Federation, Monarchy or Anarchy?
The Shape of the 21st Century Global Communications Network
It is becoming increasingly clear (if it had ever been in doubt) that 21st century communications will be significantly different from those of the 20th Century. Although wireline telecommunications has been in steady decline for at least a decade, old habits and technologies tend to persist until emergent technologies are fully established among the majority of users. Arguably, email and other textual communications methods have significantly supplanted telephony in specific scenarios; and mobile telephony is rapidly overtaking wireline telephony on almost every metric. However, the real-time modalities (i.e. voice, video, data collaboration, etc.) of unified communications (UC) are only now "crossing the chasm." Given that the advent of UC is bringing a significant shift in network topologies and communications vendors, this might be a good time to examine what might replace the familiar 20th century communications networks in coming decades.
Federation, Monarchy and Anarchy
While this paper is clearly about communication networks, the title alludes to three forms of governmental structure:
Monarchy being characterized by the centralization of autocratic power and is focused on self-perpetuation;
Federation being characterized by the devolution of power that is democratic in nature and accommodates local needs;
Anarchy being characterized by the absence of any effective government or legal system.
Clearly, federation is the more modern system that is implemented either constitutionally or is the de facto form of government for the majority of the world’s population, whereas monarchy is a system that variously fell into disuse as the needs and aspirations of the monarch’s subjects could no longer be fulfilled by that system and viable alternatives became available. Anarchy, on the other hand, has tended to exist only as a transitional state between one form of government and another.
From monopoly to oligopoly
Prior to the deregulation of telecommunications in many countries, the communications networks were deemed to be of strategic national importance and were therefore government owned monopolies: the so-called Postal, Telegraph and Telephone (PTT) services. Furthermore, until the 1980s, the nature of telephone network technology necessitated that phone companies be natural monopolies, as it was not economically possible for competing telephone networks and infrastructures to arise: thus telephony was provided by “communication monarchies.” However, as communications technology evolved it became possible (i.e. when spurred by deregulatory legislation) for various providers to share a single physical network by creating virtual networks. As new physical networks emerged (most notably cable networks) alternate providers found opportunities to compete with the newly deregulated PTTs. Nevertheless, it took huge amounts of capital to compete with the former PTT companies and they, or their successors, have typically maintained majority market share in most countries. Today landline communications are oligopolistic markets providing limited opportunities for business or consumers to negotiate price or service levels.
The emergence of the concept of communications federation
UC has provided the opportunity for a different model to emerge, that of communications federation. The notion of federation in communications technology comes from the internet where the routing and addressing of internet traffic is based on the Domain Name System (DNS) . When you enter a target domain name in your browser or click on a link, the browser uses DNS to resolve the domain name to an IP address in order to be able to route the web page request to the correct web server. Email addressing works the same way, but the IP address returned is for the destination email server. Like email messages, UC sessions are routed over IP networks: thus UC data packets (both signaling and media) transit the internet at the network/session layers directly from one domain to another without the intervention of service provider companies (at least in theory).
The opportunity of avoiding service provider toll charges for "phone calls" has driven the growth of internet telephony over the last decade, driving a significant proportion of consumer traffic to the "messenger clients" and giving rise to companies such as Vonage and Skype. UC federation uses the same technology to provide direct communications between businesses with lower costs and higher utility. As with self-hosted corporate email, UC federation presents some interesting opportunities and challenges.
The Advantages of Federation
The advantages of UC federation are:
1. Service providers are currently unable to carry inter-enterprise multi-modal UC communications (including video conferencing and data collaboration) over their core networks: therefore the only option for end-to-end UC is via federation.
2. It eliminates service provider charges as a layer of cost. The current fixed and variable costs for PRI trunk lines for telephony are artificially high, and this is driving the interest in so-called "SIP Trunks."
3. It adds the compelling value of presence exchange that better facilitates inter-enterprise interaction as it does within the UC-enabled enterprise.
4. It places more control over communications traffic in the hands of enterprise IT administrators (however, see Disadvantages below).
