left
right
left
right
left
right
left
right
left
right
left
right
left
right
left
right
left
right
left
right
left
right

COVER

A Radical New Router

One of the founders of the Internet says network routers are too slow, costly, and power hungry-and he knows how to fix them

By Lawrence G. Roberts  /  July 2009


Page 123 // View All

 

Roberts
Photo: Jonathan Sprague/Redux

Router Master Internet pioneer Lawrence G. Roberts has reengineered the network router to handle streaming media.

The Internet is broken. I should know: I designed it. In 1967, I wrote the first plan for the ancestor of today’s Internet, the Advanced Research Projects Agency Network, or ARPANET, and then led the team that designed and built it. The main idea was to share the available network infrastructure by sending data as small, independent packets, which, though they might arrive at different times, would still generally make it to their destinations. The small computers that directed the data traffic—I called them Interface Message Processors, or IMPs—evolved into today’s routers, and for a long time they’ve kept up with the Net’s phenomenal growth. Until now.

Today Internet traffic is rapidly expanding and also becoming more varied and complex. In particular, we’re seeing an explosion in voice and video applications. Millions regularly use Skype to place calls and go to YouTube to share videos. Services like Hulu and Netflix, which let users watch TV shows and movies on their computers, are growing ever more popular. Corporations are embracing videoconferencing and telephony systems based on the Internet Protocol, or IP. What’s more, people are now streaming content not only to their PCs but also to iPhones and BlackBerrys, media receivers like the Apple TV, and gaming consoles like Microsoft’s Xbox and Sony’s PlayStation 3. Communication and entertainment are shifting to the Net.

But this shift is not without its problems. Unlike e-mail and static Web pages, which can handle network hiccups, voice and video deteriorate under transmission delays as short as a few milliseconds. And therein lies the problem with traditional IP packet routers: They can’t guarantee that a YouTube clip will stream smoothly to a user’s computer. They treat the video packets as loose data entities when they ought to treat them as flows.

Consider a conventional router receiving two packets that are part of the same video. The router looks at the first packet’s destination address and consults a routing table. It then holds the packet in a queue until it can be dispatched. When the router receives the second packet, it repeats those same steps, not ”remembering” that it has just processed an earlier piece of the same video. The addition of these small tasks may not look like much, but they can quickly add up, making networks more costly and less flexible.

At this point you might be asking yourself, ”But what’s the problem, really, if I use things like Skype and YouTube without a hitch?” In fact, you enjoy those services only because the Internet has been grossly overprovisioned. Network operators have deployed mountains of optical communication systems that can handle traffic spikes, but on average these run much below their full capacity. Worse, peer-to-peer (P2P) services, used to download movies and other large files, are eating more and more bandwidth. P2P participants may constitute only 5 percent of the users in some networks, while consuming 75 percent of the bandwidth.

So although users may not perceive the extent of the problem, things are already dire for many Internet service providers and network operators. Keeping up with bandwidth demand has required huge outlays of cash to build an infrastructure that remains underutilized. To put it another way, we’ve thrown bandwidth at a problem that really requires a computing solution.

With these issues in mind, my colleagues and I at Anagran, a start-up I founded in Sunnyvale, Calif., set out to reinvent the router. We focused on a simple yet powerful idea: If a router can identify the first packet in a flow, it can just prescreen the remaining packets and bypass the routing and queuing stages. This approach would boost throughput, reduce packet loss and delays, allow new capabilities like fairness controls—and while we’re at it, save power, size, and cost. We call our approach flow management.

To understand how flow management works, it helps to describe the limitations of current packet routers. In these systems, incoming packets go first to a collection of custom microchips responsible for the routing work. The chips read each packet’s destination address and query a routing table. This table determines the packet’s next hop as it travels through the network. Then another collection of chips puts the packets into output queues where they await transmission. These two groups of chips—they include application-specific integrated circuits, or ASICs, as well as expensive high-speed memory such as ternary content-addressable memory (TCAM) and static random access memory (SRAM)—consume 80 percent of the power and space in a router.

