Just yesterday, there was an article on Xconomy linked via Slashdot highlighting Van Jacobsen's current work with Content-Centric Networking, aka CCN (see the original CoNext 2009 paper here). While I have long admired all of the interesting work that Van has done (TCP tweaks, feedback on DiffServ), the whole CCN bit has me shaking my head a bit. Is there something amazing that I am missing with regards to CCN? Perhaps I am a bit too jaded from multicast, active networking, DHTs (shudder), and the various packet caching work from a decade or so back but I am failing to see how this is not just yet another effort doomed to fail.
While the piece does capture some of he issues with CCN and acknowledge several of the shortcomings, I think it several underestimates the difficulty and ignores a few critical issues:
- The comments on scaling of the core are way off. I'm a bit perplexed by the take and I assume it is just the author of the article taking some liberties. We are not exactly strained for capacity in the core and the Olympics should serve as a pretty good reminder that we will be A-OK for some time. That being said, it does not mean we are good at the edge, particularly the wireless edge (hopefully nobody thinks CCN offers anything in the last mile), but I view the core as a largely solved problem that boils down to one of architecture / planning. Quality of Service (QoS) would have gotten traction a long time ago if we really were that constrained. There is a reason why I stopped doing QoS work nearly in its entirety though every once in a while I feel the need to occasionally wax nostalgically about unsolved problems from earlier work in QoS.
- The entrenched players are not just entrenched, they are intertwined in how the very core of the Internet works. Not in a protocol sense but in its economic core (ads, content integrity, dynamic content, etc.). I think all too often researchers ignore this at their own peril though there are certainly a few communities I use as illustrations for my students as poster children for these sorts of things.
QoS / multicast are neat concepts just like CCN is in an abstract / academic sense but these sorts of efforts ignore fundamental economic realities. There has to be a compelling efficiency gain or cost savings or competitive advantage to justify it. For IPv6, it took a really, really, really long time for the address space to get scarce enough to justify it. Back when I started grad school in the late 90's, IPv6 was just around the corner. 14 years later (oy), World IPv6 days are no longer needed as we might actually start deploying it (huge hat tip to the DoD for requiring it).
Fiber / capacity is too cheap and the existing CDNs good enough for this to get serious enough advantage. Moreover, as several astute Slashdot posters (some days a rarity) point out, the economics of ads and customized content further impair. I just don't see how this gets out of the toy projects in the lab phase. I don't view various players looking at the work / participating in workshops as being a great indicator either, of course they are going to look at. The key is when their Director of Operations is putting serious resources into it, otherwise it is just fun academic work.
Some enterprising student should do a survey paper on what technologies succeeded / failed and their overall time to success / failure. I have a sense that there is a corollary to Metcalfe's Law of Networking related to the inertia of entrenched players and the order of magnitude gain required to improve things.
- Integrity / validation is the anchor that is going to prevent CCN from creating that order of magnitude. At the end of the day, you have to trust the content that you are getting is legit. Yes, there are various tricks built into CCN that take advantage of new advances in security but it boils down to classic PKI / digital certificates (and verify it is still good - yeah Certificate Revocation Lists) or just hoping and crossing your fingers.
The net result is a cap on the performance gains keeping CCN from ever offering an order of magnitude better solution over existing CDNs and making it viable. Or it becomes even more awesome to be a bad guy in the new cloud / CCN universe. All of my spidey security senses point to this as being a really, really bad idea and the best explanations I have heard with regards to how they make it work amount to a bunch of hand waving that again reduce back down to classical PKI / digital certificate issues. It is not that the folks doing CCNs cannot make it work, it is that the compromises made to keep it reasonably secure will severely hamper performance gains. Either that or I need to find some black hats to don.
- Wireless medical and CCN, really? Let alone the minefield of privacy issues, a big challenge when it comes to digital information, particularly digital health information is control / understanding of where the data is at to properly assess risk. We already have enough trouble securing our existing data, now we are going to scatter / replicate it so that any crypto mistakes can be multiplied without the capacity to revoke / fix mistakes once it is replicated? I don't get the sense that a risk averse community (health care) is going to hop on board with condoning something like this, regardless of the magical cryptographic solutions. There seems too many vectors for attack / failure and CCN would just exacerbate it. Again, it is not an unsolvable problem, it just seems that whatever gains you get while be wholesale wiped away or wholly excluded (ex. low power computing) in the wireless medical device space as well.
- It trades abstraction beauty for operational complexity. Let's just say that I would not want to be the poor sap stuck with trying to craft SLAs (Service Level Agreements). Those SLAs will be awful and probably is something much closer to dark magic than actual solid math. Putting on an network operation hat makes me shudder to troubleshoot issues.
Am I overly grumpy about CCN? Sure. Should I publish this blog post without being a full professor yet? Maybe :) Is CCN potentially cool from an academic standpoint? Heck yes, that is the beauty of academic work.
But it we have been down these sorts of things before and the amount of attention being paid to the topic seems to far exceed its potential benefit. I firmly believe that the fundamental principles needed to make CCN secure will limit it from being anything more than a better abstraction and even more, the operational cost of CCN in terms of stability / troubleshooting make it a deal breaker.
Maybe I just need to figure out a way to cache grumpiness such that I can do a local cache hit in N years to optimize things.
Friday, August 10, 2012
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment