Kurtis Heimerl: Okay, we'll get started. Project two is due next Thursday?  It's going alright?
Audience: They changed to the 18th.
Kurtis: What's that.
Audience: I thought you changed project two's due date to the 18th.
Kurtis: What's the 18th? Oh, did I change on canvas and not the website? That makes sense.
Audience: Yeah. (Audience in background talking about when project is due.)
It's 13th due on canvas but we leave it open until the 18th.
That's your late due date and there are a sensible late penalties if you're late all the time. Try not to be late.
Audience: (INAUDIBLE) The canvas says the 13th.
Yeah, I think we moved it back for the snow day but not like I think it was like four days back. It was suppose to be due on Monday we moved it to Thursday.
It's due on Thursday, hopefully that's not a panic inducing comment for anyone. But again you have three late days to be late with it.  We won't be picky about it.
But yeah that's happening, good luck.  Any any questions or complaints or comments you'd like to make in group form?
I think this is a great project. I read it.
Audience: A small cross verification.
Kurtis: Yeah.
Audience: For part three in say is that
National Trust cannot send traffic to s-pen (INAUDIBLE)
But this does not mean that the others can not send traffic , right?
Kurtis: Well because of the flow, right? So, functionally I think they'll be disconnected because you're gonna block the ACK's
but technically we will be testing for that, no.
Audience: So, it can appear that traffic is being dropped?
Kurtis: Yeah, it's, I think if I remember correctly, as I always have to look over my notes because I page stuff out.
But it's gonna look like they're just not connected to each other. Although I think technically you can implement it as a one-way block.
I don't think we test for that.
If I was smarter in implementing both ways.
Audience: So recall my representatives being blocked both ways?
Kurtis: Yeah, because that the response will be blocked, right?
Audience: Yeah, fair point.
Kurtis: Any other questions, thoughts?  Yeah.
Audience: I remember this question was asked in the discussion but I can't see a clear answer.
We're not allowed to hard-code t-path in part four, but are we still allowed to hard-code (INAUDIBLE)?
Kurtis: Yes. Any other thoughts or concerns?
Audience: (INAUDIBLE)
Kurtis: It's supposed to be out soon.
Evo says he's got it working. And so he's got it started, so we will see.
About the bufferbloat. So at the transport layer project, that's it's not too bad.
There's relatively little code to it, but it's, yeah-
There's like a little bit more qualitative element to this than the other ones.
You have to make a graph.
Audience: Can I do that instead of figuring out -
Kurtis: No. Okay, any other thoughts, questions or concerns otherwise on to content.
Audience: We will be able to do that after the lecture?
Kurtis: That project? We'll see when you all get to that but like maybe others -  What's that?
Audience:  Not like knowledge wise though?
Kurtis: Yes, I mean I think we're actually not gonna get the bufferboat until next week. So we won't get into the-
we'll probably get to congestion collapse and stop is where my plan is.
I actually think it'll be a stretch to get there but we'll see.
Okay. All right. So, where were we?
We just have talked through IP, it like well, hopefully now in this magical world where we believe that these things are real.
Right, so we can send a packet from one side of the world to another based on this address that we've assigned to the network.
What what's missing here? So we like that the real, what's missing here?  Like what do people think doesn't work?
Audience: (INAUDIBLE)
Kurtis: That's yes, but I bet by the design, that one's different.
Hey, what else do we need?
Like there are a whole bunch of questions that are, kind of, not covered by the basic IP design.
Which is really just the IP packet, BGP all these sort of elements of like,
this idea of a hierarchical system for getting messages across the world. Yeah.
Audience: If I send something and I am not sure if it got there.
Kurtis: Yeah, so my version of that would just be debugging in general.
So right, now I just put my message in the network what happened to it?
Who knows, right? So there's no way to debug what's going on that's a huge thing and that is one thing we will talk about.
Audience: Having any other more useful protocols for different use cases like um, more time transmission?
Kurtis: We do not allow other protocols, this is a narrow waste of the internet, but you're right.
I mean that's actually going to be some of the readings the higher your layers below. Yeah
That's the higher layers problem. What's wrong with IP?
Being able to debug our messages is one element.
I'll give one to you. How do you get an IP address?
Like how do you get a MAC address, question one?
Your manufacturer gives it to you. How do you get an IP address?
Why can't your manufacturer give you your IP address?
Say that again.
Audience: (INAUDIBLE)
Kurtis: Exactly, your hierarchical routing
you have to get your IP address based on where you are, and who you're talking to, who your ISP is?
Like it doesn't work anymore. So that's one problem. There like to try you have two more hopefully you guys can figure this one.
Audience: Discovering IP address like a lot of host?
Kurtis: Yeah, right so this is like we did this in project two.
Are you doing this at the moment. You have an IP address. How do you figure out the link layer address at this thing?
And so what we have is like basically a set of hacks to solve these problems.
This is DHCP or ICMP and then just running out of IP addresses. We talked a little bit about this.
There's four billion IP addresses.
There are more people than that on the Internet. More devices than that, at least on the Internet right now.
And so we're going to talk through
just the set of hacks that were put together to solve this particular set of things to kind of go from
this beautiful dream of IP down to specific implementations.
So DHCP, dynamic host configuration protocol.
This part of the class is a little grab baggie in terms of protocols because it's-
there are hacks. That are like ungodly terrible hacks. Usually abusing the broadcast protocol
to solve these problem.
So right,  a node wakes up. You've connected to the network
and you need to talk through things. You don't have an IP address. You don't know where you are in the world,
you don't know anything like this. There are really interesting proposals online. Let's use GPS to figure out what our IP adddress is.
We don't know any of that stuff. This is 1976, whatever. 1993 but
we need to be able to figure out what our IP address is. What is the IP address of our router, right?
Who do we send packets to?
The Ethernet address as mentioned is on the NIC.
But we don't know these from the network. And so, in the old days what you would do is
manually configure these. Basically you go to IT and you hand them a machine
or maybe they handed you a machine and it has an IT set on it.
They just they configured it, if you've ever gone into your like network configuration on your machine
you can manually set your IP address and they've just done that for you. And they're managing their network
but now this is obviously a huge overhead because you're having to sit in this world where they are managing this if you ever mess,
it up everything explodes, right?
Two people with the same IP address is literally not suppose to happen.
And so everyone gets confused and the network falls apart. So IT just manages it that was real good.
But they came across this thing
DHCP into the solution to try to resolve this bit.
So again 1993, what it does is it releases IP addresses to nodes.
So basically there's a server running that gives you everything you need to be on the Internet.
And so this is not only your IP address, but also your network prefix. That be your subnet mask.
The address of the local router and other important bits if you want them. The DNS server
which we haven't talked about but your time server for synchronization and a couple other things.
It's a client-server application. It's actually sitting at the application layer but is this IP glue.
And so, It's a UDP packet using port 67 and 68 and what it does
sorry, I had to get one answer.
What we do is we just send a broadcast message to every node on network saying hey, I'm here I need an IP address.
And the way you send a broadcast message an IP as you send something with the IP two five five, two five, two five five, two five.
That means send it to everyone. So every single machine when they see this message, we'll take it up.
And so you're gonna send a message with this IP address and this Ethernet address and basically test saying, if you're out there
DHCP server please give me an IP address.
So you send this discover of the broadcast and this DHCP server is running somewhere inside of your network.
Reachable on the local link and responds with this offer. So they say, hey you good to have this IP address
and from there you set that to be your IP address. You send a request to them saying, hey
I would like that. They act it back now. That's your IP address in the network.
So this is a lease. It's got a time-out on it and after that certain amount of time
you have to get that DHCP address back from them.
It's again, a slightly abbreviated sequence.
That, that's DHCP.  If you ever there's kind of going through the glue of the system.
If you ever need to figure out who's using your
Wi-Fi router, like go to the DHCP table and you'll see everything that your DHCP server which runs on most access points.
Has handed out, how long the lease, so this is kind of the way to track-  Makes sense?
DHCP to be is like a relatively less ugly hack
then ARP, which we hopefully works through for project two.
ARP is solving a different problem and this what we need is a node needs a link layer address to be able to send something on a link layer, right?
So we have an IP address, but we know who this thing is.
But we need to know how to send things on the link layer because when you're actually
sending things over the network you have to send out a link layer.
That's how actually communicated, right? You need an Ethernet address for the Ethernet host to receive the message.
This is the point of project two is to beat you all to death with this particular thing
because it is actually kind of unintuitive.
So we have that model more like given a MAC address how to find IP address and this is. I'm doing  (INAUDIBLE) from here.
Again sorry, node uses a map a local IP addresses to the link layer addresses. So send a message for the IP address and get the link layer address.
It sits on top of the link layer, so-  do you have a question? No, okay
and it does have a server. So basically all you're gonna do here is broadcast out a message saying, who has this IP address?
Like who has one six eight, dot one, dot one and then hopefully whoever has that will just respond to you.
Audience: Why can't you just send to that? Why do you need a link layer address?
Kurtis: Right, so the link layer address is how the machine knows to take the message.
So this is a bit of a-   like maybe we can handle this too much, right?
So imagine your Wi-Fi router is sitting there and there's a thing called promiscuous mode, which they'll probably have to change at some point.
But the idea promiscuous mode is your router is
listening to every packet it hears and if hears a packet, it can move it up to the upper layer.
But most of the time what it does is it hears a message it looks at it and it says is the MAC address the
same as my MAC address, if not drop it, right?
Audience: Why can't I just hear the IP address?
Kurtis: Because that's an upper layer protocol.
Like this is what the MAC is doing, right? They're doing this like this link layer addressing.
And so, if you need to know the MAC address to be able to send something on the link layer to it.
Audience: So you would actually work without-  everybody would work with their  own IP address because all the router network has to take more time to process.
Kurtis: Yeah, exactly if they're all in promiscuous mode they might be able to listen and see this thing has their IP address and go from there.
Audience: It would be super to inefficient.
Kurtis:  Yeah. The MAC address like means things. It's also useful for your switching and your
spanning trees and all these kind of things, right? It's a whole other protocol layer.
So it's just not supposed to care about things with the IP address.
But if you said it's a promiscuous mode, you can hear everyone's messages.
And so, this will actually follow the way (INAUDIBLE)
Okay, so you use this broadcast you say, hey who has this IP address.
And whoever has that response. Then here we are the request it's basically who has 1.2.3.4.
Whoever has one 1.2.3.4 respond and says I do.
And they send from that IP and the IP header and that and their MAC address in the link layer.
And so now you've got this message from them saying what the IP address is, what the MAC address is.
You store that in a table on your machine, and now you can communicate directly with them no longer sending parts.
So if you can look at your ARP table on a machine, there's a bunch of these.
This is just a track of
basically a machine put into promiscuous mode reading all the ARP's going off inside the network and sending them up.
So you see someone asking for 1.2.1. 224 it tell 1.2.1.253 their MAC address.
There's kind of these things happening all over the place and then your machine stores it. Here's a set, we've
capped it at 6 an ARP table for the machine. And this again times out eventually, it's clear.
But this is your mechanism for, to know that mapping of IP address is a MAC layer address partly clear addresses.
Who has implemented this for project two?
Audience: Try. I don't know if I succeeded.
Kurtis: Yeah, it's not that bad
but this is what we're trying to do. And hopefully a project two gives you that context.
Like you have a gateway IP address, right? You don't know the MAC address of this machine.
And so, you need to be able to send a message to that one?
So what you do is you send a ARP saying, hey Gateway where are you?
You Gateway responses with the MAC address and now you can talk to the Gateway.
Part two is implementing the ARP response. Yeah.
Audience: Okay, because of the subnet issue basically no matter-
Basically no matter what it's asking for the router is always gonna say, Oh yeah, it's me the IP is in this direction?
Kurtis: Well no right?
Audience: Please explain this.
Kurtis:  Well part three you are a switch, right?  And so in that moment, because you're like-
Audience: Sorry I don't want to derail too hard.
Kurtis: No, it's an important thing. This is literally project two is about. This is super confusing
and I felt like people made it through this class without ever making this distinction between like what actually happens
at the actual link layer and the IP layer.
And so in part 3 what you're doing is you-
Like let's say you want to talk to another machine on your subnet. You send an ARP for that one, right?
I'm three-quarters of pulling out the whiteboard.
So let's say you post A and post B and X is the switch in between you right?
So A wants to talk to B, there on the same subnet. If they're on the same subnet you send an ARP for B, right?
Because they're on your subnet. Now if you turn X into a router and A and B are in different subnets
you're going to send an ARP to X. Because X is where you send the packet to send it out of your networker, right?
Audience: Right.
Kurtis: And that's the distinction. Right, when something outside of your network send it to the Gateway. When something's inside your network send it to them directly.
And when you think about the shared medium world this came from, like the big share of Ethernet cable
it really is everyone sharing the wire, right?
So there's no reason to like send it to the Gateway who then forwards it on to the same network.
The only reason to ever send things on to the Gateway is when it's on a separate physical network
and that's what the link layer is about.
It's about communicating within a physical domain and the IP layer is about sending things between physical limits
and ARP is part of that, right?
Getting a little theoretical. I think maybe people seem to be nodding
so hopefully that's not too bad and I didn't want to bring out the whiteboard.
But this is literally what we do in project two and why I love project two so much. Yeah.
Audience: In project two we have this table where we have the name of the host, the IP and its map address. In the real world how would it happen?
Kurtis: Through things like ARP, right?
Audience: Oh okay.
Kurtis: Like anytime you have an IP address and you need a MAC address send it to ARP, that's what ARP is for.
Audience: So, we kind of skipped that in the project we just got told what the-
Kurtis: Ya so we don't like implement DHCP.
So everyone just gets assigned an IP address and part of the other things that project two is to know an IP address
means nothing more than you respond to ARP's.
Right, like to have an IP address means you respond to traffic for that IP address.
Like that's what it means through a network effective. Is it completely indistinguishable, right?
So part of it is just implementing things that respond to that IP address.
