.if n .ds y + .if n .ds z ++ .if t .ds y \(dg .if t .ds z \(dd .ds a ``An Introduction to the Berkeley Network'' .ds b ``Network System Manual'' .TL The Berkeley Network \- A Retrospective .AU Eric Schmidt .AI Computer Science Division Department of Electrical Engineering and Computer Science University of California, Berkeley Berkeley, California 94720 .AB The Berkeley Network connects a number of .UX machines on the Berkeley campus. It provides facilities for file transfer, sending and reading mail, and remote printing. Operating in a batch mode, network requests are transferred one by one through an inter-connected network until they reach their final destination. .PP This document describes the history and goals of this project, the design decisions faced, discusses issues in portable software development in networks, and discusses the future of this project. .AE .SH .ce Introduction .sp .5 .PP This document is intended for readers with an interest in networking who are familiar with two other documents about the network, \*a, and the \*b, by this author. It is not necessary to read this document to set up and maintain the network, although systems persons will benefit if they are familiar with the concepts presented here. .PP The sections are presented as follows: .DS Principals History Overall System Description Protocol Explanation Portability Security Future Plans Summary .DE .PP The most important section is the last, which details a set of principles the author has learned during this project. .SH .ce .sp 1 Principals .sp .5 .PP This project was a collaboration of many individuals. Dr. Robert S. Fabry participated in the initial design and has exerted the strongest influence on polishing the final product. Bill Joy and Ed Gould provided valuable technical expertise every step of the way, primarily about developing systems programs. The support staff of the EECS Department and the Computer Center (Bob Kridle, Jeff Schreibman, Vance Vaughan, Robyn Allsman, and Ricki Blau) were involved in setting up and administering this multi-domain project. The lowest-level concepts the author used came from experience at \s-2XEROX PARC\s0, primarily from discussions with David Boggs, one of the \s-2ETHERNET\s0\*y designers. .FS \*y ``Ethernet: Distributed Packet Switching for Local Computer Networks'', by Robert Metcalfe and David Boggs, CACM, July 1976. .FE .SH .ce .sp 1 History .sp .5 .PP The network project can be divided into two distinct phases. The first, from January 1978 to May 1978 (4\(12 months) involved designing and implementing the network facilities now available. The second, from October 1978 to March 1979 (5 months), saw the addition of many more machines to the network with emphasis on portability, security, and minor design changes. The network has been in almost continuous service to users since May 1, 1978. .SH First Phase .PP An initial design was worked out with Dr. Fabry in January 1978. A suitable connection was made between the Computer Center ``A'' and ``Q'' machines (then called ``D''). .DS .cs R 24 A Q .cs R .DE .PP Development proceeded on two fronts \- a set of daemons were written to transfer files, using .UX pipes for debugging. The lowest-level protocols were designed and implemented of the terminal-type connection between A and Q. These were debugged using simple programs to send and receive packets, and a pair of programs to transfer a file from one to the other. This was the first experience with a distributed software development \- the Q machine is a DEC PDP-11/34 with no lineprinter, a non-standard tape drive, and terminal access only by telephone, so most development had to proceed on the A machine. .PP During this phase the goals of the project increased in scope. The implementor and only user had to use the network to transfer network source and worked out simple ways to automate this (the ``.netrc'' file is an example). .PP When it appeared usable by more than the implementor, the connection was changed to be between A and the Computer Center ``C'' machine: .DS .cs R 24 A C .cs R .DE .PP Up until now, the network had required an account on both machines. It became clear this was a handicap since the A machine had too many accounts and the password file was immense. Certain ``free'' commands were allowed, without an account. .PP The Cory machine was soon added to the network: .DS .cs R 24 Cory A C .cs R .DE .PP This produced major changes in the design \- initially we had assumed network users would have accounts on all machines. This was unreasonably strict and a solution (kludge) was worked out where a request was examined and forwarded through the queue(s) on the intermediate machine. The network became table-driven to accomplish the routing, and distributed software development became more difficult because of the increased number of machines. The implementor quickly discovered only one solution: Always have a designated source machine for all changes. To this day, software changes are made only on this ``source'' machine, the others are guaranteed to have copies. This makes remote updating (copying new versions around the network) possible. .PP Documentation was written and sent off to about fifteen faculty, staff, and graduate student users. A few bugs were fixed and the system frozen from the end of May to October. End of Phase 1. .SH Second Phase .PP While the implementor was away at a summer job, the connection between the A and C machines was switched to reduce the loading on the A machine: .DS .cs R 24 Cory C A .cs R .DE .PP Unknown to the implementor, the network source was modified in divergent and incompatible ways, and the commands were moved to a different place. These changes invalidated certain assumptions