Address switching: Reforming the architecture and traffic of Internet

www.scichina.com info.scichina.com www.springerlink.com

Address switching: Reforming the architecture and traffic of Internet LI Xing1† & BAO CongXiao2 1 Department 2 Network

of Electronic Engineering, Tsinghua University, Beijing 100084, China;

Center, Tsinghua University, Beijing 100084, China

The success of the Internet is largely ascribable to the packet-switching scheme, which, however, also presents major challenges. Having identified three missing links in the current Internet architecture based on our long-term experiences of designing and operating large-scale backbones, we put forward a new, but incrementally deployable, network scheme——address switching. The address switching has both the advantages of packet switching and circuit switching; it supplies the missing links in the current Internet architecture and can reform the Internet traffic. Our analysis, protocol design and experiments indicate that the address switching can greatly improve the quality of service (QoS), security and routing scalability of today’s Internet. So it can provide flexible, high-performance and “per-service” networking for the scientific research communities. Moreover, it can provide a fairer and more sustainable business model for the commodity Internet. address switching, packet switching, circuit switching, scalability, quality of service, security, business model

1 Introduction Internet has become the most important information infrastructure for the past 15 years or so. However, Internet is facing many challenges, of which the scalability, security, quality of service (QoS) and business model figure prominently[1] . Numerous publications have addressed individual challenges of the Internet for years. The solutions such as the route aggregation and locatoridentifier separation for the scalability, the InterServ and DiffServ for the QoS, IPSec for the security can solve specific problems, but may bring new costs for other problems[2−5] . Recently, several large-scale projects, for example FIND, GENI

and FIRE projects, have been trying to find overall and architectural solutions. These solutions are focused on clean-slate scheme, which may not be incrementally deployed in today’s Internet[6,7] . The academic networks, for example Internet2, GEANT2 and APAN, are working on lambdabased solutions in order to solve the very highthroughput QoS problem[8] . These solutions are mainly based on circuit switching method and may not be able to scale. The telecommunication sectors, which are trying to find NGN solutions based on packet switching, aim to provide telecommunication standard QoS and security with sustainable business model[9] .

Received April 20, 2009; accepted May 14, 2009 doi: 10.1007/s11432-009-0121-x † Corresponding author (email: [email protected]) Supported by the China Next Generation Internet Project (Grant No. CNGI-04-13-2T), and the National Basic Research Program of China (Grant No. 041710001)

Citation: Li X, Bao C X. Address switching: Reforming the architecture and traffic of Internet. Sci China Ser F-Inf Sci, 2009, 52(7): 1203–1216, doi: 10.1007/s11432-009-0121-x

Based on more than 10 years’ experiences of designing and operating large-scale Internet backbones (CERNET, CNGI-CERNET2 and TEIN2) and providing high performance applications[10,11] , we have found that while the dramatic successes of the Internet are attributed to the basic packetswitching scheme[12,13] , the challenges are due to the missing links in the current Internet architecture. In this paper, we present a new technical scheme——address switching to supply the missing links in today’s Internet architecture. The new scheme utilizes the concept of circuit switching by reserving bandwidth via activating admission control for a small group of dynamically switched IP addresses. We show that address switching can effectively solve the major networking problems without changing the packet-switching foundation and the basic infrastructure of the current Internet.

2 Fundamental features of the Internet Originally designed to link together a small group of researchers, the Internet has now become a global communication infrastructure. While its architecture has not been changed, the scale, the users’ demand and the business model are now quite different. For instance, the academic networks for the scientific research communities need to provide intercontinental high-throughput data transfer services, while the commodity networks need to provide universal service, to support new applications (e-commerce, IPTV, P2P, etc.) and to be profitable. We have discovered that the following three features are crucial for solving the problems and meeting the existing and future demands of the Internet. (1) Bandwidth is a scarce resource. Although many people are optimistic about the continuous upgrading of the Internet bandwidth based on existing dark fibers and the progress of optical technologies, we argue that bandwidth is a scarce resource. Technically, the Internet traffic doubles every 9–12 months, while the capability of IC chip, which is the core of Internet routers, doubles every 18 months according to Moore’s law, not as fast as the former. It is true that the parallel process1204

ing, multicast and caching techniques can help to a certain extent, but not to the extent as to solve the problem. Economically, the current Internet charging model does not consider the bandwidth actually consumed and the distance involved. Usually, soon after an Internet service provider (ISP) upgrades the bandwidth, it is filled up without a corresponding increase in revenue. Therefore, the ISPs often lack motivation to upgrade the infrastructure. A recent study even predicts that consumer and corporate use of the Internet could overload the current capacity and lead to brown-outs in two years unless backbone providers invest billions of dollars in new infrastructure[14] . (2) 20% of the users consume more than 80% of the bandwidth. Since Internet users are usually not charged in proportion to their consumption of the bandwidth, it appears rational for individuals to consume bandwidth greedily and this phenomenon results in very different bandwidth consumption patterns for different users[15] . Previous studies show that 20% of the users consume more than 80% of the bandwidth and the distribution of the bandwidth consumed vs. different users follows the power law[16] . Our data also supports this conclusion: the distribution of the throughput vs. address pair follows the power law as shown in Figure 1(a). (We have deployed netflow collectors (sampling rate of 1/128) in 38 Pops of the CERNET backbone since 2003. We calculate the traffic statistics in every 15–30 min. We sort data according to the throughput of individual address pairs and plot the histogram in log-log scale. A sample data in one of the Pops is shown in Figure 1(a)). (3) The user’s session arrival process is Poisson. Previous studies show that although Internet traffic is marked by long tail and fractal phenomena, the session arrival process is Poisson[16] . This means that the individual user’s session is a time series and it is similar to the user’s session of traditional telephone system. Our data of the heavy users also supports this conclusion: the throughput of sample address pairs in Figure 1(b) has “On” and “Off ” points, representing the session arrival process and the service over process, respectively. (We use the same data in Figure 1(a) and sort them according to the throughput of individual address