So, you put IP addresses on all your machines. You respond with ARP and you've implemented a layer through network.
Okay, I feel like I got kind of like fire and brim stone a little bit there.
This is ARP.  Again, it's an ugly hack. It's really just abusing this broadcast feature which
has an expectation of it being a physical medium.
You can imagine what a broadcast message means on a big shared wire is just like, I send this everyone listen.
But it makes a little less sense when it's a point-to-point like wired network and what,
then the broadcast what it means is that your switch plugs the message, right?
Okay, these are a class of things called discovery protocols.
There's a whole bunch of them.
Zeroconf, Bonjour are a current thing that's been fought over for like ten years at the IETF because Bonjour, I think,
no Bonjour is the open source one. Zeroconf is the Apple one. It's basically how to find a printer on your network, right?
And so, what you do is you're like hey, are you a printer or
even better what it is is the printer just keeps saying, hey, I'm a printer.
Just keep sending broadcast messages. Printer here, printer here
and then whoever is sitting there listening on the network like, builds a little table of all the printers.
And this standardization effort around this particular thing is ongoing. They just keep arguing and arguing and that's the world they live in. Most people-  What's that?
Audience: Why is this controversial?
Kurtis: Because of vendor lock-in kind of stuff. Someone wants to just like, own it. So these kind of battles take a long time, is all that it is.
In general, they're implemented. So if people who have
seen this element get easier in their life over the last decade if these protocols coming into play.
So most machines will just like implement both of them and like figure it out.
I'm actually, if I remember correctly Bonjour,
I always forget which one is the open-source one, is just like tracking the Apple protocol. And so there's
Apple and some other company is the actual one fighting over who owns it, but it doesn't matter.
That's the point, like that's their version of it.  It just the printer saying, I'm a printer,
I'm printer, I'm printer printer here, like just continually broadcasting that message and if you ever do like-
you can pull up a table for this stuff. Your machine may be configured to
say it's a media server. In which case you are just broadcasting to everyone else in the room I'm a media server,
I'm a media server, I'm a media server and you should watch out for that.
It's one of, I think more open security issues at the moment. If you just like sit on a campus network and listen to Zeroconf messages
you're gonna get a whole bunch of media servers.
Okay, so that was problem two. Now onto problem three, which is ICMP.
So ICMP is trying to solve that problem of debugging in the network. I'm message. I've sent it and I don't know what happened to it.
So it's a companion protocol to IP. It's implemented on a layer up.
I sometimes get confuse, the biggest implemented  at the same point because it doesn't really make sense to be implemented on top but it is.
What it does is provide this error reporting and testing for your messages that go out.
So if an error happens at the router for certain class of errors.
The idea is that it would respond and send you back an ICMP message
saying what the problem was and what you could potentially do the remedy set problem.
That's also slightly used for testing. Well, actually, largely used for testing.
So as I said, we report back the error. It discards a problematic packet and then the host needs to fix whatever the problem is.
So the ICMP messages have a type, code, checksum for most these messages.
And sometimes carry elements of the offending packet all of that but terribly efficient and send it back in this IP-
So some example ICMP messages you may have seen destination unreachable.
That is like the router gets the message and it doesn't have anything in the tables, it's a router.
Like you've got an IP address and it doesn't have a slash zero
or it just like a subnet and so it just doesn't have a path to route it.
And so it drops it and it send you back a message saying like, I don't know what to do with this.
Time Exceeded is a TTL which we'll talk quite a bit about in terms of traceroute.
And then of course the Echo services which is a ICMP service. Which you can
basically send an ICMP message in and the router will respond or whatever host you're talking to will respond over the ICMP protocol.
This allows you to sort of ping. To see that the other side is working.
Traceroute is this beautiful implementation of a system. I'm kind of over who did it. I think it was Van Jacobson.
Unfortunately, I don't have my notes because I'm trying out Office 365 which I'm not super impressed with at the moment.
But the way that IP works in terms of
distance, is a time to live field and what it does is it gets decremented every single hop, every single hop in the network, right?
So the router takes the message decrement the TTL and then hands it off onto the next hop.
We talked a little bit about how that breaks the checksum
but the big idea here is that.
And this is a way to the protecting its forwarding loops, right?
So no matter how stupid you've managed to set up your IP network that packet will eventually die,
just cuz it gets decremented every single time. That's not technically true. I think you can set that ICMP-
The PTL to 0 at the start and then it supposed to go forever, but I may be thinking of a different protocol.
And so what traceroute did was repurposed this functionality as TTL to learn more about the network as you go.
And so what it does is it since probe packets.
Basically the idea is that you set the TTL to 1, send a message and then it dies in a router
and then router sends back TTL dead.
It sends, so you get to learn who the router is because they've sent you some information in the ICMP packet.
And you send another packet with a TTL 2.
That goes a little bit farther and you get this new message back and then you now send TTL3
until it ends up at the node at the end and now you've been able to map out how the network has worked.
Like the steps you took to get to the destination.
And so, you get this this wonderful map of the network.
And I think what I want to do is run a brief traceroute.
Looks like it might be a little bit big. So let's traceroute google.com. Cool.
Okay, so the traceroute it with google.com and it's doing exactly this. I could see, it give you some statistics on how long it took to get there
and the IP addresses of the individual routers that it took to make those steps, right?
So we're hitting this infra dot washington dot edu.
Infra is presumably an internal router we hit a whole bunch of those until we end up a gigapop.
You may of heard me mention gigapop a couple times.
It's the IXP that we used at the University of Washington.
And it looks like Google is directly connected with gigapop because we go two more hops and we hit what
I can assume is a data center C 30 S 1 0 which is probably a border router
for Google's data center here in Seattle.
Audience: Sorry what's 809?
Kurtis: Which 809, what do you mean?
Audience: (INAUDIBLE) what are those?                                                  Kurtis:  Don't know.
Kurtis They have IP addresses. We could like, we can like who is and I try to learn more about who they are.
They are we just know that IP address and then it took seven or eight hops to get there.
So our TTL was 8, it died there. All we have is this IP address.
We don't have a way to map it to a DNS entry.
Audience: If we like, we don't know that Google is plugged in to gigapop because-
Kurtis: We don't know exactly, there may be an intermediator in here, but that's a pretty short set of routers to get to it.
It's potentially, I mean the gigapop routers are public- are known.
So maybe these aren't gigapop routers, but it's hard to say. So you can kind of assume
it's not a gigapop. This probably is a cross country.
Audience:  It looks like 809 Google-
Kurtis: Did you look it up?  Yeah, so that answer is correct. This is some kind of Google routers.
And I'll give you a different one, which is euro com dot France. See this goes a little bit farther.
We're still going and we have some stars.
Audience: What is that?
Kurtis: We'll talk about that and now we're done. We don't actually know what happened to the other side of it.
Okay, so we go through infra dot washington as expected.
We hit gigapop and now we hit that thing that I've been talking about Internet2 which is that an academic ISP
And so we Internet2 our way down a little bit.
We're in Sea-Tac probably.
Seattle but that I see the T.
Here where in Minnesota. I have no idea  what eqch is.
We'll probably try to figure it out.
We end up in what I can assume is Cleveland
Audience: Ashford                                                           Kurtis: Ashford
We're here down in Washington, probably yeah, Washington DC and then we're in London, we're still on Internet2.
So this was a relatively big hop, you can see this funny from 60 to 135 milliseconds that's crossing the Atlantic.
Audience Did you see Chicago (INAUDIBLE)
Kurtis: Is it, okay?
Audience: Based on a quick Internet search.
Kurtis: That make sense. So this is kind of neat, right?
We're like, oh we went to-
This one's a little bit long. I don't know if seat is Seattle or not. It seems maybe like it shouldn't be.
Because we're already in Seattle here at gigapop. Well maybe, I mean it's not-
Audience: I think it's a first, four letters.
Kurtis: Yeah, this is this is probably the the big
English one. You do the time distance. I go from three milliseconds to four milliseconds
so this all seems pretty local and now we make a big hop to Minnesota in another 32 milliseconds.
So that's a pretty big jump. That's probably Seattle's to Minnesota to me. And then we do I guess Chicago, Chicago, Cleveland doesn't seem very far to me.
Ashford, Ashford, Washington, London.
Audience: Are we assuming there is a wire directly connecting Seattle and Minnesota?
Kurtis: Potentially, that's one of the things that I think we can talk about here is
it looks like that, right? But there is a world where what if they just don't decrement the TTL field, right?
And they do that for efficiency reason. So if you're like a really high
bandwidth backhaul router you might just pass it on, like just
who gives a ___ about that person trying to a traceroute like send their message along anyway.
And so, there could be intermediate hops inside of this that we just don't see.
But it could be that there's a wire running between us. I would guess it's the former. Yeah.
Audience: What are the protocol that allows you to get all these IP addresses?
Kurtis: I think it's a reverse DNS lookups is what it is.
Like the traceroute program is just, I think it's just the IP address is what you get from ICMP
and then, you know look up what that IP address is. What's that?
Audience: with that just a return like in one chat or
does it like pinging like continuously to get these IP's?
Kurtis: I don't think it's pinging. I think you can-
Audience: I mean like making a request to-
Kurtis: I think it's making a request to, a DNS server to
do the reverse DNS lookup associated host name in DNS system.
Cuz like this, a DNS system is somewhat separate then in this.
I think only the IP address back from IP server.
Audience: Like I'm just trying to figure out like does ICMP return the entire stack?
Like you're sending an ICMP all the way down to like to somewhere, right?
Kurtis: Yeah.
Audience: Like how do you get the ones in the middle?
Where do they come back to you from?
Kurtis: From those in middle ones, right? We're using the TTL field to do this.
So when we're at number 10 that means we set a message of the TTL of 10 out
and it got decrement and every other one until this one.  And then this router
got a TTL down to zero and sent an ICMP packet,
message back saying like you ____ up, right?  But then we get that from that IP address
we do a reverse DNS lookup find out what that is and hand it to us as users.
Audience: Gotcha. One thing I've noticed is internet2 routers seem to be in the same block 24 so that-
Kurtis: Yeah, it's ISP, right? So there it's an A S, and they have an IP block and they use that IP block.
Audience: It looks like they have 256 address maybe I miss something.
Kurtis: I mean, you are probably it's probably not a slash 24 for all of their corner routers, maybe it is.
Like you can do a whole bunch of, sort of,
measurements if you wanted to try to find internet2 router that's not a net, subnet.
But it could be done for, you know, a variety of reasons. It's also in the ICANN see what internet2 out (INAUDIBLE) is.
Okay, so we end up in London. We go to Paris, I assume.
Still in Paris. Now we're just getting some IP addresses.
I forget why we have this IP address thing on the end here.
Marcel, Sofia they're running the thing, I don't know.  Eurocom Valbonne,  I assume that's another town and then stars.
So, what would the star be?
Audience: NO GTL.
Kurtis: There's no GTL, so we, the proper way to think about things we set something in to TTL 24
and we just didn't get it back, right?
So we know that there's a router because at some point we get down to, you get all the bottom, to 30.
that's when we're actually hitting the server that we put in there. So we know it takes 31 to get to the server.
So those intermediate ones those routers are just not responding. Why would they not be responding?
Audience: Security.
Kurtis: Security right. Like they don't want us to know about the internals of their network.
So the decrement of TTL correcting. They're not doing this for speed reasons, but they're not responding with ICMP messages
which is some that you turn off. And you can turn off internally and externally, right? Like this message is coming from outside
and don't send it and ICMP message first.
But if we did it, like I'm sure that we do the exact same thing.
If they were sending us a traceroute we wouldn't get, they wouldn't get in through washington.edu.
So traceroute super cool.
Audience: Isn't 30 the max though? (INAUDIBLE)
Kurtis: Is there a max?
max TTL-
 
There are more.
So, maybe we just like be blocked that's also possibility. What cases get all the way to 100. I assume at this point that-
Because the way you send the traceroute  messages is these are actually pings.
So you just put a ping with a TTL on it, so it could be that they're their server isn't responding to ping.
Yeah, I think, I think their server's not responding.
No-
Three dot.  Yes, yes, yes.
Okay, so that's traceroute.
Solving that, again this is just using ICMP to solve that set of problems.
So on to the last problem, which is gonna be solved in multiple ways.
Then this problem is just running out of IP addresses, right? So hopefully the problem is pretty clear.
The entire IPv4 address space is a little over four billion
individual number, just like that's the maximum there, right? And so, this is from 2016 order 3.4 billion people on the network.
That's not counting all your stupid IOT smart light bulbs and
so we're just blown past that.
That we blew past it a while ago, so this is a map of IP exhaustion.
So IPv4 was exhausted in January 2011.
That was we ran out of IP addresses and it was these are allocated locally as well
by region, so APNIC and RIPE for Europe register's also just ran out at companies.
So visit, we're out of IP addresses like there's none.
We tried to get one for my ISP that we're running here as a research project. They said no.
There's actually a little bit of wiggle room there. They own some slash.
Eights that they hand out for another short term
things is you're like between IP addresses and stuff like this.
But this has just become a weirdly robust marketplace like you go to companies to try to buy IP blocks some other ones
it's just this like lane grabbing happening.
The solution to this is the thing called a NAT which you all use all the time and may or may not had to flight with in your life.
The basic idea is to map private IP, multiple of them into one public IP.
And so, what we're gonna do is allocate these like private IP is based on DHCP.
So your DHCP server runs on your router hands out private IP addresses
which means non globally routable, non unique addresses and uses
and basically take the whole bunch of those and maps them all down to one single public IP
which you use to talk the Internet.
So right, we talked a little bit in earlier this world where the
router isn't supposed to look at anything above IP nothing like transport.
And NAT's are the classic example of breaking this. They referred to as middleboxes and that is one kind of middlebox
there's also firewalls things like this.
I these sit inside of the network like as a
intermediate between you and the rest of the network providing some sort of functionality. A firewall blocking certain
services, and the NAT providing is address translation service.
People get upset about this and we'll talk about that when we get that IPv6.
