VeriSign's goal: Bump up internet bandwidth 1,000 times

CTO Ken Silva explains how the company will carry out Project Apollo, which aims to increase internet root server bandwidth to meet 4 quadrillion queries a day
Written by Tom Espiner, Contributor

To deal with the flow of information over the next 10 years, the capacity of the internet will need to increase by a factor of a thousand, according to US security company VeriSign. The company, which administers one of the root servers of the internet, has started a project to deal with the expected increase in bandwidth demand.

Project Apollo was announced by VeriSign in March, with the aim of strengthening the .com and .net domains. The company's chief technology officer Ken Silva talked to ZDNet UK to give details of how VeriSign plans to increase internet server bandwidth.

Q: Why was Project Apollo put in place?
A: Over the next decade, anything that informs or entertains will be connected to the network, delivering TV, telephony, video. We are seeing the genesis of digital entertainment. Every phone call will be made over the internet, as well as communications like GPS navigation data. We have to prepare the root zone for that much bandwidth.

[The US's] big infrastructure push is around the smart grid. The core power infrastructure will run across the network. [If bandwidth doesn't improve], we're not only talking about the internet [going down] — potentially, a doctor could be in the middle of surgery.

Looking forward to the next decade, even government private networks will become obsolete. The government will be running encrypted tunnels across the public net. It's going to be a tough challenge for any utility or corporation to justify a private network, when a public network exists that is reliable. Even Scada [supervisory control and data acquisition] systems will be over the public network. The [US] Department of Defense relies on private military communications, but they will still be tunnelled over a public network.

What is the current capacity for VeriSign's root server, and where will it be in 10 years' time?
We are prepared for 4 trillion queries per day, and we're doing 60 billion per day right now. We expect given the dynamics, we'll have to add 1,000 [times] to that capability. We're looking at a capacity of 4 quadrillion queries per day.

The most important number is the number of queries per second. Right now, we're cruising around 1 million queries per second, and it's not uncommon to have 4, 5 or 6 million queries per second, depending on whether we are under denial-of-service attack or anomalies like the death of Michael Jackson — that caused a big spike. In the 10 years I've been associated with VeriSign, we've added 10,000 [times] capacity, and it's a footrace to stay ahead of demand.

What details can you give about Project Apollo?
We're trying to be in more locations around the world, so those countries can continue to grow. We're starting to rely on the internet more. The incident where the undersea cables were cut caused much of India to fall off the map temporarily. If sites are up, all queries have to leave the country to come back, so we're putting the servers in countries including India, Brazil and Argentina.

Do you have any plans to put a server in Estonia, after the cyberattacks there?
Ultimately, we are going into Estonia and placing servers in that country.

Another aspect of Apollo is there is a lot of effort in the labs to...

...take the company to the next level. Some of our research is about trying to get the most out of our [processing] power. A fundamental challenge is that small packets take a lot of time to process more efficiently. If the request is "Where is AOL.com?", it's an interrupt. It takes the same amount of work to deal with a little packet as with a big packet.

What kinds of software have you built to deal with different packet sizes?
We don't have operational code, but we are getting there. We are working with academic institutions on what's next in networking.

DNSSEC will only work if everyone participates.

VeriSign is involved in the implementation of the secure DNSSEC protocol. What will DNSSEC mean for internet security?
DNSSEC as a rollout will be the most significant change to DNS since its creation. We're adding layers of security with DNSSEC.

At a high level, we've been working with other infrastructure providers. Carriers are doing everything they need to be doing. We're working with the largest carriers all over the world, and the largest router manufacturers. We've built an interoperability lab for DNSSEC. We set up the lab that allows companies to bring hardware and test their exact implementation of DNSSEC out on the internet.

Have any of the companies had any problems?
Practically, there have been some problems with firewalls, load-balancers and routers. Some pieces of gear had some challenges, and we're working to get updates for some of those.

The working interoperability lab is a year old. Companies will get the hang of DNSSEC. We don't expect the lab to run much more than a year or so.

Some security experts question the efficacy of DNSSEC.
DNSSEC will only work if everyone participates. For DNS to work it needs to be able to query a number of servers along the line. The likelihood of that happening soon is somewhere between not a chance and not much chance. If a lot of people don't do it right, it could be worse, but DNSSEC does add a layer of security.

Editorial standards