下一代互联网的二点技术探讨和体系架构的再思考

1AsstProfessorNanyangTechnologicalUniversity2„TCP/IPLAN„‰:‰:IPv4‰„‰NGI,NGN,GENI,AGN,‰VenoII‰„3TCP/IP:TCP4Cont’d„1974VintonCerf,RobertKahn“AProtocolforPacketNetworkIntercommunication”IEEETrans.OnComm.„TCPtarget‰Providereliabledatacommoverunreliablemedium(e.g.link(s),intermediatenodes)(().)‰Applicationtoapplication/processtoprocess/e2e‰MSN/EmailIloveyou!ÆIhateyou„Mosaic,Netscape,IEexplorer….5TCP/IP:IPLANApp2App26RRRRRRR•1978.Networking(--)•IPTarget:UniversalNetworkinginfrastructure•AddressingUniversally()•Routing•Ciscounifiesallsmallmarketandcreateabiggermarket(grabsthisopportunityin1980’s)PhysicalWorld:TechnologyandMarket7LAN/WANin70s/80s–Internetin80s/90s8TCPandIP„IfthereisnoIP,whathappenedtoTCP?‰NonetworkÆnousers„IfthereisnoTCP,whathappenedtoIP?‰Noreliablecommunications-nokillerappl.„‰IP–,,LAN‰TCP–‰ComplementaryToday’sInternet9LayeringViewLANEthernetTokenRingFDDInewIPv4TCPUDPApp.1App.2App.3App.1App.2App.3App.1App.2App.3App.1App.2App.3......App.nApp.4App.5ByIntroductionofanUniversalplatform(TCP/IP)•Noneedtospendtimeonindividualnetworks•Provideoneuniversalplatformfordevelopingmoreapplications•Ciscowasborn….EthernetTokenRingFDDIApp.1App.2App.3App.1App.2App.3App.1App.2App.3Applicationsarequiteboundtodifferenttypesofnetworksandlackflexibilities10„TCP/IPLAN„‰:‰:IPv4‰„‰NGI,NGN,GENI,AGN,‰VenoII‰„11:(VenoSEC)„VenoSECprovidestransparentend-to-endsecurityNATFirewallVPNInternetHTTP,Telnet,FTP,POP...HTTP,Telnet,FTP,POP...Insecurechannel-attackerscaneavesdropormodifythedataInsertedsecuritymoduleInsertedsecuritymoduleEnd-to-endsecurechannelSecurechannel-dataisprotectedwithencryptionandintegritycheck„12„Basedonspecificapplications‰SSH,SFTP,SMIME,HTTPS,„Basedonnetworklinksornetworkinfrastructure,ratherthanend/user‰IPSEC‰VPN‰WEP‰Firewall‰IDE‰Others,e.g.,secureinfrastructure(static)„AnalogytoTCP’semphasisone2eratherthanlinksorintermediatenodes13VenoSECArchitecture(static)(GroupUsersScenario)„UsersareorganizedintogroupsVG2VG3Group3VG1InternetSecureChannelSecureChannelSecureChannelGroup1Group214VenoSECArchitectureTrustedInfrastructureisFormulatedDynamically(EndUsersScenario)„Usersareself-organizedintoasecureoverlaynetwork„Nocentralizedsecuritymanagement„Aslongasyourthumdriveisaroundyou!SecureChannelSecureOverlayNetworkInternet15VenoSEC„?Realizereliableandsecuredatacommoverunreliablemediumrealizetrustedcommoveruntrustednetworkinginfrastructure.‰Applicationtoapplication/processtoprocess/e2e‰MSN/Email/FTP/Telnet/!ÆIhateyou16:IPv4‰InternetusersarenotabletoaccessprivateIPnetworks„PrivateIPbasednetworks„NAT?Mapping?17Cont’d„Example(name–privateaddress)resolution‰abc1.tsinghua.edu.cn(mappedtoprivateaddress:192.168.0.1)‰abcn.tsinghua.edu.cn„„VGDNSServerResolve:abc.ntu.edu.sgabcInternet1.query:abc.ntu.edu.sg2.reply:canfind4.reply:155.69.103.103.query:vg.ntu.edu.sg5.query:abc.ntu.edu.sg6.reply:192.168.0.118„NGIbyIETF‰IPv6/(shortageofIPAddressandsecurity)„GENIbyNSF„TrustedComputingbyTCG(companies)„AGNbyDARPA„NGNbyITU‰Softswitcher„4G/WiMAX19„TCP/IPLAN„‰:‰:IPv4‰„‰NGI,NGN,GENI,AGN,‰VenoII‰„20WhatisNGN?„ITUQoS.“”21IdeainNGNInternetNGNData22NGNIPTCP/UDP/SCTPNGNInternetInternet/VoIP23What’sNGI?„NGITCP/IPInternet“NGIconceptspaper”,in199721NGINGI1233InternetNGI24IdeainNGIInternetNGIVoice25Internet2:AnexampleofNGI„NGIInternet2.Internet2200InternetIPv6Internet2IPv626Architecture:ConcreteorIllusive?„NGNbyITU‰Softswitcher„NGIbyIETF‰IPv6/(shortageofIPAddressandsecurity)„TrustedComputingbyTCG(companies)„GENIbyNSF„AGNbyDARPA„……27„TCP/IPLAN„‰:‰:IPv4‰„‰NGI,NGN,GENI,AGN,‰VenoII‰„28WhatisVenoII?29WhatisVenoII?DCCPDataapplications()TCP(Reno)UDPIPv430InternetToday–NextGenerationComm.InternetTodayIPv4IPv6DataapplicationsVoIPTCP(Reno,Veno..)UDPWiredWLANSatelliteOptical3G31VenoIINGNNGI0%100%100%VenoIINGNNGI4G100x100project322.VenoII:virtualconnection-oriented332.VenoII:virtualconnection-oriented(con’t)CollegenetworkCompanynetworkCompanynetworkIPRouterCompanyNetwork34VenoIIVenoIIGateway,IPRouter35„TCP/IPLAN„‰:‰:IPv4‰„‰NGI,NGN,GENI,AGN,‰VenoII‰„36VenoIITrustedInfrastructureisFormulatedbyVenoSEC()„Usersareself-organizedintoasecureoverlaynetwork„Nocentralizedsecuritymanagement„Aslongasyourthumdriveisaroundyou!SecureChannelSecureOverlayNetworkInternet37Thesoul/platformoftelecom,InternetandTVbroadcast38VenoIIDefactoStandard?YES!39„IPDECIBM3COMMITBerkeleyVintonCerf40Cont’d„IPciscoVenoIIIPInternetVenoII41„CERNET„SUNMicrosystemInc„TheChineseUniversityofHongKong„AOE-IT,HongKong„UCBerkeley(ACIRI)„„LinuxOS(TCPVeno)„„Myteachers,students,friendsandlovers….42ThankYou!Q&A43VenoIIBenefit:AllApplicationsareSupportedUniversally–ANewPlatform„Data:Email,FTP,„Stream:VoIP,IPTV„GamesIndustry