LI X et al. Sci China Ser F-Inf Sci | Jul. 2009 | vol. 52 | no. 7 | 1203-1216

Figure 1

CERNET sample netflow data. (a) Throughput distribution (log-log scale) for different address pairs (sample data collected

at 2008-02-23, 20:50:00); (b) top session records of different address pairs (more than one month data, collected from 2008-01-23 to 2008-02-23).

pairs and then we analyze the historical records for the top 50 address pairs and show the top 3 address pairs in Figure 1(b)).

3 Missing links in the current Internet architecture The basic principles of the current Internet are connectionless, end-to-end and best effort[17] . Taking into account the three fundamental features described above and these basic principles of the Internet, we have found the following missing links in the current Internet architecture. • No distinction among users. As mentioned earlier, 20% of the Internet users (heavy users) consume more than 80% of the bandwidth. The lack of adequate forwarding-differentiation and chargingdifferentiation for different services in today’s Internet stimulate greedy bandwidth consumption among some users and cause network congestion and bad QoS for all users. In addition, the method of flat-rate charging implies that 80% of the users (ordinary users) are paying for the extra bandwidth consumed by the 20% heavy users, which is not fair. • No well-defined bandwidth reservation. Due to the feature of scarce bandwidth and the best effort principle, bandwidth reservation is required to get QoS. Although the current QoS solutions such as InterServ and DiffServ reserve bandwidth based on

flow and class, respectively, these techniques have their drawbacks, such as not being scalable (the flow-based method means non-minimum state) and not being trustable (the class-based method has no way to prevent dishonest users from setting a higher class label). It is clear that we need a better base for bandwidth reservation in order to manage the scarce bandwidth. • No network admission control. Because of the existence of the end-to-end principle, many admission control functions (i.e. authentication control, sending control and congestion control, etc.) are implemented in the end systems and there is no network admission control in the current Internet[12,13] . The end-to-end principle has its advantages (e.g. scalability), but also leads to serious network security and QoS problems. First, without network authentication control, the public key infrastructure (PKI) has to be implemented for the massive number of end systems in the largescale/cross-domain environment, which is a very difficult task. Second, without network sending control, malicious users can send deny-of-service (DoS) attacks. Third, without network congestion control, many UDP-based applications, which do not have end-system congestion control, may congest the network and result in bad QoS. Therefore, in addition to the existing end-to-end principle, the network admission control should be implemented when necessary, which is feasible due to the Poisson


1205

distribution of the user’s session arrival process.

4 Concept of address switching Given the scarce bandwidth and power law distribution, we try to reform the Internet traffic through differentiating VIP heavy users from nonVIP heavy users. The VIP heavy users are those who need to run mission critical applications and can pay a higher price for it. Accordingly, we define VIP services, which can provide the end-to-end high throughput connectivity on a specific scope with QoS guarantee. The non-VIP heavy users, on the other hand, are those who do not pay for the VIP services. Then we define non-VIP services, which can only provide limited-throughput best-effort connectivity for the ordinary users. In this way, the non-VIP heavy users are not allowed to consume large bandwidth, while those ordinary users who require QoS may upgrade themselves into the VIP category with due payment for their mission-critical applications. After the reformation, the original implicit divide between heavy users and ordinary users is replaced by the explicit distinction between VIP users and non-VIP users. Because of the power law distribution, the number of VIP users is very small compared with the number of non-VIP users. Therefore, we can keep the basic Internet infrastructure unchanged for massive number of non-VIP users and provide additional VIP service for a relatively small number of VIP users. The differentiation of users supplies the first missing link. Since the address (its format and its allocation/assignment policies) is the primary invariant of today’s Internet[18] , we rearrange address space and allocate VIP addresses and non-VIP addresses to VIP services and non-VIP services, respectively. In this way, every user gets a non-VIP address for the best-effort, universal connectivity same as today’s Internet, while the VIP user may also get a VIP address for a VIP service at a given time slot. Furthermore, we reserve bandwidth for the VIP addresses and rate-limit the maximum throughput per session for non-VIP addresses. (The commercial rate-limiting products can be used. We have also developed a method called “ranked flow queu1206

ing” which is a minimum-state algorithm for ratelimiting the maximum throughput per session.) This is to say that we choose address as the base for the bandwidth reservation and this definition supplies the second missing link. We then implement network admission control for the VIP services. Given the Poisson distribution (the user’s requirement for the VIP application is time varying), a VIP address can be assigned by network to a VIP user via request and through authentication procedure. If this VIP address is released by the VIP user after the use, it can be reassigned to another VIP user in a different location and at a different time. The corresponding bandwidth reserved for this VIP address is for the exclusive use of the VIP user who gets the address in a specific time slot. Therefore, the congestion can be avoided and the QoS can be guaranteed. This is to say that the VIP address is assigned to a specific service, not to a specific location, while in the current Internet an address is assigned to a specific location, not to a specific service. In addition, network admission control can play the functions of authentication control and sending control, which can pave the way for improving the network security. This kind of network admission control supplies the third missing link. Based on the above concept, we propose pricing the VIP service according to the product of bandwidth reserved and the service time when the user holds the VIP address, while the price of the non-VIP service is still flat rate same as today’s Internet. This can form a fairer charging model. The above method can significantly reform the architecture and the traffic of the Internet as shown in Figure 2. Because addresses are differentiated into VIP and non-VIP portions and VIP addresses are dynamically assigned to different VIP users, we call our solution “address switching” (ASW).

