Creating a Backboneless Internet?

Peter Trepan asks: "The Internet is the best thing to happen to the free exchange of ideas since... well... maybe ever. But it can also be used as a tool for media control and universal surveillance, perhaps turning that benefit into a liability. Imagine, for instance, if Senator McCarthy had been able to steam open every letter in the United States. In the age of ubiquitous e-mail and filtering software, budding McCarthys are able and willing to do so. I Am Not A Network Professional, but it seems like all this potential for abuse depends upon bottlenecks at the level of ISPs and backbone providers. Is it possible to create an internet that relies instead on peer-to-peer connectivity? How would the hardware work? How would the information be passed? What would be the incentive for average people to buy into it if it meant they'd have to host someone else's packets on their hard drive? In short, what would have to be done to ensure that at least one internet remains completely free, anonymous, and democratized?"

You're on it baby..

[brokenin2]

It would look an awful lot like the internet we have now.

You're describing the original design of the internet, which we're still running with essentially.

In practice though, it would be insane to let everyone with a DSL line to two different locations update routing table through the entire internet. The mechanisms to allow this exist (bgp, ospf) but major ISPs that don't want their network to fall apart prevent it because their service would quickly turn to crap. ISPs with missing filters have actually caused internet wide splits, when the entire internet tried to route through someone's T1's connected to two different ISP. BGP with a little better cost system could help that, but anyone could still cause a split anytime they liked. Think of an entire internet that acts more like IRC.

The core of the internet is still just a bunch of peers, but if you want things to stay up, they've got to be a select group that really know what they're doing. You're still free to peer directly with anyone you want, just don't expect everyone else to use your internet connection to get there too. Most people don't want to have to buy two internet connections for marginal gains anyway.

Perhaps a software solution like TOR or Freenet could help you sleep better at night?

Not exactly practical

[georgewilliamherbert]

If you need something like a terabit of bandwidth between the US east and west coasts, consider how many peer to peer link chains across the country will be saturated carrying it.

One of the major problems right now in the commercial ISP backbone environment is what happens if there's an outage; what's called route flapping, where routes dissapear and reappear, and all the routers affected have to recalculate how to get to various endpoints, can already saturate the router CPU logic for big, industrial grade room-full-of-racksize-router backbone facilities. Going to a more diffuse network at high bandwidth requirements exponentially makes this worse.

P2P across a city? Not ridiculous.

P2P across the world? Baaad idea.

All mail was read in WWII

[Derling Whirvish]

Imagine, for instance, if Senator McCarthy had been able to steam open every letter in the United States.

Before and during WWII all mail crossing an international border in or out of the US was steamed open and read. This included all mail, all packages, all telegrams, and all telephone calls. In addition to all mail being steamed open and read, it was censored [lexisnexis.com] if the Army deemed it to be necessary to support the goals of the Army. Letters would arrive with portions cut out by scissors. They also censored all international media -- radio, newspapers, and magazines both incoming and outgoing.

It's quite easy to imagine as it's already been done.

Re:You're on it baby..

[ZagNuts]

Perhaps a software solution like TOR or Freenet could help you sleep better at night?

Don't know much about TOR but I just thought I'd clarify about Freenet. It is indeed a software solution to what you are asking about in which the sites are accessed in an entirely peer to peer manner. Instead of having static routing tables located at specific points each computer in the network maintains its own routing information. If a computer doesn't know how to get to a certain site it guesses by asking a neighbor if it has the desired data. Data is cached throughout the network so that sites are stored as distributed files, meaning at any one time if your computer is a part of Freenet it could have information related to a number of sites.

The good thing about Freenet is that site accesses are entirely anonymous. There is no way to be traced AFAIK. One of the bad things is that it takes a computer a long time to build up enough routing information to access any websites at all. You have to run the Freenet program for a few days before you are able to access anything and even though its painfully slow. The other problem that people have is that you have to store any content that goes through your computer. Freenet is plagued with child porn sites because the anonyminity that it provides. This means that if you are running the freenet program you are likely to have child pornography data stored on your computer even if you have never visited those sites. While the legality of this is questionable, the ethical issues are obvious.

Still it is a very interesting concept and definitely has its applications (China anyone?).

Re:You're on it baby..

[r_naked]

In practice though, it would be insane to let everyone with a DSL line to two different locations update routing table through the entire internet.

