The edge of the Internet is an unru

The edge of the Internet is an unruly place
Paul Vixie, Farsight Security
By design, the Internet core is stupid, and the edge is smart. This design decision has enabled the
Internet’s wildcat growth, since without complexity the core can grow at the speed of demand. On
the downside, the decision to put all smartness at the edge means we’re at the mercy of scale when
it comes to the quality of the Internet’s aggregate traffic load. Not all device and software builders
have the skills—and the quality assurance budgets—that something the size of the Internet deserves.
Furthermore, the resiliency of the Internet means that a device or program that gets something
importantly wrong about Internet communication stands a pretty good chance of working “well
enough” in spite of its failings.
Witness the hundreds of millions of CPE (customer-premises equipment) boxes with literally
too much memory for buffering packets. As Jim Gettys and Dave Taht have been demonstrating
in recent years, more is not better when it comes to packet memory.1 Wireless networks in homes
and coffee shops and businesses all degrade shockingly when the traffic load increases. Rather than
the “fair-share” scheduling we expect, where N network flows will each get roughly 1/Nth of the
available bandwidth, network flows end up in quicksand where they each get 1/(N2) of the available
bandwidth. This isn’t because CPE designers are incompetent; rather, it’s because the Internet is a big
place with a lot of subtle interactions that depend on every device and software designer having the
same—largely undocumented—assumptions.
Witness the endless stream of patches and vulnerability announcements from the vendors of
literally every smartphone, laptop, or desktop operating system and application. Bad guys have
the time, skills, and motivation to study edge devices for weaknesses, and they are finding as
many weaknesses as they need to inject malicious code into our precious devices where they can
then copy our data, modify our installed software, spy on us, and steal our identities—113 years
of science fiction has not begun to prepare us for how vulnerable we and our livelihoods are, now
that everyone is online. Since the adversaries of freedom and privacy now include nation-states,
the extreme vulnerability of edge devices and their software is a fresh new universal human-rights
problem for the whole world.
SOURCE ADDRESS VALIDATION
Nowhere in the basic architecture of the Internet is there a more hideous flaw than in the lack of
enforcement of simple SAV (source-address validation) by most gateways. Because the Internet works
well enough even without SAV, and because the Internet’s roots are in academia where there were
no untrusted users or devices, it’s safe to say that most gateway makers (for example, wireless routers,
DSL modems, and other forms of CPE) will allow most edge devices to emit Internet packets claiming
to be from just about anywhere. Worse still, providers of business-grade Internet connections, and
operators of Internet hosting data centers and “clouds,” are mostly not bothering to turn on SAV