5 Address-switching building blocks and workflow The address switching can be implemented by adding new building blocks in the current Internet infrastructure. The new building blocks are address-switching softswitch and address-switching


network admission control gateways. The addressswitching architecture and the workflow are shown in Figure 3.

Figure 2 Reorganizing the users, redefining the service and reforming the traffic via address switching. (a) In the current Internet, both heavy users and ordinary users are charged based on flat rate. The charging-model is not fair and leads to greedy consumption, which results in bad QoS due to the scarce bandwidth. (b) The address-switching scheme differentiates the users and reforms the traffic. The VIP users are charged according to the bandwidth reserved and the service time and they can get highthroughput and good QoS. The non-VIP users are still charged based on flat-rate and they only have universal access, limited bandwidth and best effort service. It is a fairer model.

Figure 3 Address-switching architecture and the workflow. (a) Intra-AS pre-configuration (bandwidth reservation for the VIP addresses and rate-limiting for the non-VIP addresses); (b) InterAS pre-configuration (path selection and bandwidth reservation for the VIP addresses and rate-limiting for the non-VIP addresses); (c) ASW end system sends a request to ASW softswitch via a non-VIP address; (d) ASW softswitch processes the request. If the request is permitted, the ASW softswitch informs the ASW network admission control gateway to active the VIP address (call setup) and updates the address, user and accounting databases; (e) ASW network admission control gateway redistributes the corresponding route inside the autonomous system; (f) ASW end system gets the VIP address and starts to run the VIP application (when it is done, the call-tear-down process is similar to the above call-setup process).

5.1 Internet infrastructure with preconfiguration In the address-switching scheme, while the existing Internet infrastructure and the protocols remain unchanged, it is necessary to pre-configure routers in three steps. First, inside the autonomous system, the rate-limiting for the non-VIP addresses and the bandwidth reservation for VIP addresses are implemented, so the non-VIP addresses cannot consume large bandwidth and the VIP addresses have enough bandwidth to guarantee the QoS[12,13] . Note that the bandwidth reservation is implemented for a block of addresses, so the configuration can be done in an aggregated fashion. Second, for the inter-domain case, the BGP path and the corresponding bandwidth reservation for the specific VIP services are set up, so the interdomain QoS can be guaranteed. Third, the iBGP neighbors between the iBGP router reflector and the address-switching network admission control gateways are set up, so the routes of the dynamically assigned VIP address can be redistributed in the packet traveling path[19] . 5.2

Address-switching softswitch

The address-switching softswitch consists of the VIP address management system, the VIP user authentication system, the bandwidth utilization monitoring system and the user accounting system. The admission control is executed in the addressswitching softswitch. The address-switching softswitch communicates with address-switching end systems via user-network interface (UNI) signaling and address-switching network admission control gateways via network-network interface (NNI) signaling, respectively. In our current implementation, we use web service for the UNI and secure shell (ssh) plus command line interface (CLI) for the NNI, respectively. 5.3 Address-switching network admission control gateway The network admission control gateway is a special router in the VIP end-user’s subnet, which has not only the routing and rate-limiting functions, but also the NNI signaling function. These functions make the following three steps possible. First,


1207

the address-switching network admission control gateway can be pre-configured to peer with the iBGP router reflector in the autonomous system, thus being able to redistribute the routes of the dynamically assigned VIP address when it is activated. Secondly, the network admission control gateway can rate-limit the pre-defined throughput of individual VIP session in the interface connecting to the VIP user’s subnet in order to fairly share the bandwidth reserved for the concurrent VIP application sessions in the same VIP address block. Thirdly, the address-switching network admission control gateway can be controlled by the address-switching softswitch via NNI signaling to activate/deactivate the VIP address. 5.4

Address switching end system

The address-switching end system is a modified version of an Internet end system for the VIP user with three features. First, it has a permanent nonVIP address for universal connectivity. Secondly, it has UNI signaling function to communicate with the address-switching softswitch. Thirdly, it can handle multiple addresses, i.e. the applications in the end system can select a specific address for a specific application.