We seem to be scaling rather nicely.

http://anonetnfo.brinkster.net/ [brinkster.net]

Oh, how I pitty them

[MarkusQ]

Imagine, for instance, if Senator McCarthy had been able to steam open every letter in the United States. In the age of ubiquitous e-mail and filtering software, budding McCarthys are abel and willing to do so.

As an administrator of a few reasonably small domains, my first thought was oh, the fools!

You don't want to read every piece of e-mail that comes into even one site, let alone the whole internet. You don't even want to try to write programs to do it.

/dev/null, I tell you, /dev/null! The only sane thing to do with 99% of the e-mail is route it to /dev/null in the most efficient way possible. All else is madness!

You would be better off trying to understand the inner thoughts of a lava lamp then trying to figure out why anyone thinks anyone would buy "farmasuiticals (the 1 U've been lOOking 4!)", let alone ingest them! Or invest in "s+0cks" that are about to "+ake 0ff" based on the say so of a stranger named "Brandice Hornyslut." Or the pointlessly malformed sludge, the server errors from misconfigured machines...if anyone really wanted to hide something they'd be about as well off e-mailing it as flushing it down the toilet--and trying to find it would be about as pleasant.

--MarkusQ

Re:Tier 1s?

[toddbu]

The answer is yes, but you don't want it, so people stopped doing it.

Then what do you make of the Seattle Internet Exchange [seattleix.net]?

Good God man, you've discovered USENET!

[John Jorsett]

You've described the original implementation of USENET. Participating machines would dial each other up and exchange current traffic. A message injected at one machine would eventually end up in the rec.practicaljokes.hotfoot newsgroup on every participating machine within a day or two, just by this simple machine-to-to-machine exchange.

Uh...IPv6

[NeepyNoo]

'nuff said.

Centralization almost unavoidable

[xenocide2]

Look at GNUtella. Years ago, a problem was noticed: some peers are far more capable than others. Search traffic became heavy enough that it was saturating dialup users. This wouldn't have been so bad if the protocol didn't also ask for pseudo anonymity; this led to the networks occasionally dividing in two as a set of dialup users flooded off the net. The solution is to organize the network so that high capacity peers are on the inside, and dialup or otherwise impaired users become "leaves" of sorts. Gnutella2 uses this approach, and this has been added back to Gnutella in some fashions.

The end result of this unequal distribution of resources is that centralization is the most efficient use of them. For the vast majority of Internet users, efficiency and performance are paramount. I hear far more complaint that Bittorrent is slow than that it's centralized or not anonymous. Even if you're willing to discount performance, the price of implementing a peering based system is greater, since it costs to maintain each link. People have tried using wifi to create mesh networks that operate sans "backbone" but this doesn't scale well either. Nor is it anonymous or difficult to tap.

ignorance is so painful

[b17bmbr]

mccarthy, while his methods were excessive, was after communists in the state dept and army. and you know what, there were plenty. we have the venona project [nsa.gov] as proof that we were infiltrated at the highest levels. and before you defend political freedom, these were people working for the enemy. you konw, the one with 10,000 nukes pointed at us, the same Stalin that had millions of Ukrainians starved to death, that killed many millions more in his purges, sent millions to the gulags, oh wait, duranty was right. those trials were legit.

what makes it even more funny is that bobby kennedy served as mccarthy's right hand man. jack kennedy was a good friend of joe mccarthy, and the real "terror" came from HUAC. but see, that was a bipartisan affair, and well, history is easier just demonizing the republican mccarthy.

as for the NSA thing, monitoring incoming calls is hardly widespread domestic spying. since i'm not a lawyer, i honestly don't know all the FISA details. but amateurish speculation is nothing more than sophistry. oh, as for the history, well, I'm a history teacher.

one last question, would there be as much anti-mccarthyism if he went after fascists? 'cause when you get right down to it, both the communists and nazis were equally evil, equally bent on world control, domination, and destruction. but since uncle joe or chairman mao didn't target those according to their race, i guess it's not really genocide then, eh? the millions dead? just "collateral damage" to be sure.

Why Not.

[darqchild]

-The complexity of the routing tables. Although people complain that we are running out of IP address space, this isn't exactly true. The problem is in badly fragmented IP address space. That is to say that the route tables of our core routers that join the backbone providers have grown to be huge. There are a whole pile of class C networks (254 hosts each) that the IANA is trying to claw back so they can be consolidated into larger /16 and /8 CIDR networks.

