100 Times Faster Internet

The following post was written by our Co-founder and CTO, Colin Constable. He always supplies us with thought-provoking pieces, so please give him a follow over on LinkedIn to catch his ideas hot off the press.

Pradeep Sindhu founded Juniper Networks in 1996 with a game-changing idea: Separate the control plane and the data plane, and create a router that would be at least one hundred times faster than the prevailing Cisco routers. For some of you, this might be familiar territory. But for others, you might be wondering, what’s a control plane and data plane, and why would this make such a huge difference?

At the time, routers were essentially computers with specialized network interfaces. These interfaces received TCP/IP packets and sent them on to the CPU to figure out what interface the packet should exit on. This worked very well, but Sindhu saw a world where interface bandwidth would outstrip the ability of the CPU. With his background in custom silicon, his thesis was to have the CPU handle network state via routing protocols and configuration, then have the CPU program the silicon to handle packets as they entered the router. The genius part was that the CPU had to handle less work, but could manage routing changes, and the specialized silicon could handle data rates. Thus, the control plane, the CPU, and the data plane custom silicon (ASIC) router was born.

All network equipment works this way now, and has made the modern Internet possible.

This is all happening every microsecond of every day, inside every single network device between you and the server you are talking to as you use the Internet.

If we zoom out from an individual router, the Internet is very fractal. That web server you are connecting to is just a big CPU. For the past 50 years, data has been sent to the CPU to be processed and then sent on to someone else who is also connected to the CPU. For example, let’s say you want to share a file. First, you upload it to a server, then you tell the recipient where it is. This mirrors Sindhu’s observation, but we are now at the larger Internet scale.

What we need is an Internet-wide control plane that can pass these data flows to the right places in the network, just like custom silicon does.

If we treat the whole Internet as the data plane, we need a way of talking to the control plane. We cannot have a single massive server—clearly that would not scale. Instead, we need a distributed, Internet-wide control plane, where each person, entity, or thing has its own tiny personal data service (PDS) that is under their complete control. In this case, when you want to share a file, your control plane can talk to the control plane of the person you are sending the file to and they could negotiate a sensible place to send it. For example, if you are both in London, then the file would be placed in a London-based server. Transfers become much quicker, and the PDS does not have to worry about storing the file itself. If you are in London and your colleague is in California, maybe your personal servers could negotiate and use a file server in NYC. Just like Juniper’s routers, this speeds up data flows by separating the control plane from the data plane.

In addition to negotiating location, the PDS can also negotiate encryption keys. This lets  you encrypt your file before you send it, and send both the keys and the location to your colleague in California. In this model, you must ensure that 1) only you have access to and control over your PDS; and 2) the data on it is always encrypted with keys that are not also stored on the PDS. This way we now have an end-to-end encrypted control plane.

The amazing thing about this Internet-wide control plane is that you could use it for any application, for example, chat or websites. And, it gets really interesting at the bottom of the TCP/IP stack. If you want an encrypted connection for real-time video connection to your colleague in California, your PDS negotiates not a file server, but a connection relay service in NYC. The control plane shares the cryptographic keys for the connection and the connection relay never has those keys. This means that absolutely no one in between can see your call. Now you have a secure, real-time connection negotiated by the control plane, and the connection itself is on the fastest data path.

What we see emerging is a new additional plane—a policy plane. The policy plane is used by services, like the file service and the connection service, to allow, disallow, or ask for payment.

Every component of these data, control, and policy planes must be addressable, and that requires a new protocol with new addresses.

This is what we have created at Atsign. We have applied the lessons from Sindhu’s 1996 router innovation to the scale of the Internet. Improving security with end-to-end encrypted everything and little to no network attack surfaces. This tech allows for faster localized services and the offloading of ever-power-hungry centralized data centers, the CPUs of the Internet. Plus, we see huge benefits in privacy as middle services never have the keys to your data. Finally, a private Internet!

We know that as Atsign’s open-source technology is used and improved by the Open Source Community, many more emergent properties will appear. In the meantime, innovators and developers can now focus their time and resources on innovating and developing instead of on complex cybersecurity measures. Become part of the Atsign community and explore how this revolutionary technology can unlock the full potential of your next project.

Why Open Source

Atsign technology has been open source from day one. See exactly why open source embodies the values we hold as a company.

read more

Zero Trust Sockets

Simplify network security by starting at the socket level. Colin Constable explains how a Zero Trust Sockets approach is better.

read more
Share This