Hi,
Do folks on this list see blockchain technology making inroads into the
networking? I can see blockchain being used to secure the SDN environment
where blockchain will allow encrypted data transfers between nodes (ones
hosting different applications, the SDN controller, the data plane devices)
regardless of the network size or its geographical distribution.
Where else can blockchain be used in networking?
Glen.
Where else can blockchain be used in networking?
Other uses notwithstanding, it should be good for inflating the share price of any network vendor that adds "now with block chain!" somewhere into their product portfolio.
/snark
Hi Glen,
I'm having trouble envisioning a scenario where blockchain does that any
better than plain old PKI.
Blockchain is great at proving chain of custody, but when do you need to do
that in computer networking?
Regards,
Bill Herrin
agreed this could have potential to be the next "devops" style buzzword
There's probably some potential in using a blockchain for things like configuration management. You can authenticate who made what change and when (granted, we can kinda-sorta do this already with the various authentication and logging mechanisms, but the blockchain is an immutable, permanent record inherently required for the system to work at all).
That immutable, sequenced chain of events would let you do things like "make my test environment look like production did last Thursday at 9AM" trivially by reading the blockchain up until that timestamp, then running a fork of the chain for the new test environment to track its own changes during testing.
Or when you know you did something 2 months ago for client A, and you need your new NOC guy to now do it for client B -- the blockchain becomes the documentation of what was done.
We can build all of the above in other ways today, of course. But there's certainly something to be said for a vendor-supported solution that is inherent in the platform and requires no additional infrastructure. Whether or not that's worth the complexities of managing a blockchain on networking devices is, perhaps, a whole other discussion. 
- Peter
Why to reinvent git?
Lot of tools available also, to see diff on git commits, to see who did commit, and what exactly he changed.
(it is possible to cryptographically sign commits, as well, and yes, they are chain signed, as "blockchain")
Hi,
its not only about PKI. There are some currencies in the wild right now, that are more scalable than bitcoin and are made for the "ddos" world of IoT.
For example a possible BGP extension could use smart contracts to form and confirm peering and also handle the direct payment process to the upstreams. Things like the DirectCloud of DE-CIX could be replaced by a "BGP-Exchange", where "routers" can sell and order services on their own and on-demand, for example if the "router" needs suddenly more bits to AS$X on a cold winter night.
Also a "$IoT" device like a streaming dongle could order and pay by itself and may book the nearest data-"highway" for a PPV-event.
Jörg
In article <0c45eee2-ffcb-2066-1456-eb2d38075007@alter3d.ca>,
How about validating whether a given AS is an acceptable origin for a set
of prefixes? Seems like a problem (route hijacking) that's still been
looking for a solution. Lots of BGP routers, RRs, prefix databases are
around, maintained and generally online. Current practices are incomplete
and for many large carriers, operate on a 24 hour cycle which might not be
acceptable if the world had a more instant option in place.
It is not my impression that maintaining an updatable database of
(AS, prefix) pairs is particularly difficult. What's hard is figuring out who's allowed to put what into the database, and blockchains offer no help at all there.
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
In article <0c45eee2-ffcb-2066-1456-eb2d38075007@alter3d.ca>,
We can build all of the above in other ways today, of course. But
there's certainly something to be said for a vendor-supported solution
that is inherent in the platform and requires no additional
infrastructure. ...No additional infrastructure? Blockchains need multiple devices that
are online and have enough storage to keep a full copy of the chain.
There is absolutely no reason that the networking equipment itself can't both operate the blockchain and keep a full copy. It's a pretty good bet that your own routers will probably be online; if not, you have bigger problems.
The storage requirements aren't particularly onerous. The entire Bitcoin blockchain is around 150GB, with several orders of magnitude more transactions (read: config changes) than you're likely to see even on a very large network. SSDs are small enough and reliable enough now that the physical space requirements are quite small.
They make sense in an environment with multiple sophisticated parties
that sort of but not entirely trust each other, but there aren't as
many of those as you might think.
You (presumably) trust your own routers. There is absolutely no reason that your own little network can't run your own private blockchain. In fact, for my use case of configuration management, you wouldn't WANT to use a single global public blockchain.
- Peter
(watching this thread and wondering..)
In article <0c45eee2-ffcb-2066-1456-eb2d38075007@alter3d.ca>,
We can build all of the above in other ways today, of course. But
there's certainly something to be said for a vendor-supported solution
that is inherent in the platform and requires no additional
infrastructure. ...No additional infrastructure? Blockchains need multiple devices that
are online and have enough storage to keep a full copy of the chain.There is absolutely no reason that the networking equipment itself can't
both operate the blockchain and keep a full copy. It's a pretty good bet
that your own routers will probably be online; if not, you have bigger
problems.
I don't know that offloading computation on already busy network devices is
a win for the rest of the network though.
I don't know that you want to depend on local storage on devices which
could be thousands of miles away from the people who can replace the
hdd/ssd/storage-item.. especially when that storage is critical to the
operations of the device.
It turns out it's both expensive in time and pesos to fly someone into
west-africa/east-asia/china/texas to repair a device in an emergency
(unplanned work).
The storage requirements aren't particularly onerous. The entire Bitcoin
blockchain is around 150GB, with several orders of magnitude more
transactions (read: config changes) than you're likely to see even on a
very large network. SSDs are small enough and reliable enough now that the
physical space requirements are quite small.
