McKeown and his colleagues have developed a prototype network called Ethane, which centralizes security rather than putting it all around the network in firewalls, virus scanners and the like. With Ethane, all communications are turned off by default. A host joining the network must get explicit permission from a centralized server before it can connect to anything except that server. And the server won’t grant permission unless it is able to determine the location and identity of the requestor.
Funding the Slate
The National Science Foundation has funded Internet research for many years, but most of its projects have been of the incremental improvement variety, and most have not involved proving out new ideas on a large scale, with millions of users, says Deborah Crawford, deputy assistant director for computer and information science and engineering at the NSF.
But now the NSF is gearing up to build a $300 million to $400 million clean slate on which researchers can chalk up and test radical new ideas. The Global Environment for Networking Innovation, or GENI, will be a giant test laboratory stretching across the U.S., complete with wired and wireless computers, routers, switches, management software and subnets of wireless, cellular, sensor and radio devices. It will include a fiber-optic backbone and tail circuits to some 200 universities.
When it’s complete, sometime after 2010, users will contract for virtual “slices” of the GENI infrastructure, which they’ll be able to use to test ideas “at scale,” simultaneously and independently, Crawford says. Each researcher will see his slice as his own private test network.
GENI will be built without assuming anything, says Allison Mankin, a co-manager of GENI at the NSF. The hardware and software will have the flexibility to accommodate the trial of just about any networking idea, not just those based on packet switching, TCP/IP, routers and other accoutrements of today’s Internet.
Mankin says the kinds of incremental progress that have typically come from earlier NSF projects, while worthwhile, are no longer sufficient. “For example,” she says, “people have actually proven that it’s impossible to prevent denial-of-service attacks with the current Internet. If you want to build a network without denial of service, you have to start over.”
But Mankin acknowledges that it’s unlikely the old slate will be wiped clean completely, with the global Internet scrapped for something entirely different. “Forklifts don’t exist that are big enough for that,” she notes.