6 Characteristics of address switching The non-VIP service of the address-switching scheme is based on the protocols and infrastructure of today’s Internet. However, the VIP service has unique characteristics involving routing, bandwidth reservation, network admission control and pricing. • Routing. The address switching uses the existing routing protocols, but the VIP addresses are dynamically assigned to different locations and their routes are redistributed accordingly. This involves three related aspects. First, inside the autonomous system, the VIP addresses are truncated into Address Units (AU ). An AU with the prefix length (P AU ) is the minimum-routable subnet which is assigned to a specific service. The border gateway protocol (BGP) can be configured to redistribute the route of a VIP AU in the autonomous system. In this case, iBGP (interior-BGP) router 1208

reflector or eBGP (exterior-BGP) multihop can be used[19] . Secondly, if the VIP applications are in the inter-autonomous system scope, the eBGP peering is also required between the neighbors. If there are N concurrent sessions, the actual peering prefix length of the VIP address block (P ) should be (1) P = min(P IR, P AU − ceil(log2 N )), where function ceil() rounds the variable to the next integer, function min() takes the minimum value of the variables and P IR is the longest peering prefix length according to the inter-domain routing policy. The AU s are aggregated with prefix length P and statically announced to the specific neighbor(s) based on the selected optimal path(s). Thirdly, address switching can be incrementally deployed either on one end or on both ends. Based on the Internet routing and forwarding schemes, the VIP address announced to the BGP neighbors determines the inbound traffic. Therefore, the autonomous system which deploys address switching can obtain good inbound communication (download) quality. Whether there is a need to deploy address switching on the other end or not is entirely determined by the inbound communication (download) quality on that end. • Bandwidth reservation. As for the reservation of the bandwidth for the VIP addresses, the total reserved bandwidth (BW ) of the specific application should be N × AU BW BW = , (2) ρ where N is the number of concurrent specific VIP application sessions, AU BW is the required bandwidth per address unit for the specific VIP application, and ρ is the over-subscription ratio. Since the value of ρ affects the packet queuing process in the buffer of the router interface, we call this process micro queuing. The bandwidth (BW ) should be reserved for the VIP address block with the prefix length P inside the autonomous system under the worst case scenario and in the selected path between autonomous systems. • Network admission control. The authentication control and sending control are executed via the dynamic assignment of a VIP address unit


(VIP AU ). As for the congestion control of network admission under bandwidth reservation, if the number of requested VIP applications at a specific time amounts to N with reserved bandwidth (BW ), no more VIP AU s will be assigned and the requests will be denied. This scheme ensures QoS for existing VIP applications. Based on the feature of Poisson distribution, the corresponding blocking ratio can be calculated by the Erlang loss formula E [20] . aN /N ! E(a, N ) = PN (3) i 0 a /i! where a is the traffic volume in Erlang. Since the value of a affects the session queuing process under network admission control, we call this process macro queuing. • Pricing. Since the cost of providing a specific VIP service is proportional to the product of the bandwidth reserved and the service time. We define the charging model as fee = λ × bandwidth × time,

(4)

where λ is a weighting factor providing the service in a specific scope (intra autonomous system or a specific path between the autonomous systems).

7 Analysis of address switching There are two types of queuing process in the address-switching scheme, namely, the micro queuing and macro queuing. The micro queuing, which is related to the theory of packet-switching, is a buffering process carried out in the routers inside the autonomous system and on the borders between the autonomous systems. On the other hand, the macro queuing, which is related to the theory of the circuit-switching, is a network admission control process carried out in the addressswitching softswitch. The combination of the two processes provides the foundation for the QoS guarantee in the address-switching scheme. There are several parameters related to the two queuing processes, i.e., the required bandwidth for the specific application (AU BW ), the oversubscription ratio (ρ), the traffic volume (a), the blocking ratio (E), and the number of concurrent application sessions (N ). In addition, there are

the following routing-related parameters: the prefix length of the minimum-routable address subnet (P AU ) and the longest peering prefix length (P IR). Finally, there is the pricing-related parameter: the weighting factor (λ). We use the digital video transmission system (DVTS)[21] as an example to discuss the parameters of the addressswitching scheme. (1) We have designed an address-switching system to support DVTS application between our network (network A) and network B in IPv4 environment. In this case, AU BW =30 Mbps and P AU =30 bits. The longest peering prefix length between network A and network B is P IR=24. In addition, if the DVTS traffic volume per VIP user is 2 h per week and there are potentially 100 DVTS users in network A, the total traffic volume in Erlang will be a=100×2/(7×24)=1.19. (2) If the required blocking ratio (E) is less than or equal to 9%, then N =3 (the number of concurrent DVTS sessions in the link connecting network A and network B). Based on eq. (1), P =min(24, 28)=24, this should be the actual peering prefix length that our border router announced to network B via BGP. (3) If we require 0% packet loss between network A and network B, we should select ρ 61. If ρ=1, we can get BW =90 Mbps based on eq. (2). Therefore, 90 Mbps should be reserved in network A and in the link between network A and network B. Similar to traditional telephone network, based on the cost of the 90 Mbps link, the weighting factor of pricing (λ) can be decided. (4) We may choose ρ ≪ 1 to get a better performance. For example, if we choose ρ=0.1, for N =3, the reserved bandwidth will be 900 Mbps, in which case, the probability of the instant throughput exceeding 900 Mbps will be very small. We can therefore configure routers with smaller buffer size for the VIP addresses in order to minimize jitter, which is an important parameter of QoS for real time applications. Since there are more bandwidth reserved in the link between network A and network B, the weighting factor of pricing (λ) should be greater than that in the case when ρ=1. (5) We may choose ρ > 1 to reduce required


1209

bandwidth. For example, if we choose ρ=1.5, for N =3, the reserved bandwidth will be BW =60 Mbps, which is smaller than 90 Mbps and we have to accommodate “not-so-good QoS” sometimes. In this case, the blocking ratio E(1.19, 3)= 9%, the ratio of good QoS service 1 − E(1.19, 2)=75.7%, and the ratio of “not-so-good QoS” is 100%−9%−75.7%=15%. Since there are less bandwidth reserved in the link between network A and network B, the weighting factor of pricing (λ) should be smaller than that in the case when ρ=1. Table 1 summarizes the queuing issues of the address-switching scheme discussed above.

