At 11:25 PM -0400 7/11/02, Sean Donelan wrote:
http://www.bell-labs.com/news/features/jaffe.html
Impact of Optical, MPLS According to Jaffe, advances in network architecture and technology now coming out of Lucent and other companies may have a profound impact on cyber-security in future networks deployed by both service providers and enterprises.
"Three or four years ago, all-optical switching was considered science fiction, but Lucent is providing a path to that reality with the LambdaRouter," he said. "All-optical networks don't exist yet, but they are coming, and they will greatly reduce vulnerability.
"It's very hard to intercept individual packets in an all-light network because they aren't queued in output buffers at intermediate nodes. And a lightwave network gives you a better idea of where the packets have come from, which is a problem with the Internet routing protocols today's data networks use."
I'm afraid this is one of those things I need help translating. I don't understand how an all-optical network improves the security of the IP layer. At best this is "improving" the security of the least vulnerable part of the network. But I could be wrong, and I'm willing to be educated.
They don't mention IP at all except by inference via MPLS. http://www.mplsrc.com/faq1.shtml#MPLS%20History item C talks about migrating layer 1 and 2 functions up to layer 3. Maybe their assumption is that by supplanting IP at layer 3 in the core, they will remove possible angles of attack? Of course, the flip side of that coin is that they will create new ones. I would imagine this looking somewhat like the IP stack only being used at the desktop level. IP would be encapsulated within [insert all-optical network protocol here] which would be used for the actual transport and routing. To take this thought experiment a little farther, in the world I describe above, my ability to attack individual hosts is still roughly the same, but my ability to attack the network itself has changed dramatically. DOS attacks could be easily traced back to individual hosts and squelched, maybe even automatically. With no global routing table to munge up, it would be harder to black hole or flood. Add in the fact that optical sniffing, while not impossible by any means today, will increasingly become non-trivial as bandwidth increases. Which is exactly one of the 'problems' they expect optical network to solve. Regards, Chris Kilbourn Founder _________________________________________________________________ digital.forest Int'l: +1-425-483-0483 where Internet solutions grow http://www.forest.net