So middleboxes are really great because it's a rapid way to solve a problem. Like a middlebox comes in, a NAT box comes in
and lets you take one IP address and map it to multiple IP addresses, right? It solves the problem for you.
It doesn't require everyone across the network to solve this problem at the same time. You have a solution you solve it in your spot.
But it breaks that in that layer element and causes a whole bunch of problems that we now have to solve.
So again, NAT maps this internal IP to an external IP.
You're going to be able to make many hosts through a single address.
And this was motivated entirely by IP scarcity. People got really upset when this came out
but it largely solved the problem. When you go to Comcast you get a public IP, probably.
And you are able to use multiple devices on that one IP.
So like, let me pull up my terminal again and see what IP address they gave me.
That's a 10, yeah a 10 dot 18 that is a private IP address, right?  So you UW is Natting me right now.
So here's our scenario, right?
So we have a home machine connected to an ISP
and we want to have someone on an unmodified machine sitting behind us.
You've got your smart tv. You've got your laptop. You've got your phone.
They all need to share this one public IP that Comcast is going to give you.
So what you're gonna do is going to assign them one of the private IP blocks, which is 10/8.
172.16/12-  192.168/16
these are all allocated by the by ICANN as being private IP addresses and so they don't sell them
they're used entirely for this purpose.
And then the NAT box is going to do this translation.
Now what it's going to do is basically keep an internal table between
services on the multiple hosts inside the network and their public facing version of it.
So as you can see here, what we have is the internal IP, which is in that private IP block.
So these are all individual machines. They all have their own IP address, right?
And individual services, so now we're doing things at the transport layer. Now we use ports for that.
That's an identifier for a service at the transport layer.
So now what we do is we map this like this machine at this port to this IP address and this port.
And so, now multiple machines and multiple services are now using the same external IP address, just with different ports, right?
So as an example of this let's say we're communicating outbound so we're this run
this 192.168.1.12 here and we're service 5523
and we're going to try and talk to 123.1.10/5000.
What should the source and destination port of this be?
I guess this- a different question.
So right, what we do is we map it exactly that. We don't change the destination that's going to the same place
that's a publicly, like a public IP. We change the source IP to be this public IP that we are using.
So multiple hosts can sit behind and do that. When something comes in we do the exact opposite. So something comes in
destin. for us. This .8.3.1500 and we could convert it back to
192 168 1.12.5523.
Audience: (INAUDIBLE)
Kurtis: There's 6500 or 65,000. So it's whatever that is, that's 2 to the 16th.
So it's like a hardware specify thing, but that's it's main ports.
Yeah, the port exhaustion is usually not a problem.
Again, what we like, but you're part right, if we started using like like a million machines behind a single NAT
we'd run out of ports on the shared IP facing out.
Audience: So again, so it's only sending through a IP address, it doesn't care about the port, right?
Kurtis: Well, this is-  unless you look at the transport layer
like that's what the middlebox is doing is it's not just looking at the IP layer anymore, it looks a layer up.
So it's not routing the packet into a machine. It's routing a segment to a service running inside a network.
So they're breaking that functionality to be able to do this thing. To be able to share that IP addresses.
Audience: I don't get, for example the external destination that would be like hulu.com, right? So when it responds it would be like respond back to the NAT external IP?
Kurtis: Yes, the external IP yes.
Audience: But it doesn't have to respond to port 1.5000?
Kurtis: It does. I mean it doesn't have to, right? This is like UDP doesn't work. Like we're getting a little ahead of our selves.
We're going to talk to exactly who UDP is, but yeah,
like if the protocol doesn't respond on the same port of your ho.
There's a whole swath of protocols that don't do that and they're broken by now. But turns out that like web browsing works.
Yeah, like you allocate a local port and then you send a message from that port to Google and they respond to that same port.
Audience: Which convention says that?
Kurtis: It's in like the HTTP protocol, right?
UDP is particularly troubling for this because like it's explicitly like your ports aren't as static.
So we do need to enter entries to this and so what happens is
the first time you send a message
it generates a new mapping, right?
So we have this message coming into the NAT box It receives this.
It doesn't have an associated external port it just kind of fills it in, right?
So it's set something here and puts it on the source and stores into the table
and that was there's a re-sub NAT, right?
So after the certain amount of time, we wipe the table and we go and this is NAT.
This is really what makes us still talking about IPv4, even though we've run out of addresses. Like we're supposed to be talking about IPv6.
We're talking about IPv4 because it's actually used all over the place
because NAT turned out to fix this problem in a way that all the different architects hate it.
Because of the following problem,
let's say that you're a service running on 1.12.5523
and someone wants to send a message to you, but you've never sent a message to them. What happens?
Right, so we've never set the message out so we don't have an entry in our table for this but that service is running.
What happens?
Audience: There is no entry so the it just gets dropped.
Kurtis: Yeah. we have absolutely no idea how to solve this problem, so we just drop it. This turns out to be a feature.
So this is basically a firewall, right? Like you have to talk first.
What this means is that like if your machine that isn't talking then it's not receiving messages
and so random people on the Internet can't just port scan you.
They're gonna hit that NAT box and that's gonna be like, I have no idea who this destined to, drop it on the ground and we go from there.
But it does break connectivity and it basically makes it really, really hard to run things like peer-to-peer applications.
So if you ever gotta do stuff like that what you need to do, and I think I'm have it on next slide.
Yes, it's called NAT punching or NAT traversal
which is where you have the two services talk to a third service in this in the cloud
so that they open up holes in the NAT
and then they can talk directly to each other over those ports. So, Skype one of their core technical innovations
when they were first coming around was solving this particular problem. Because Skype wants you to do peer-to-peer communication.
Did more when it was an independent company, but
you know, the idea was they didn't need to run infrastructure to hold your calls that two people would just talk to each other.
They make a lot of money. They don't run infrastructure, it sounds great right? But NAT blew that whole thing up.
So now what they do is they they run a server. The protocol is called Stun for just doing the naturals.
Like you talk to the cloud server, you talk to the cloud server, we both record our ports.
Now we just point at each other instead of at the Stun server. There's holes in the Nat's so we're able to talk.
You can daisy chain Nats.
And as hairy as it sounds but you can do it, right? And so, this is like largely how things have been fixed.
So, what UDP breaks and things that need IP addresses to be exposed like FTP break.
But it is the solution.
Literally every home router you will buy has NAT, has DHCP and that is how you connect to the Internet.
You have a NAT table and again, you could look that up if you really wanted to.
So because it's easy to deploy and it solves the problem and added this weird fireball thing, which wasn't the point but actually-
Okay. questions on NAT?
Nat's one of my favorite beautiful hacks, it's so bad. It's just such a bad idea.
But it like it solved the problem and then it became a big deal.
Okay, so they're not saying any questions. Let's talk about what we actually want to talk about it which is IPv6.
Which is the other way to solve this problem, right?  The correct IETF networking engineers were like,
why don't we just make more IP addresses and so they did that.
While NAT was was taking over the world. So IETF, 1994, basically, they just blew up the address problem.
They put 128 bit addresses. Oh, that's something like an address for every single atom in the universe.
Like it's just an enormous amount of addresses.
They were like, we're not gonna have this problem again, you know Vint Cerf didn't think of this in 1976
but we thought about it now so, 128 bits. And then a lot of small and improvements on the IP protocol that they had learned.
Became a standard in 1998 and then basically nothing happened.
Because we weren't out of IP addresses and so nobody was worried about it
until eventually we did run out of IP addresses and that was 2011.
And so, then companies started pushing a little bit more of IPv6. Get in going back to my terminal here.
I have my IPv6 address
you know, it's below the IPv4 address as a thing, right? That being my IPv6, I guess.
Audience: (INAUDIBLE)
Kurtis: It's the IPv6 address. But you like immediately below the ipv4.
Audience: It's got the columns now?
Kurtis: Yeah, so we'll talk a little bit about the notation for it, which is a little bit ugly.
The big thing is that bigger address space and now it's eight groups of four hex digits.
And you're gonna omit leading zeros and groups of zeros.
So this is an example of an IPv6 address and the way you write is like this.
You put a double colon for big groups of zeros because when you have 128 bits suddenly you just have a bunch of extraneous zeros
and so we need a way to write it a little bit shorter.
Audience: Can't you only do that once per IPv6 address in colon quotations?
Kurtis: Yes, that's correct. The zeros are in the middle for reasons we will talk about.
And so, the big thing here is that we just needed NAT so much.
That they wrote IPv6. And IPv6 is like there are only public addresses.
Like NAT is not necessary. We hate NAT. Nat is gone. Everyone gets there own IP address.
You streamline the header processing a little bit.
This was like they remove the checksum basically.
So you'll have to recompute that every single hop.
And enabled flow and with a couple of other advanced features to improve things. That they had learned since nineteen seventy whatever.
So hears my question for you, does this fixed ARP?
Audience: (INAUDIBLE)
Kurtis: Yeah. No we still have an ARP problem.
ARP problem is about-  number of layer down to link layer. So it doesn't do anything. Does this fix the DHCP?
Audience: Yes.
Kurtis: Why?
Audience: Because you can just assign an IP address to every single device.
Kurtis: Sort of.
Audience: (INAUDIBLE)
Kurtis: So the answer is no.  The answer is a hard no. You still hierarchical routing, exactly.
Like you still need this sort of structure of the IP address to be able to route things.
So you can't just like pick an address in space at random, which would not be too bad with my address space.
It's possible to have two randomly chosen addresses appear on top of each other.
I'm sure they discussed this. But the hierarchical routing element you still need to have so doesn't fix the DHCP. Does this  fix NAT?
Yes, right. Yes.
That's the thing they hated. So that's the thing that they fixed. And great.
Audience: Checksum how do you know the header got here ok?
Kurtis: I think what they did is like expect upper layers to deal with that, yeah.
So I see ICMPv6 has other version of those ARP's, this is the neighbor discovery protocol.
It actually uses ICMPv6, which is their version of that it does both DHCP and ARP functions
it's just different flags in the message.
So ARP's neighbor discovery and advertisement use the exact same mechanism except that I think it does have a
broadcast version of I'm this IP address
everyone can pick that up and listen to it.
And the router version does exactly what with a slight modification.
And this is SLAAC the stateless autoconfiguration.
And so this is mostly doing the DHCP
but it's a little bit smarter than DHCP in the sense that
what it does is you send a broadcast message saying I need an IP address and
you get a prefix from your router, you don't get as IP address.
So this just says where I am and hierarchy of the network.
And then what you do is you take that and attach your MAC address on to it. And so your MAC address is ostensibly unique
and the prefix gives you the route ability elements. You're now able to get have a unique IP address that's both routable and unique.
There's a little bit of math there that they do to speed up the processing but that's the general idea.
So now you don't have visas.
You don't have this sort of a table stored in the router anymore you just do this thing
to give you a global unique an IP address that you should be able to route to from anywhere on earth.
Questions. This is kind of elegant, I like SLAAC.
Certainly more elegant than DHCP.
Audience: Hey, what are you bits doing that?
Kurtis: What's that?
Audience: So you can grasp Adam and Eve first?
Kurtis: Yeah. Yeah. Yeah, if I remember correctly it's split basically in half
but then they're like, well it's still a large address space
but you're right. You're absolutely right and that's not half I thinks it's-
the MAC addresses 48 bits so they split it intelligently.
But yes, this is one of those things where they like we have so many bits. Let's do something kind of wasteful
in order to solve this problem, but maybe in the future when we have an epitaph address all of the atoms
everyone will be upset about this.
Audience: Yeah, the comment and the code will never need this.  (laughter) Never ends well.
Kurtis: Yeah, well it's a hundred twenty eight bits.
So you just imagine this particular, it's fine and some other person, you know, curmudgeonly saying exactly what you said.
So the big problem IPv6 has been the deployment of IPv6 which has been this long argus process that we should standardize
1998 it's still not like, I could teach this class without talking about IPv6 which is absurd but it is what it is.
The problem is that it is fundamentally incompatible with any IPv4  they're different spaces. It's basically building a new network, right?
It's a new Internet using a different address.
And there's a whole bunch of approaches to solve this problem dual stack, which is what you saw here.
That's me running both protocols and is attached to both networks and
the mapping between the two networks is very similar in fact identical
I'm talking to the same router up there, but it just gives me two addresses and I operate on two addresses.
And then translators and tunnels, which we don't need to talk about. I think I'm done. Okay.
Audience: Can I ask you a question? So why is it incompatible with the ARP and the DHCP?
Kurtis: No, it's just that
Audience: Because in the header it say what version you are, right?
Kurtis: Yeah
Audience: So why isn't it compatible?
Kurtis: So incompatible in the sense means, like the link layers are the same, right?
So incompatible means like the message, you can't send an IPv6 message to something listening on IPv4.
You can imagine a version of the protocol that just like had both address spaces in it, right?
Audience: I don't get it. So if I'm IPv6 and I want to talk to someone who is running IPv4, I would just inform the header differently like just say like version 1.
Kurtis: But your address doesn't fit in the address space with the IPv4 packet.
Audience: Oh, so they can't send the address?
Kurtis: You can't send to them. it's just like they're two different protocols with like, with no above. You could imagine building IPv6
that was backwards compatible like your IPv4 message, like you take the IPv4
message format and like stick the IPv6 message in there some how, but they did not do that explicitly.
And so basically, if you're an IPv6 machine and you want to talk to an IPv4 machine,  you just can't.
Audience: But I thought there was some backward conversion between IPv6 and IPv4?
Kurtis: Not that I know of, maybe you're right. I'm sure people I hacked some stuff together
but these are many answers the dual stack is the most common one.
It's just again, running two IP addresses on the same, the same physical link layer networks.
Audience: I think there is some divine tunnel address that isn't capsulating IPv6-
Kurtis: Yeah, there are tunnels where you have things that take IPv6 messages and basically put them inside of IPv4 messages and then send those along
and that's tunneling which we usually have slides for but  defer for time sake.
