The Next Internet: A Critical View
This article discusses the growing pains of the Internet and the solutions to the leading problems.

Beneath the glossy multimedia exterior of the Internet is a network which was never designed for use by billions of individuals. In fact, the Internet has its roots in the early military/university research network called the ARPAnet (Advanced Research Projects Agency). From the original implementation on Sept. 2nd, 1969 to today, it has grown from a single node to a global community. The protocol which facilitates the global reach of the Internet is called the Internet Protocol(IP), which as implemented in most systems is version 4 (IPv4). An enhanced Internet Protocol has been designed called IPv6 by the Internet Engineering Task Force (IETF). As this article shows, IPv6 has significant improvements over IPv4, but by no means is it a panacea. The three main problems with the current Internet are address space depletion, routing overload, and security. This article discusses these problems and the efforts to combat them.

On the Internet, the address of each machine must be distinct. The IPv4(Internet Protocol, version 4) specified 32 bit addresses which means that there is a maximum of about 4 billion possible addresses. In the new protocol of IPv6, they have specified 128 bit addresses, which should solve the address problem for the next decade.

Or should it? It is not enough to have sufficient addresses. It is also necessary to be able to reach each address in a scalable way. This means that the assignment of addresses must be linked to the routing in such a way that efficient routing can be performed.

Efficient routing is typically approached using the method of hierarchical routing. To understand hierarchical routing, the analogous problem of routing telephone calls is examined. If telephone numbers were assigned randomly, then every routing switch would need to have a list of every telephone number. In the U.S., this would mean roughly 100 million numbers. By assigning telephone numbers hierarchically, that is, by country, then state, then region, routing switches at different levels only need to know the numbers for their level. For example, a large state-level switch only needs to know the 3 digit area codes in the U.S. to route a call to the correct local routing switch. So, instead of 100 million numbers, it only needs to know 1000 numbers. Thus, hierarchical routing significantly reduces the required address information at every switch, and provides an efficient way to reach an address. Consequently, hierarchical routing has the important advantage that it is scalable to an Internet of any conceivable size.

However, it has some disadvantages as well. First, when the network topology changes, the addresses will also have to be changed because the efficient routing was linked to the address assignment which was linked to the network topology. Second, hierarchical routing does not solve the problem of load balancing. Load balancing refers to dynamically changing the routing so that the network traffic is equalized as much as possible over the Internet nodes. The best analogy is to traffic patterns in large cities during rush hour. In this analogy, load balancing would refer to dynamically reducing the traffic on jammed streets by distributing it over lesser traveled streets. Hierarchical routing does not address this major problem.

Regarding the problem of address changes, there are a number of approaches. In IPv6, address autoconfiguration and renumbering were specified. Address autoconfiguration refers to simplifying the configuration of hosts and enabling the host to change its own address so that human intervention is either not necessary or minimally necessary.

Suppose that address renumbering has been requested. In this situation, the host has received the new address, but still has communications bound to the old address. Furthermore, new requests for new communication bindings are constantly arriving. The logical solution is to assign the new TCP/IP communications to the new address and allow the old TCP/IP communications to continue at the old address for as long as possible. This method is the one specified in IPv6.

How is the renumbering of the addresses done? The renumbering is a complex problem because renumbering a site involves updating the domain name system (DNS) databases, router configuration information, and even commercial licensing databases. In particular, many software vendors base their licensing model on specific addresses - their software is licensed to one address for 1 year. When renumbering is necessary, it would also entail changing the databases at software vendors.

In order for Internet commerce to flourish, one of the necessities is network level authentication and encryption. Authentication refers to the problem of verifying a packet's source address. This can be translated easily to "Did this message come from the person who signed it?" Intrusions via changing the source address in packets are so common that they have earned the name IP spoofing. IPv6 directly addresses this problem by providing a native authentication header and a standard algorithm called MD5. In a typical trusted communications situation, the client and server both know a key. When a packet is sent, the MD5 algorithm is used to create an encrypted verification message of the key combined with the contents of the packet including the source address. This process is repeated on the receiving side and the computed verification message is compared to the verification message received. If they are the same, then the complete contents of the packet including source address are authenticated.

In IPv4, there was no provision for encryption at the network layer. For example, this means that a third party could read a password or other confidential data as it is transmitted from client to server during a browser or rlogin session. IPv6 specifies the Encapsulating Security Payload(ESP), which provides encryption of the data in IP packets. In "transport mode" encryption, the IPv6 header and extension headers are not encrypted but the transport header and payload are. In "tunnel mode" encryption, the IPv6 header and extension headers are encrypted with the transport header and payload. Thus, IPv6 provides host to host packet level security.

The Internet is going through growing pains and there are efforts such as IPv6 to reduce the amount of stumbling. IPv6 is a good start toward a scalable Internet, but it also ignores some important long term problems.

Media Lab Overview
LIACS Homepage
MM Conf
ACM Multimedia
Science Direct
IEEE Library
LIACS Publications
ACM Digital Library