5. It arguably improves communication security by providing end-to-end encryption of signaling and media (however, see Disadvantages below).
The Disadvantages of Federation
The disadvantages of UC federation are:
1. Due to a lack of standards and, where standards exist, limited interoperability between UC vendor systems, federation is normally only available between enterprises with same-vendor compatible UC systems.
2. The responsibility for managing and troubleshooting federation connections lies with the enterprise IT Administrators. Maintaining a large "full mesh" federation network is certainly more costly than the "hub and spoke" model of the telephony network. (As with political devolution, with power comes responsibility.)
3. There is no global federation directory, therefore only business associates with a prior relationship can use federation links. Some people may consider this an advantage, not a disadvantage, i.e. not having to deal with unsolicited calls. However, the internet being what it is, federation directories will become available over the course of time.
4. The general notion of federation is fraught with security challenges that, with HTTP technology, is addressed by network edge elements (i.e. firewalls) and authentication/encryption (i.e. HTTPS). However, HTTP firewalls prevent the transmission of real-time data streams across the network boundary. Leaving firewall ports open for UC traffic is an unacceptable compromise of network security: therefore, UC federation can only be enabled by systems that have been designed with federation in mind. These systems typically deploy specific network edge elements that ensure network security and only allow authenticated traffic to pass. The next section will cover how federation can be made secure.
5. The internet is an unmanaged network with no service level agreements: this creates the possibility that the quality of service (QoS) of internet communications will be below acceptable levels for at least some of the time. (Bad QoS usually manifests itself to the user as the audio stream "breaking up" or a video picture freezing or displaying "glitches.") If multi-modal broadband communications become mainstream, then the bandwidth load being placed on the network would raise the possibility of bad QoS to a near certainty. Additionally, the lack of any clear directives or treaties covering so-called "net neutrality" opens the possibility of proprietary interests being implemented by internet service providers and this increases the probability of bad QoS (or no service at all) to an absolute certainty.
An Examination of Federation Implementations
As stated above, the challenges of interoperability and the maintenance of network security means that "open federation" is not currently available, in the same way that, for example, a Yahoo! Instant Messenger user cannot communicate with a Skype user. Therefore, the only inter-enterprise UC federation option is to communicate with business associates using the same UC technology: currently provided by Microsoft, Cisco and Skype.
Microsoft Lync Federation
Microsoft first deployed federation for instant messaging and presence with the shipment of Live Communications Server 2005 SP1: this enabled inter-enterprise federation and federation from the enterprise to AOL, Yahoo! and Windows Live services. In later releases (Office Communications Server and Lync) federation was expanded to encompass inter-enterprise multi-media federation and, most recently, between enterprise and Windows Live users.
The Microsoft federation implementation ensures network edge security via a transitive trust model; utilizing the public key infrastructure (PKI) with DNS and implementing MTLS. Once DNS has been used to locate the target domain, MTLS requires the edge servers at both enterprises to exchange digital certificates from a specific set of certificate authorities. A valid certificate exchange enables the establishment of an authenticated and encrypted SIP session between the enterprises which also establishes an encrypted media channel using SRTP. Network edge security is defined by the network administrator with 3 options for federation:
Disabling federation altogether;
Enabling federation for specifically allowed domains (e.g. with a specific business partner);
Enabling federation for any domain that can establish a valid MTLS connection.
Cisco Intercompany Media Engine
Cisco started to ship its version of federation in April 2010, with Unified CM 8.0 and the Intercompany Media Engine (IME). Interestingly, it diverges from the direct, managed federation model used by Microsoft by using the PSTN as an initial intermediary to establish credentials and a prior relationship between callers. This is to say that if Alice calls Bob (a business associate in another company) on the PSTN and both companies have deployed the required technology and both are members of the Cisco ViPRNet; then the IME is able to use this information to verify the relationship and store the address data in a distributed hash table (DHT): aka a "lookup table." When either caller makes a subsequent call, the IME routes the session directly over the internet, establishing an encrypted SIP and multi-media federation session in a similar manner to Microsoft. The advantage of IME over Lync is the minimization of administrator intervention; however the disadvantage is the requirement to make the initial PSTN phone call to establish the connection. Note that the connections have a limited life-time (to enhance security), so infrequent contacts may rarely benefit from federation connections.