During periods of peak traffic, a router may be swamped with more packets than it can handle. The router will then pile up more packets in its queue, establishing a buffer that it can discharge when traffic slows down. If the buffer fills up, though, the router will have to discard some packets. The lost packets trigger a control mechanism that tells the originator to slow down its transmission. This self-controlling behavior is a critical feature of the Transmission Control Protocol, or TCP, the primary protocol we rely on with the Internet. It’s kept the network stable over decades.

Indeed, during most of my career as a network engineer, I never guessed that the queuing and discarding of packets in routers would create serious problems. More recently, though, as my Anagran colleagues and I scrutinized routers during peak workloads, we spotted two serious problems. First, routers discard packets somewhat randomly, causing some transmissions to stall. Second, the packets that are queued because of momentary overloads experience substantial and nonuniform delays, significantly reducing throughput (TCP throughput is inversely proportional to delay). These two effects hinder traffic for all applications, and some transmissions can take 10 times as long as others to complete.

Photo: Jonathan Sprague/Redux
Flow control: The Anagran FR-1000 can be plugged into existing networks and can manage up to 4 million simultaneous flows.

 

As I talk to network operators all over the world, I hear one story after another about how the problem is only getting worse. Data traffic has been doubling virtually every year since 1970. Thanks to the development of high-capacity optical systems like dense wave division multiplexing (DWDM), bandwidth cost has been halved every year, so operators don’t have to spend more than they did the year before to keep up with the doubling in traffic. On the other hand, routers, as pieces of computing equipment, have followed Moore’s Law, and the cost of routing 1 megabit per second has decreased at a slower pace, halving every 1.5 years. Without a major change in router design, this cost discrepancy means that every three years a network operator will have to double its spending on infrastructure expansion.

Flow management can solve this capacity crunch. The concept of data flow might be more easily understood in the case of a voice or video stream, but it applies to all traffic over the Internet. Key to our approach is the fact that each packet contains a full identification of the flow it belongs to. This identification, encapsulated by the packet’s header according to the Internet Protocol version 4, or IPv4, consists of five values: source address, source port, destination address, destination port, and protocol.

All packets that are part of the same flow carry the same five-value identification. So in flow management, you have to effectively process—or route—only the first packet. You’d then take the routing parameters that apply to that first packet and store them in a hash table, a data structure that allows for fast lookup. When a new packet comes in, you’d check if its identification is in the hash, and if it is, that means the new packet is part of a flow you’ve already routed. You’d then quickly dispatch—the more accurate term is ”switch”—the packet straight to an output port, thus saving time and power.

If traffic gets too heavy, you’ll still have to discard packets. The big advantage is that now you can do it intelligently. By monitoring the packets as they’re coming in, you can track in real time the duration, throughput, bytes transferred, average packet size, and other metrics of every flow. For example, if a flow has a steady throughput, which is the case with voice and video, you can avoid discarding such packets, protecting these stream-based transmissions. For other types of traffic, such as Web browsing, you can selectively discard just enough packets to achieve specific rates without stalling those transmissions.

This capability is especially convenient for managing network overload due to P2P traffic. Conventionally, P2P is filtered out using a technique called deep packet inspection, or DPI, which looks at the data portion of all packets. With flow management, you can detect P2P because it relies on many long-duration flows per user. Then, without peeking into the packets’ data, you can limit their transmission to rates you deem fair.

Since the early days of the ARPANET, I’ve always thought that routers should manage flows rather than individual packets. Why hasn’t it been done before? The reason is that memory chips were too expensive until not long ago. You need lots of memory to store the hash table with routing parameters of each flow. (A 1 gigabit-per-second data trunk often carries about 100 000 flows.) If you were to keep a flow table on one IMP of 40 years ago, you’d spend US $1 million in memory. But about a decade ago, as memory cost kept falling, it started to make sense economically to design flow-management equipment.

