Perhaps I Was Right, Long Ago

Source: Computer History Museum

We are running out of addresses for the current version of the Internet Protocol, IPv4.  That protocol allows us to have 2^32 devices (about 4 billion systems minus the overhead used to aggregate devices into networks) connected to the network simultaneously, plus whatever other systems are connected via network address translators (NATs).  In practical terms it means that the United States, Europe, and certain other countries have been able to all but saturate their markets with the Internet while developing countries have been left out in the cold.

Long ago we recognized that we would eventually run out of IP addresses.  The Internet Engineering Task Force (IETF) began discussing this problem as far back as 1990.  The results of those discussions was a standardization that brought us IP version 6.  IPv6 quadrupled the address size so that there is for all practical purposes an infinite amount of space.  The problem is IPv6’s acceptance remains very low.

While IPv6 is deployed in Japan, Korea, and China, its acceptance in the U.S., Europe, and elsewhere has been very poor.  It is not the perfect standard.  ALL it does is create a larger address space.  It does not fix routing scalability problems and it does not make our networks more secure.  No packet format would fix either of those problems.

One of the reasons that IPv6 is not well accepted is that it requires an upgrade to the infrastructure.  Anything that uses an IPv4 address must be taught to use an IPv6 address.  That is an expensive proposition.  IP addresses exist not only in the computer you’re using right now, but in the router that connects your computer, perhaps in your iPhone (if you are a Believer), in power distribution systems, medical systems, your DMV, and in military systems, just to name a few.  Changing all of that is a pain.

Back around 1990, I had posited a different approach.  Within IPv4 there is an address block 240.0.0.0/4 (16 /8 blocks).  What if one could continue to use normal IPv4 address space, but when needed, if the first four bytes of the IPv4 address space contained addresses from that reserved block, one would read the next four bytes as address as well?  View that block, if you will, as an area code, and everyone would have one.  That would mean that you would only need it if you were contacting someone not in your area code.  It would also mean that eventually we would have increased the address space by the size of a factor of 2^28.  That’s a big number, and it probably would have sufficed.

Even after these addresses became prevelant, since devices would only need to use them if they were communicating outside their area code, it would mean they could be upgraded at a much slower pace.

The problem that people had with the idea the time was that the cost to implement this version of variable length addressing would have been high from a performance factor.  Today, routers used fixed length addresses and can parse them very quickly because of that.  But today that is only because they have been optomized for today’s world.  It might have been possible to optomized for this alternate reality, had it come to pass.

Let’s Get Simple

A picture of a mess of wiresIn the summer of 2004 I gave an invited talk at the USENIX Technical Symposium entitled “How Do I Manage All Of This?”  It was a plea to the academics that they ease off of new features and figure out how to manage old ones.  Just about anything can be managed if you spend enough time.  But if you have enough of those things you won’t have enough time.  It’s a simple care and feeding argument.  When you have enough pets you need to be efficient about both.  Computers, applications, and people all require care and feeding.  The more care and feeding, the more chance for a mistake.  And that mistake can be costly.  According to one Yankee Group study in 2003, between thirty and fifty percent of all outages are due to configuration errors.  When asked by a reporter what I believed the answer was to dealing with complexity in the network, I replyed simply, “Don’t introduce complexity in the first place.”

It’s always fun to play with new toys.  New toys sometimes require new network features.  And sometimes those features are worth it.  For instance, the ability to consolidate voice over data has brought a reduction in the amount of required physical infrastructure.  The introduction of wireless has meant an even more drastic reduction.  In those two cases, additional configuration complexity was likely warranted.  In particular you’d want to have some limited amount of quality-of-service capability in your network.

Franciscan friar William of Ockham first articulated a principle in the 14th century that all other things being equal, the simplest solution is the best.  We balance that principle with a quote from Einstein who said, “Everything should be made as simple as possible, but not simpler.”  Over the next year I will attempt to highlight examples of where we have violated both of these statements, because they become visible in the public press.

Until then, ask yourself this: what functionality is running on your computer right now that you neither need nor want?  That very same functionality is a potential vulnerability.   And what tools reduce complexity?  For instance, here is some netstat output:

% netstat -an|more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:2544          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:817           0.0.0.0:*               LISTEN
udp        0      0 0.0.0.0:32768           0.0.0.0:*
udp        0      0 127.0.0.1:53            0.0.0.0:*
udp        0      0 0.0.0.0:69              0.0.0.0:*
udp        0      0 0.0.0.0:111             0.0.0.0:*
udp        0      0 0.0.0.0:631             0.0.0.0:*
udp        0      0 127.0.0.1:123           0.0.0.0:*
udp        0      0 0.0.0.0:123             0.0.0.0:*
udp        0      0 :::32769                :::*
udp        0      0 fe80::219:dbff:fe31:123 :::*
udp        0      0 ::1:123                 :::*
udp        0      0 :::123                  :::*

It’s difficult for an expert all of this stuff.  Heaven help all of us who aren’t experts.  So what do we do?  We end up running more programs to identify what we were running.  In other words?  That’s right.  Additional complexity.  What would have happened if we simply had the name of the program output with that line?  This is what lsof does, and why it is an example of reducing complexity through innovation.  Here’s a sample:

COMMAND     PID    USER   FD   TYPE DEVICE SIZE NODE NAME
xinetd     3837    root    5u  IPv4  10622       TCP *:pop3 (LISTEN)
xinetd     3837    root    8u  IPv4  10623       TCP *:pop3s (LISTEN)
xinetd     3837    root    9u  IPv4  10624       UDP *:tftp
named      3943   named   20u  IPv4  10695       UDP localhost:domain
named      3943   named   21u  IPv4  10696       TCP localhost:domain (LISTEN)
named      3943   named   24u  IPv4  10699       UDP *:filenet-tms
named      3943   named   25u  IPv6  10700       UDP *:filenet-rpc
named      3943   named   26u  IPv4  10701       TCP localhost:953 (LISTEN)
named      3943   named   27u  IPv6  10702       TCP localhost:953 (LISTEN)
ntpd       4026     ntp   16u  IPv4  10928       UDP *:ntp
ntpd       4026     ntp   17u  IPv6  10929       UDP *:ntp
ntpd       4026     ntp   18u  IPv6  10930       UDP localhost:ntp