Theories and Key Technologies for New-generation Internet System

Zhang Hongke,Dong Ping,Yang Dong

(Next Generation Internet Research Center, School of Electronics and Information Engineering, Beijing Jiaotong University, Beijing 100044, China)

Abstract:There exist serious problems in the trustworthiness(security,reliability,controllability and manageability)of the Internet.In order to solve these problems,a new-generation network architecture model,based on the research of the basic theories of new-generation Internet system,is proposed.The solution creates a switching routing model and theory for the new-generation Internet system,and defines the access identifier,generalized switching routing identifier and their mapping principles.It also establishes a pervasive service system architecture and theory,defines the service identifier,connection identifier and their mapping principles.This paper discusses key technologies for the new-generation Internet system,such as access control and management,trusted routing and Quality of Service(QoS),multi-streaming,and network monitoring and management.

W ith the development of science and technology,information has become a great driving force pushing the society forward.The competence in the information field is the mastering and application levelof information network technology,while the competence in the information network field is the creation of new information network system and the research of basic theories.Anew-generation information network will provide pervasive services,including all kinds of voice,data and multimedia services.Therefore,guaranteeing the new-generation information network and services this network provides trustworthy,that is,ensuring activities in the network and the activity results predictable and controllable,becomes an important and urgent research subject.

The current Internet is a scale-free network with power law degree distribution［1］.Such a topology leads to vulnerability to malicious attacks and frauds.Moreover,the Internet routing infrastructure has an assumption that all the network nodes are in a mutually trusted environment,and the routing system only provides best-effort data transfer services.On these accounts,there exist a larger number of security risks in the current Internet such as Address Resolution Protocol(ARP)fraud,resource address fraud,Domain Name Server(DNS)attacks,Distributed Denial of Service(DDoS)attacks caused by route prefix hijacking［2］,massive spamming［3］,and traffic observation［2］.These risks may cause major losses to their victims,including users,networks and services.

It is not difficult to find that the current Internet cannot meet current application demands anymore,but that it is hindering the further development of information networks.Thus,it is necessary to make a breakthrough and a leap-forward progress in the design of a brand-new network architecture in order to solve the serious problems about the trustworthiness in the current Internet.

1 Current Situation and Development Trends of the Research of Trusted System

The concept of trusted system was first proposed by Professor J.P.Anderson at the beginning of 1970s,and most researchers used it to express the availability,integration and confidentiality of information.Later,after the concept began to be used to indicate trusted network services,the traditional Internet has been exposed to a number of problems in its network security,reliability,controllability and manageability.

Therefore,many countries have conducted the research of trusted system in recent years.As early as in 2002,NTTin Japan made a plan to develop its Resonant Network Architecture(RENA)［4］.This plan did progress somehow in manageable Quality of Service(QoS),good security,high reliability,generic mobility and user friendliness.However,as an engineering development plan,it failed to solve the problems in generalmobility,trustworthiness,service convergence,and generic application in the Internet.

The National Science Board(NSB)of the National Science Foundation(NSF)of the USkicked off the famous 100×100 Clean Slate Design Project［5］in 2003.Although the project has given some solutions to QoScontrol and effective network management in the Internet,but it can hardly meet the requirements of pervasive services.

British Telecommunications(BT)launched its 21st Century Network(21CN)program［6］in 2004.The program provides good experience for next-generation network construction from the aspect of engineering.The 21CN has partly solved such problems as multi-services,mobility and network security,but it is simply a big improvement of the current network technologies.

The USkicked off its Global Environment for Network Innovations(GENI)program［7］and Future Internet Network Design(FIND)program［8］in August and December,2005,respectively,aiming at radical designs of new-generation network to solve the problems in security,mobility,sensing and pervasive service support in the current Internet.However,the two programs have not achieved any explicit theory research schemes.

Moreover,there are plenty of papers discoursing on the importance of developing new-generation Internet in the international academic community in recent years.Yumerefendiand Chase from Intel Research Center treat auditability as the core goal of new-generation Internet designs［9］.They think system activities and situations in the new-generation Internet cannot be denied,but can be prevented from being falsified.Mark Crovella and Eric Kolaczyk from Boston University think the new-generation Internet should have great improvements in load balancing,failure recovery and network management［10］.In addition,［11-14］propose different objectives for building new-generation Internet:service expansion,communication modes,or quality control.