"Peer to Peer" Networks
"Peer to Peer" (P2P) networks such as Skype are, in effect, federation networks. However, unlike UC networks which require significant server infrastructure, P2P systems are comprised mostly of soft clients or device endpoints which use IP address data stored locally or in adjacent clients to discover the address of the intended subscriber. This address data is stored in DHTs within the clients themselves and this provides the same function as DNS in SIP routing.
The process used for the address lookup is that if the local client doesn’t already know the address of the person being called, it will ask the other clients that it does have in its DHT. If they don’t have the address, they will pass the query on to their adjacent nodes, and so on until the address is resolved. The algorithms used to populate the distributed hash tables by the central service ensures an optimal distribution of addresses that minimizes the number of address resolution hand-offs. This design essentially reduces the need for network infrastructure to the bare minimum of provisioning services.
If simple consumer person-to-person communication is all that is required then, clearly, monolithic routing infrastructures are redundant. However, some of the more elaborate features that some telephony customers regard as ‘essential’ (e.g. call park and pickup) cannot be implemented without network infrastructures, whether hosted by a network operator or self-hosted by an enterprise.
Options for Future Networks
Clearinghouses – the compromise?
One conceptual model for a network intermediary that has been promoted and, in various guises, implemented is that of a UC "clearinghouse." A clearinghouse is an internet domiciled service provider that, like the telephony networks, would:
Address the "full mesh" network management challenge by providing a ‘hub and spoke’ network connection by offering a single upstream network that would manage the routing of all inbound and outbound traffic;
Intermediate between various vendor systems’ signaling and authentication implementations, thus addressing the standards/interoperability challenge;
Provide a federation directory that could implement privacy restrictions via customer managed access policies;
Mitigate the security risk by implementing robust network edge security.
The difference between a clearinghouse and a UC service provider is that the clearinghouse would only handle signaling; leaving the media to flow over the most direct internet route between the endpoints. This is a neat work-around to the challenge of handling huge volumes of media bandwidth within the clearinghouse network; however it does not address the QoS issue.
Federation and Cloud-Based UC
An intermediate step between clearinghouses and full service UC service providers would be for cloud UC service providers to offer federation connections between their network and a self-hosted enterprise UC system. This federation connection would be required in any case for the enterprise to be able to federate with the small and medium sized business customers of the cloud service provider. However, the enterprise would gain all the benefits of a clearinghouse from the cloud service provider as well as gaining access to various media oriented services (e.g. PSTN origination and termination, QoS, etc.) as well as leveraging any inter-network peering relationships that the cloud service offers.
Incumbents as UC service providers
While federation has its advantages, it also has its drawbacks (see above). One could make a case that incumbent network service providers could carry inter-enterprise UC traffic and that the value that they could provide would mitigate the disadvantages of UC federation while enhancing the advantages. One opportunity would be that, with their extensive network of customer relationships, the incumbents could provide the kind of UC enrichment services (e.g. federation directories and services targeted at industry verticals) that would justify the additional layer of cost.
However, as stated above, the traditional networks are not currently capable of carrying end-to-end UC sessions across their core networks. Many incumbents currently address UC via the provision of ‘SIP Trunks’ but, quite apart from the many other challenges of the SIP Trunk model, it currently only supports voice service as the voice session is transcoded to native PSTN protocols at the edge of the operator’s core network. For the incumbent providers to provide a service that would obviate the need for federation, they would have to implement a UC signaling infrastructure. Also, as market adoption grows, the amounts of bandwidth required to provide guaranteed QoS for wide-band UC sessions would grow exponentially.
Despite this, the incumbent service providers will inevitably consider themselves to be ideal candidates to operate 21st century UC networks, i.e. they currently:
Operate large chunks of the internet backbone;
Own all of the last mile networks (albeit that there now exists more than one option for many customers);
Have the ability to raise the required capital;
Have the customer relationships;
Already have relationships with government/regulatory bodies.