In 1999, I founded Caspian Networks to develop large terabit flow routers, which I planned to sell to the carriers that maintain the Internet’s core infrastructure. That market, however, proved hard to crack—the carriers seem satisfied with overprovisioning, as well as techniques like traffic caching and compression, which ameliorate congestion without addressing the roots of the problem. In early 2004, I decided to leave Caspian and start Anagran, focusing on smaller flow-management equipment to solve the overload and fairness problems. We designed the equipment to operate at the edge of networks, the point where an Internet service provider aggregates traffic from its broadband subscribers or where a corporate network connects to the outside world. Virtually all network overload occurs at the edge.

Anagran’s flow manager, the FR-1000, can replace routers and DPI systems or may simply be added to existing networks. It supports up to 4 million simultaneous flows—a combined 80 Gb/s in throughput. Its hardware consists of inexpensive, off-the-shelf components as opposed to ASICs, which increase development costs. We implemented our flow-routing algorithms in a field-programmable gate array, or FPGA, and the router’s memory consists of standard high-speed DRAM. The FR-1000 sells in different models, starting at less than $30 000.

Like a regular router, the FR-1000 has input and output ports. But the similarities end there. Recall that in a traditional router the routing and queuing chips consume 80 percent of the power and space. By routing only the first packet of a flow, the FR-1000’s chips do much less work, consuming about 1 percent of the power that a conventional router requires.

Even more significant, the FR-1000 does away entirely with the queuing chips. During congestion, it adjusts each flow rate at its input instead. If an incoming flow has a rate deemed too high, the equipment discards a single packet to signal the transmission to slow down. And rather than just delaying or dropping packets as in regular routers, in the FR-1000 the output provides feedback to the input. If there’s bandwidth available, the equipment increases the flow rates or accepts more flows at the input; if bandwidth is scarce, the router reduces flow rates or discards packets.

By eliminating power-hungry circuitry, the FR-1000 consumes about 300 watts, or one-fifth the total power of a comparable router, and occupies one unit in a standard rack, a tenth of the space that other routers fill. We estimate that the equipment allows network operators to reduce their operating costs per gigabit per second by a factor of 10.

 


Illustration: Emily Cooper
How Flow Routing Works: Flow managers keep track of streams of packets and can protect voice and video transmissions while reducing peer-to-peer traffic.
Click on image for a larger view.

 

Measurements of the FR-1000 in our laboratories and by customers showed that networks equipped with the flow manager were able to carry many more streams of voice and video without quality degradation.

Another important capability we tested was whether the equipment could maintain quality of transmissions during congestion. The test involved a 100-Mb/s data trunk using a conventional router and another that included the Anagran flow manager. We progressively added TCP flows and measured the time required to load a specific Web page. The conventional router began to discard packets once traffic filled the trunk’s capacity, and the time to load the Web page increased exponentially as we kept adding flows. The Anagran flow manager was able to control the rate of the flows, slowing them down to accommodate new ones, and the load time increased only linearly. The result: At 1000 flows, the flow manager delivered the page in about 15 seconds, whereas the conventional router required nearly 65 seconds.

Another capability we tested was fairness controls. Currently, P2P applications consume an excessive amount of bandwidth, because they use multiple flows per user—from 10 to even 1000. But services like cloud computing, which rely on Web applications constantly accessing servers that store and process data, are likely to expand the problem. We conducted measurements at a U.S. university whose wireless network was overwhelmed by P2P traffic, with a small fraction of users consuming up to 70 percent of the bandwidth. Early attempts to solve the problem using DPI systems didn’t work, because P2P applications often encrypt packets, making them hard to recognize. The Anagran equipment was able to detect P2P by watching the number and duration of flows per user. And instead of simply shutting down the P2P connections, the flow manager adjusted their throughputs to a desired level. Once the fairness controls were active, P2P traffic shrank to less than 2 percent of the capacity.

The upshot is that directing traffic in terms of flows rather than individual packets improves the utilization of networks. By eliminating the excessive delays and random packet losses typical of traditional routers, flow management fills communication links with more data and protects voice and video streams. And it does all that without requiring changes to the time-tested TCP/IP protocol.

