The Organization of the Internet

It's important to understand what the Internet infrastructure is composed of and how it's structured in terms of the large variety of players that are represented in the Internet space. It's also important to keep in mind that similarly to the PSTN, the Internet was not originally structured for what we're asking it to do now.

Initially, the Internet was designed to support data communications bursty, low-speed text data traffic. It was structured to accommodate longer hold times while still facilitating low data volumes, in a cost-effective manner. (That was the introduction of the packet-switching technique, whereby through statistical multiplexing long hold times don't negatively affect the cost structure because you're sharing the channel with other users as well.) The capacities of the links initially dedicated to the Internet were very narrowband: 56Kbps or 64Kbps. The worldwide infrastructure depended on the use of packet switches (that is, routers), servers (that is, repositories for the information), and clients (that is, the user interfaces into the repositories). The Internet was composed of a variety of networks, including both LANs and WANs, with internetworking equipment such as routers and switches designed for interconnection of disparate networks. The Internet relied on TCP/IP to move messages between different subnetworks, and it was not traditionally associated with strong and well-developed operational support systems, unlike the PSTN, where billing systems, provisioning systems, and network management systems are quite extensive, even if they are not integrated.

The traditional Internet relied on the PSTN for subscriber access to the Internet. So the physical framework, the roadways over which a package travels on what we know as the Internet, is the same type of physical infrastructure as the PSTN it uses the same types of communications, links, and capacities. And in order for users to actually access this public data network, they had to rely on the PSTN. So, two types of access were facilitated: dialup for consumers and small businesses (that is, the range of analog modems, Narrowband ISDN) and dedicated access in the form of leased lines, ISDN Primary Rate Interface (PRI), and dedicated lines based on T-1/E-1 capacities for larger enterprises, and, in some cases, even T-3/E-3.

The Evolution of the POP Architecture

The early Internet point of presence (POP) architecture was quite simple, as illustrated in Figure 9.6. You would have either 56Kbps or 64Kbps lines coming in to access ports on a router. Out of that router, T-1/E-1 trunks would lead to a UNIX host. This UNIX environment was, for most typical users, very difficult to navigate. Until there was an easier way for users to interface the World Wide Web the Internet was very much the province of academicians, engineers, and computer scientists.

Figure 9.6. POP architecture in the 1980s

graphics/09fig06.gif

The architecture of the Internet today is significantly different from what it was in the early days. Figure 9.7 shows some of the key components you would find in a higher-level network service provider's (NSP's) or a high-tier ISP's POP today. (Of course, a local service provider with just one POP or one node for access purposes, perhaps to a small community, looks quite different from this.)

Figure 9.7. POP architecture today

graphics/09fig07.gif

First, let's look at the support for the dialup users. Today, we have to facilitate a wide range of speeds; despite our admiration of and desire for broadband access, it's not yet widely available. In the next several years, we should see more activity in terms of local loop modernization to provide broadband access to more users. But for the time being, we have to accommodate a wide range of analog modems that operate at speeds between 14.4Kbps and 56Kbps. Therefore, the first point of entry at the POP requires an analog modem pool of modems that complement the ones that individuals are using. Also, as we add broadband access alternatives, additional access devices are required, for instance, for DSL modems or cable modems. The analog modem pool communicates with a terminal server, and the terminal server establishes a PPP session. PPP does two things: It assigns an IP address to a dialup user's session, and it authenticates that user and authorizes entry. By dynamically allocating an IP address when needed, PPP enables us to reuse IP addresses, helping to mitigate the problem of the growing demand for IP addresses. A user is allocated an address when she dials in for a session; when she terminates the session, the IP address can be assigned to another user. PPP supports both Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) to provide link-level security. PAP uses a two-way handshake for the peer to establish its identity upon link establishment. The peer repeatedly sends the password to the authenticator until verification is acknowledged or the connection is terminated. CHAP uses a three-way handshake to periodically verify the identity of the peer throughout the life of the connection. The server sends to the remote workstation a random token that is encrypted with the user's password and sent back to the server. The server performs a lookup to see if it recognizes the password. If the values match, the authentication is acknowledged; if not, the connection is terminated. A different token is provided each time a remote user dials in, which provides additional robustness.