In China,the government has placed great emphasis on the research of new-generation trusted Internet architecture,theory and key technologies.In its 11th Five-Year Plan,the Chinese government will invest hugely into a series of science research work related to the new-generation Internet infrastructure,including“Basic Research of Converged Trusted Network and Pervasive Service System”in the National Basic Research Program of China(973 Program),the“New-generation Highly Trusted Network”project in the High-tech Research and Development Program of China(863 Program),and the“Trusted Internet”project in the National Science and Technology Support Plan of China.In addition,there are also a number of technical papers discussing the importance of developing trusted Internet in the Chinese academic world in recent years.

It can be seen that with the development of network technologies,the future Internet infrastructure will inevitably be a new architecture that provides security,mobility,sensing,reliability,controllability and manageability,and that supports pervasive services.

2 A New-generation Internet Architecture Model

2.1 A New Internet Architecture and Its Model

By the long-term research of layered structure of traditional information networks and the deep analysis of working principles for the Internet and telecommunications networks,it is found that any network architecture consists of two basic layers:the service layer and the network layer.Accordingly,this paper creates a brand-new two-layer network architecture model with the switching routing layer and the pervasive service layer,as shown in Figure 1.

This architecture is actually a brand-new network based on identifiers and packets(with identifiers for network management and transport in packets).

The switching routing layer is designed to provide diversified network and terminal access through a trusted(secure,reliable,controllable and manageable)network platform,guaranteeing trusted and mobile information interaction and the capability of supporting pervasive services.The pervasive layer is responsible for session,controland management of various services.The services include those provided by operators and third-party value-added service providers.Voice,data and stream media are mainstream service types.The pervasive service layer bears all kinds of network services.

2.2 Switching Routing Layer Theory and Model

Semantic overload in traditional IP address system,which means an IP address represents both identity and location of a host,causes a number of tough problems to crack,such as IP address fraud,failure of supporting mobility on the transport layer,and weak capabilities of network controllability and manageability.The switching routing layer in this model avoids semantic overload by separate mapping of the access identifier and the switching routing identifier,as shown in Figure 2.

For this separation,the network is divided into the access layer,where the access identifier represents the terminal identity,and the core layer,where the switching routing identifier shows the terminal location.

The switching routing layer uses indirect communications,where the access layer and the core layer have the following functions:

·The access layer uses the access identifier to transfer data,while the core layer uses the switching routing identifier to replace the access identifier for data transport.

·The access layer is responsible for the access of various communications terminals,while the core layer fulfills the management of control functions and routing for switching.

·The user privacy,network security,controllability and manageability,and mobility are implemented by a unified identifier-based way.The architecture based on separated mapping of access and switching routing identifiers performs the following important functions:

(1)Protecting Users'Privacy and Security

Because the access identifier,representing user identity,is not permitted to enter the core network,it is impossible for other users to intercept the core network information and analyze a user's identity in the information.Therefore,the privacy of the user's identity is protected.The user's profile is accordingly guaranteed to be safe,since other users cannot intercept it by using the user's identity.

(2)Maintaining Controllability and Manageability of the Network

When an access network is applying for an access identifier for a user,the network administrator will perform access control and authorization to the access network according to the user's subscription information.The authorization result will help the network to decide whether to accept the user's access request,and what a QoSlevel the user can enjoy if the request is accepted.

(3)Guaranteeing Mobility of Access Networks and Subscribers

When an access network or a subscriber moves to other location,only the switching routing identifier needs changing,but the access identifier,representing the user identity,does not make any changes.In this way,the application can keep its continuity when the route is changed,and the subscriber can enjoy services without any interruption in the user connection.

2.3 Pervasive Service Layer Theory and Model

▲Figure 2. Separated mapping model of access identifier and switching routing identifier.

The pervasive service layer is designed for fulfilling unified handling of network services and resources,and for defining an efficient transport protocol that supports multi-connection and multi-paths.For achieving these two goals,the service identifier and the connection identifier are introduced into the pervasive service layer.

(1)Unified Handling of Network Services and Resources

Source acquisition and service access are mainstream applications in the current Internet.However,there is no unified description and processing mechanism for resources and services in the current Internet infrastructure.In order to crack this problem,the pervasive service layer introduces the concept of service identifier and service description,and proposes an ontology-based unified description mechanism for local resources and services.The mechanism is implemented by semantic network and ontology design technologies.The ontology-based unified description includes the classifications of both resources and services,and parameters for describing the relationship between resources and services.

(2)An Efficient Transport Protocol Supporting Multi-connection and Multi-paths

The establishment of service connection is necessary for any network services.Therefore,the efficient connection establishment process is an important objective of network design.

