Cisco has long been an advocate of what I like to call “Chicken-Little” marketing; you run around yelling that the traffic sky is falling and expect operators to accept sub-par ROIs to do their part in addressing the issue. Their “Internet of Everything” story has always had elements of that angle, but it’s also been a bit muddled in terms of details. As Light Reading reported yesterday, they’ve now made things “clearer”, but not necessarily any more plausible.
What Cisco is doing with IoE is taking every trend in networking, from the cloud to mobility to content to telepresence…you name it…and making it an explicit part of “everything”. Semantically it’s hard to quarrel with that, but at the end of the day it’s hard to resolve the question of evolution if you look at every possible organism in every possible ecosystem. Thus, I have to admit a strong instinctive reaction to shout out a dismissive negative in response to IoE. That would probably be justified given that Cisco almost certainly intends it to be nothing more than a positioning exercise, a way of seducing the media to write stories.
But is there more to this, or could there be? The truth is that increasingly there is only one network—the Internet. We have a lot of drivers that seek to change how it works, how it’s built, but at the end of the day we still have one network that can’t evolve in a zillion different ways. All our revolutions have to tie into some macro trend. You could reasonably name it the Internet of Everything, even. What you need isn’t a name, though, it’s a strategy. To get one we have to look at the factors that shape the “everything”.
Factor number one is regulatory. As Cisco touts all the great stuff you could do with the Internet, they implicitly support a neutrality model that would eliminate the possibility of any business model other than all-you-can-eat bill-and-keep. The decision by many of the larger ISPs to charge Netflix isn’t a bad one, it’s a market experiment in a business model suitable for massive increases in content traffic. We don’t need to eradicate these experiments in the name of fairness (or unfairness, depending on your perspective) we need to encourage more of them.
Would it be helpful to be able to dial in more capacity or QoS? Interestingly, advocates of “more neutrality” seem to agree that it would be fine for users to pay for QoS on their own. It’s not OK for them to pay indirectly, though, by having their content provider pay the ISP and the user pay the content provider. This is (in my view, rightfully) what the courts had a problem with in the old Neutrality Order. We should have both options, all options in face. We should also have the option to settle for QoS on cross-ISP traffic flows, so users could get QoS not only for their content delivery (much of which is from CDNs directly peered with the ISP) but end to end for any relationship. How could you say you had an Internet of Everything without that capability?
Factor two is security. It’s already clear that the Internet is terribly insecure, and that a lot of the problem could be easily fixed. We don’t validate much of anything online—you could spoof an email address, a DNS update, even an individual packet’s source address. Just making the Internet more accountable would be helpful, and if every ISP had a code of online protective conduct that it enforced, then interconnected only with ISPs who did likewise, you’d have a pretty good start toward making the Internet at least accountable, and that’s the first step toward security.
You could also improve access security. We have fingerprint readers and retinal scanners already; why not make them mandatory so that every user could be authenticated biometrically rather than by passwords that most people can’t make complicated enough or change often enough so they’re secure? You could take at least some positive steps just by having a user associated with an in-device hard code—something that says “This is my phone” and that can be changed (presumably when the phone is sold legitimately) only through multi-step processes.
SDN could improve security by creating application-specific subnetworks that users and servers must be explicitly admitted to. No more having people slip across the DMZ in a network. You could even have some IP addresses unreachable except by specific central-control intervention; forwarding rules have to accommodate connections with highly secure assets in a specific sense, rather than allowing those addresses to fall into a pool that’s routed by subnet or another portion of the IP address.
But the final point may be the hardest to achieve—the IoE has to be profitable enough that all the stakeholders are prepared to play their roles. The FCC Chairman is reportedly bemoaning the lack of broadband competition in the US. Well, Mr. Wheeler, competition happens when there’s an opportunity valuable enough for multiple providers to want to exploit it. Clearly, given that carriers both in the US and elsewhere are investing in non-network business lines (some even investing in networking in other countries), they are prepared to put money into their business. If they’re not putting it into their network, there’s something wrong with the ROI.
I think that Cisco’s IoE definition is a call for a complete rethinking of networking. The Internet, as we know it, is not IoE. We’re not investing in the right stuff, offering the right services, supporting the right business relationships, providing the right rules to govern behavior, or even insuring that everyone is who they say they are. We’ve let a network model that wasn’t designed for the Internet of anything beyond a community connection in the scientific and academic space aspire to be an IoE. There’s more to it than that, and what I’d like Cisco to do is address all of the real requirements, all the places where change is needed, with a clear position and realistic proposals.