Continuing from where I left off in my conversation with Eliot Lear, I recently talked with Fred Baker, another Cisco standards expert, about the ins and outs of network standards development. Fred has been in the networking industry for over 30 years, and has held numerous positions within the IETF, one of the major Internet standards bodies. He chaired the organization from 1996-2001 and currently chairs the working group on IPv6 operations. Here, Fred answers my questions and gives us a sneak peek into how standards critical to the Internet and network technology are made.
Why are standards considered so important?
First and foremost, I think standards are important because they are things one can assume and then build on innovatively. Instead of every vendor having to start from scratch and build their own version of “how to email an attachment” or “how to move a file,” we can assume those things and innovate around capabilities and services that are really interesting and useful. Standards enable businesses to depend on some things being “basic” and “obvious” and move on to what is hard.
As an example, in 1990, the Cisco Router supported fourteen disjoint protocol architectures including XNS, Netware, Chaosnet, ISO connectionless networking, AppleTalk, DecNET IV, a list of others, and oh yes, IPv4. At the time, this was necessary since customers used a significant subset of these protocols. But the two big problems were that proprietary protocols didn’t talk to each other easily and they weren’t able to scale, and these shortcomings hindered business processes and collaboration. The world realized that standardizing around IP made a lot of sense because it worked in fairly large networks and allowed interoperability between separate companies. It shows just how far we’ve come that some people have a tough time fathoming just two protocols – IPv4 and IPv6 – when the landscape used to be much more complicated.
What makes a standard a standard?
Think of a true standard as an interoperability agreement. In some cases, proprietary technology available from exactly one vendor is touted as a “standard” simply because it was given a number from a third party organization. But published specifications aren’t necessarily standards. The real test is whether a technology has had multiple complete and separate implementations that interoperate. A standard is a standard when larger groups of participants have the chance to assess whether the technology is adequate, solves a common problem, and can be used widely out in the open.
Where do the organizations that decide standards derive their authority?
In networking, standards bodies fall broadly into two categories around the concept of authority – de jure and de facto. Historically, a lot of telephony standards have been built in governmental or international treaty organizations like the ITU-T. The Internet, however, is built on standards that are developed and used among consenting adults, called “de facto” standards. IETF (most things under the hood in the Internet, and some applications like mail and DNS), IEEE (many things, but notably LAN standards like WiFi and Ethernet), and W3C specifications (“how do you write a web page?”) fall in that category.
What are the different models used in these bodies to decide formal standards?
There are generally two models – voting and consensus. In voting organizations like the IEEE, ETSI, and the ITU, individuals or companies either vote for a draft standard or vote against and must offer a substantive comment on how the draft would need to be changed. In organizations like the IETF and the W3C, establishing rough consensus means that the group as a whole is willing to move forward and considers remaining objections to be noncritical. Not everyone agrees, but I’d say about 90-95% do in situations when standards efforts are successful.
Can you recall a time when a standards process went particularly smoothly? And a process that was very challenging?
When I worked at ACC, I took a Management Information Base (MIB) in use at the company and entered it into an Internet draft for review in the IETF. We had a birds of a feather meeting to see who would be interested in working on the project. A week later, we had 10-15 Internet drafts, and when we sat down to review them, we found they were largely similar. A fellow I had never met emailed me a compilation that contained all of the objects found in 70% or more of the submissions and one table that only one MIB had but was very useful, and it became RFC 2127. In this case, a good amount of overlap and agreement helped create a fast track to the MIB standard.
An example of the polar opposite is a security solution for IP first written in 1992. In 1999, one of the authors withdrew the draft, claiming infringement on personal ownership. An appeal within the organization sorted out the IPR issues, and IKE was published in 1998. The process lasted the better part of a decade.
What types of individuals and groups are involved in a standards effort you’re currently working on?
In IPv4/IPv6 translation, we have a collection of people from universities including Tsinghua and Madrid, customer networks including CERNET/CERNET2 and Orange FT Group, large companies including Microsoft and Cisco, small companies including Magma, Yokogawa, and Shinkuro, and individual consultants collaborating on the technology in a working group co-chaired by Dave Thaler of Microsoft and Dan Wing of Cisco.
How do they do it? Well, it starts out by leaving corporate credentials at the door and working in an open forum to achieve a shared vision. It’s largely about meeting customer needs, and often includes a customer in the team.
Have any other questions on standards? Drop us a comment, or stay tuned for more to come from other Cisco standards experts.