What IS the Third Internet?

First some definitions:

Node – any computer or other device that has at least one network interface (wired or wireless). The device can have multiple network interfaces, so long as it is not forwarding IP packets between any of them (e.g. my computer has both an Ethernet and a WiFi network interface, but is not a router). Think of a leaf node in a tree diagram.

Router – a network device with two or more network interfaces, that is forwarding IP packets between at least two of them. Think of a branching node in a tree diagram. In the early days, a router was usually a general purpose UNIX based computer that run router software. Today, most people think of a router as a dedicated hardware box that does only network routing. I can still turn any computer into a router by doing the right configuration and/or installing the right software (e.g. pfSense). I can even deploy a virtual router in VirtualBox, to link multiple virtual nodes into a virtual network.

Network (Local Area Network, LAN or Subnet) – a collection of nodes (computers and other devices – anything with a wired or wireless network interface) that are connected via Ethernet cables, Wi-Fi, and network switches. A network can have one or more routers that connect it to the outside world, but no internal routers, splitting the network into multiple routing domains. All nodes in a network share a single, monolithic address space, e.g. 10.0.0.1 to 10.255.255.254 (or 10/8 in CIDR notation, which you can also think of as 10.x.x.x). A network is usually limited to some geographic area, like a building or even a city. It is common for an entire network to run at fairly high speeds (e.g. 1 Gbps).

Internetwork or internet (lower case “i”) – two or more networks connected via routers with different address spaces in each network (e.g. 123.45.67/24 on one side of a router and 123.45.89/24 on the other side). The Internet Protocol (IP) makes it possible to route packets from any node in an internet to any other node in the same internet, using static routes or dynamic routes (managed by routing protocols). Often networks in geographically dispersed areas are connected via lower speed network links (via telephone modems, DSL, Fiber, etc) to create a WAN (Wide Area Network). Each network has one or more default gateways (routers that act as the gateway out of that network to some larger network structure, like a WAN). If a destination address of a packet is in the same address range as the source address, the packet is delivered directly to the destination node (e.g. via Ethernet). If the destination address of a packet is in some other address range, the packet is delivered to the default gateway, which uses static or dynamic routes to determine how to relay it towards the network that contains the destination address. Even “internets” (lower case i) can be global, for example NIPRNet and SIPRNet (run by the U.S. DoD), but not connected to the main Internet anywhere.

The Internet (capital “I”) – the primary, main or largest collection of networks in the world – what Internet Service Providers (ISPs) provide access to. Global in scope. Contains possibly millions of networks owned and run by many individuals or organizations, who have voluntarily chosen to connect them into one giant internetwork via WAN links. While individual networks and nodes may have private (unroutable) addresses (as described in RFC 1918), any node that can accept connections from anywhere on the Internet must have a public IP address.

Now we can define the various (upper case “I”) Internets. You can think of these as Internet generations (1G, 2G, 3G), like with cellphones. As with cellphones, there are some period of overlap or co-existence, but eventually the older generation Internets are shut down, much like 2G phones are no longer working in some countries.

The First Internet (AKA ARPANET). Active from 1969 to 1982, primarily in the US. Nodes were mostly large multi-user computers at academic institutions, research companies, and government sites (many in the military). Funded and coordinated by ARPA (Advanced Research Projects Agency). The foundation protocol was not any version of IP (Internet Protocol) but a simpler protocol called the Host-Host protocol (or colloquially NCP, for Network Control Program). NCP had 8 bit node addresses, for a maximum of 256 nodes. ARPANET began with 4 nodes in 1969, and grew to over 200 nodes in 1982. The 1G Internet supported WAN links (including a few to Europe), but all nodes shared a single monolithic address space. Very few people ever had access to this Internet (maybe tens of thousands?). Most of the First Internet nodes changed to IPv4 on 1 Jan 1983, but the last part of the First Internet was officially decommissioned in 1990.

The Second Internet (based on IPv4). This went live on 1 Jan 1983. IPv4 has 32 bit node addresses (theoretical maximum 4.3 billion nodes, but only part of the address space is available for assignment to nodes – some was reserved for multicast, some for experimentation and some for other purposes, e.g. private addresses). An IPv4 address is represented with four groups of decimal numbers from 0 to 255, separated by periods (“dotted decimal”), e.g. 123.45.67.89. From 1983 to the mid 1990s there was a single flat address space (all nodes had “public” or routable IPv4 addresses).

Due to lack of sufficient public addresses to continue the rapid growth at this time, in the mid 1990s, the IETF deployed NAT (Network Address Translation) and addresses for private internets (RFC 1918). This created a two level address scheme, similar to extensions behind a telephone PBX (Private Branch Exchange). Most nodes connected to the Second Internet today have only private addresses. It is becoming quite difficult even for companies to obtain any new public IPv4 addresses. The well has run dry. I have one precious public IPv4 address on my home network (SIX in my office network!). I had to pay an extra SGD 50 to get the public address, and I can keep it so long as I have an account with MyRepublic. Chances are, if I give that one up, I will never be able to get another public IPv4 address (good marketing, eh?).

The public part of the Second Internet is a monolithic address space (any node with a public address). Due to insufficient public IPv4 addresses, since the mid 1990’s many nodes on The Internet are actually in “private internets” connected to The Public Second Internet via NAT (Network Address Translation) gateways. Such nodes can only make outgoing connections to public nodes elsewhere on The Second Internet. Anyone with only a private IPv4 address is very much a second class Netizen. More recently ISPs have been deploying one level of NAT at the ISP and a second level at your home or company (this is called CGN, or Carrier Grade NAT). If you are behind two layers of NAT, you are a third class netizen. Recently Interpol has begun asking for an end to CGN. CGN is the hacker’s and criminal’s friend.

The Third Internet (based on IPv6, RFC 2460). The first specification of IPv6 was in a set of 5 RFCs (1883 to 1887) issued in December 1995. Deployment of IPv6 has been very slow until recently. We are currently at approximately 25% to 40% deployment in most countries. The tipping point (50% traffic over IPv6) will probably happen sometime in 2018. IPv6 has 128 bit node addresses. This is not four times as many addresses as with IPv4, but 2 to the 96th times as many as the entire IPv4 address space. That is 3.4E+38, or written out: 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses. There are literally enough public addresses this time around for every potential inhabitant of every exoplanet around every star in the picture above to have one. But we’d better find a Faster Than Light way to send packets, or the ping delay is going to be really huge.

With essentially unlimited public addresses, there is no need at all for NAT on the Third Internet. Everyone can have as many public addresses as they want (there is something like private addresses in IPv6 called Unique Local Addresses, but those are for special situations – not to be given to all users). This restores the monolithic (single level) address space of the early Second Internet. In theory any IPv6 node on Earth can connect to any other IPv6 node on Earth (if not blocked by router controls). This allows totally new ways to connect, including very decentralized designs. The current Second Internet situation has led to centralized servers with thousands or millions of users. These are easy to attack or snoop on.