reliable days in network history was September 11, 2001. "We expected there would be big problems, but the opposite happened. We suspect that's because network adminstrators stopped fiddling with the network and — like everyone else — went home to watch TV," she says.

Surprisingly, the big problem that day, outside of New York, was in South Africa. Communication within that country was badly disrupted. It turned out a machine that held a directory of South African Internet addresses was located in lower Manhattan, and was temporarily knocked out. It's a good example of the complexity of the network. "You could be cut off from the Internet because of a problem with an underwater cable," Ms. Rexford says, "and you'd have no idea where that cable is."

Internet problems become most apparent when you think not about things the Internet does well but about things you would like it to do, says Mr. McKeown. "Look at large-scale financial transactions," he says. "Banks need to rent private cables to do this, with direct connections, because the larger Internet is not trustworthy. Or imagine air-traffic control over the Internet. I wouldn't get on an airplane if that's what we were using. All it takes is one short delay for a dangerous situation to develop."

Telesurgery is Ms. Zegura's favorite example. Letting expert surgeons supervise remote operations, or even do them robotically, is a great idea for extending the reach of doctors with specialized knowledge. "But I'd never get on that table if they were using a current Internet connection," she says. And Mr. Cerf notes that current transmission formats are ill suited for reaching mobile devices, whether they are with soldiers on a battlefield or the Mars rover or cars on a California freeway.

"We call these problems the 'ities,'" says Mr. Peterson. "Security, reliability, manageability, and mobility — they are all things the Internet, as successful as it is, does not do particularly well."

Are You a Dog?

Security is the No. 1 issue. Everyone has heard horror stories about bank attacks, and has run into spam, viruses, and other headaches. But those are simply different faces of the same problems: the lack of authenticated identity and the assumption that everyone's a good guy on the inside of the network. That assumption made sense 30 years ago when the Internet connected a few elite researchers at a handful of universities. Any adversaries were on the outside, so on the inside you didn't bother with additional security.

As a result of that initial idea, each packet of information dumped into the Internet today by a user has an address header, containing sender and destination information, that gets interpreted by a router. (Even something as simple as an e-mail message will be divided into several dozen packets, each with its own header.) And the router believes anything the header says. "Remember that old cartoon, 'On the Internet nobody knows you're a dog'?" asks Ms. Rexford. "That's true."

That trust — actually designed into the routers at the machine level — makes it easy to pretend you are someone else, and easy to use that trust to hijack a third-party computer. That computer can then be turned into a spam-spewing machine or, worse, into a robotic slave, part of a "botnet" of machines directing an overwhelming flood of data at one site, preventing legitimate users from getting through, and bringing it crashing down, something called a denial-of-service attack.

Mr. Cerf objects that machine gullibility is a user problem, not a real network issue. The problem, he says, is that Web browsers and operating systems on desktop computers (such as Windows) leave such machines too open to hostile takeovers. Mr. Peterson agrees but only up to a point. "My response is that you're right, it's an end user's machine problem," he says, as his train eases into the Princeton station. "Until you connect your machine to my network. Then it's my problem because your machine launches the attack across my network. We can't solve the end-user problem. But we can build a network that contains that damage. And people have ideas about that."

One of those ideas comes from Mr. McKeown. In a network he has dubbed Ethane, trust has gone by the wayside. Each user, each packet sender, has a set of rules called a policy, controlled by a central box. "Suppose you want to access a college-grade server," he suggests. "The box checks the policy. It says Nick can do this. Larry can't do that. Only if that policy is allowed by 'central command' will it choose a path for the packets. This is completely different from what happens now, where the route is decided on the fly by lots of different routers and you'd need this policy in place in all of them."

Moreover, security is enhanced in Ethane because there is only one point of attack: the central box. Network operators can focus on protecting that box, rather than running around trying to defend an entire network. They can also clone the box, making five duplicates, so the network would have instant backups should a problem arise. Mr. McKeown and his colleagues are currently simulating networks of different sizes, trying to see how large they can get without losing efficiency.

Management Issues

Manageability and reliability are next on the list of Internet bugaboos, and of particular interest to Ms. Rexford, who worked on networks at AT&T before coming to Princeton. "We don't configure the network as a whole," she says. "We can only program routers. We have no vision of the network; we can only see locally. Yet that's how we try and affect the global system, and as a result you make bad routing decisions."

AT&T, for instance, can change routing policies, but that change will only go as far as AT&T nodes and cables. It will not affect Sprint, which carries the same packets along the next segment of their routes. "Everything is Balkanized," says Ms. Rexford, making it hard to deploy new technology.

Programs designed to identify trouble spots on the Internet are rather limited because of the vast complexity of the network, says Ms. Mankin of the NSF. And the consequence of limited oversight is limited control, she says. Operators can only affect the network in a very crude way, and it's very easy to make mistakes.

One suggestion is for more-programmable routers that talk to one another, allowing a more global view. They could also allow operators to divide the network into hundreds of "virtual slices" for easier management.

Think of it as a color spectrum. It's still one set of cables connecting the Internet, but routers could divide the bandwidth in those cables into a virtual blue slice and red slice that would act like separate networks. Traffic on the blue slice would ride the blue virtual network and never bump into traffic riding the red network. And if the blue network were carrying video, which requires a lot of transmission resources, operators could allocate more to the blue slice, leaving e-mail in the red slice untouched and unhindered. That would mean fewer delays and more reliable data transmission for everyone.