Audience:  But even in the IP packet, isn't it designed to handle different versions of IP?
Kurtis: Yes.
Audience: (INAUDIBLE)
Kurtis: She's asking if the IP message format is designed to support other versions of IP.
Like you could set the version flag to something else.
Audience: Yeah, so as a router, if see an IP packet thats version 4. I will just do whatever-interpret the header version 4 and version 6 will just interpret it another way?
Kurtis: Yeah
Audience: So why is that incompatible?
Kurtis: So thats, it's incompatible in the sense that if I have an IPv4 address, I cannot talk to something that has an IPv6 address.
Audience: I don't get that.  You  have to have both addresses right?
Kurtis: The idea is basically in the scope of naming, right? Like things have names to address them to different places, right?
And so given an IPv4 name you can't talk something as an IPv6 name. You're right
the router can handle both of these packets and they do handle both of these packets and they implement two of the protocols together and they
go, and they flip what implementation is gonna happen based on the flag is a new message, right?
But fundamentally, if you an IPv4 that machine only has an IPv4 address it cannot talk to something with an IPv6 address unless you do one of these things.
Audience: Can we due, like you said- I am IPv4 and I need to send to someone IPv6 address and I know what the address is, right? So why don't I just write the IP packet with version 6 and the right address?
Kurtis: That's running IPv6.
Audience: Like your home has to know about this?
Kurtis: Yeah, for sure.
Audience: That's the whole thing, right? That's the problem the host has to know about both versions?
Kurtis: Yeah, As does you router, as does your ISP, everyone along the way needs to know about this as well.
So you're building out like a second NAT.
You can imagine a world where I send an IPv4 packet into the network and it pops up the other side as an IPv6 message, right?
Or vice versa. A network where I would call com-pattern, like where like two networks can  grow at the same time
and they didn't implement it that way and it was design choice of there's that do that.
We're gonna get rid of IPv4. It's stupid. We hate NAT's that much.
Audience: Yea, but all the computers and all the routers in the world know about these two versions than you would be fine?
Kurtis: Yes, absolutely because at the end of the day there's wires connecting things and if every machine is running both
IPv6 and IPv4 they can all have two addresses and all those kind of things
and that's basically the dual stack answer but everybody has to do that, right?
If any intermediate node only implements one of them the connectivities broke.
Audience: So another question, if a machine speaks both and it doesn't know what language does the
receiver understand what language does the destibution understand? We're in trans able of both IPv4 and IPv6 packets or would it attempt with one and then fall back to the other?
Kurtis: What what does it need to attempt right?
Like this is the networking layer. And so all we have are addresses and names and your name is one of those two protocols.
So It could be the case like maybe ask a DNS server talk about
in the application slides, which is like two weeks away.
Just like, and and you look at the DNS record and you see it has only an IPv4 address
it doesn't have an IPv6 address. You know you what to talk to it all.
But in terms of like a service running like you the service only has a
name and that name is an address in the network and that defines what protocols using.
Make sense?
Audience: Yeah
Kurtis: DNS is your right answer. Well, that's exactly what we're going to do.
We can like go ask Google for google.com
and it will hand us both in IPv4 address and an IPv6 address and we get to decide which one we want to use.
Audience: Okay, makes sense.
Audience: So that kind of like the pathway to also deprecated IPv4 is once every machine in the world can understand both
eventually every machine will and we will carry IPv6? Than machine won't have to understand IPv4 at some point?
Yeah, maybe, I mean I think decrementing IPv4 sounds like a like a massive project.
But you're right, like once everyone does both but like, you know, your legacy machine from like probably six years ago. Probably doesn't speak IPv6.
It's I had just one machine like you're kicking them off the Internet
they no longer speak that protocol. So that's a great question and one of those things that
my guess is that these are both going to exist more fatuity.
Audience: Yeah. But which part of your computer needs to understand (INAUDIBLE You're bit to CPA (INAUDIBLE)
Kurtis: It's (INAUDIBLE).
Audience: So, put this on every computer?
Kurtis: Yeah, I mean, yeah. (laughter)
Sure, but you pushes the software update for like HP UNIX? No one.
So how many HP UNIX machines are there? How many people
what's the worst language I can think of. Not worse-
Audience: And how expensive is it to right a driver,
Kurtis: Yeah,
Audience: And write some layer that-
Kurtis: Essentially it's not a driver it is the operating system that implements these things.
But like there are operating systems from 20 years ago before IPv6 existed that are on the network.
And you're going to take them off. So there is a thing there.
But the dream, is of course, to kill IPv4 and kill NAT and and move on to this beautiful Internet.
Audience: It seems like not that costly (INAUDIBLE) Your talking about like, at least 3 or 4 billion devices that are not software able IPv4 something.
Kurtis: Yeah, it's like you know these low end feature phones
in variety of markets that are running Android 2 point something like-
it's a hard problem.
Audience: Why didn't they anticipate? Why didn't they make it more a priority to like include, to make it backward compatible, you invented IPv6 but it's actually never going to be used?
Kurtis: The question is why didn't they make it backwards compatible?
Someone far more I guess, I mean the compatibility probably made things-
There's definite performance concerns on something like that because now you're having to like look inside a packet
really deeply to figure out what's what and what's going in and like there's logic
going on and you don't want to have happen inside of a core swhitch so I can see why they would do that
but maybe it was the wrong decision.
We'd have to go into the IETF like records everything. So we can go find the IPv6 arguments in 1998.
I bet they were spirited, on both sides, but that's what they decided.
So as I continue to try to figure out how to get this ___slide to
Yes, sort of, this is like the tunnels that are a finance or to.  They're just-
we're kind of at a hop because like I remember when I was at Facebook like they were just doing like an IPv6 on everything and
but still like you know, if your machine, if any intermediate machine isn't implementing that dual stack your back where you we're before.
I don't think I want a new slide.
Audience: And tunneling also makes it like less efficient, right? Tunneling because  you have to decode one more thing?
Kurtis: Yeah-  Okay, so I don't think we're gonna make it all the way through this cuz you're already through an hour so behind, that's alright.
I have more material I can cut and transport.
But okay, we're at this like milestone in the network
which is like I have a packet and I can send it anywhere on earth.
I give it an address it like goes across the planet, right? And so now we're the transport layer
the next job is to like make that usable.
And the Internet only provides best-effort routing.
We talked a little bit about ICMP, but like that ___ can just drop your packet and you'll never know why.
And they can configure that way or the router blew up and your packet just died.
And so we need to build some mechanisms on top to make this usable for people. Yeah.
Audience: Different then HTTP which was talked about in, different than IP which is actually the application layer?
Kurtis: Technically, yes, I mean, but it's the IP routing framework.
So the question one here was DCP is technically is application layer, which means it uses application layer stuff.
So it builds on top of the transport layer protocols, right? But what if it's configuring network level state that being routes.
It's ugly and probably incorrect by the hierarchical nature of networks, but it works.
Audience: It is used for computerization, right?
Kurtis: It's used for sharing routes and building routing tables for gateway routers to build the Internet.
But is uses UDP.
Right, so this is like it was like, you wouldn't just build it as a new protocol at the IP layer, you could
but like why? So they just used one of these protocols.
Audience: They used UDP which means that they kind of skip the transport layer, right?
Kurtis: We'll talk about that, I don't care if they used  UDP or HTTP. I could see it going either way.
But the point is that they built upon the transport layer rather than anything else because they're just two nodes talking to each other
that are connected. We don't want to reinvent the wheel.
But I think there is an important conceptual bit here. Like machine A, machine B, the Internet between we're finally in that world.
We're not at that link layer world with machine A machine B connected by direct wires.
But now we can assume machine A machine B are somewhere on earth and they're able to talk to each other.
And the goal of transport layer is to provide this end-to-end connectivity, right?
So now we're in this world where intermediate routers don't look at our packets. We just talked about how they do look at our packets,
but not supposed to look at our packets.
And so we do this communication between one server and another server across the Internet.
And now terminology wise, you can be messing this up all the time. Frames at the link layer, packets at the IP layer
and they're called segments, at the transport layer.
And it's just terminology. It's like the datagram and transport layer is known as a segment.
I'm going to call it a packet over, over because
that's where my holes in my brain are,  but that's sort of the technical term.
Segments are carried within packets, within frames. Take your segment. Wrap it in a packet, in the Internet.
Then wrap it in ta frame and send it on link layer.
So there's a couple transport layers services. One we're going to talk about or UDP and TCP they are just the classics.
The different properties that they give you. And then there's been a rush of innovation in this layer in the last five years.
Google has largely come in instead of implementing new versions of these things because
they've noticed limitation.
But TCP is this full feature really neat protocol.
It provides connections like it tries to build basically a logical piped between two nodes.
Bytes are delivered just once, they're delivered in order.
You can send arbitrarily large amounts of data like you could send like a gigabyte over a TCP connection.
You're gonna do some flow control
which is trying to figure out how big the pipe should be.
And you're going to do some congestion control which will change the data flow rate based on
changes in in the pipe size and the type changing dynamically. And UDP is literally the opposite of all of this
it's basically a Paxton protocol. UDP is we're just gonna pretend like we're an IP packet. We're gonna wrap very little data and so
so we're not just sending datagrams. The messages can be reordered, lost, whatever.
We have a datagram size that's specified and we don't actually care if the receiver is ready.
We don't do any setup a connection we just like shoot packet.
Audience: So what's good about it?
Kurtis: I think that's my next question. (laughter) I think we we'll talk socket but we will get there.
So the Socket API is the thing you use to write to the transport layer.
Sometimes known as Socks. I had a project that was above the socket layer known as Pants. (laughter)
The person who came up with that acronym is a professor at Stanford now, they're very brilliant, but it was he's really good at acronyms.
And so this is really the transport API. It was developed at Berkeley in 1983.
Berkeley sockets is one of these was known for. It supports both streams, datagrams.
Remember, this was like Vint Cerf it was TCP, IP.
They developed all these things together, and implemented them all together, and there were multiple implementations in HP UNIX and
USB and all these sort of things and they sort of fought it out for whoever had the best implementaton.
Sockets, let apps attach to the local network had these ports.
We talked a lot about ports in terms of NAT port is the
transport layer identifier or a service. So a service attaches to the network. It gives a port
and that's what you used to communicate the other services the network with their own ports.
So two different services running on the same machine the two different ports with the same IP address.
This is the actual socket API, it's a horrible API in retrospect. It's literally just the TCP and UDP.
API is like stapled together things, like listen, buying and accept don't work in UDP because you're never like
accepting a connection. You don't have connections. All you do is receive and send in the UDP world.
So they just like staple these two things together. It's actually quite, quite terrible. I think they could have done a lot better.
Please stop the socket bit and close.
So if people have done networking programming, that's usually project one. I usually cut it because I felt it was too simple.
But that's what I will use with that.
So again, in process is a tuple of the IP address the transport protocol and the port
so it's like, HTTPS is a machine.
It's going to use TCP and it's going to be in port 4 4 3. If you can fine that particular service.
You're going to bind to these well-known ports. Well-known ports are sub 1000.
Those are the operating system controlled ones. If you ever start your own service, it's gonna be something outside of that address space. And there's ephemeral ports chosen by the operating system.
And here are some well-known ports. There is just like a mapping somewhere in space and tells you these things.
So, FTP is supposed to be for 21, 22 or sorry 20, 21.
SMTP which is a short message,
leave a message transfer protocol to email. For 25 these are just set. Port 80 is HTTP-
And they're just like it's just operating system find, read all things, you know the things the good idea, yeah.
Audience: Just based on the port. No what service your running?
Kurtis: Ostensibly yes, although there's nothing
forcing you to be that right? You could run an FTP server on 80. It's just that every web browser would be confused.
So the idea is that your web browser when it comes up and wants to talk to Google will go to google.com for 80. Right.
It's just like I standard and you could break this but why would you break this?
Okay, so that's a little bit about socket API.
So going back to the question that was asked,
UDP. UDP exists as this passive protocol. Why would you want to passive protocol? Why would you not want the liability?
Why would you not care about any of those things?
Audience: Fast.
Kurtis: Fast is one answer.
Audience: You don't care about liability.
Kurtis: Don't care about reliability it may be a little worse than that. One of those, like things where reliability is, is like just doesn't exist?
And so the classic version of this is stuff like voice-over-IP.
Voice-over-IP, like a message
like voice-over-IP is how to do a call over the Internet. Turned out to be a brutally difficult problem.
But you can imagine like you get a message from six seconds ago.
You literally don't care, like that message is is just numeracy.
You can't play that audio from 10 seconds ago. And if that message is late, you just don't care.
It's like worse than not having arrived, for it to arrive late. And so there's a span of things like that.
There's also stuff like DHCP which uses UDP? Why would that be the case?
Audience: You don't know if there's a separate connection.
Kurtis: No.
Audience: She will retry.
Kurtis: Yeah, there's not much to you'll retry anyway, right?
Audience: Return address.
Kurtis: Return address. All these these are like, correct but not really the answer.
DHCP is inherently on your link local network, so it's not gonna fail.
Or it will fail very rarely.
So in which case let's not take all that overhead of connection setup, to send a message to get it back.
It's local, you know, it's within the local network because if it's not
then it's not going to give you an IP address. So it's just like this, like little engineering things or people decide this stuff. Yeah
Audience: Why does RPC use datagram and TCP?
Kurtis: So some of these like RPC I think implement their own stuff on top of UDP, so if you go to like BBR the new Google protocol and
they use UDP because they implement all of the transfer layer functionality from TCP on their own.
Audience: Yeah exactly, I remember in class basically the instructor said that it's not enough because you can skip  (INAUDIBLE)
Kurtis: Yeah, there's like if you have really tight timing constraints like TCP is this like grab-bag of one solution that we use
it's largely optimized for web traffic, right?
And so, you do weird things RPC a remote procedure, recall for people who haven't taken operating systems.
Then you're going to want something different. You might still want it to arrive in order.
You might still want it to, you know, tell you these things.