So is the Internet really broken? Okay, maybe that was an exaggeration. But the 40-year-old router sure needs an overhaul. I should know.

About the Author

Lawrence G. Roberts led the team of scientists who developed ARPANET, the predecessor of the Internet, in the late 1960s. In ”A Radical New Router”, he proposes dumping his old router design for one that will better handle the complexities of today’s audio and video Web traffic. Not that Roberts watches movies or listens to music online. ”I don’t get a lot off the Internet in that way,” he says. ”I don’t even watch TV.”

To Probe Further

For more technical details on flow management and the Anagran FR-1000, visit http://www.anagran.com. See also the white papers ”Flow Rate Management” and ”TCP Rate Control With IFD [Intelligent Flow Delivery],” available at Lawrence G. Roberts’s Web site: http://www.packet.cc.

For more on Internet routing, visit the Web sites of the Internet Research Task Force’s Routing Research Group at http://www.irtf.org/charter?gtype=rg&group=rrg and the Internet Engineering Task Force’s Routing Area at http://www.ietf.org/html.charters/wg-dir.html.

 


PAGE 123 // View All





1

1
1
   
Comments will appear after moderation 

Suleiman 06.18.2010
After reading the article I wondered if there was any comparison of the flow manager verses using QoS on current routers/switches.
fadel bakkar 04.20.2010
really this is good idea to improve the QoS at the internet layer without the usage of MPLS or another technology.
Walter 04.03.2010
This company is doomed to fail. 6 years and no substantial sales or product road map. Flow features can be easily implemented with network processors designed by semi companies such as FreeScale, RMI, Cavium, etc
Dave Kliman 03.21.2010
"fair?" oh the irony. I suggest instead of trying to limit users, you find a solution to make sure people can do p2p as much as they want because for all sorts of information, that's the future.
Alfred G. Rockefeller 02.19.2010
Flow routing will be absolutely necessary for 4th generation wireless networks such as IEEE 802.16 which use IP and the Internet as a backbone. I note that Clearwire and Sprint are warning heavy peer to peer 4G wireless users that they may be thrown off the network.
Nagesh 02.01.2010
Anagran's flow router is actually not new. Juniper, Cisco, Redback, etc all have QoS netflow features integrated in their edge routers. Anagran is just a continuation of Caspian who becomes defunct now. The problem with Anagran's router is if the company goes under when funding dries up and sales don't pick up, tough luck for the customers!
IHWAN INDESIGN(indesign Compuuter Care) 01.22.2010
m more about the recording system to log how the ability to communicate routing node associated
NEWBIE 12.27.2009
IPv6 anyone? .. Doesn't it also implement flow based routing?
Matthew 12.17.2009
MPLS Anyone?
Techi Man 12.11.2009
After reading this article, i feel that these ideas have been around for a while. The flow manager sounds like QoS or CoS to me. 'Remembering' of route paths in a router can be done using MPLS, which is a technology that most telco providers are adopting.
gaous afrizal 12.09.2009
hmm... i thought flow control only on layer II and IV . Or it is different flow management on router between flow control (like sliding windows) under LII and LIV ?
Sandeep 10.30.2009
unless we decongest the algorith on the Chips the nextgen net is screwed... this is a great article on some forethoughjts for the future networking gurus who will save the virtual world from debacle.
Niraj Sinha 10.28.2009
I think that the Flow Router invented by L.G.Roberts being a pioneer of Inernet will definitely solve lots of networking traffic congestion problems. Thanks for the article in The Spectrum IEEE. Niraj Sinha LNMI Patna BIHAR ,INDIA
Amar K. Nandan 10.22.2009
Its very interesting to know about the networks problem from basic level. I am a beginner in Networks and would like to learn more such articles. It is reasonable that multimedia services should not be given preference over p2p communication. Such idea can be implemented which ensures delay less delivery of multimedia data for the cost of reduction in quality of data. It can be overcame upto some level with the help of application layer. Thanks to Router Master Mr. Lawrence G. Roberts.
Mark Logan 10.19.2009
A really good article, when Lawrence talks people listen.
Agustin Rosso 10.15.2009
I would like to have more information. My company is able to represent the product down the Dominican Rep and other countries in CALA
chet 09.08.2009