8 Experimental evaluation and the deployment on large-scale networks The concept of address switching with manual configuration called user controlled network provisioning (UCNP) has been deployed in the CERNET backbone and tested between CERNET and other networks (TEIN2 and Internet2) for the past two years with great success. Recently, the evaluation and deployment of the address-switching scheme has been carried out in CERNET and TEIN2[22,23] . The CERNET, TEIN2 and the test topologies are shown in Figure 4. In this test example, the VIP application is DVTS (AU BW =30 Mbps). The address-switching scheme is deployed in CERNET with a single address-switching administrative domain consisting of one address-switching softswitch, one iBGP route reflector and two address-switching network Table 1

admission control gateways in different sites in Beijing. The traffic throughput of non-VIP addresses is rate-limited to 10 Mbps, which is less than 30 Mbps and will result in bad DVTS video quality. The number of concurrent VIP session is N =1. For IPv4, the minimum-routable prefix length P AU =30 and the selected AU is 202.38.112.64/30. According to the peering policy between CERNET and TEIN2, the longest peering prefix length P IR=24, so P =24 and the selected VIP address block is 202.38.112.0/24. We selected the over-subscription ratio ρ=0.75, so the reserved VIP bandwidth BW =40 Mbps, which is greater than 30 Mbps and good QoS is expected. The sender is at TEIN2 Southern Pop in Singapore (202.179.252.102). The receivers are at Beijing (two different sites). CERNET is only announcing 202.38.112.0/24 to TEIN2 via BGP peering, so the other transit autonomous systems will not be affected and will not be the best path for the traffic from TEIN2 to CERNET. We have evaluated the routing status in the iBGP route reflector, the number of additional prefixes introduced in the CERNET routers (intra autonomous system), the number of prefix announced from CERNET to TEIN2, the corresponding next-hop of the VIP address and the video quality. There are three experimental cases. In the first case, the VIP address unit (202.38.112.64/30) is not assigned to any user. In the second case, we assign this VIP address to the VIP user A via iBGP next hop address 202.112.35.34 and in the third case, we assign this VIP address to the VIP user B via iBGP next-hop address 202.38.97.253.

Types of queuing Micro queuing

ρ≪1

ρ61

ρK > ρ > 1

1210

Macro queuing

Bandwidth reservation

Buffer size

Jitter

Request i < K

Request K < i < N

Request i > N

Best

Less important

Small (if choose

No blocking,

No blocking,

Blocking

small buffer size)

good QoS

good QoS

Medium (buffer size

No blocking,

No blocking,

cannot be small)

good QoS

good QoS

Large (buffer

No blocking,

No blocking,

size cannot be small)

good QoS

Not-so-good QoS

Fair

Important

Over-subscription

Important


Blocking

Blocking

Figure 4

Experimental evaluation in large-scale network. The users in site A and site B receiving DVTS stream from server in Sing-

apore via TEIN2 and CERNET. (a) First case: A user in site A uses non-VIP address; (b) second case: The same user in site A uses the VIP address (202.38.112.66) in a specific time slot; (c) third case: Another user in site B uses the same VIP address (202.38.112.66) in a different time slot.

From the above test, we can draw the following conclusions. First, the address switching is a workable scheme and it can be implemented in the current Internet infrastructure by adding address-switching softswitch and address-switching network admission control gateways. Secondly, although the experiment presented here only involves one VIP session and 2 VIP sites, it can be easily extended to more than thousands of VIP sessions, since today’s backbone router can handle 100K+ routing entries and frequent (several per second on average and thousands per second in the peak) BGP updates. In addition, the number of VIP sites can also be extended, since there can be multiple address-switching administrative domains consisting of multiple iBGP route reflectors and multiple address-switching softswitches to handle a huge number of address-switching network admission control gateways. Furthermore, the bandwidth reservation for the VIP addresses is configured in an aggregated fashion, so each VIP address block for the specific VIP service will be only a single

entry in the service-class configuration in the backbone and border routers. Therefore, the addressswitching scheme is scalable. Thirdly, the experimental data indicate that the dynamic assignment inside autonomous system does not change the number and dynamics of the prefix information announced to the neighbors due to aggregation. Therefore, it is not only scalable, but also can be incrementally deployed. Finally, the end-to-end QoS can be provided using dynamically-assigned VIP addresses and results in good DVTS video quality.