However, per above, the incumbents have been slow to react to the advent of the UC era and may have already missed the boat. Indeed, the process of deregulation has separated the communications equipment business from the network operations business, so the network operators do not own the next generation communications technology. The new communications innovators are not compelled to sell their technology exclusively to the incumbents; so new, more nimble, operators are already winning business away from the traditional operators. Inevitably, some communications technology companies (e.g. Microsoft) are considering becoming communications operators themselves, following the cloud computing model. However, other vendors (e.g. Cisco) prefer to sell their UC technology to the incumbent operators for them to host and manage.
The Implications of Federation
Whether or not UC federation becomes a broadly adopted communications technology, the implications of enterprises being capable of bilaterally deploying richer communications channels without involving network operators are profound:
How will the network operators be able to compete with federation, which offers a better communications service at a lower price? (Note that the current response is "SIP Trunking," which is wholly inadequate.)
If monolithic communications services become redundant, what new business model will allow the incumbents to continue to operate the "internet?" Furthermore, will the incumbents value-add be reduced to that of "bit carriers?"
How will governments recapture the regulatory high ground and lost tax revenue when faced with a technology movement (i.e. the internet) that evolves too quickly for legislators and regulators to keep up?
How will QoS be maintained on an unmanaged (and unregulated) internet if UC federation and broadband communications modalities gain widespread adoption?
If virtual network service providers (e.g. clearinghouses) are able to compete with network operators on their own networks, how will the network operators respond:
a. If net neutrality regulations are enacted?
b. If no net neutrality regulations are enacted?
The indications are that all of these scenarios are already starting to play out – the only question is how long these issues will take to be resolved and what will be the shape of communications networks for the remainder of the 21st century. Clearly there will be new business models, some of which have been discussed above and some of which we can’t currently envision (who could have predicted Amazon and eBay 20 years ago?).
Telecommunications has evolved from the monolithic networks created in the 19th century through to deregulation and subsequently to the creation of consumer-oriented internet phone companies (e.g. Vonage, Skype, etc.) in the early 2000s. Now with advent of UC and federation; communications innovation has become an unstoppable force which will shortly result in the complete disintermediation of the monolithic telephone operators. What takes their place, and how certain technical, business and governmental challenges will be addressed will be as interesting and exciting as the original creation of telephony itself. The alternative to the timely resolution of these challenges will be a period of communications anarchy where, as depicted in apocalyptic movies such as ‘Mad Max’ and ‘The Book of Eli’ it will be ‘every man (read vendor/operator) for themselves’ and "may the devil take the hindmost." The communications landscape that emerges is likely to be barely recognizable.
As to whether it will be another 150 years before the next communications revolution: I highly doubt it.
 The DNS system is under the governance of ICANN and IANA and the five Regional Internet Registries that apply IP routing policy in various parts of the world.
 In reality the apparent lack of a network intermediary in IP routing is a fairly abstract concept – since the ‘last mile’ networks; the internet backbone and the DNS system itself is owned or managed by various entities, many of which are for-profit organizations and some of which are the incumbent telephone companies.
 E.g. the voice and video features of the instant messenger services provided by AOL, Yahoo! and Microsoft.
 The topic of another paper.
 Note that multi-media federation is available between Microsoft Lync and Windows Live Messenger as well as between Avaya Aura and Skype. In both cases, these are the enterprise and consumer services of a single vendor (the ‘vendor’ in the latter case being Silverlake, a private equity fund that owns a significant stake in both firms).
 Connection to the consumer IM services required an additional license.
 Each UC client and the corresponding internal servers have a trust relationship enforced by certificate exchange and encrypted communication channels, as do the internal servers and the corresponding network edge servers. "A trusts B" and "B trusts C," therefore "A trusts C": this model is known appropriately as the transitive trust model.
 I have written a separate paper on the UC cloud service model, which can be found here.
 The topic of another future paper.
 The topic of yet another future paper.