about full pathnames and some commands such as inter-machine mail stopped working. .PP The Computer Center had also made absolutely incompatible changes to some system calls. This began a path of software divergence that became very painful and is still not completely solved. .PP Fortunately, the Computer Center placed Robyn Allsman in charge of maintaining the network on their machines \- to lighten that routine part of the load from the implementor. .PP The Computer Center acquired a ``D'' machine, and the EECS Division a DEC VAX 11/780, running an experimental Version 7 .UX system. The implementor decided to use the (at this point) unused VAX to to do software development and incorporate the Version 7 changes into the network code. By this time, the protocols were stable which made it possible to run a Version 7 network on the VAX connected to the old Version 6 code on the existing network, to facilitate debugging. Because of improved terminal availability and better machine response, many new ways were used to debug the network \- using pipes, using TTY lines wired together on the VAX and over the usual machine-to-machine link. A file was added (``initfile'') which allowed quick reconfiguration of the daemons when system parameters were changed. A temporary connection between the VAX and C machines was arranged. .DS .cs R 24 VAX Cory C A .cs R .DE .PP The network code had to be able to run on three different types of machines \- the VAX running .UX Version 7, the Cory machine running Version 6, and the anomalous Computer Center machines. There was no conversion package available at the time,\*y .FS \*y The ``retrofit'' library, by Bill Joy, is now available. .FE and the old network code had not used any system header files, so after a great deal of experimentation, conditional compilation was used as much as possible and a procedural interface was used to elide system differences. .PP The new .UX command .I make (I) was used with a ``makefile'' to organize this regime. The old network code was used to bootstrap the D machine onto a network running the new network code exclusively. .DS .cs R 24 VAX Cory C A D .cs R .DE .PP Shortly thereafter, over the Christmas break, the VAX and Cory connections went down for security reasons (discussed in the ``Security'' section). After seven weeks, they reentered the network in a new configuration. .DS .cs R 24 Cory C D VAX A .cs R .tr -- .DE .PP Shortly after that, they were down again because of a lightning strike for another week but have been operational since then. During the last time period the network was made less Berkeley-specific and a copy was run on the Rand Corporation UNIX machines. Documentation was rewritten and prepared for release. The network queues were converted to send shortest-job first. Extensive monitoring of system load, network performance, and network use was added. The format of the .I netq command was changed to summarize more information on output. The E machine, and then later the Survey Research Center (SRC) machine, were added. .DS .cs R 24 A Cory C D VAX E SRC .cs R .DE .PP Tuning was still important \- serious overloading problems caused by sluggish response stopped the network between Cory and C for a week. Network parameters were tuned to help solve this problem. The complexity of software development and maintenance became too great for unstructured changes. Versions on all the machines except the VAX were frozen for a month at a time. The protocols were almost immutable. People were delegated responsibility to observe and straighten out, if necessary, problems with the net queues. .PP As this is written, the software is stable and the user-documentation is finished and being sold, and there is hope of adding more .UX machines to the network. .SH .ce .sp 1 Overall System Description .sp .5 .PP The Berkeley network operates in a batch/ request mode, and is similar in concept to a line printer queue. ``Requests'' are queued up at the source, where they are sent in shortest job first order through an interconnected network of machines to their destination. At each intermediate node, they are queued as if they were originated locally. .PP The network consists of a set of user-executed commands, a queue of requests to be sent, and a continuously-running program called a .I daemon which transmits requests in the queue and listens for any request being sent to it. There are many network commands \- one to send mail, one to read mail, one to copy files, etc. They all use the .I net command to access the network. The .I net command takes a command, assorted parameters, with any input data, and puts a request in the queue. These requests are composed of a header, the command to be executed, and any data for input to the command. The header contains network information such as the destination machine, login name, and password. This request is stored in the queue as a normal ASCII file, owned by the invoker. This way .UX commands can be used to examine the file. .PP The daemon examines the queue to see if there is anything to send. If so, it begins sending to a remote daemon, using a protocol to establish this dialog, involving retransmissions and timeouts. The remote daemon accepts the requests, parses the header information, and takes any data for the command and puts it in a file. The main loop of the daemon then returns to a waiting state. .PP The command execution is done by `forking' a series of processes. One of these is the user's login shell, which is given the command to execute. Another is a process which waits for the command to be executed, then examines the output of the command. The output is typically sent back to the user, via a .I net command, executed by the daemon. .PP