9 Technical switching

advantages

of

address

Address switching has advantages over circuit switching, packet switching and virtual circuit switching. In Table 2, we compare, among these four switching technologies, the basic features (type of connection, bandwidth flexibility, number of states and the switching/routing dynamics), the


1211

features related to the missing links (user differentiation, bandwidth reservation and network admission control) and the business models (service type and charging scheme). Since the address-switching scheme contains both VIP addresses (unique to address switching) and non-VIP addresses (the same as datagram-based packet switching), we list the features associated with VIP addresses under “address switching” and the features associated with non-VIP addresses under “packet switching”, respectively. The circuit switching can ensure the QoS, but it does not have bandwidth flexibility. The packet switching is very flexible, but cannot guarantee the QoS. Virtual circuit switching is an attempt to take both advantages of packet switching and circuit switching, but it involves the loss of scalability (non-minimum state)[24] . The address switching has the advantages of both circuit switching and packet switching while still retaining the minimum state. (1) The address switching provides a new perspective for studying the relationship among addressing, routing and forwarding. In the current Internet, routing is directly based on addressing, forwarding is directly based on routing and there is no direct relationship between forwarding and addressing. In the address-switching scheme, we separate routing from addressing by separating the non-VIP address (locator) from the VIP address (identifier). Meanwhile, we partially separate Table 2

forwarding from routing by adding a “dynamicrouting-layer” for the dynamic assignment of the VIP addresses on top of the conventional routing and forwarding layer. The address switching also makes the forwarding directly based on addressing via well-defined bandwidth reservation for the packet forwarding of the VIP addresses under network admission control. (2) Address switching can solve the QoS problem. As mentioned earlier, the bandwidth reservation (reserving enough bandwidth for the specific application) and network admission control (ensuring the guaranteed exclusive use of the reserved bandwidth) are crucial for providing QoS. The address-switching scheme has these functions, while it maintains the scalability and it can be incrementally deployed. (3) Address switching can enhance network security. Through address switching, we can set up different network security levels for VIP users and non-VIP users via different addresses. The VIPs can have better network security and privacy provided by the ISPs. Moreover, the address switching can prevent DDoS attacks, since rate-limiting is implemented for the non-VIP addresses and authentication is enabled for the VIP addresses via network admission control, both of which cannot be the DDoS sources. In addition, if the ISPs which deploy address switching form a trusted federation, the trust credits of the VIP users can rely on their

Comparison of the switching technologies Address-switching scheme Circuit switching

Virtual circuit switching Address switching (VIP) Packet switching (non-VIP)

Type of connection

Connection oriented

Connection oriented

Connectionless

Connectionless

No

Yes

Yes

Yes

Not minimum

Not minimum

Close to minimum

Minimum

Dynamic

Dynamic

Dynamic

Static

No

Yes

Yes

No

Bandwidth reservation per

Circuit

Virtual circuit

Address unit (AU)

Not defined

Network admission control

Yes

Yes

Yes

No

Service type

QoS

CBR: QoS

QoS

Best effort

Time based

Time based

λ×bandwidth ×time

Flat-rate

Bandwidth flexibility Number of states Switching/routing dynamics User differentiation

Charging scheme

1212


ISPs, not a global PKI. For example, the emails sent by a mail server with the VIP address of a trusted ISP can be marked as non-SPAMs, while the emails sent by a mail server with non-VIP address are not trusted and likely to be SPAMs. (4) Address switching is scalable. Since address switching is based on connectionless packet switching, it is scalable. The scalability is further guaranteed for the following reasons. First, as address switching is deployed inside the autonomous system, it will not increase the size of the global routing table. Secondly, due to the power law distribution, the number of the additional prefixes introduced by the address-switching scheme for the VIP services in intra autonomous system is limited and can be controlled by setting up a suitable VIP/nonVIP bandwidth threshold. Thirdly, because of the address aggregation, only the aggregated VIP address blocks are announced to the corresponding BGP peers, so the number of the additional prefixes is also limited in the peers’ routing table. In addition, address switching can improve routing scalability. The explosion of the global routing table is mainly due to multi-homing and traffic engineering. Since address switching provides QoS, it can reduce the effort of traffic engineering, thereby reducing the size of the global routing table. Furthermore, the method of dynamic address assignment introduced by address switching can be used for address renumbering, hence the aggregation can be improved and the size of the global routing table may be reduced. For the same reasons, the global routing stability will not be affected or can even be improved. (5) Address switching can improve multicast. Network layer multicast is an efficient way to facilitate one point (or multipoint) to multipoint communications[25] . However, multicast has scalability, security, manageability and business model problems. We have found that the sender control and receiver control are the key factors for solving the multicast problems. Based on the addressswitching scheme, if the ISPs configure the network in such a way that only the specific VIP addresses can send packets to the multicast group, the sender control can be achieved. In addition, with the mod-

ification of the router/switch, if the ISPs configure the network in such a way that only the specific VIP addresses can send join message for a specific multicast group, the receiver control can also be achieved. (6) Address switching can provide intra-domain wireless mobility service. The dynamic property of the address switching and the locator/identifier separation make it possible to provide mobility service[26] in the intra-domain wireless mobile network. This is to say that the VIP addresses can be assigned to the mobile users dynamically via address-switching network admission control gateway built-in in the access points. The mobile host can get a non-VIP address from the closest wireless access point as the locator and use the locator to contact softswitch to apply for a VIP address as the identifier for the application. When the mobile host moves to a different location, the locator will be changed, but the identifier will remain the same via the address-switching scheme. Another benefit is that by adjusting the prefix length of the address unit, the host mobility and the network mobility can be unified. (7) Address switching can help to carry out address family transition and address trading. It is predicated that the free pool of the IPv4 addresses will be empty in the next few years. To solve this problem, there have appeared dual stack and IPv4+NAT approaches. The address-switching scheme can help in both cases. For the dualstack approach, the IPv6 addresses can be treated as the locator (non-VIP addresses) and IPv4 addresses can be treated as the identifier (VIP addresses). For the IPv4+NAT approach, the private IPv4 addresses (for example 10.0.0.0/8) can be treated as the locator (non-VIP addresses) and global routable IPv4 addresses can be treated as the identifier (VIP addresses). Since the addressswitching scheme can dynamically assign IPv4 addresses as the identifier through authentication procedure, it can achieve high usage efficiency of the globally routable IPv4 addresses and improve the routing security. In addition, due to the dynamical assignment and possible reallocation of VIP addresses with authentication control, we be-