But you don't want exactly a TCP semantics. So what you do is you implement your own version on top of UDP.
As a pass-through protocol you can do that. You can implement application layer congestion control.
Audience: So why don't these applications that just listen to the IP packet?
Kurtis: Because I mean you need it, like the whole thing that UDP is doing is providing ports, at this level, right?
It's basically a passive protocol accept for ports. Like that's the identifier for this layer.
So here's an example of just a datagram socket and so you like set up a socket,
you send it to someone, you receive from them the need to close.
This one binds to a socket sets a receipt from which is like a blocking call
and then eventually you'll do your own sendto and close, right? So it's pretty this is like the simplest bare-bones thing you do.
And inside the operating system you're going to buffer individual applications messages as they pull them out of the queue.
So they've got a queue message from them, it goes in the queue they base to receive from, that's that previous call.
Gotta go back, why doesn't it go back?
Office 365 you can see me trying to fix the stupid thing-  Need an office person.
No, I could only go back to there? (Trying to fix slides to go backwards)
So yeah, oh and I should fix that stupid arrows-
We're gonna start all those things if your
application doesn't pull a packet out of the queue. Queue can fill up you can start dropping packets and no one will ever know, right?
UDP packet we're not checking it, we're not counting sequence numbers, nothing any of that stuff, unless your doing it do at the application layer.
It's about the simplest protocol in the world
except the datagram link has to be set. And they just sort of decided on this and then you checksum and go from there.
You can even set the value of zero for the checksum to be no checksum.
So really you can bare-bones UDP and that's the whole point of it. It's just a (INAUDIBLE)
Questions on UDP?
Good because it's pretty simple.
So TCP, is this like other monster.
And like, we're gonna do basically the
basic version of TCP that like, Vint Cerf came up with and then it exploded.
And then we're gonna do the version that Jacobson came up with which saw a lot of explosions.
And then we'll talk about the modern version which again are the most recent things.
The paper reading for next week is about congestion collapse and it's a Van Jacobson paper that they use to (INAUDIBLE)output.
I don't think we'll get far enough. So hopefully it won't be too confusing.
So TCP consists of connection establishment and then this like flow control element and then the
connection teardown works. If you consider the abstraction being provided by TCP is like you just shove data into it and data pops out
the other end in order like,
so you don't you send a file and the file pops out in order on the other side and like magic has happened underneath that.
We talked a little bit about the establishment in release. It's actually only
slightly relevant except for the case that three-way handshake is one of those magic words,
that if you take a network you should know, but the TCP three-way handshake. It's just a ____ handshake but like
literally, I've got my interview questions at y'all's companies about the idea of the three way handshake so I want to talk about it. (laughter)
The idea of the handshake is basically that with TCP there's state to setup on both the sender and receiver of the communication.
So it's not UDP. You're not just blasting a message into space. What you're doing is like you're setting up some state for this
idea of a pipe between the two of them.
And so some of these are a set of parameters at the maximum segment size like how big an individual message could be.
But essentially this is the signaling track.
So you want to setting up a tunnel between these two nodes with some properties through it.
In TCP you do this magic three-way handshake
which you provide sequence numbers to start. And this gives you the order and property you want to have about the messages that they go.
So the client sends a SYN.
And so there's like you've got Internet now you can get SYN ACK jokes because they're all over the place.
But so that you send the SYN to the server with a sequence number attached,
they respond ACKing that sequence number, X plus 1. And sending their own sequence number
so you're building 2 pipes basically. Each with a sequence number, which says, where does the data start?
They respond with a SYN ACK and now you've got the pipe built.
Each one of them has a start to this flow data.
This is it. But again like xkcd comics you can now get that you couldn't get before.
So this solve some things. So I'm suppose for instance that
we like that a full TCP connection, but through the magic of terrible IP networking we get duplicates of the SYN and the SYN ACK.
What happens?
Audience: You know one?
Kurtis: What do we know and why.  What's that?
Audience: There one of the old ones?
Kurtis: Well that they're both old ones.
Audience: What do you do with the old one? Because you can always see this number?
Kurtis: So, but I think just because we've seen the sequence number doesn't mean that they're not sending the same sequence number, right?
Like the sequence number is just in some number space. They could be using the same number if they're just idiots, it's possible.
So no, we can't, we can't just ignore this one. That's a valid SYN coming in with a valid sequence number.
But we can't ignore this, we know that we don't have the state for that.
We didn't send a Z here. We never sent Z. So we're like, that's not right, right?
Instead what you're able to do is, we're gonna respond to that SYN, that late one with a SYN-
Sorry yeah, and then they're gonna reject the response, right? Because we didn't send X
and then we're gonna reject this one. So it works but things like a little bit of weirdest to that.
There's one glaring problem here. Now let's see if anyone can come up with it.
I wish I could go back. Why can't I go back?
I'll give you a hint. It's about DDoSing, distributed denial-of-service.
Audience: (INAUDIBLE)
Kurtis: Right. All you need to do is send a SYN and they put some state in memory, right?
So this is the classic DDoS attack. Is you just send a bunch of SYN's at someone, like you don't respond to anything after that.
And so they build up a big table of numbers for valid responses
until they run out of memory and they're off the network.
This is the classic DDoS. This is what you do. There's actually a bunch of solutions to this. Largely there's a neat like
bitmap thing that you can do to so that you
limit the amount of possible memory required for sort of an infinite number of connections.
Think they're called SYN cookies.
Okay, and then Connection Release is basically the orderly released by both parties when done.
You send a message saying hey, I'm done. And then you're gonna clean up the state on both sides.
I think there's critical pieces to recognize  with TCP you have state on both ends of this network.
So they have to set up that state and they have to tear down that state. (INAUDIBLE)
And the key problem with this is providing reliability we use a symmetric closed for both sides of it to close.
So it looks like this, we now send FIN's, if I send a FIN saying hey, I'm done. This is super fun,
this is the last bit in this flow, right? It's just like one big set of bytes that we're sending in order.
This is the last one. We ACK that and we send our own.
So we just like, this is just a ACK and we send our own FIN back saying, why is the last one we are NAT and then we are good to go.
Each one closes direction in one way. Is there a similar DDoS attack here?
(INAUDIBLE)
It's not exactly DDoS. This is mostly just a bad implementation thing we if you-
So the question is like what if this message never gets there?
Like if this message drops. What happens?
Audience: Keep the state.
Kurtis: You're gonna keep this state, right? Like so we're waiting for this message and it's just never gonna come
but you've got to keep the state because you don't know if they're gonna like retransmit.
What if they didn't get your message?
Audience: You can have a time out.
Kurtis: Exactly so you have a timeout. There's just a 30 second timeout here and it's a super ugly hack.
They're just like after 30 seconds is that I guess we give up.
But it's one of those things and when you're implementing network services
you're just stuck in this weird 30 second thing, when you're like what the hell's going on, it's that.
But mostly works. TCP setup mostly works. So that's it. Let me now, we can make our SYN ACK jokes, it's great.
Cruise through a little bit more.
We recall, this is flow control. Flow control is a problem of figuring out how big,
how many messages we should send. So basically if you remember ARQ which is the automatic repeat request
used in the Fi and the link layer to be able to resend messages.
And what it is is whenever I send you a frame you respond with an ACK says, I got that frame.
And when you're on this limited physical network, you can tune that very tightly so that you're not wasting a lot of bandwidth.
But the problem with this model is that it allows only a single message to go out at a time.
And this is fine for something like a local area network cuz again,
we've made it so that only one frame fits in the network at a time anyway.
But not efficient for when the bandwidth delay product of the network is much, much, more than one packet.
And we're talking about internet scale links then with delay product of that is actually quite large, right because the delay is quite  large.
So here's some examples of this. So let's say we're doing a single packet at a time and we've got this network.
It's a one bag of bit per second rate.
50 second delay or seven second delay and ten kilobyte packets. They're not trying to be 100 milliseconds.
Let's say that you want, you can only have one packet in flight at a time. How many packets can you send per second?
I'll walk us through it. So we don't have to do math as a group. So 100 milliseconds is the round-trip time.
That's how long it takes you to send a packet and receive the ACK, right?
So that means we can send 10 packets a second.
And so, if you're in a hundred kilobyte packet, that's actually going to give you just 100, sorry-
so 100 milliseconds gives you 10 packets per second, right?
That get you up to one second. Does that mean you can send one hundred kilobytes per second.
We stop-and-wait, even though you haven't one megabit per second connection.
That's stop-and-wait is limiting you and if it was up to ten megabits per second, you know doesn't change at all.
So even if you increase the data rate
you're gonna get the same performance because you're just tightly limited by the round-trip time on sending a message and receiving the action.
So the idea of sliding window, which is these like beautiful thing. Again, this is like Cert times is to generalize this to allow
some other amount of packets to be played at a time. We call it W, that's the window size.
What we want to do is actually send W packets
per RTT to keep the window full.
And so, we send a whole bunch of packets.
We  start receiving ACK and every time you get an ACK we send another packet.
And so, we're just sliding the window on.
And so, now the W needs to be twice the bandwidth delay product because the bandwidth delay is how many packets that you can send in one direction
and then the other side is the other directions. They have two times bandwidth delay
in terms of total, it's available to put in flight and that's going to be your optimal window size.
So if we do this, what would be the window size for that last example?
This isn't too bad since we had-  it was
100 kilobits per second on the one megabit per second link. That means we could put 10 times more than that, right?
So the window size should be 10 in the top case and 100 in the bottom case.
A little bit of math for people who want to look  at slides and find them.
So now there's other protocols for this as much different implementations that deal with ACK's basically in a bunch of different ways.
We're gonna talk about go-back-n which is the simplest version.
Again, we're just kind of conceptualizing through this idea of sliding window as a solution to this particular problem and then selective-repeat
selective-repeat which is one of the performance optimizations.
And when we get into TCP and TCP cubic and BBR and all these things they're just a longer long tail of optimizations.
So in this, what we have is again, an infinite stream of data, right? Like we are TCP, like everything is in order and it's just this like pipe.
They're like you hand me data. I put it in the pipe. It gets move along the pipe.
And so here's our pipe and here we have all the packets that have been ACK, like we've received ACK's for those.
And here are the packets we've sent out that we haven't received ACK's for. So this is the sender side, okay.
So the user or the application has given us this big
list of data and we're sort of moving the window along that. Everything here we've sent and it's been Acked.
This stuff we've sent and it hasn't been Acked and this one is just an open spot in the window.
And so, now we have this which is-
sorry how to get rid of that.
Last ACK received is one of the variables here.
Last frame sent is this one here. And if those are less than the window size you're going to send the next one.
So we do that. We send the next frame
or a segment in this case. And now the window is full and so we don't send anything else until-
what the heck is that?
So those are suppose to be arrows I assume or something.  So we received the ACK from the other side.
So they've acknowledged our packet. We slide the window over and
now there's a new available slot and so we send that one. That sliding window, we're just going to keep that.
There's two variables and we have whatever the window size is we've set we move
sort of slide the window along  that data.  Does that make sense?
And this allows us to have, in this case five packets in flight at a time. Improving are bandwidth.
So Go-Back-N is the simplest version of this in which the receiver only keeps a single packet buffer for the next segment.
Keeps similarly just a single number for the
last ACK received. So they're just going to keep one state variable which is like what's the last ACK that I've received and
otherwise if you receive a packet or an ACK out of order ignore it.
So, lets see if they have an example, but they don't.
The question is here, like what if I receive an ACK for this packet?
What do you do?
Right, and then go back and you ignore it if it's not the right ACK
just ignore it. It's just like it's simplest version of this. So then we wait until eventually
they send this one.
Send an ACK for this one and what we do on our side is
if we don't receive an ACK back for this packet in a certain amount of time, we resend the packet, right?
And so, basically even if you receive all these ACK's you're gonna wait, wait, wait, and then resend this one and resend all of them actually.
So we Go-Back-N which this is N we're going back to the start of sliding window.
Audience: So your retransmitting all the subsequent messages?
Kurtis: Yeah, even though we got ACK's for them, we ignore them those ACK's because they arrived out of order.
It's again, just a conceptualization. This is obviously inefficient.
Audience: So it is kind of like flushing a instruction pipe line for them.
Kurtis: Yeah. Very similar to that.
Question, I guess I'm more of a statement but it's similar doing flushing an introduction pipeline.
Audience: Yeah.
Kurtis: So Selective Repeat is a slight modification of this system where-
what we do is the ACK's- (difficulty with powerpoint) wants me to go to the sender side of this, I think, sorry.
There we go, okay-   So now what we do is we receive this ACK out of order and what we as a receiver
we hold on to that and remove it from our queue. We know that, that, that one has been received, but at that moment
what we can do is recognize that this packet has arrived
or has been lost or is likely have been lost. So upon receiving this ACK
send last ACK responded to again.
Right, so we get this ACK, we're like ___this one probably didn't make it. So send one of the earlier ones.
So instead of sending this one
or sorry to say moving the window up. What we do is we send them earlier ones on that list.
This is again, just a small optimization on the sliding window to improve performance. Yeah.
Audience: The only reason we are doing sliding window is because (INAUDIBLE)
Kurtis: Yes
Audience: Because so fundamentally, we're still sending the same (INAUDIBLE) as there as in the link, local area of the network and the reason man do this because they are so short?
Kurtis: Yeah.
Audience: (INAUDIBLE)
Kurtis: So the question was just saying that the
reason, we're doing all this sliding window nonsense is because
we're suddenly able to put a bunch of data in the pipe at a time because we're now operating at planet scales
and no longer operating within the local network. We could do this at the local network, but it's wasteful.
There's just not that much bandwidth.
There's not that much bandwidth delay product available
and instead what we do is make one frame exactly one bandwidth delay product basically.
So that the fact that we can't
send multiple packets at the longer a problem. Okay doing a bad job of explaining this but that's ok.
Now once we receive the ACK for the correct packet
we're able to move the window all the way up. Because we received this ACK layer earlier than cause that retransmission
well, we move the whole window on go from there. Now this does require a little bit more state, right?