I really don't think storage is the only problem here, and 'aren't
particularly onerous' overlooks a whole host of actual problems in
operations with blockchains... which just using git/sccs/cvs/etc fixes for
your standard configuration management concerns. All of the
git/sccs/cvs/etc avoid 'lots of storage necessary on remote devices' and
'lots of compute required on remote deices'.
They make sense in an environment with multiple sophisticated parties
that sort of but not entirely trust each other, but there aren't as
many of those as you might think.You (presumably) trust your own routers. There is absolutely no reason
that your own little network can't run your own private blockchain. In
fact, for my use case of configuration management, you wouldn't WANT to use
a single global public blockchain.
someone 12 messages back asked: "why is this better/different/etc from just
using git/sccs/cvs/etc for configuration management/revision-control?"
I've not seen that answered, except by the speculative: "well, it's a cool
buzzword" comment.
A slightly more pessimistic view:
https://hackernoon.com/ten-years-in-nobody-has-come-up-with-a-use-case-for-blockchain-ee98c180100
Sure but there are lots of blockchains other than bitcoin. A lot of real smart people do not even suspect that bitcoin is a long term survivor due to its long transaction times. Which blockchains do you want to support? 150GB may not seem like a lot (although a lot of my gear does not have the memory to cache that) but 10 of those is beyond the memory on the vast majority of network gear I am aware of. That sure looks like a slippery slope to me. Now that a lot of network switching and routers can support applications, you could just host all of your apps on them just like you could do all of your routing in your servers. The question for you is what responsibilities do you want to take on. That probably depends on what business you are in.
There is absolutely no reason that the networking equipment itself can't both operate the blockchain and keep a full copy. It's a pretty good bet that your own routers will probably be online; if not, you have bigger problems.
The storage requirements aren't particularly onerous. The entire Bitcoin blockchain is around 150GB, with several orders of magnitude more transactions (read: config changes) than you're likely to see even on a very large network. SSDs are small >enough and reliable enough now that the physical space requirements are quite small.
Steven Naslund
Chicago IL
BTC miners use asics. Big switches/routers use 100Gb asics. Some
switches have multiple 100 Gb asics and sometimes only half is use or
even less.
I guess it could be nice for some smaller telcos to generate some profit
during off peak period. I don't know how feasible and I fully understand
that the vendor warranty should be instantly void.
Also, sometimes telcos have off the shelves spare that gather dust for
years... It could be interesting to also generate few coins.
Jean
The definition of an ASIC is that it has only one use. Just because half of
a 100gb switch is not in use doesn't mean that you can mine bitcoin, or run
a blockchain with the asics not in use..
It seems to me that at the current moment in the evolution of bitcoin, the
only way to make money from it is to sell the equipment to mine coins, as
the chances of ever making any money from mining coins yourself are
vanishingly small. And then only if you get your electricity and cooling
for free.
It has been estimated that the amount of electricity being consumed worldwide
in the attempt to mine bitcoins exceeds the consumption of several smaller
European countries. Since little of this power is generated from renewable
sources, it could represent a significant consumption of fossil fuels.
- Brian
That's a job for ordinary PKI. Any time you have a trusted central
authority to serve as an anchor, ordinary PKI works fine. The RIRs serve as
anchors for who has the right to authorize which prefixes.
A harder task is validating whether your peer is part of a legitimate AS
path to that origin. It's not obvious to me that blockchain could help
solve that problem, but it's at least a problem that isn't solved by
ordinary PKI.
Now, if we wanted to replace the RIRs and allow people to self-assign IPv6
addresses out of ULA space which we'd then honor in the global BGP table,
blockchain could have a role.
-Bill
New devices like the former Brocade SLX even has its own hypervisor on x86-intel and runs an Ubuntu VM for management and monitoring. You can even install your own things, therefore new applications and purposes will rise in the future.
I also believe that dockerization will come to the networks and we will handle routing protocols more like containers that will be linked to the host-os, adding reseller and namespace capabilities and so on.
There will be room for blockchain typeof-handlers that does not need to be a "full node" or a "miner". It could just be a "wallet"-type, that is linked to companies-internal-"light" nodes, to exchanges or registries or $y for purposes, that we might not even think of right now or still need to write PoC for (remind me in $x years).
Jörg
> How about validating whether a given AS is an acceptable origin for a set
>> of prefixes?
>
>
That's a job for ordinary PKI. Any time you have a trusted central
in particular RPKI -> https://tools.ietf.org/html/rfc6810
authority to serve as an anchor, ordinary PKI works fine. The RIRs serve as
anchors for who has the right to authorize which prefixes.A harder task is validating whether your peer is part of a legitimate AS
path to that origin. It's not obvious to me that blockchain could help
solve that problem, but it's at least a problem that isn't solved by
ordinary PKI.
this part of the problem is BGPsec -> https://tools.ietf.org/html/rfc8205
Now, if we wanted to replace the RIRs and allow people to self-assign IPv6
addresses out of ULA space which we'd then honor in the global BGP table,
blockchain could have a role.
yes, here's a useful use for blockchains... allocation of random numbers,
and logging of same in a globally available fashion.
Application Specific Integrated Circuit. It's even in the name!
You can't just run normal software on ASICs. It's not a computer. They're literally hard-wired to do one thing - and do it well.
Switch ASICs, for example, are good for switching network packets around. Though (I would assume) they
can't do any kind of hashing, much less Bitcoin-specific stuff.
Trying to mine Bitcoin on switch ASICs would be like trying to transfer
water through a 2.4GHz WiFi connection - both are absolutely preposterous ideas.
Regards