1213

lieve that this scheme can also be used for the IPv4 address trading if it happens someday. As for IPv6, since it has a much larger number of addresses, applying the address-switching scheme to IPv6 can help differentiate many types of services based on different addresses. (8) The address switching can provide multipleclass Internet service. The address switching provides a practical solution and general framework for multiple-class Internet. As described in the previous section, by adjusting the parameters of N , E, ρ and the BGP path between autonomous systems for different address blocks controlled by ISP, different types of services ranking from best-effort to moderate QoS, and then to supreme QoS with different service fees can be provided. The addressswitching scheme can therefore cover a broad range of services. Meanwhile, on a wider scale concerning multiple address-switching administrative domains, by selecting the management scope of the address-switching softswitch and shifting the location of the address-switching network admission control gateway (deployed in campus scope or backbone scope, etc.), the address-switching scheme can be further extended. For example, the services provided by user controlled light-path (UCLP) and dialup VPN can be included in the address-switching scheme[27,28] . In terms of the UCLP, ρ < 1, its management system can be viewed as a softswitch in the address-switching scheme and the path is dedicated in the interautonomous system scope. Although its circuitswitching nature makes it not scalable and expensive, it is suitable for a small number of extremely large throughput applications. As regards the dialup VPN, ρ is not defined and the VPN server can be viewed as an address-switching network admission control gateway, which connects the subnet of the end system via tunnel. It is thus suitable for small-throughput secure communication with best effort service. In this way, we can define multiple address blocks corresponding to different services with different charges. Therefore, the address-switching scheme can help Internet to provide multiple-class services, just as the airline business (providing

1214

first-class, business-class and economical-class services) and hotel business (ranging from five-star to one-star with different kinds of service), etc. This can not only improve the services of the Internet, but also make the Internet business more sustainable.

10 Benefits for the scientific research communities The scientific research communities, especially those of high energy physics, radio astronomy and bio-science, have been asking for advanced global networking services for the past 10 years or so. The service requirements are low latency, very high throughput global connectivity with end-toend QoS guarantee and low cost. Several advanced academic networks have been deployed in trying to meet these requirements[11,22] . The major challenge is that based on the current Internet architecture, the networking service is “per-institution”, not “per-service”, which therefore cannot guarantee end-to-end QoS. For example, the mission critical application running between two institutes, which is connected via an advanced academic network, may be interfered by ordinary users (students) playing bandwidth-hungry games. The address-switching scheme can solve this problem for the following two reasons. First, it can provide a convenient way for the peering settlements among advanced academic networks for the specific VIP address blocks (not for all the prefixes in the autonomous system), and the end-to-end QoS of the VIP address block can be guaranteed. Secondly, it can assign the VIP addresses to the VIP users in any locations of a well-connected institute and better reachability can be achieved. Therefore, the address-switching scheme forms a flexible, easily-reachable, scalable and convenient way to provide high throughput dedicated layer-3 “perservice” path with QoS guarantee for the scientific research communities.

11 Economical and social impacts The address-switching scheme can improve the


Internet business. We have shown that the bandwidth is a scarce resource and the current Internet architecture cannot effectively manage the bandwidth. The address switching has the advantages of being able to differentiate the VIP users from the non-VIP users and to set up a workable scheme for fairly pricing the different services based on the corresponding bandwidth consumption. We believe this will be a big step in helping the Internet to change from a “sharing economy (flat-rate, everyone sharing the bandwidth)” to a market-driven economy (you pay for what you get). This effectively solves the problem of greedy consumption. In this way, the current Internet business can be improved and new businesses can be established. For example, • Improving ISP business. As the ISP business model can be divided into the non-VIP services and VIP services through address switching, a VIP user can select a desirable VIP service (e.g. for business-grade video conferencing) with QoS guarantee. Since the VIP users pay more for better services they require, the ISPs can get more revenue and therefore will have stronger motivation for upgrading the infrastructure. As for the non-VIP users, they can enjoy the flat-rate and best-effort service with better performance, because the VIP portion of the heavy users will request for the VIP service and the non-VIP portion of the heavy users cannot exceed the predefined throughput threshold, therefore the bandwidth for the non-VIP users will be less congested. • Improving peering business. Through address switching, the transit and peering can be used in a differentiating way. While the transit and peering configuration for non-VIP addresses remains unchanged, the new peering configuration can be done for VIP addresses in the addressswitching scheme. As a result, while the nonVIP users can have the same universal connectivity with best effort service, the VIP users can gain inter-autonomous system QoS via bilateral peering for the VIP services with corresponding charges, which can lead to more revenue for the ISPs. Significantly, this can also form a better peering-settlement model, since the records in the

address-switching softswitches between two peering ISPs can be used for the fee settlement, similar to the settlement model in traditional phone system. • Improving ICP business. In the current Internet content provider (ICP) business, the ISP is not in the service loop between the users and the ICP. In the address-switching scheme, by contrast, the users can have better QoS when using the VIP addresses assigned by ISP. In this way, the ICP can get service fee by providing the content via the network admission control provided by the ISP. The ISP is now in the service loop and can get the shares by providing the VIP services. • Creating security and insurance services. The address-switching scheme can create security and insurance services. Based on the network admission control and the dynamic assignment of the VIP addresses, the certificate service, the trust service, the security service, the broker service and the anonymity service can be provided by the ISP or jointly by the ISP and a third party. • Creating emergency service. The emergency service can be set up based on the addressswitching scheme. In this case, a special address block can be configured either in a wired or a wireless environment, which does not need the authentication control and can only reach the police station in case of emergency. • Policy and regulation impact of address switching. The address-switching scheme may also exert impact on the regulation policy. As regards the issue of net neutrality[29] , since the address-switching scheme enables ISPs to have a fairer pricing model by discriminating address-based bandwidth consumption, there is no need for them to discriminate Internet users and content.