Now we have to have timeouts per packet in flight and
some amount of state to be able to say when those individual packets have been Acked correctly.
Because access state gives us this better performance for the network. So things like Selective Repeat argued thinking (INAUDIBLE).
So Go-Back-N uses it that single timer for the entire thing if you haven't received it.
It's basically just using time around the last one that you're waiting for the ACK for.
Select Repeat put the timer on every single one
and if you ever receive a message on border you're able to do something slightly smarter to improve performance at this cost of state.
What it looks like is this.
So this is basically the delay, right? So I set this this packet here. I received the ACK for it here.
And so, this is the of a delay in the network.
And so if there is a yeah sorry, these are ACK and these are transmissions and these are ACK's. So in the Go-Back-N scenario, we have this for example a loss.
So I sent an ACK here. sorry, I sent a  check now
transmission here and I don't receive the ACK that I'm supposed to receive.
But I have this window size and so I'm gonna keep sending messages,
control of the window.
So the all the other messages until eventually I realized there's a timer, there's a timeout right? I've waited too long
and so then I retransmit that message.
And I retransmit, from there I start receiving ACK's and we're able to go.
And this is the simplest version this is why we talk about, Go-Back-N.
It's not used because it's too simple, but it gives you some remodel of what's going on in terms of retransmission.
So this is one part, right this is like the network type
like how do we filled the network pipe correctly and get things to arrive in order?
But there's another problem which is what if the receiver is overloaded?
So consider something with a certain size buffer and so now we're back into this world, right?
And so we've finished all these and now you're waiting for these messages and this is the receiver side.
So these are like things the receiver would send if they got anything out here they would drop it.
So this is the window receiver of their full.
So assume that they received the next two segments from the sender
with ACK nodes. But the application doesn't pull those segments up.
Right, but we so we can't slide the window because we still need to hold these in memory.
And so, we're just kind of stuck we ACK them, but we can't move the window.
Until eventually we get all of them and now we're just done, right? Like we can't let go of any of these messages.
And so we're we're sort of stuck and unable to slide.
The application eventually takes some segments and moves it over and now we can start receiving messages again.
So there's a small chain. This is now into flow control.
There's a small change in the protocol to avoid loss that you're saying by also telling a user or the sender about the amount
of space you have on the receiver.
And so then the receiver is going to take the minimum of the window size and the
size of the buffer as they're their appropriate window into the network.
So it's no longer just can we shove it into the pipe but also can we shove it into the user, the client.
So it's the flow control window what it's called. Is the effective window size in this particular case depending on the memory available-
This is a TCP style example and TCP actually does a next thing on per byte basis.
So it does look like this. So you can see the application of two- so this is up here.
We're doing a seq/ACK that goes from normal sliding window stuff.
I assume a 4KB buffer at the receiver, which is like horribly small but possible.
So we said 2 kilobytes over it gets put into memory and now we sent back this thing
which is like we've ACK up to 2048.
That's as far as we've received in the byte stream and then we set this window saying we can handle 2048 left.
And the application does another one it sends this 2048 over and now we ACK all of those bytes, right?
And these are in sequential order because it's a byte stream and so we ACK 20 96 but a window size of 0.
So now we're telling the other side we've received 40 96, but we cannot receive any more messages right now.
Until the application reads some of it and then we send in another ACK.
Even though they haven't sent us any new messages saying hey, we now have 20 48 available and they send the next step.
This again a smaller extension to the model to enable this, to solve this particular problem.
Audience: Isn't there a delay, right to respond?
Yeah, so this is it like it's inefficient to do it this way you really want everything to work together.
I mean in general and I think the most modern networks there's a lot of memory on the client side. So usually that window
isn't the limiter but it's part of the protocol for cases where it is.
So ok, a key element of this is figuring out exactly what the timeout should be in one of these.
Yea so, in sliding-window we detect a loss through a timeout right? Like that's what happens.
It's like we send a message and we didn't receive an ACK.
And we need to figure out when is the appropriate time to resend that message
based on this timeout thing.  Now we set the timer when we send the segment.
We cancel when ACK is received if timer fires, we transmit, right?
The problem is that we have to set the timeout very accurately. So if you wait too long
you're just gonna be like waiting too long, right? You're gonna be wasting our capacity because that message needs to be recent.
But if you set it too early, you're gonna resend messages extraneously and you're gonna send a message, more times gonna confuse the-
actually confuse the receiver, but it's gonna waste everyone's bandwidth.
Now again in the link layer, this isn't a problem because we have all these
set elements of what the link layer and the physical layer can handle but now we're moving across the Internet and these timeouts can change, right?
Like if you talked about the BGP routes can just shift like literally the time to talk to Google
can change inside of the TCP connection.
And so we need to be able to tune that as we go.
And so here's an example of a set of our RTT's.  Oh, what happened to the symbols?
(laughter) That's Barcelona. Let's assume it's Seattle to Barcelona.
All right, and so there's a bunch of variation this is queuing intermediate routers.
This is all these kind of, like I said, changes the network path.
And then there's the actual propagation delay.
Which is like how long things take to get there in space. And so, all of this variation happens
to our timeouts, to our, not our timeouts our RTT's are expected distance to the other side.
And so, if you set the timeout up here, you're way too high. You're gonna waste a bunch of you set it down here
you're gonna have all these extraneous retransmissions.
And so, what they do is they have a thing called Adaptive Timeout. This is gonna be a smooth the estimate.
I took, it's in my notes that unfortunately  I don't get to read.
What this is, it's just an exponential moving average, if I remember correctly.
And what it is is a very simple early machine learning algorithm that basically waits the most recent RTT,
more than the ones in the past.
And so what this is doing is basically a changing they expect the timeout based on the tack of the RTT
it's been seeing based on when you send the message you to get the ACK. So here is the
set SRTT. So you see point nine time the most recent SRTT
so that one counts for 90 percent of our estimate of what the RTT should be but we also-
I'm sorry. This is the prior one. The next one is point one.
So 10 percent is the most recent RTT and point 9 is all the SRTT we've seen in the past.
But because of the 0.9 what happens is every RTT gives
multiplied by 0.9 for every single iteration.
So basically, in the past they give less and less and less important. And most recent RTT remains the most important
and then there's a variance estimator in the exact same place.
So the way this looks like is this.  Here's our SRTT
which is our estimate of the current RTT and the variance on top of that and so you can see there's a couple early
timeouts, but it does a pretty good job of mapping
to the RTT's in the network and this is how we sent our timeouts and then were able to
roughly estimate how long it takes for things to get across the planet.
Yeah, turns out to be pretty important and now we're going to talk about like what's in the Vint Cerf, okay.
Cool okay, so that was transport circa, 1980.
And the ability to send messages across the network and it was like efficient way you set a window size and you communicate.
And this is how we were sending our papers to each other for our pdp-10's that we modeled out earlier.
Cool, let's take ten minutes and that will be 8:25 and we'll get into the papers.
Yeah
Terms
Are you just talk about
Yeah
Well home I feel like the the appropriate neighbor was hopefully well scope do these
Sdn bgp, we talk about things
Are you guys good
Yeah, it was like walk to the wall
So David is a currently a senior research scientist at MIT
and like he's research focus is on the redefinition of in our architecture and
especially was the relation of Technology in the architecture to
economic societal and political considerations
So like there's a one famous call from him saying that we reject
Kings presidents and
And we believe in Rob consensus and running code
so that is
We don't that a single individual make the decisions nor do we that the majority?
Authority of dictate the decision-making process and instead we prefer
Letting the all parties from the network having a bridging a rough consensus of state
So I think this code is kind of like resonates with the internal paper
we're like all parties from the network is trying to
we're proposing principles for the network system to find a balance point for all the parties involved and
The second author is one
Robot McCloskey, and he's a research affiliate at the ECL. Yeah as well and
Currently, he's the director of us, please
information Science Institute
computer network division and his research news
covers internet protocols and architecture
sensor net system security and space systems networking and we have Karen Solon the
principal research scientist also a bc AO and
Her like research focus focuses on mech support for network systems and vacations
and then we top that group work Brendon and he joined in our research group at suggest information Science Institute in
1986 and
like focus on
Because um end-to-end network on post
especially in transport and in turn network layers, and he also developed the
gcpd transactions
TCP which is a parent of TCP and is developed for the purpose to trying to fill the gap between
TCP and UDP
But it hasn't been like widespread
So
This plate there was this good old days of the Internet where?
All parties all day even that's shared the same vision and purpose. You just want to connect everyone together
So that we can be more new applications
However, the Internet today has changed quite a lot and it becomes the case there. There are more and more
important powerful players within the internet
That actually have interests that are so different or maybe that way a talk with each other
For example, there will be music lovers. They want to share three music recordings, but the rightful jurors want to make sure that
They get paid and then users my citizens, my long private communications. That's the government one
Over the network, and now first America, I ask you something with each other. So who is robbing?
Or boom it's not so clear and about the cases as well
So basically the paper talks about the thing that
When internet was first introduced it was merely an engineering outcome
And this bill should be predictably robust build and manage complexity. However as the Internet becomes
one more mainstream tool within the society this now being
Defined by ongoing hustles and which makes the internet no longer is live at home now
and also in the future for example
in order to ensure the surveillance government starting to do firewalls and
this has meat to users in terms of your tunnels so that they can continuously the content the government don't want them to see and
As keys might give single eye and sinkhole IP address to certain users to prevent them
That's them to pay more if they want to actually have that work
Of computers, but users in turn use address translation to hide their behaviors
Some parts want to do one thing. So they use new strategy to make the internet or have
More advantage on their site and the other project is known as a condom a tremendous push that back
So the paper that introduced the current internet landscape what other players who didn't do that, of course
There are users which just want to access the network and connect each other
There are commercial is P step providing a service to our money
There are power sector endeavor providers that just a portion of the network for gambling business
Then there are governments that want to do surveillance won't be enforced Wallace want to protect the customers
And then their intellectual property of our voters who want to protect their properties and get paid
For their products and then there also provider of content a higher level services
General
So the thesis of this paper is basically that
today's Internet has been
Quite heavily influenced by uncle castles and it will be increasingly
Be defined by those hustles among among
Arise among the various parties with divergent interest
And that the technical architecture of the internet actually has to change and evolve
based on this observation
So therefore paper has
some divine principles to serve as a guideline for assessing diviners to deal with the puzzle for the future and
The highest-level principle of paper mentions is to design for variation in outcomes
And this the paper claims that we should not design for to dictate the autumn but the outcomes
because the original
designs will not survive the
constant evolving hustle spaces in a rather
We need to prefer the flexibility in designs so that we can flux and address
And then emissions more specific principles
basically immortalised design among hustle boundaries and also if you find four of twice
So that's heading to more to tell us about the specific principles
more polarity should be very familiar to systems designers as to bricks on the
Complex parts and make the systems into modular parts and the paper then brings up the
new principle of tussle isolation which
Mentions that we need two separate functions within the cosmos space with functions outside of the path of space
logically so that we could prevent distortions of the
applications of systems and one of the example of a failure to
have good distinctions between a subspaces is the ENS so we know that Ian a
missus namespaces or trademarks and also commercial names so
Designers will go to only think about the
Fights over tussle space and the implicit the lesson that we should learn from it is that we need to have separate
separate strategies when designing the like tahno space for
factory Mars and
the
mailbox services and also the naming of the machines
And another example is the IP quality of service
So the quality quality of service basically just serves to provide different priorities to different applications
users or data and this is like it utilized the separation of tussle space which
Separates the place of like what applications is a user can run and also like what?
Services can be like what service qualities can be provided?
So those are two separated puzzle spaces and as for the second
specific principle that we find for choice
It states that protocols must permit all partners to express their preference their choices. And for example
Yammer mail systems the user has the ability to select the STM
SMTP the
outgoing server and also the pop3
incoming servers
So this kind of competitive environment really helped inspire
Innovation and enhancement for the mail system service that we got and of course
There's pros and cons
So the drawback can be that this increase the complexity
complexity for configuring and using the services
so that was why now third parties are emerging as to provide a service for
Rating of the server the services and for some naive that never use like me
there's like
Pre-configured
systems for nine user to use
and
there's some like in
implement implications for future design that we can learn from
Discussing the principles. The first one is that the inter open interfaces should be well designed
so
we know that open interfaces are critical in provoking the
evolution internet because it allows for
competition between different service providers and it also allows for
choice not just allowing you to have a replacement of the modular parts, so
This implies a requirement that in order for the user to select between alternative providers
The open interfaces themselves should be well defined
for the for the future services to be constructed upon and
Another implication is that Fussell's open happen across interfaces? So the paper
proposes some properties to follow for this specific class of Tasos that's happening at the point of the
Boundaries and
also the
visibility of the consequences of twice matters sometimes like force on certain services we can all control like
Whether we need to have had
Twice from the users or to just present
The internal choices to the users. So thinking about with visibility is another
implication that way to think about and we also
Mentioned that the paper also mentions that puzzles have different flavors
So there are some types of between two parties that are absolutely adverse to each other
so there it's very hard to reconcile between the parties and
like mostly in many of the cases
The parties just have different interests and they are just trying to fight to maximise their own profits. So in this scenario
the paper like in case the proposing the
Exchange of value of service. So which means that using the value flow?
Like the value here can be money or like anything that's mutually like
any like mutually beneficial incentive so that
when different party can
communicate between themselves and trying maximize the interest
And another thing to know if that house will evolve over time so we need to think about
handling class of space as a multi-role process
that is there's no final answer for the defining that hustle space and
The designers might need to redesign the mechanisms in order to adapt to ongoing tasso
situation and
It's very hard to find value-neutral design
There are many aspects to think about like whether we have open interface, or do we need to contract them?