Going Mobile

Another looming problem is probably hiding in your pocket right now, or lurking in your briefcase. Cellphones and laptops and personal digital assistants did not exist when the Internet was coming together.

That spells trouble because Internet addressing, as originally conceived, is closely tied to your location. When the computer was anchored to your desktop, always connected to the Internet by a cable, this worked pretty well. But it isn't faring as well in 2007, when a computer user can start the day in New York, travel to Washington by midmorning, and end up in Tokyo that evening. Every time she connects to the Internet, it thinks she is someone new. That's a real problem if she has clients looking for her, trying to connect to her machine to download a lecture or a stock-market-evaluation program.

Networks that form on the fly and allow users to maintain their identities are the focus of Dipankar Raychaudhuri, an engineering professor at Rutgers University at New Brunswick. He runs a program on next-generation wireless networks called Orbit, which has set up an experimental radio grid that allows mobile devices to connect in many different ways.

The Rutgers setup is one of several testbeds for new Internet ideas. Princeton has PlanetLab, a series of nodes deployed over Internet2, an academic-industry network designed for high-speed access, and is rolling out a new version, called VINI, that will utilize Internet2 as well as the ultra-fast experimental network of National LambdaRail, a consortium of networking researchers. The University of Utah has created another testing ground called Emulab, and OneLab, a European collaboration, got under way last year.

But all of these facilities, to a certain extent, rely upon the existing Internet. And that creates a quandary. "How can you tell if what you are doing is truly better than older technology if part of it is running on the older technology?" asks Mr. McKeown. You can't really separate the effects. Ms. Rexford, of Princeton, adds that running experiments on Internet2 or National LambdaRail gets her a lot of bandwidth, but that she can't run any truly adventurous control software on that bandwidth, anything that's truly "clean slate." Nor can researchers play around with wireless and mobility in new ways.

And that's what is driving GENI, the moon shot, says Mr. Peterson. "I was at a meeting of researchers, I think it was in 2002, where we were discussing how to change one bit in the Internet address scheme to make some really tiny change in the network. It went on for hours and hours, and we got nowhere," he recalls, a touch of remembered frustration in his voice. One big problem was that any alteration would require the company that makes most routers, Cisco, to change the chips and programming. And the company was not about to do that without any evidence that such a scheme would work and that it would be widely adopted by enough people to make it a sound business decision.

The frustration triggered discussions among Mr. Peterson; Scott Shenker, a professor of computer science at Berkeley who specializes in Internet architecture; and a host of others about redoing the whole network from the ground up. Those planning sessions came up with the idea now called GENI. It got a friendly reception at NSF, which decided this year to put some money where all those mouths were.

In late May of this year, the science foundation awarded Cambridge-based BBN Technologies the job of planning GENI, giving them $10-million to spend over the next four years. The company has deep roots in the old Internet: It built the first network segment connecting four universities back in 1969.

Chip Elliott, the BBN engineer who will be running the GENI project office, thinks the project calls for two approaches. "First, if you don't like conventional Internet protocols, try something completely different. Second, do it on a large enough scale, with enough users, so that your results actually mean something." People associated with GENI say that "large enough" means access for experimenters at several hundred universities and, eventually, a user community in the tens of thousands.

Thousands of users will provide a crucial dose of reality, say planners. Over the years, there have been many papers published on new Internet design, and simulations run on networks such as PlanetLab. "But you don't know how an Internet design will behave until a large group of people actually use it," says Ms. Zegura, who will co-chair a GENI science council charged with rounding up ideas from the research community. "They will do things that you don't expect, just like in the real Internet, and then you'll see how robust your idea is. That's where the rubber meets the road."

Big Building Plans

Mr. Elliott says that his company will use its NSF money to issue subcontracts to universities and to industry to build prototypes of the facility. If those prototypes give rise to a feasible design, NSF will have to ask Congress to approve a lot more money to actually build it. "That might cost $50-million to $70-million per year for another five years," Mr. Elliott says, cautioning that those are just ballpark figures.

Google's Mr. Cerf hopes, long before that occurs, that GENI's project office and the science council will spend a lot of time talking to one another. "I'm a little concerned," he says, "that one would plunge ahead and build a big facility without first understanding what we want to experiment on and what we need to measure. That's putting the cart before the horse."

Time, for instance, should be a crucial part of any experiment, he says. "I think high-quality time stamping is critical. Right now we have time delays in the Internet which can cause problems. Measuring the time it takes for something to happen is a wonderful way to measure how any new Internet protocols behave."

"I think a clean-slate effort is worthwhile," he continues. "But it may not result in a new Internet. Good experiments could show us ways of changing the existing system without building a whole new network."

Ms. Zegura agrees. "I don't think people involved in any of these efforts think the emphasis is on everyone throwing their old routers out the window," she says. "It could be that a relatively small set of changes will get us where we want to go. We just don't know that yet."

It is, Ms. Rexford says, high time we found out. "People built buildings before there was civil engineering. But a lot of them fell down. Eventually, out of those experiences, people developed principles that allowed for sound construction," she says. "We're sort of at the same point with the Internet. We've learned a huge amount. Now there's a need to go to the next level. The Internet has become so important that the stakes are a lot higher. We need a sound foundation so we can build networks that are worthy of society's trust."
Section: Information Technology
Volume 53, Issue 43, Page A25