Sorry i'm kind of a newb at the routing table, I just recently got into computers in the last 4 years, and i had bought a links wrt54g wireless router, and trying to port forward 2 computers and one wireless is a big job constantly changing ports and no matter what i do my high speed internet is slow, like you said and your paragraphs. its hard to run 2 gaming computers,on the internet, and it seems like my games lag not cause of my computer but because of the router not identifing the packets quick enough. i have shaw high speed internet up to 1024mb/s. but its useless when i have 2 computers playing team fortress at the same time, not to mention always screwing with port forwarding. My inexperience has lead me to buy decent routers that are intelligent that i don't have to waste so much time configuring and resetting, any help or knowledge of a good product would be greatly appreciated. Ps. i ran a switch a few years ago and loved it worked awesome but kept breaking the modem.
Concerned 08.18.2009
It's amazing to me how many of the commenters here don't get it. P2P traffic isn't being singled out. If someone wants to open up a dozen video streams simultaneously, they're also being a bandwidth hog, and the flow management will deal with them in the same way. By looking at the parameters that define a unique flow (namely the 5 numbers Roberts mentions) you can manage them. You don't need to do Deep Packet Inspection. There is no arms race, flows get treated differently by their observed nature. i.e. if your TCP connection is open and has constant traffic, the flow is prioritized, if it's sending packets intermittently (i.e. an HTTP KeepAlive, or an SSH session) then packets can be dropped and the stream will hardly notice. If the P2P app wants to chaff or encrypt or whatever, the total bandwidth they get allocated will be the same (because your 5 numbers can't be encrypted or hidden.) Same bandwith + larger than necessary data (due to encryption or chaffing) = lower throughput = shooting yourself in the foot. I don't get this attitude that P2P users should be able to use all of the bandwidth on a network just because they can. I don't think it's fair that it should take me 5 minutes to load a webpage just because some guy on the other side of campus is BitTorrenting every episode of MST3K. If mainstream routers have had this kind of capability for a while, perhaps the "test" described by Roberts above wasn't fair? Was he comparing his new router to an off the shelf router without any of these new management options enabled? What about the power consumption figures?
stine 08.17.2009
It seem's you've just re-invented JUNOS, congratulations
Anup 08.12.2009
Hi I dont want to appear ignorant, but how would this technology help in non-ip traffic? Currently we are moving toward Ethernet based networks. Also we have MPLS running in the core. With MPLS we can easily setup the same kind of flows by making the right FEC classification which would give us the the same behavior across the domain for the traffic? Flow routing looks to be only at the Source level i.e. we can manage the flows at something like the first hop out of the source of the information. How can we fit this into a Network edge? Also the idea behind Flow routing is necessarily the same as Integrated Services model.
Alex Koffman 08.10.2009
The flow based routing has been around for 10+ years. But it's completely unnecessary today. The reason why it existed decade ago is because it was very difficult to do longest prefix match in hardware. CIDR has actually routing lookups computationally intensive, because you're not doing an "exact match" in your routing table you're looking for the "best fit" of the most specific route to a given destination. An early implementation shortcut was to use flow based routing as the fast path "cache" as described above, because it turned the routing lookup into an exact match problem (you find your exact flow that has already been programmed into hardware during the first slow path lookup), which was implementable at the time using cheap CAM (content addressable memory) from layer 2 switches. The downside is that first slow path lookup, making it trivial to knock over routers with Denial of Service attacks, worms, or even just a generally bad traffic day. The solution was a hardware based CEF implementation, where the entire destination routing table is pre-populated into hardware, and longest prefix match lookups are done via ASICs. Today this happens in cheap devices because of TCAM (Ternary CAM) which lets you do wildcard matches, though many other technologies are beginning to pop up which are superior, such as Juniper's highly distributed lookups over cheap striped reduced latency DRAM (RLDRAM) in the MX platform. The bottom line is there hasn't been a reason for flow based routing to exist in well over 7 years, and you won't find any modern implementations which even touch this. Today's routing lookup ASICs are incredibly cheap and efficient, and are among the least of the problems with implementing high speed routers at reasonable prices. Unfortunately this industry is full of aging quacks, and people who don't know enough to know better.