The terminal server resides on a LAN, which would typically be a Gigabit Ethernet network today. Besides the terminal server, the ISP POP houses a wide range of other servers:

E-mail servers These servers house the e-mail boxes.

Domain name servers These servers resolve the uniform resource locaters (URLs) into IP addresses.

Web servers If the ISP is engaged in a hosting business, it needs a Web server.

Security servers Security servers engage in encryption, as well as in authentication and certification of users. Not every ISP has a security server. For example, those that want to offer e-commerce services or the ability to set up storefronts must have them. (Security is discussed in detail in Chapter 11.)

Newsgroup servers Newsgroup servers store the millions of messages that are posted daily, and they are updated frequently throughout the day.

Proxy servers A proxy server provides firewall functionality, acting as an intermediary for user requests, establishing a connection to the requested resource either at the application layer or at the session or transport layer. Proxy servers provide a means to keep outsiders from directly connecting to a service on an internal network. Proxy servers are also becoming critical in support of edge caching of content. People are constantly becoming less tolerant of lengthy downloads, and information streams (such as video, audio, and multimedia) are becoming more demanding of timely delivery. You want to minimize the number of hops that a user has to go through. For example, you could use a tracing product to see how many hops you've gone through to get to a Web site. You'll see that sometimes you need to go through 17 or 18 hops to get to a site. Because the delay at each hop can be more than 2,000 milliseconds, if you have to make 18 hops when you're trying to use a streaming media tutorial, you will not be satisfied. ISPs can also use proxy servers to cache content locally, which means the information is distributed over one hop rather than over multiple hops, and that greatly improves your streaming media experience. Not all proxy servers support caching, however.

The ISP POP also contains network management systems that the service providers can use to administer passwords and to monitor and control all the network elements in the POP, as well as to remotely diagnose elements outside the POP.

An access router filters local traffic. If a user is simply checking his e-mail, working on his Web site, or looking up newsgroups, there's no reason for the user to be sent out over the Internet and then brought back to this particular POP. An access router keeps traffic contained locally in such situations. A distribution router, on the other hand, determines the optimum path to get to the next hop that will bring you one step closer to the destination URL, if it is outside the POP from which you are being served. Typically, in a higher-level ISP, this distribution router will connect into an ATM switch, which enables the ISP to guarantee QoS; this is especially necessary for supporting larger customers on high-speed interfaces and links and for supporting virtual private networks, VoIP, or streaming media applications. The ATM switch, by virtue of its QoS characteristics, enables us to map the packets into the appropriate cells, which guarantee that the proper QoS is administered and delivered. (ATM QoS is discussed further in Chapter 10.) The ATM switch then is front-ended by a data service unit (DSU), the data communications equipment on which the circuit terminates, which performs signal conversion and provides diagnostic capabilities. The network also includes a physical circuit, which, in a larger higher-tier provider, would generally be in the optical carrier levels.

An access concentrator can be used to create the appearance of a virtual POP. For instance, if you want your subscribers to believe that they're accessing a local node that is, to make it appear that you're in the same neighborhood that they are in you can use an access concentrator. The user dials a local number, thinking that you're located down the street in the business park, when in fact, the user's traffic is being hauled over a dedicated high-speed link to a physical POP located elsewhere in the network. Users' lines terminate on a simple access concentrator, where their traffic is multiplexed over the T-1s or T-3s, E-1s or E-3s, or perhaps ISDN PRI. This gives ISPs the appearance of having a local presence when, in fact, they have none. I talk later in this chapter about the advantages of owning the infrastructure versus renting the infrastructure, but clearly, if you own your infrastructure, backhauling traffic allows you to more cost-effectively serve remote locations. If you're an ISP that's leasing facilities from a telco, then these sorts of links to backhaul traffic from more remote locations will add cost to your overall operations.

You can see that the architecture of the POP has evolved and become incredibly more sophisticated today than it was in the beginning; the architecture has evolved in response to and in preparation for a very wide range of applications.

Internet Challenges and Changes

Despite all its advances over the past couple of decades, the Internet is challenged today. It is still limited in bandwidth at various points. The Internet is composed of some 10,000 service providers. Although some of the really big companies have backbone capacities that are 50Gbps or greater, there are still plenty of small back bones worldwide that have only a maximum of 1.5 or 2Mbps. Overall, the Internet still needs more bandwidth.

One reason the Internet needs more bandwidth is that traffic is increasing at an alarming rate. People are drawn to Web sites that provide pictures of products in order to engage in demonstrations and in order to be able to conduct multimedia communications. Those greater capacities required by these visual objects also demand greater bandwidth. This means that we frequently have bottlenecks at the ISP level, at the backbone level (that is, the NSP level), and at the network access points (NAPs) where backbones interconnect to exchange traffic between providers. These bottlenecks greatly affect our ability to roll out new time-sensitive, loss-sensitive applications, such as Internet telephony, VoIP, VPNs, streaming media, and TV over Internet.

Therefore, we are redefining the Internet as we are redefining the PSTN. In both cases, we're trying to support more real-time traffic flows, real audio, real video, and live media. This requires the introduction of QoS into the Internet. There are really two types of metrics that we loosely refer to as QoS: class of service (CoS) and true QoS. CoS is a prioritization scheme in which you can prioritize streams and thereby facilitate better performance. QoS, however, deals with very strict traffic measurements, where you can specify the latencies end to end (that is, the jitter or variable latencies in the receipt of the packets, the tolerable cell loss, and the mechanism for allocating the bandwidth continuously or on a bursty basis). Thus, QoS is much more stringent than CoS, and what we are currently introducing into the Internet is really more like CoS than QoS.

Techniques such as DiffServ (as discussed in Chapter 10) allow us to prioritize the traffic streams, but they really do not allow us to control the traffic measurements. That is why, as discussed in Chapter 7, "Wide Area Networking," we tend to still rely on ATM within the core: ATM allows the strict control of the traffic measurements, and it therefore enables you to improve performance, quality, reliability, and security. Efforts are under way to develop QoS standards for IP, but we're still a couple years away from clearly defining the best mechanism. In the meantime, we are redesigning the Internet core, moving away from what was a connectionless router environment that offered great flexibility and the ability to work around congestion and failures, but at the expense of delays. We're moving to a connection-oriented environment in which we can predefine the path and more tightly control the latencies, by using techniques such as Frame Relay, ATM, and MPLS, each of which allow you to separate traffic types, prioritize the time-sensitive traffic, and, ultimately, to reduce access costs by eliminating leased-lines connections.

The other main effort in redesigning the Internet core is directed at increasing its capacity, moving from OC-3 and OC-12 (that is, 155Mbps and 622Mbps) at the backbone level to OC-48 (that is, 2.5Gbps) and even OC-192 (that is, 10Gbps). But remember that the bits per second that we can carry per wavelength doubles every year, and the number of wavelengths we can carry per fiber also doubles every year. So, the migration beyond 10Gbps is also under way in the highest class of backbones, and it will continue at a rapid pace.

The emergent generation of Internet infrastructure is quite different from the traditional foundation. First, it's geared for a new set of traffic and application types: high-speed, real-time, and multimedia. It must be able to support and guarantee CoS and QoS. It includes next-generation telephony, which is a new approach to providing basic telephony services, but it uses IP networks. (These types of next-generation network services are discussed in Chapter 11.)

The core of the Internet infrastructure, like the PSTN, will increasingly rely on SDH/SONET, DWDM, and optical networking. It will require the use of ATM, MPLS, and MPlS (Multiprotocol Lambda Switching) networking protocols to ensure proper administration of performance. New generations of IP protocols are being developed to address real-time traffic, CoS, QoS, and security. Distributed network intelligence is being used to share the network functionality.

We are working on providing the capability to rely on multiple broadband access options, not just the PSTN. You may be able to access the Internet on a dial-up basis through the new generation of xDSL facilities, through a cable TV company and a cable modem, through a satellite TV company, via direct broadcast satellites, or through point-to-point microwave solutions such as MMDS and LMDS. (These solutions are discussed in Chapter 13, "Broadband Access Solutions.") For the dedicated environment, largely we're seeing a migration to higher bandwidth (that is, T-1 moving to T-3, E-1 moving to E-3, early adopters and high-bandwidth consumers in the optical carrier levels), and we're seeing increased reliance on Frame Relay and ATM as the access technique.