And what are the design choices and lastly? The designers shouldn't assume that
They are designing for the answer instead. They are just designing a preview not the actual bomb or
Comic then give us three major area of
actual people example of puzzles, which is
economics trust and openness
The first one is economics basically the paper presenters question that how we engineers can actually shape the
Oh and this is where I think it gets a little bit
bigger give like a
Classic is a saying just that drivers of investment of fear and greed
Greed is easy to understand people just want more money and fear is where it gets interesting
So the paper says that the vector of fear is competition which results from the customer having choices
Customers can choose other party other providers that providers will be feared that they might miss customer customers profit
so they started more to do more impressment and
The principle that one should design choice into mechanism is the building block or competition
so people believe that if the designer self in network
delivery input choice into the network mechanics that will
allow multiple providers to use the network so that give the that would give the customer the
choice
like the right to choose different providers fuss force the
providers to put more investment
That's exactly awake our engineers by adopting different design positions can actually shape the pom-pom
And
everything for specific example
First one is that provider?
Sorenson actually the one I kind of
confused about which is that assessment provider attempts to locking users from
IP addresses so that is says that the host
Finds it hard to change the IP address which kind of give provided opportunity to La Quinta users
so the paper
Proposed that the host should be taught
They should be able to change adjust easily and use smart phone analysis
If they can that give those holes these capacities that this would not be an issue
This people was retained in 2002. I'm not sure how it is
Isn't that beautiful?
So I'm so confused about what the host meteor this. That means like the host is a server in this case, right?
This is like if Google has their IP address
like there's a little bit of lock in for Google moving to another provider because that IP address is owned by the is
not owned by Google
That's almost like you're after you for the industrial servers. Yeah, but it's gonna be really like, oh, you know
Most things are our big iron
I mean, you know if you care about your IP address
You're borrowing it from Comcast like, you know, you paid Comcast, but and that's your your the thing on the networks
Have you ever want you can't take that IP address with you?
like you can't there's no number portability for we have domain name service our
Comput dns is like one answer to this and that's what one thing that they talk about about is being a spot to
So change that dynamic things you can choices you can make technologically to change that element on the tussin
Because otherwise you'd be tussling over when IP address you have
Babel pricing which says that
Providers may attempt to put consumers into different classes based on how much they're willing to pay the prices
so one example will be that I
Species will charge more for those who ever practice that on the network
in their own house and then
the convent Ramon is that people start to design tunnels that allow
Users to hide behaviors and this is where I think the people favor get a little bit of philosophical
So it's saying that there's no such thing as value neutral design
so when the design and implementation of the tunnel exists
the designers automatically assume that the users are the little part here and then
The providers are the big party
and
most design and implementation come out and that position kind of shift because now that the user can just
Use this feature at the height of mountain provider
So I think here people are just trying to emphasize that whenever a decision is a design position is made
Your Apollo is actually bias
There's no absolute neutral
And an example the other example are residential broadband access
basically, the paper says that in order to make sure that residents have
Freedom of choice of multiple providers
We should try to find a neutral party to actually deploy the fiber. For example, we can ask
Do the appointment?
Is that the case today?
The fiber I think that I mean so was it like municipal fiber is one of those things that gets them arguing about a lot
Mostly in sense that like it if I remember correctly. There's
Statewide legislation maybe in Washington then forbids it
Yeah
right
And so it's like one of those spots where I'm like there's a lot of legal
Arguments going on but you know towards their point what they're you know
Are you that they're making is that that's particularly good for?
pushing the arguments to the right part of the
System where it's about like the like, you know
You're a Comcast customer but has their better a customer service not because they have a better wired network
And that's not the case. Right? Like I think there's actually fantastically funny stories about century links back end, but you know,
They're the ones who actually own the fiber to my house. And so I have to buy them
Right those companies they put the fibers there. So yeah, what are you defending them?
It's real there's certainly plenty of municipal fiber
And in fact the City of Seattle runs multiple fiber links, but those are not like public access fire
And then there's the competitive white area access example
Which says that?
Consumers actually don't have their right to choose their
long distance provider
oh, yeah, I mean
When I answer what a long distance provider, it's me like tell ya I don't think that quite matters so much anymore 2020
Yeah, like he eats do that kind of I converse that the telephone but I just don't understand. What is that?
What's the analogy for the internet right like so the idea is like if you're talking within your network
Whatever within some vocal yeses, it's one nice
but if you want a long haul to
to London you go through a different is and that's the sort of idea of trying to do something like that in the internet and
Internet folks decided that like they shouldn't
explicitly support that kind of use case of like connecting over multiple s is where the the point of it is to
someone that were better in long haul and so they're not better in short all they wanted this sort of flat space and
It worked out that way. I don't think that
22 2002 they would have predicted that
Long distance providers Intel F&E. We're going to disappear
It was the path of packets at the level of providers, which I
But they were said that this is the right like the consumers should have and that in return we can just composite provider
Oh, what is that I could help officer and that's actually I found most interesting which is for us
Again, um for cases. I want to talk about one in detail. So the first one is this that
The control over which parties are willing to exchange
Packets with each other. So like do you actually trust the end user?
We want to actually connect to this end user and add pulse and then the solution is
Firewalls, and this is also what the market wants is you have more
Just more recent or month
and
Then the second question Robert is there
Who gets to set the policy in the firewall and who is in charge and then the paper just presents this idea of?
Visibility of decision-making which basically means that whenever someone actually sized the policy in a firewall
Those the users who actually use the firewall should be able to toggle the configuration to their own
Laptop, I that's deep. But this being what quality actually is
And the third one is that most users are you don't even trust the pockets. They are actually connecting to so you're talking to
Some post. Do you know that they're actually who you're talking to? Maybe they're just speaking people about compact base book value back home
Which I'll factor in detail. And then the final question is for Matt. Is that user?
Don't even trust the software like the open system or a browser. They have to run on and that paper just said that
they already know the answer just
Because this is a problem in the techno space doesn't mean they have to be solved in the
Technical space we could just have stronger and better legislation to prevent OS or browser from stealing information
And then regarding the problem that users don't trust the party they're actually talking to you the solution is to have third parties to
Mediate and hence insurance my example, is that when we do online payment?
Maybe the credit card company can just waves our lab loading the case on this note
which I think is rather the case they already and the second one is that
We'll have public key certificate agents that provide us with certificate certificates assure us the authenticity of the parties were actually talking to you
this actually
Contrasts the classic to party and to end diagram of internet
But it's necessary and useful today
and
Each individual users interaction of the interactive still remains to party and to end the application designs
lots of the application sector responsible for checking but the party certificate but the users
Still do they
I
So I kind of felt that towards, you know the paper got a little bit flabby in terms of other actually tussles here
I'm not sure what the tussle is who are the competing interests. I see a problem. I see a solution, but what does the tussle?
effervescing here at the trust issue
Tussle this partially that there are people who shouldn't be trusted
Hustle between good actors and bad actors. Yes, but the solution of the tussle is not a compromise. It's who the bad actors?
I have a lot of philosophical disagree with this paper like
The tussle here is the creation of the public's
certificate
authorities
and there's
Many of them but it's a marketplace that was it was created for this purpose and and the decision to make it into a marketplace
And that there are multiple of these
And you need to sort of pick which one you want to work with
And so I think that's what the tussle in the solution was there
I think like having a public key authority is the answer to the problem
But you could have done that in a way that didn't invite
this
Marketplace in the same way like DNS would be potentially be an example where there isn't such a marketplace
Everything is much more authoritative and brittle that's what I would say
Explain how the public key certificate agents work like this is the thing where you get the green thing on your URL
Yeah, sorry, I brief it on there this is like this is like three lectures we're gonna get into this but
there is an agent that
basically, like Google will go to them and have them sign something in cryptographically secure way saying that
They are like they are Google
So there's that's actually a problem
So
There have been attacks where basically like like an example. I will give is Iran pretending to be Google
And doing mr. Can I forget from let's encrypt which is one of the public key certificates, so you're right but pumped on that thing
your browser ships with a set of
authoritative
Agents that it supports
And so if any of those signed Google then you trust that signature Google hands you this thing that says it was signed by Verisign
Which is one of them and then you trust that their Google
So you actually have like Verisign ISM like their public key is in your browser and it's called a certificate chain
and so they the Google hand you the chain which ends at Ferris on
And so then you have the Verisign end and you can unroll that and you can validate that
somewhere along that line Verisign agreed that this is
Me from pretending to be equal go and try to decide with
So they're assigning ostensibly will not believe that you are Google
What is it take enough or another business and I'm verify but what evidence do I need to provide is paperwork?
to say that so basically
The implementation actually has to do with the public primary key
So basically there's the the public does this really
Authoritative certificate agents that
Many browsers are pre-installed with a list of the new trust
When you're talking to youtube.com
Hey, I have a certificate from Google
Like the keys any whatever that's all fine, but in the first place, how do I ask like a business owner?
Like this is my website
I'm a business owner how to prove to them that I own this and yeah, does it right at all semantics?
So for example bucco CA is the third party
Youtube.com is one endpoint your user. You can talk to you to talk. Oh we talked about we tell you that
Hey, I have this certificate signed by glucose TA and because you don't you go see as well
That's part of the preinstalled a stiffness in your browser. You can actually check whether
They're saying what it said is true
Yeah, but I think like airport is so good, which is like, how does Verisign validate that Google right
Hey
The universal interaction. Yeah, like look around you like in the human to meet space
Yeah, like I have my website it is certified by whomever. I can actually go take a look but
Like what do you have to provide to them for them to give you the certificate is the cushon and it's like paperwork
it's absolutely look again Iran did this it was let's encrypt is a project that's designed to make it easier to
Generate a certificate for your website. And so the government of Iran went in and got them to sign google.com
And so they man-in-the-middle gmail
Like this was jericho 2000 and I think like it's absolutely a thing because what it is is like it's a lot of paperwork
it's like validating you go to the the DNS registrar and you say like
These are the same people know this kind of stuff, but it's not a protocol
And so there are and sort of wrinkles in there. But if it comes largely up using this video
And it is occasionally brittle, although that's not a super common
Yeah, um, so that's kind of thing
I kind of really agree with the paper
Which is that people is really trying to say that the network should work together with the society like all the paperwork and bureaucracy
Might not necessarily be a bad thing
That also be the more essential life don't wait but I think it's good so basically yeah the paper just said that in the future
There should be explicit ability to use it to select what their parties are used to alleviate
the interactions basically can
Which seems to me is just HTTP and then we already have that today. You can put your
Your own certificate in your browser and it will just work so you can choose whatever you want to trust
What-whatever third party you want to trust?
And then also talk about their identity
Which is that who is that?
The people that people believe that - it's not my first parties actually
need to know that who they're actually talking to and that one solution the paper that thing is bad is that we can just
impose global namespace of Internet users with attach trust assessment, um, which is
what's happening in China, actually, so
in China if you want to use I
Think that is really true today that if you want to use any kind of network service
It asks you to register your accounts with your social security number
So that each user on all web applications, I think
It's really secure but nest anonymous
Some paper believe that instead there should be many ways to establish an identity
One single post can have many identity
So what we should really have is a framework for talking about identity
not a single identity scheme like there is an eventual thing and then also talk about
penile Liberty versus
accountability because we really want to hold people accountable if they post something bad or they do something on the network and then
The people just hit that one
plus Malcolm is just a visible consequence of choice so that
people can still be anonymous they can pretend to be someone else on internet but
What we hopefully is that when they try to pretend to be someone else that is visible to us. So their interests rejecter
Just open this discussion using a hurry up. Yeah, just get that
Conclusion which is that we especially
Which is there never a society actually together. We cannot break them apart. We cannot ignore
The tussles created by society and a we as technical designers
Should embrace the reality and then take?
That as a power of our own to shape the picture of society and then we should take on that challenge ability
And then we have some discussions
once you already talked about and then
I mean, I love this. Okay. Yeah
We have discussed yet. Is that as I always work separately out the pus so interfaces as the paper suggests. It's a technical
Cost work it who used to actually take the time to make the right choice
So I'm going back in discussion. We just had
like ostensibly you can choose what route casu support I
Don't think anyone in this room myself included. It has changed their route starts in their browser
it's you know, uncommon I
You've added route certs. Yeah, cuz I'm doing my internship. I do the web service and I
see a
Like you can remove certain you can just have one so
It's an example of potentially a tussle
I think it's not a good job of creating the marketplace for these things on my website for the record is encrypted by let's encrypt
And so that's nice and that's a nice ecosystem but like as a user it's
pretty far away
Here, this is actually my question like that a lot of those up. It's a great newspaper. This is one of them
Like I get in principle I get it but like the more hustle interfaces there
We can always upload the third-party apps to take care of for you boy
Is that an exploitation vector for everyone?
Like I'll take care of this for you and that for you and a lot of backdoor for ourselves into your computer
It'll be great. It's fine. It's all good like
Like there's a reason that people pick
IPhones like I'm an Android user. The reason people pick iPhones, especially because they're really simple
There's not a lot of things like customized about it. It's just they're like
People are lazy
We included and in a lot of cases Tussle interfaces are just going to be exploitation effects right taking the paper a little bit
Too too literally and saying that the user should have the choice
There should be choice and in principle users should have it in practice
These horas frequently would delegate to Apple to make the right choices for them
That's and if they don't like the choices acclimate
They can go get Android and that goes thank you that as one of the choice exists
Well, I do let's go in here and change this thing and my whole computer breaks glass Computers not like
It's more
Sometimes it seems like they were making suggestions where they were talking about a choice of PV and the technical cost
I was going to take to implement. It was just not going to be worth it
And no one is going to use a choice. Anyway, like I like choice in principle. I grow that in practice
I think it's not always required
Yeah, potentially you still benefited from it
It's kind of weird cuz your browser literally just ships with like a couple dozen of these things
like it just takes all of them, but there is like it's you know on the front end getting a cert like
That marketplace is nice to be able to pick and it does opens all their abilities towards the point
That is one of the attack vectors. I don't know like I
Will say I also hate this paper for other philosophical reason
Everybody conclusions, but I think there's a lot that I hate the way they get to them. I'm biased on this
Cases are not just trusses for the users, but because there are choices there will be competitions
So that is to a better market. Plus there will be better products
Plus there will be companies like Apple that is so good that make users data
I just want applicants not as bad but
We don't have those types of interfaces that there will be no choices just will be no competition
There will just be one name Android and a girl force to use it
Would be Apple or Android we still be on feature phones
Like four levels too low where this paper is at
This is that's one example, yes acidic
Sort of maintenance I
Thought the convenient thing for people not wanting to make choice it's not a kind of tort so they're talking about here
you know, this is about
Architectures is about architecting a planets and network. And then where do you define things? Where don't you define things?
okay Planet planta spanning network
But they specifically call a Western most Western
Economists or ever think this is the right principle and the he's that principle to underlie the rest of the nature
But it's not a Western world plane
Like that was that was I'll admit that is where the paper lost me now gonna disagree with the principle of competition
But because it's and they try to hide behind like oh, you can't make a valid value neutral decision
But that like they needed value in a neutral decision and deciding to decided that principles the first place. Well, perhaps
I don't know. This is this is sorry. That was like we're getting like
One thing that I was asked myself was
If you can't have an evaluation decision, but you're like choosing choice is that I mean exactly
Yeah, you're kind of icing like one where the others you have to kind of draw that line yourself
There's certainly like offloading things to you know a
Market with the certain system do we think that a market is?