Ryan 08.10.2009
While I like the more efficient flow management and power use, I find the idea of lowering the priority of P2P traffic offensive. What makes P2P data less important then someone watching Hulu or YouTube? Giving companies the power to control the flow goes against an open internet. P2P is not the problem and is quickly becoming more important to many people then typical web browsing, E-Mail, and streaming video. We should be working on technologies which do a better job of supporting P2P environments while not impacting non P2P data flow. I hope companies do start using routers based on this more efficient technology however laws need evolve to stop flow management like this and DPI forcing companies to develop better and more innovative solutions. P2P is not a problem to be shut off and reducing it's use form 75% to 2% is unreasonable. P2P is a reason to make the internet better.
Gary 08.10.2009
I don't know how this can be categorized as a new idea. I believe this technology was first implemented by Cabletron (e.g. SecureFast) and is still used at Enterasys. Not Cisco, and DEFINITELY not Juniper. Flow-based access layer switches is typically a good thing at the edge for security purposes. You can filter / police a particular application right at the edge of your network. Furthermore, you can monitor for port scans (for example) at flow setup. Many companies (like Enterasys) have shown that you can build a successful flow-based ENTERPRISE router. However, it is impractical to implement such a router on the internet. An important feature of routing is that you can categorize a group of destinations with a single route. If I'm an intermediary router, I don't need to know where destination 24.123.100.200 is and how it is different from 24.99.100.101. Instead, I can categorize them as 24.0.0.0/8. This is the beauty of routers and their Longest Prefix Match (LPM) network processors. The number of flows to a corporate FTP server can be in the hundreds or thousands by itself. Now think about the internet and how many flows there would be. Create a BGP router and see how long your 4million flows last. And once they're gone in about 30 seconds, see how many packets your drop now.
Tom Jones 08.06.2009
It would seem that you could program this architecture to defeat a denial of service attack either from a few machines like happened recently or a horde of zombies like probably will happen soon enough.
Mike 07.31.2009
You lost me at 'fair'.
Carol Long 07.24.2009
As Vint Cerf, Scott Bradner, and Lyman Chapin's publisher here at Wiley, in our humble opinion, there would be no better way to deliver the world the "fix" deatils than in a book ;-) Thoughts?
Davy 07.22.2009
You could try to get various internet businesses to persuade the ISPs to upgrade their hardware. Sites like YouTube and Hulu would love it if their content can be delivered to their viewers without delays.
BrunoCardenas 07.21.2009
Chequea esto!!!
Richard Blish 07.20.2009
Roberts' article "Router" is brilliant. I am not a software guy but the distinction between "flow" and random packets is clear such that advantage can be gained. FYI, my forte is the physics/materials side of ICs
Hmm 07.20.2009
Ok, so let's see if I get ir right - This whole thing assumes that end nodes communicate using TCP with Reno window management, i.e. the sender needs a lost packet to detect a congestion. Even Windows can do Vegas, not to mention Linux (which is the OS of choice of a vast majority of consumer-oriented 'routers') that supports at 5 or 6 different TCP window management methods.
Bob Briscoe 07.17.2009
Yes, there are other flow-aware processors to choose from. Anagran's unique 'selling' point is to wrap the neat hardware round with a broken fairness solution. It's just a different way to break the Internet's economics. Fairness has absolutely nothing to do with flows, it's to do with packets and the congestion they cause. See previous Spectrum article .
Alan chesters 07.16.2009
ATM
Scott 07.15.2009