In the reverse transmission, the command is called ``mwrite'', and it is routed and handled exactly as in the forward mode, except no password is required. The ``mwrite'' command is executed on the original machine with input data which is a copy of the output of the remote command. The user is either ``written'' or ``mailed'' to, depending on certain options. If ``written'', the user's screen is filled with the output\*y .FS \*y Standard output and standard error files. .FE of the command executed remotely, just as if he had executed it locally. Otherwise, it is in his mailbox, as mail from the remote account he used. The user's terminal must be write-able (see the .I mesg (I) option), the originating user must still be logged in, and he must not have logged off and on again. .PP The output from the command is preceded by a line of information listing the command, the time it was sent, and the time elapsed. .PP Our design then tries to simulate local .UX commands as much as possible. With defaults set correctly\*y .FS \*y With a ``.netrc'' file, see below. .FE the user in principle need only precede the command he is executing with the command .I net. .SH Copying Remote Files .PP The most frequent use of the network is file-transfer using the .I netcp command. The .I netcp command is based on the .I cp (I) command. Its two arguments are a source and destination file, optionally with remote machine names prepended: .DS \fBnetcp\fI\ \ from\-file\ \ to\-file\fR .DE where the names are local or remote. Since .DS Cory:/usr/pascal/sh .DE is a file on the Cory machine, .DS % netcp\ \ junk\ \ Cory:/usr/pascal/sh .DE will transfer the file ``junk'' to the named file on the Cory machine\*z. .FS \*z For more examples, see the \*a document. .FE .PP The way the transfer is accomplished depends on the type of file copy: .IP 1. Copy local file to remote file \- .br On the remote machine a .I cat (I) command is executed on the remote file with the local file as standard input. .IP 2. Copy remote file to local file \- .br A .I cat command is executed on the remote machine from the remote file to standard output. This standard output is sent back to the local machine into a .I response file, .R instead of being written or mailed to the user. .IP 3. Copy remote file to another remote file \- .br If both are on the same machine, a .I cp command is sent. Otherwise, a .I netcp command is sent to the remote machine where the .I from\-file exists, to copy that file to the \fIto\-file\fP's machine. .PP This last case is experimental. Unfortunately, the system is structured only to carry one login name and password to a remote machine. Since the last option involves three machines, the second remote machine is handled imperfectly at best. .SH Sending Mail .PP The .I mail (I) command on the network machines has been modified to examine the names of the recipients of a particular message. If their names have a remote prefix, .I mail executes an internal command ``sendmail'', which in turn executes a .I net command. This net command sends a mail command to the remote machine, with the message as input. Since the recipient would like to know which machine the message came from, a simple program ``mmail'' is executed to insert a pseudo-header indicating the real source of the mail. The net command logs in as user ``network'', so remote mail does not require an account on the destination machine. This facility has proven invaluable. .SH Reading Mail .PP The .I netmail command uses the .I net command to send a command to read mail for a specified user on a remote machine. Since the existing mail programs on different machines vary in their options, it was decided the only thing that would work on both .UX Version 6 and 7 systems was to copy the mail from the remote to the local machine. If the user subsequently logs in on the remote machine, his mail will be there, as if it were unread. An internal program ``prmail'' is used to copy the user's mail back to the local machine. It knows the location of the mailboxes and the user's name. .PP The mail programs at Berkeley are being modified to search a database to see whether a user would like to receive all his mail on another machine and automatically forward it. This will diminish the need for the .I netmail command. .SH Printing on remote lineprinters .PP The .I netlpr command takes a list of arguments as files to be printed on a remote lineprinter. Unfortunately, there can only be one standard input file for the remote command, so each file is sent as a .I net command executing the command .I lpr. .SH Other System Components .sp .5 .LP The ``.netrc'' file. .PP A user must specify defaults for frequently repeated options on a per-machine basis. This is done in a file ``.netrc'' in the user's login directory, and is fully described in the \*a. .sp .5 .LP The .I netq command. .PP To see the network queue, the user must type the .I netq command. It lists the queue for each directly-connected machine, in the order requests will be sent. Each request is listed, one per line, giving the local and remote machines, the destination machine, the time sent, and the command to be executed. Commands which are internal to the network are called ``responses'' in the .I netq listing. .sp .5 .LP The .I netrm command. .PP Requests may be removed from the send queue using the .I netrm command. Since the originator of the file owns the queue file, a simple user-id check suffices to validate permission. Unfortunately, this notion breaks down for queue files of requests on intermediate machines. On such a machine an appropriate user does not exist, and the files are owned by ``root''. There is an option to .I netrm to remove all the user's queue files, to make .I netrm easier to use. .sp .5 .LP The .I netlog command and other information. .PP A number of log files are kept by the network. Users may execute a .I netlog command which prints the last few entries of a log of commands sent and received. Also listed is the user, the time of the entry, and the return code of the command. .PP A more unreadable logfile is `/usr/net/plogfile?'