UNM Student Develops Program to Police the Flow of Traffic on the Internet

March 11, 2008

When you were six years old and something went wrong, your mom made you count to 10, then react as a way of making you stop to think. Now a graduate student from the University of New Mexico is working on a technical protocol that gives Internet Service Providers time to stop and think about traffic flow problems on the internet before they have to react.

Josh Karlin is constructing a protocol with his advisor UNM Computer Science Professor Stephanie Forrest. When finished, Internet Service Providers (ISPs) can use it to deemphasize and delay data that suddenly comes from an unexpected source for up to 24 hours, until it is clear the data is coming from a legitimate source. That gives the ISPs a little breathing room to react to potential problems.

Right now, nearly 200 times a day, there are odd glitches in the way internet traffic flows. Most of them are small, disappearing quickly within a few hours, but occasionally there is a major problem such as the one on Sunday afternoon, February 24, 2008, when the website “You Tube” disappeared from the World Wide Web. It’s not clear why, but Pakistan Telecom suddenly rerouted You Tube traffic into an internet black hole, stopping web users in most of the world from viewing the site.

Incidents like this fascinate Karlin. He says You Tube got back online by sending out word internationally that they had a problem. “So what happened is the Internet Service Providers (ISPs) that were close to Pakistan Telecom, that were in fact forwarding Pakistan’s data, said oh, this is obviously wrong. We’re not going to propagate it. And then they shut it off. They filtered it out and then suddenly the problem disappeared and You Tube was getting data again.”

Most internet users don’t think much about how the internet works. We assume someone, somewhere is in charge; taking care of problems, settling disputes, and punishing troublemakers. But that’s not true. The internet works because hundreds of independent ISPs work cooperatively together to keep traffic running smoothly.

Every computer in the world connected to the internet has an address. Those addresses come from the Internet Assigned Number Authority (IANA). That entity assigns the numbers, but it doesn’t police them. “The IANA has been giving out these addresses for a very long time, and people have lost track of where they’ve gone,” says Karlin. “So some companies that were given Internet Protocol addresses have folded or sold it to other companies or broken them down into small blocks and given them out to other people, so nobody really knows what’s where.”

For instance, the University of New Mexico has thousands of internet addresses assigned to it. But there is no agency that monitors whether UNM only uses the addresses it has been assigned. So how does any ISP sort out what is legitimate and what is not?

There are several kinds of services that Internet Service Providers could use to stay abreast of suspicious activity on the internet. Some are propriety, for profit, and can be purchased from a number of companies. Karlin, with funding from the National Science Foundation has already designed a protocol that is fast, functional and free to any ISP that signs up. The Internet Alert Registry sends an email to the ISP when there is suspicious activity in the internet traffic flow that might affect its customers. The registry is available at http://iar.cs.unm.edu/index.php.

The suspicious activity could be anything from a transient glitch to a full scale emergency like the You Tube traffic problem. The email alert is like a warning siren that gives system operators notice to look at the problem and take any corrective action they believe is needed to keep their customers fully connected.

The Internet Alert System and the new protocol will eventually work together so that ISPs receive the alert, and their systems can automatically start deemphasizing the suspicious traffic so that potential problems unfold slowly rather than with an instant crash.

Karlin says the internet began as a messaging system between researchers who trusted each other, and so far the system still basically works on the idea that most of the time messages that are being sent around the world are benign. But as more and more people use the system mistakes are made that cause problems. His new protocol treats the mistakes as mistakes rather than attacks and allows for a positive rather than a punitive solution.