12 Conclusion In summary, the address-switching scheme can greatly improve today’s Internet. Beyond this, there are a number of new research directions that can be explored. Due to the lack of space, we only briefly list here a few directions: the further study of the combined queuing theory for micro-queuing


1215

and macro-queuing; the optimization of the bandwidth reservation; the standardization of the signaling protocols; the implementations of the multicast, mobility and transitions based on addressswitching scheme; new services and new business models, etc. Given the advantages of the addressswitching scheme, we believe that if this scheme is

widely adopted in the Internet, it will solve major challenges, provide a more efficient and flexible network environment for the scientific research communities and leads to notable economical gains for the commodity Internet, which can help the Internet to become a better and more sustainable information infrastructure.

1 Clark D, Wroclawski J, Sollins K, et al. Tussle in cyberspace: defining tomorrow’s Internet. In: SIGCOMM’02, August 1923, Pittsburgh, PA, USA, 2002 2 Kuhne M. Plenary Report, IETF68, May 2007, Volume 2, Issue 1 3 Bernet Y. The complementary roles of RSVP and differentiated services in the full-service QOS network. IEEE Commun Mag, 2000, 38(2): 154–162 4 Stallings W. Network Security Essentials: Applications and Standards. 3rd ed. Upper Saddle River, NJ: Prentice Hall, Inc., 2007 5 IETF Homepage: http://www.ietf.org/ 6 FIND Project Homepage: http://www.find.org 7 GENI Homepage: http://www.geni.org 8 GLIF Homepage: http://www.glif.is/ 9 ITU Homepage: http://www.itu.int/ 10 CERNET Homepage: http://www.edu.cn/english 1369/index. shtml 11 Li X, Bao C X. Support for the high-performance video (DVTS) collaboration. In: Spring 2007 Internet2 Member Meeting, http://events.internet2.edu/2007/springmm/sessionDetails.cfm?session=3175&event=267 12 Comer D E. Internetworking with TCP/IP: Principles, Protocols, and Architecture. Upper Saddle River, NJ: Prentice Hall, Inc., 2006 13 Shenker S. Fundamental design issues for the future Internet. IEEE J Select Areas Commun, 1995, 13(7): 1176–1188 14 Gross G. Study: Internet could run out of capacity in two years. IDG News Service 20/11/2007. http://www.macworld. com/news/2007/11/19/internetcapacity/index.php 15 Bernardo A, Huberman B, Lukose, R M. Social dilemmas and Internet congestion. Science, 1997, 277(5325): 535–537 16 Williamson C. Internet traffic measurement. IEEE Internet Comput, 2001, 5: 70–74

17 Blumenthal M S, Clark D D. Rethinking the design of the Internet: the end-to-end arguments vs. the brave new world. ACM Trans Internet Tech (TOIT), 2001, 1(1): 70–109 18 Ahlgren B, Brunner M, Eggert L, et al. Invariants——A new design methodology for network architectures. In: SIGCOMM’04 Workshops, Portland, OR, USA, Aug. 30-Sept. 3, 2004. 65–70 19 Halabi S, McPerson D. The Definitive BGP Guide, Internet Routing Architecture. 2nd ed. Indianapolis: Cisco Press, 2000 20 Robert J W. Traffic theory and the Internet. IEEE Commun Mag, 2001, 39(1): 94–99 21 DVTS system, http://www.sfc.wide.ad.jp/DVTS/ 22 TEIN2 Homepage: http://www.tein2.net 23 Bao C X, Li X, Jiang J P. Scalable application-specific measurement framework for high performance network video. ACM NOSSDAV 2007. http://www.nossdav.org/2007/files/ file-29-session5-paper3-bao.pdf 24 Antonov V. ATM: Another technological mirage or why ATM is not the solution, fat state vs lean state packet switching. http://www.academ.com/nanog/feb1998/parallel/ip vs atm/ state.html 25 Ratnasamy S, Ermolinskiy A, Shenker A. Revisiting IP multicast. In: Proceedings of SIGCOMM’06. New York: ACM, 2006. 15–26 26 Solomon J D. Mobile IP——The Internet unplugged. In: Prentice Hall Series in Computer Networking and Distributed Systems. Upper Saddle River, NJ: Prentice Hall, Inc., 1998 27 UCLP Homepage: http://www.uclp.ca/ 28 Cohen R. On the establishment of an access VPN in broadband access networks. Commun Mag, 2003, 41(2): 156— 163 29 Crowcroft J. Net neutrality: the technical side of the debate: a white paper. ACM SIGCOMM Comput Commun Review Archive, 2007, 37(1): 49–56

1216