The pervasive service layer designs the connection identifier,and establishes service connection by mapping the service identifier on the connection identifier.The mapping has the following four models:

·simple one-to-one mapping:it is the main service connection model used in both the Internet and telecommunications networks.ATCPor UDPservice connection is used in the Internet,while a telephone service is implemented through a circuit connection in the telecommunications network.

▲Figure 3. Multi-connection multi-path mapping model.

·one-to-multiple multi-connection mapping:this model divides data for one application into several groups,and the data groups are transported based on different connections.In this way,the data rate is fastened.

·multiple-to-one multi-stream mapping:different types of data streams are transported in one connection process.The data streams are from the same service.Multi-stream mapping is essentially the simple mapping of a service to a connection,but the data transported!for the service are divided into multiple logic streams by types.The strength of this model is providing different connection modes for different types of data,and ultimately improving the transport efficiency.

·complex multiple-to-multiple mapping:this model,as shown in Figure 3,first divides multiple services into different types of streams,and then establishes multiple connections for data transport.It can improve the data rate,and distinctively handle streams in different data types.Therefore,it embodies the idea of reliable pervasive services.

3 Key Technologies for New-generation Internet

The routing system in the current Internet is originally designed to only provide best-effort routing services for nodes or applications in the network.Additionally,the interaction of routing information is performed based on the assumption that all the network nodes are in a mutually trusted environment.However,this assumption has not been always true anymore in the live network.A new-generation Internet is required to prevent or restrain the activities of certain nodes and applications,or at least to guarantee nodes and applications in the network using resources in a safe way.The new-generation Internet should also make fulluse of multi-stream technology,multi-path technology and network bandwidth resource management technology to provide legal users with usable and optimal routes to meet their demands.Moreover,network administrators should be able to well control and manage irregular events and activities in the new-generation Internet.Key technologies for implementing trustworthiness in the new-generation Internet will be simply discussed in this part.

3.1 Management Technology of Access Control

Network access control is the first step for guaranteeing network security.It performs strict authorization management to a terminal applying for accessing the network.However,because the network edge in the current network has no effective management of customer networks,there are a large number of illegal user access events and resource address fraud events in the network,seriously threatening the network security.With the strategy of binding the address and port of a terminal at the access end,the traditional network greatly limits the mobility of the terminal.This is far from meeting the requirements of unified access of heterogeneous network terminals and the terminalmobility in the future.Therefore,in order to protect the security of the new-generation Internet,the control of unified access of heterogeneous network terminals is needful.

3.2 Trusted Route and QoS

(1)Route Security

The traditional network has an assumption that allthe network nodes are mutually trusted.Once the assumption is broken,the routers in the network will fail to guarantee a working route for arriving at the destination.Therefore,the concept of secure routing is necessarily introduced into the new-generation Internet.The concept asks the switching routing node to notify the known route in a safe mode.

(2)Multi-path Routing

The routing protocols and algorithms working in live networks use only one rule to choose a routing entry toward the destination.They can guarantee the routing link connected in theory,but not in practice.Once a node on the link fails to work,it will cause a delayed Internet routing convergence,which will bring troubles in real-time applications.Therefore,besides reducing the time for routing convergence as much as possible,the new-generation Internet should either be able to provide redundant routes,or be able to directly support multi-path transport technology.

(3)QoS

QoScontrol is necessary in the trusted Internet for meeting the requirements of future network development.First,the future Internet must meet QoSrequirements of increasing multimedia services.Second,end-to-end QoSguarantee is a key research point.Last,QoSin the new-generation network should be controllable and manageable.

3.3 Multi-stream Technology

The new-generation Internet will fully support multi-streams to improve network reliability.The current Internet only sets up and maintains state information for one end-to-end connection when it offers a service.This cannot meet the demands of applications with different attribute requirements.The new-generation Internet will add the function of routing information detection and maintenance to provide dynamic references for resending paths.

3.4 Network Monitoring and Management

Activities and their results in a trusted network should be predictable;the activity status should be monitored,the activity results estimable,and abnormal activities controllable.The network monitoring and management technology fit for the future Internet is a necessary research subject to achieve the above goals.

4 Conclusions

New-generation network architecture will wellsupport features such as security,reliability,controllability and manageability.This paper proposed a reference modelfor the future Internet architecture,and theoretically analyzed the switching routing layer and the pervasive service layer of the model.In order to fulfill the new-generation Internet architecture,the key technologies,such as access control and management,trusted routing protocols and algorithms,QoS guarantee,multi-homing and multi-path transmission,and network monitoring and management,are under further research to get solutions.