Background
The Office of the Manager, National Communications System (OMNCS) performs a broad range of activities in fulfilling its mission. These activities include analyzing communications networks that support national security and emergency preparedness (NS/EP) communications. As more businesses, government organizations, and the public use the Internet for their daily activities, it has become more important for the OMNCS and its constituents to understand the operation of the Internet and its dependence on the existing communications infrastructure.
The phenomenal growth of the Internet has been one of the most significant technological events of the last several years. As an instrument for sharing and distributing information, the Internet will be judged one of the major milestones of the latter part of the 20th century. The exponential growth in Internet traffic has fostered the concept of the "Internet" as the ubiquitous tool for sharing information. However, the accessibility and availability of the Internet depend on a physical infrastructure of software, routers, and transmission media. It is commonly perceived that the Internet and the public telephone networks in the United States are two separate and distinct systems. Although this is true to a certain extent, most data networks, including the Internet, rely on the public networks (PN) to transport their traffic.
Internet Definition
At the highest level, the current Internet consists of multiple national and regional Internet Service Providers (ISP) and interconnection points where the ISPs meet and exchange traffic. This infrastructure is similar to that of the old National Science Foundation (NSF) network, NSFNET, which consisted of a three-tier structure:
* Backbone network
* Regional networks
* Local/campus networks.
The NSFNET was decommissioned in 1995. In its place are multiple nationwide networks similar to the original NSFNET backbone network. Regional networks still aggregate their traffic and hand it off to the nationwide backbone networks to which they are connected. Interexchange points (IXP) are located nationwide to facilitate the exchange of traffic between national and regional ISPs.
National Service Providers (NSP) provide national backbone service. This type of service provider owns or leases its own backbone network and has a nationwide customer base. Additionally, NSPs are generally connected to all the major IXPs and have peering agreements with other major NSPs at these exchange points. Traffic originating with a customer on an NSP that is destined for a customer on another NSP is transferred from the originating NSP's network to the terminating NSP's network at an IXP.
Regional Service Providers (RSP) are similar to the NSPs in that they own or lease their backbone network, but they are much smaller in scale. Their networks encompass a single region and usually have a regional customer base. RSPs have peering agreements with NSPs to transfer traffic over the Internet. RSPs either connect directly to the NSP or connect to an IXP where they transfer traffic to the NSP network.
With the dissolution of the NSFNET backbone, the NSF sponsored three primary and one secondary Network Access Points (NAP). The NSF's concern was that without the sponsorship of a core set of exchange points, the commercial backbone providers would set up a conglomeration of bilateral connection points that would potentially result in routing chaos.
Each NAP operator provides the exchange facility while the ISP that connects to the NAP establishes peering agreements with the other ISPs connecting to the same NAP. The purpose of a peering agreement is to ensure that traffic from one ISP can reach all the customers on another ISP by exchanging routing information between the two ISPs.
The current number of IXPs on the Internet far exceeds the original four NAPs sponsored by NSF. The term "NAP" is applied only to the NSF-sponsored IXPs, whereas all IXPs provide the same functionality, which is a common place for ISPs to exchange data.
Analysis
The Internet is a very dynamic entity in that it is constantly evolving and growing. Therefore, it is impossible to accurately identify all components of the current Internet. To develop the data for this report, the Internet was analyzed to identify key components used to transmit network traffic across the Internet. To achieve this purpose, a software tool, called the Internet Analysis Tool (IAT) was used to automatically trace the routes used to send traffic between two hosts on the Internet. The IAT collects data from the set of routers an Internet packet traverses on its path from one host to another. The analysis of the routes identified by the IAT yields traffic trends and identifies key components in the Internet infrastructure.
For this analysis, two IAT source sites were chosen:
* Booz•Allen & Hamilton, McLean, Virginia, on the PSINet network
* Proxima, Inc., McLean, Virginia, on the MCI Network.
The tool collected routes from each of these two sites to 105 other sites located across the United States. The type of Web sites chosen for
this analysis were the following:
* 23 NCS Member Organizations' Web sites
* 50 State Web sites
* Major university Web sites
* Popular commercial Web sites.
The output from an IAT execution is the set of routers in the path between two hosts. For each router, three datagrams were sent at different times of the day, and the round trip time from the originating host and the router was collected.
Analysis Results
Traces performed throughout the test period indicated high success rates averaging between 87 and 89 percent. Of the unsuccessful trace attempts, most resulted from an unreachable node (i.e., a router or the destination server) in the path that was probably either shut down or incompatible with the IAT software.
Internet use is highest during mid-to-late afternoon business hours. Based on the round trip time for packets to traverse the network, congestion peaks between the hours of 12:00 noon and 4:00 p.m. eastern time.
This analysis indicated that the number of router hops did not vary in accord with the time of day or the day of the week. Thus, the predictability of Internet routing, along with an increasing dependency on this communications medium, renders it vulnerable to targeted and intended network disruptions.
Routers appear to share a somewhat balanced traffic load within the backbone networks (excluding those routers closest to the two sources). As expected, a high number of router "visits" occurred in the initial hops of the traces. These initial routers are critical to the sources; however, they are not necessarily critical to the entire Internet. As the trace moved away from the source and into the backbone networks, the number of visits per router stabilized. Therefore, a single critical router could not be identified, however, it could be determined which networks were more heavily traversed. For this analysis, MCI's network was traversed most frequently and was, therefore, critical to the success of the traces.
Vulnerabilities
The Internet can provide service in a volatile, unreliable network environment. But, like the PN, the Internet has vulnerabilities that can severely degrade its level of service. Because the Internet relies on PN packet and circuit switched networks, it is vulnerable to the same cable cuts and other damage that can affect the PN. In addition, some restoration techniques used by the PN carriers for circuit switched traffic cannot be used on the Internet's packet switched traffic.
National IXPs are critical to the operation of the U.S. portion of the Internet. An IXP failure could greatly reduce the Internet's ability to transport traffic nationwide or even worldwide. Congestion at these IXPs has also convinced ISPs that it is necessary to establish secondary means of interconnecting with one another.
Network routing protocols dictate how traffic is directed through the network in that they determine the paths that should be taken through the network to avoid congestion and network outages. Some Internet routers are vulnerable to "thrashing" - the optimal path through the network changes so frequently that the router spends more time computing these paths than actually routing users' data.
In summary, the initial analysis has determined that the Internet's physical vulnerabilities are consistent with the vulnerabilities of other large communication networks, most notably "last mile" issues and loss of backbone transport. Additional vulnerabilities exist that are distinct to the Internet - congestion (exponential growth in traffic), routing software, and network server management issues.