The only way to do that no
But it's a way to do that and it's certainly
Underlying where they're at to be clear. This was 2002. So what they've done been very successful
and we were still not in me like full-on heyday of the internet exploding and so
But yeah, I'm actually very sympathetic at that point
they certainly assume that markets are going to answer these problems in ways that are healthy and
They may or may not have done
That but you know the end of the day it really is like what do we do?
And what do we not do what we cannot do is one of those things I think is hard for technologists in general
I'm a little bit puzzled. I won't think the list of it if not markets
It seems to me and here I'm probably putting words in people's mouths at me, but it seems to me the other approaches
Yeah, this is the side and hand it down. I
I don't know. I
I've been raised in Western economics. Like I don't know what about the alternatives, but I assume there are some I mean
economics terrorism
I'm just saying that that's like an implicit value that the paper applies to what's that even plus like they like
Tussle interfaces like the idea of like the competition between the different providers, but all routed from a very specific philosophy
That's not the global philosophy necessarily. I think it's right. But what is the alternative?
So so the paper has like a counter a motivating example a counter example right of like quality of service
Like there is a decision made on how to do it. It turned out that it didn't work. Well at all
No one used it and everyone had implement their own like custom workarounds
so that so that was cited as like an example of like a clear failure of
You just decide and and don't like, you know
Draw a boundary around where people are trying to compete
because it turned out that what was decided didn't work and
no one used it and it
Like still doesn't really work today and there have been repeated efforts to like try to make it better and it always failed every time
Correct the story. Yes. Hi mom my I would already vac you outside for different reasons than what they have in here
Yes, that was definitely merited
So I don't know that that's like a counter example of you know
Not taking this approach not working
You know, there's that there's a bike by-product here if you don't if you don't
Do this thing, right the whole papers? Like what do you do when you not do and
if you don't do this thing or is the market gonna jump in and do this thing in some suboptimal way are there other ways
Other than the market to do that
yes, they're certainly not in the scope of the paper as it stands, but I
Mean it's a fair point
Any other thoughts again for the record I absolutely adore this paper, I guess something new out of every time I read it
Like the idea of like separating things out even if they're not technologically reasonable to separate out we're building this life
like the tribute Ledger
telecom thing right now and then it just convinced me that we should just put multiple Ledger's up even though there's no
But make it allows for multiple Ledger's and multiple ideas and so you can know
I
got
Any other thoughts?
Just tired
Kind of lot of more comments of it being over there. There's so much about Napster in this paper
Which like you know that yeah, I don't know but they want to comment on part of the paper that stood out to me
So in this kind of ties it is and to end arguments as well into this paper, so
You know this the simplest application is a nervous transparent packets come in and they come out and that's all that happens
once the pot of time
so obviously today
There's different reasons for why that can't be true
and I kind of feel like that line is important because when the antenna argument comes to play here because
There's an idea like somewhere something down the line no matter how deep in the stack
Something has to honor that something has to be like pack it in pack em
and that's kind of been like in like if we think about some of the networks of snacks a day like he gets down to
the point where even
Even maybe physical errors are being like like optimize to not do that anymore
Yeah, I feel like maybe that's kind of this line where it's like
The tussle points this like who's going to be like where does that work? Where where where does happen?
Tell us a lot like at what point to be saved? No, you can only don't
Just fucking forward the package
Like oh so you're not completely agree like you can see like again there's just this like teeth-gnashing about NAT
I know he's even a little bit of this paper
Because it's like the designers it's not supposed to do that
The point that he has here is like they didn't provide a room for this
Tussle I'm like trying to do things in new ways like NAT solving a problem
and
Despite the fact that again like every one of the architects of the system said do not do that and they did it anyway
Because it was solving this problem and that being a failure around the designers point even though it eventually solved it
I think it's an excellent
Elements paper that purpose the next paper people should like go up and plug in we're gonna be tight on time
I would be like 10 minutes and then 10 minutes of talking will be done who's doing that paper
That's me
I'm gonna cut my slice
Here
$5.00 they seem to be like
Separated somehow somewhere like they're connected. We have like the first two others
Yet, Princeton
- and what's that - they used to work at?
You say la la guy and that kind a look at the dimension act so
First off that is y MP is a researcher misleading belly and that water came gurus
He's not working at Microsoft
Graduated from Princeton and he is advisor. It's this David Walker
Also doing a lot of programming languages compilers stuff, that's the end
He's a principal researcher at Microsoft
Associate professor Ito founder and CEO
What's that
So yes feel like they all share some common background around like networking programming language and SPN
So can comes this propane product?
It's a basically a network
Configuration language, which is supposed to make the network
person life easier
Yeah
It is a programming language to configure the high level
Network house around policies. It also has a compiler which can generate
like
low-level configuration files for
individual
network devices
The basic goal of propane space that we're trying to like bridge the gap between
high level routing objectives and the low level configurations
Because like conferring a network
Routing tables that for eight it was so Eric from attention basically like this
There are some tools to help people to automate some of that might be using
templates as mentioned in the paper or some comfy rules, but there are still some limitations and also
Yeah
It take it's very quick to like take down a whole network and take a long time to roll to go everything back so
One some chopped pro pengus, it's basically targeting the BGP
Because it's a high flexible routing protocol and it's still being used and maybe the foreseeable future
It's adopted by a lot of companies
internally and externally
Yeah, I'll try to be quick that time I've asked to cover some of the
So I think one good example that we have in the paper is this
Backbone service, which is pretty much shown here and has some policies here
If you use propane and the code samples we would be actually pretty simple
So you will have just one line. We're going to get fine
to
Specify pop c-13 basically, it says your favor r1 over r2 over here and over
And
And you have you will have another like one line change
other one up here one P to the N or
Yeah, I think the syntax is putting straightforward, yeah because it's supposed to be by
Network engineers
I think in the paper there are like four steps
The first step for
For a propane dealer kids to have this annihilation state one, which is the regular state. I will call it
Pretty much LLL take the routing policy and convert that to something that you can understand
So it will scatter dyes the policy
Transfer it to
the
PGI are states where?
The propane will basically turn the compiled policy into eight
BGP on the stand role of topology
It will do something like fault
detection there
And also, it will check if there are standing on that poles
So you'll cover the failures in to do it has some like very efficient algorithms to do
regret free preferences and
Have a gate from safety to being for there's no black
So yeah, here's the
Workflow so you take network policy into the appropriate role and turned out into compiled standardized
go and then feed that into a
polygraph eventually sent out to the abstract BGP and sent it to
Individual devices from different manufacturers
And
from the
article the author claims that
The actual performance of propane is very good it
Cooked any lesson nine minutes to do the whole thing
I
Think like
Let's go to session right now
One third of the questions. I was like
Propane seems pretty good. Like why it's not
I wanted to fight about this 2016 y'all are so like
Four years, this is intention. This is like this. Okay, so
Yeah, you should probably see when the company was founded I guess those are non trivially correlated are they using propane
Are they building something? I don't know what they're using internally but its intention that
They're they want you to have intentional networks tension that that's what they're doing like
so
I think after like 10 year you can be like why I have this degree search
This is like at a top to use of the sitcom 2016 at 1 best paper
but it takes a little bit for these ideas to select get places and even then like the implications of this can be
In strange places I the weird thing to hear to me here is whether it's used in Microsoft or not
Because this was Microsoft research project
yeah, and so, you know what solving a problem for them and they usually have the legs to take things like this places, but
Here's a follow-up question. Why are all the data centers throwing all the money researchers at this because I want this now
Medicine like are weird environments, right? How many people run data centers at reasonable scale three companies?
Microsoft's the most open because they were behind the ball
Right, so, you know talk to your boss. Tell them to publish things more and like
Yeah, so in 10 years we can talk about my plans otherwise it's research why did you send this
So I love that question all of you should be asking that for every single paper eyes
For the record. I have 3/4 the way to building in a requirement in the response to people can answer that
I thought right that in my discussion. Oh
Yeah, I think I like this movement so why did I sign this paper
To me I think it's the obvious fault
I thought about how BGP is broken and we have all these BGP problems and this is modern research again in the last five years
best paper trying to solve that problem giving Sdn technician seems like it's such a
Perfect solution to think the big problem that you talk about like we expect it. Just might completely take over everything
Is it the perfect solution of the problem?
It's a very very good one. Yes, I don't know why not
well
It's it's not it's not the perfect solution in that it doesn't like you still have some of the problems you had before it some
Of them are gone. We still have some fun
Like first of all, like any of these correct black construction things have like the garbage in garbage out problem
so so if you're if you're engineers, who are
Configuring this they make a mistake in the higher-level language that mistake log is they propagate down to your BGP config?
You also have the issue of like when something does go wrong
Somebody wants to do a post-mortem and that presumably involves like looking through what the actual state was in the routers. So
are the rules that this thing generates as human readable as
Like what a person would manually configure into a bgp router if they're close
it's probably okay, but if it's like, you know, five per thousand lines of like
Gobbledygook as opposed to like the thousand line human created config file
That could be a different story for somebody who's actually looking to deploy this to be able to troubleshoot it hard to reverse engineer
I don't know how well look this neighbor produces. Corley's -
So like what a human would have written from PGP - but if there's a way to get away
Could that be a reason for somebody excited potentially not wanted to play it tell me second one's way comparable at one point
Maybe let's look good point that like, yeah
What else there's like I think a big larger glaring issue. It's not solving the BGP problem
People can still why about their stuff yes
Yes, right like so this is about you as an organization and having a consistent BGP worldview for yourself
But if your peer is sending you a route to YouTube, that's a zero
It's hardly
The problem we can solve otherwise like, you know, Russia is gonna keep seeing on my MasterCard traffic
And somebody you can imagine extension of this right like like could you do this on the all the BGP net road routes
Can you gather everyone's routes and run something like this post hoc?
I think I tagged one of the comments as being
The one I like the most I forgot what it was unfortunate but like they're like so I would say this doesn't solve the problem
It's clear like a solution in the space and a data point on this big problem BGP
But this is about BGP configuration within an organization and making sure they're exit nodes are consistent
And so everyone ran is the problem that we solved
Probably I mean should be that's the intention like that's a human problem again go back to the last paper
Yeah, if people are doing we're doing this you can't help it
This is a really good step. It's not the end of the journey, but like it's a great step on
Just great research, right
Potentially
Fewer places to put Burbidge in and previously but if you put partridge is going to affect a lot more places
But it did pretty good. Yeah, this is like
You can still fat-finger things
Or you can still have bad actors. I think you still have bad actors
Time on the scene has never been like a television show where the plot isn't gonna go better this company's BGP
No, maybe I don't know some probably
Yeah, this is like this is a whore Network
Remember this was at sitcom the premiere networking venue and it won best paper and retool that works here. We love it here
But yes
These papers are long and dense and had a lot of information that I did not care for
Like I did not need to know about the four levels of the hierarchy of their conversation
That's fine I literally didn't read it I was like I don't care I understand
High-level comes in the BGP comes out sounds great
I don't mean so
something like this and something I think we should think about hazard reading the papers is like the
Problem being attacked as well as the solution
I feel like the problem here was a well known deep problem. And the solution was an elegant mixing of different fields
It was programming languages. It was all these kind of things
And so that's where the beauty of this paper is, you know
And there's still 12 pages and it's a ton of technical content
Like it was attacking a really good problem with a really good solution and did a really good job with it
And that's like a very good research paper
what I liked about having all the formal model stuff is it and it is that I knew that like I know enough about like
State diagram. There you go
Like, okay
This looks reasonable and I know enough that
people who like new war and cared and like could really dig into it would have enough information to say oh
They have done the work and it was like the model is sort of concise enough. They can do that for some value concise
Yeah, I thought
One of the things that you also get from it is we
Dig into the implementation of their compilation you just realize that oh, there's no way humans the reason about this
so there's a but also I think like it's quite interesting that
steps that decided to break your attitude so each step can assault and
Guarantees certain things and it's mean it seems like the pti are step
Parts of it. Yeah
Yeah, so when you have like we actually have its apology yeah you
I
Want I just looked up intention that and I guess they have a product called batfish now
That makes like they have like you can visualize things that you can simulate your routes and everything like that. I would imagine
It's possible if you're one of those like intermediate states that we they're to strategy
You slowed the PGI are yeah exactly and they're they really want with like a brandy everything's
Very the batfish
Remember this this is a gradual class
It's a part of over trying to show you was research and what good research looks like and how to conduct good research
And so at the end of this class
Hopefully there's just a base level understanding of like where researchers at and how it's done and all those elements as well
So like in terms of networking research, I've never been teased that you know
That's what this is for and the tussle paper is more of a you know
Cool all right. Neither we're going to not be leaving at 9:30 next weeks because I'm going to be better at
Everybody