-BGP AS space. Due to what i can only assume was poor foresight, the AS# used to identify BGP "Autonomous Systems" (Corporations, and entities that use BGP to exchange routing information with the backbone providers) is a 16 bit value. So there are only ~65K numbers that can actually be given out.

-Complexity of configuring these routing protocols. It's rocket science, plain and simple. A misconfigured BGP router will not work, and may even disrupt traffic over the rest of the internet. If anyone was allowed to broadcast any BGP route without the consent of all their peers and a pile of red tape, i could advertise a route to 24.0.0.0 and half the internet would disappear for a good number of cable-broadband users.

-Required bandwidth, and latency problems. The current top-level backbone providers have many millions of dollars worth of equipment and high-speed point to point connections to keep the number of hops for each packet to a minimum. They have the capacity to push more traffic than you'll use in a week down their wan links every second. This is a vast improvement over a pile of 56, 1024 and 3068 kilobit connections that would be meshed together in a distributed model.

most IGNORANT Slashdot story ever

[puzzled]

Wow, its as if the drooling wireless fanboys suddenly discovered life beyond an IP address assigned via DHCP. Please pay attention, children ...

    The internet is composed of 'autonomous systems' - each autonomous system or 'AS' has one or more netblocks of a /24 or larger in size. Each AS connects to at least one other AS, makes at least one netblock available via BGP, and thusly the internet is stitched together. Find this shocking an incomprehensible? Try this

telnet route-views.oregon-ix.net

  follow your nose through the login procedure, then type 'show ip bgp [your IP address]' and see what it says. Oh, if your IP address is 192.168.x.x, 10.x.x.x, or 172.16-31.x.x and you put that in please step away from the computer now and ask someone with a clue for help.

    I mean really - *this* is a frontpage story? I swear I'm going to auction my low Slashdot ID number on Ebay one of these days and alias this site to memepool in my hosts file.

Re:Tier 1s?

[cat6509]

>>It would look an awful lot like the internet we have now.
>Except for, you know, the Tier 1 ISPs, on whose networks practically all our >traffic passes at some point.
>Control them, and you control the net.

Keep the backbone, without huge aggregate networks the internet is not cost effective and not to mention what kind of routing problems and bloated BGP tables we would have, just do VPN to peers you trust, that can be either router-to-router ( GRE IPSEC hacked-together-ssh whatever ) or somehting even browser based , but fragmenting things into many many more smaller peers just makes things unusable.

OK, take these steps

[puzzled]

  Maybe I'm getting grouchy in my old age - see parent for details. This is how real men connect to the internet:

  There are three ISPs in the world - Sprint, UUNet, and [other]. Get on the phone and order a T1 from one of the two real ones. They'll get your payment information and then someone will ask how many IP addresses you need. Tell 'em you want a /24 (256 addresses). They'll ask why, you tell 'em you're going to multihome.

    Go to ARIN.net's site. Figure out how to get yourself an autonomous system number. Call up the other ISP you didn't originally order from and get a circuit from them. No IP addresses required, we'll just use the block from ISP 1.

  Assuming you're using a Cisco box do the following:

    router bgp [your AS number]
        network [your shiny new /24]
        ! UUNet
        neighbor yadda yadda AS 701
        ! Sprint
        neighbor yadda yadda AS 1239

    And *poof*! Your little /24 is now globally visible via two different ISPs. Yank the T1 to one of then, life is funny for a bit, then you're running like nothing ever happened.

    Take this little story and abstract it a bit - there is no 'backbone' to be found on the internet, just a web of large carriers with all sorts of peering agreements with each other. This won't happen at the home DSL router monkey level, but the diverse internet the asker speculated about already exists and happens to be pretty resistant to fools trying to monitor it.

we had that kind of network...

[sednet]

Is it possible to create an internet that relies instead on peer-to-peer connectivity? How would the hardware work? How would the information be passed? What would be the incentive for average people to buy into it if it meant they'd have to host someone else's packets on their hard drive?

we had this type of backboneless internet, once upon a time, operating under various names:

• UUCP [wikipedia.org]
• FidoNet [wikipedia.org]

With one or two minor changes, yes.

[jd]

The question is basically a re-statement of the original ARPAnet design, you are correct. However, to be absolutely true to the question, you'd need two additional stipulations.

First, to be effective, all network connections would need to be fairly fat. A tiered Internet is designed along the same sort of design philosophy as a "fat tree" - low bandwidth at the work-node level, massive bandwidth in the middle. A tierless Internet, particularly one that supported enough multiple paths to be useful for robustness and decentralization of control, would need ALL connections to be much fatter than they currently are. You'd need gigabit to ten gigabit pipes between the majority of machines to be useful.