This is nothing more than new way to market routers and not a single idea or concept is presented that can't already be done on a Cisco or Juniper router. The entire concept of doing a routing lookup on the first packet, and then caching it is called "Flow Switching" which was pioneered by Cisco more than 10 years ago, and is now obsolete in favor of CEF. Dropping traffic based on the type? Hmmm, that's called QoS. Its no wonder this guy couldn't break into the carrier routing market. Juniper was able to do by actually coming up with original ideas and products. Coming up with a new way to marketing comomplace methods used in every router is not a very original idea either. The entire concept doesn't make sense to me. The premise is that carriers and ISP's have provisioned excessive capacity because of inefficent routing techniques, and then talks about latency due to queueing and randomly dropped packets. Aren't those two things at the opposite ends? You only queue and drop packets if you DON'T have enough bandwidth.
Mitchell Monserrate 07.14.2009
Wow, that is interesting. I like the idea, so ultimately what can we the technicians that are out here doing the work and setting up networks do, and what progress is being made on these redesigned routers?
Michael Hay 07.14.2009
Thanks for the great article. Note that I'm particularly interested in the use of the FPGA systems. I did a recast of the article at http://blogs.hds.com/michael/2009/07/the-future-of-the-router.html which compares flows to movie queues. Cheers and thanks for the good read.
Jody Alford 07.14.2009
Is there a possible expliot by hiding a program under a false header? Or by altering headers to prevent getting your p2p flow controlled? Sorry, that may be an ignorant question. I'm a 3rd year Computer Science and Mathematics student trying to accelerate my thinking to the real world.
Stephan Sokolow 07.13.2009
While this is an excellent idea, I worry that, when residential ISPs inevitably abuse the flow-analysis capability, P2P tools will end up adding chaffing and shipping with both encryption and chaffing enabled on the file-transfer connections. Then, you'd be more or less back to square one with even the fairly-configured flow routers seeing video/audio-like signatures and wasting an incredible amount of bandwidth just shuffling encrypted noise back and forth to get unnecessary video-class treatment on P2P traffic as an alternative to unfairly-provisioned bulk-class treatment at the residental level. We're already at the point where, to circumvent last-mile throttling, VPN providers are starting to run over port 443 and use an SSL/TLS-style handshake.
Jack Wybenga 07.13.2009
While I would never wish to diminish Dr. Roberts work, it would appear that he is too late with his concepts. The fast forwarder kept routing information about learned flows and a number of people, including myself, presented papers in the mid 2000s on bufferless routing. An internal Samsung design, the highly distributed Galaxy 10G was a bufferless parallel router which combined these functions five years ago.
Martin Morf 07.13.2009
Finally discovering FLOW!? In the 70ies I had a Darpa contract from Bob Kahn on Distributed Sensor computer Networks (DSN) where all this came up, including VLSI for "streaming date" (sensors, speech, sound, sonar, radar, photons, ... ) it's all physics of scattering -- e.g. transmission-, ..., deflection-, reflection-routing ... at all levels down to electrons and photons! De'ja Vue -- all over again? m.
Bob_Robertson 07.13.2009
So the Juniper physical architecture has been re-invented, with QoS logic augmented by detecting "streams". Too bad Microsoft virus and spam traffic couldn't just be dropped. That would radically reduce network traffic.
Lorens 07.11.2009
And how does this relate to already widely-deployed methods such as CEF (Cisco Express Forwarding), MPLS, and accompanying QoS?
James Clough 07.11.2009
Haven't Cisco's routers supported flow-based operations for over ten years? Is the point that existing flow management is just piled on top rather than used for the core switching function?
Aaron 07.10.2009
How is this different from CEF, which Cisco has provided for some number of years on their routers?
Faceless Coward 07.10.2009
So microflow policing has been around for a long time. Just how you go about dynamically monitoring and managing 10,000,000 flows in real time at 80Gbps is quite the mystery left out of this article.
Bob 07.10.2009