Second, you can't use the design strategy of bordered autonomous clouds, linked by a backbone, because you'd have no backbone. With no borders, you can't use internal and external routing protocols, as there would be no "internal" or "external". Besides which, they mostly suck when it comes to massively meshed networks where individual connections are unreliable and potentially mobile. BGP, OSPF - you'd need to RIP (yeah, bad pun) them out and replace them with an ad-hoc mesh routing protocol that supported mobile IP and NEMO. The complexity would be much higher, particularly as software packet switching and software routing are CPU and bus killers, which means an optimal path would need to figure in the density of traffic in a fairly sizable part of the mesh. Modern architectures just aren't built to handle such a design, but that would not stop you from building an architecture that COULD support it.

So, (1) yes it is possible, but (2) not effectively with the existing infrastructure or existing PC designs, though (3) both of those problems are solvable.

Re:You're on it baby..

[Alsee]

Perhaps a software solution like TOR or Freenet could help you sleep better at night?

Nope.
Are you familiar with Trusted Network Connect? [trustedcom...ggroup.org]

It is a new specification from the Trusted Computing Group to control and restrict network connections, and to control and restrict the networked computer.

"The TNC architecture enables network operators to enforce policies regarding endpoint integrity at or after network connection."

Of cource the Trusted Computing Group is advertizing it as a good thing, and is advertizing it as prortecting against viruses and network attacks, etc. However it is an incredibly powerful system to impose general restrictions and controls. Aside from being able to impose a global DRM system, it has the power to restrict and control and ultimately defeat TOR and Freenet and any other networked program you care to name.

Microsoft has already issed a press release that they are implementing this system.

The US President's Cyber Cecurity advisor gave the keynote speech at the Washington D.C. Global Tech Summit and the main thrust of his speech was to call on ISP's to plan on implenting exactly this sort of system. He called on them to implement such a system to fight viruses and to secure the "National Information Infrastructure" against Terrorist Attack. He called on them to make it a mandatory part of the Terms Of Service for internet acces. And the Global Tech Summit audience applauded his speech.

The EU and the UN have been running a large number of international workgroups on DRM and on establishing a new "Information Society". An Information Society which is to include exactly this sort of network control and DRM enforcement system. EU and UN have been running many workgroups on to work out a new system of Internet Governance to set up and manage this new Information Society. And in case you hadn't noticed, the EU and UN have been pushing pretty hard lately to remove control of the internet from the US and to place that control in the hands of a new UN Internet Governance organisation.

Intel, AMD, and IBM are all building new CPUs with this new Trusted Computing control and enforcment system built in. And it appears that by the end of *THIS YEAR* that all new new PCs will come standard with have this Trusted Comptuing DRM enforcement chip welded to the motherboard, if not built into the CPU itself. The hardware specification for Windows Vista requires this encorcement chip on the motherboard for full and correct Windows operation. And no PC manufacturer and no PC retailer can possibly survive selling new PCs that are not Certified Windows Compatible and which do cannot properly run the latest version of Windows. They cannot realistically survive selling hardware where Windows spits out error messages stating that that you have incompatible hardware, error messages saying that the full featured graphics interface and thenew hires graphics do not work because you have incompatible hardware.

Five,seven, ten years down the road the internet absolutely can be developed in a direction to defeat TOR and Freenet. And there are several hundred powerful coroporation, and many governments and international organistations that see that as a GOOD direction to go, and which are actively and forcefully pushing to establish such a network.

And the way to establish such a network would be to establish an international body for Internet Governance (the world would obviously never accept such a system imposed by the US), and for that international standards body to establish international agreement on new internet standards similar to or including Trusted Network Connect, and to establish such a system along the internet backbones, and from there to push it to the ISPs, and from there to have ISPs impose Trusted Network Connect on all connections. It would then be impossible to connect to the internet unless you are using the mandatory enforcment hardware and software

Re:Why Not.

[Tim the Gecko]

I was pretty sure that there were more than 65,000 BGP AS numbers in use

No - here [iana.org] are the details of the 40,000 or so AS numbers handed out by IANA. There is also a set of weekly statistics [merit.edu] posted on NANOG which shows that 21,484 of these AS numbers can be seen in the global routing table. Only 8,867 of these guys advertise a single prefix, so to get 181,747 routes there are a lot of ASes advertising multiple prefixes.