This is a box that is built to sell to service-providers who are trying to scrimp on upstream capacity (providers who have to pay for transit, rather than owning their own settlement-free backbone). He's going to try to sell the boxes to the last-mile companies that have previously tried to impose usage limits (or even block services). This box doesn't provide ANY benefit to actual end-user consumers. The most consumer-friendly solution is for last-mile providers to partner with (or buy outright) a settlement-free backbone. Then they can give themselves all the transit they want for "free". The very largest providcers could even (conceivably) build a backbone and obtain settlement-free status over time (if you are the "gateway" to enough eyeballs, people WILL peer with you). As Mr. Roberts pointed out, overprovisioning wins. (Also "randomly" dropping packets is GOOD: it is the triggering indicator for Random Early Drop enhancements to TCP; conversely, it is clustered, multi-packet drop events that have been disasterious to TCP. See the work of Sally Floyd and others. SACK, ECN and other techniques are helping to inform TCP of the conditions present at the intermediate-devices along the pathway.)
Adam Powers 07.10.2009
Any support for a flow export technology such as NetFlow? Seems to fit well.
Kaz 07.10.2009
It has been here for some time: http://smartsharesystems.com/en/ It controls the FLOWS and can give each user equal bandwidth and automatically detect what should have higher priority and what should have less.
Javier 07.10.2009
very interesting. it's important to revise how everything works, dropping any assumptions. but i fail to see some points: 1.- your router identifies 'flows' by the full 5 numbers used byt TCP and UDP. whouldn't it be more apropriate to use just the source and destination address at the IP level? that way P2P programs wouldn't get any advantage from opening many TCP streams to the same destination. 2.- you emphasize about doing the full routing work just for the first packet. is that the same as using a cache of routes keyed by the 'flow' identification, or am i missing something? software routers work like this, i assumed that high end hardware devices would need it as well. 3.- in your research, randomly dropping packets when overloaded produced exponentially worse performance. is that related to the LFN problem? (where retrying gets more expensive as bandwidth increases). you favor penalizing P2P streams because the disproportionate use of resources; but then kill it disproportionally. wouldn't it be fairer to give all endpoints the same amount of bandwidth as everybody else, instead of giving more to 'lawful' users?
hevangel 07.10.2009
The idea of flow management It's not that new. My company was working on similar stuff before they shut down the division after the dot-com bubble bursted. If the router kills P2P traffic and seriously lower the performance of P2P application, P2P protocol will disguise their packet as Video or Traffic. It will be like technology arm race on deep packet snooping.
David C 07.10.2009
An interesting concept. It is surprising that it has taken so long to come about, though I suspect the article's point that it was cost prohibitive makes sense. The benefits to video and audio transmissions are obvious. That said, with regards to P2P, it sounds like the author feels that this is somehow 'improper' use of the web. I would highly contest that. Leaving aside the aspect of sharing copywrited materials, P2P systems are used to share large data by reducing the load on the originator. Many open source softwares use P2P as a mechanism to reduce the load on their servers. Also, while this flow control technique for throttling P2P networks works now, it isn't hard to overcome it for P2P developers. By simply frequently changing source or destination ports (an algorithm to do this can easily be built into P2P applications), the hash table would loose track of the flow, and the P2P data would not longer be throttled.
jason wright 07.09.2009
In reading this article, I was left with a "so what?" Flow management systems are not new. Perhaps at the low level, the Anagran has some revolutionary features, but at the high level in which this article is written there is nothing radical (as implied by the title). The article also does not deal with the problem of collisions in the flow lookup cache: a real security problem.
Kyle Brady 07.09.2009
An overall nice piece, with good insights as to the future of network traffic routing, but some of your base assumptions about "acceptable traffic" are wrong. And I wrote a very long response: http://www.kyle-brady.com/2009/07/09/incorrect-base-assumptions-about-network-management/ --Kyle
Howard Schweitzer 07.06.2009
Article was of particular interest since I am dealing with network performance improvement issues. After reading the article I wondered if there was any comparison of the flow manager verses using QoS on current routers/switches.