. This log file has all the information of .I netlog, in a more cryptic form, along with trace information about net errors. The beginning and ending of sending and receiving are noted. This way the exact state of the network can be determined. .PP Hourly and daily statistics in a file `/usr/net/netstat?'. The number of bytes transmitted, the number of commands, and a breakdown of their type, and system load is recorded. This information is recorded in both hourly and daily form to track the performance of the network under different system loads. .PP Every hour, a .I netq command is executed and the number of queue entries is recorded in a file `/usr/net/netqstats'. This gives an estimate of the queue length. .PP Finally, the login names of each local user are recorded in a file `/usr/net/usernames'. Periodically, these names are sorted and duplicates removed. This gives a complete listing of network users, useful for sending network-specific mail and for general interest. .SH .sp 1 .ce Protocol Explanation .sp .5 .PP The network uses three distinct levels of protocol. The highest level of protocol (the ``command'' protocol) refers to the organization of the information sent to the remote machine. An intermediate level splits such a stream into distinct numbered packets with a small header in each packet. The lowest level refers to the appearance of these packets on the hardware connection. At the present, this is a modified 6-bit ASCII code. Each of these layers is distinct, and presents the interface through procedure calls. .SH The Command Protocol .PP Each machine sends a request using a precise command protocol involving a header, the command, and any associated data. .TS center allbox; l l l l. length header command ... data ... .TE All but the length field is formatted by the .I net command before the file is queued for transmission. The length is used to detect abnormally short, and poorly-formed, requests. The header includes all the information to route and verify the request. It includes .RS .IP a) the origin and destination machines, .IP b) the login names on both machines, .IP c) a version stamp for this command protocol, .IP d) the time sent, .IP e) information about the originating terminal, and .IP f) the pseudo-command. .RE .PP The pseudo-command is read by .I netq, and instead of printing the actual command being executed, prints something more appropriate. All the commands which use .I net (e.g. .I netcp) use the pseudo-command to list themselves rather than the command they are executing on the remote machine. .PP In order to be able to print the data on a normal .UX terminal for debugging, the fields within the header are variable-length ASCII, separated by colons (`:'). This forces the daemon to parse the header information and requires that literal colons (e.g. in the command being sent) be properly escaped within the protocol, but I felt the alternatives of using byte counts or fixed-length fields were too difficult to debug. The shortest header is approximately 85 bytes. Fortunately, this means the shortest command will fit into a single packet.\*y .FS \*y (less than 100 bytes, see below). .FE .SH The Packet Protocol .PP The above information is conveyed to each machine as a stream. This is done using subroutine calls to read and write data of arbitrary length over the link. The write procedure breaks the information into a set of numbered packets, with a length and exclusive-or check-sum in a header: .TS center allbox; l l l l l. length seqnum type chksum ... data ... .TE .PP The length, type and checksum are one byte each, and the sequence number is two bytes. Since the packets are variable length the checksum is in the header rather than at the end of the packet to avoid the extra computation required to access it. .PP Each packet is transmitted over a link to a listener. Normally an acknowledgement packet is sent back. If there is an error, nothing is sent back, and the sending end will retransmit after a certain number of seconds. .PP There are no windowing or piggyback acknowledgements for two reasons: 1) this scheme is very simple to implement and 2) the error rate if each packet were not acknowledged would be high because of the hardware involved. If the future, I hope that both hardware and kernel device drivers will allow this improvement. .PP The so-called ``rendezvous'' protocol, whereby two daemons agree to communicate, is a simple ``contention'' scheme. When one daemon wants to transmit, it sends a special packet ``reset'' to the possible receiver, then transmits his first packet. Normally a daemon able to receive listens for a ``reset''. If it receives one, it enters a section of code designed to receive a header command, and data, and ultimately will execute it. If not, after a prescribed time interval is checks to see if there are any requests to send. Should both send at once, the characters may be garbled, or both may receive resets at the same time. In each case they both will retransmit. Each has a randomizing factor to break any ties which might develop. .PP In retrospect, this protocol is very primitive. Now that the network is in production use, the extra acknowledgements and separate ``reset'' are too expensive. A redesign would modify the protocol to transmit more than one packet before acknowledging it (ACKs), use negative ACKs to indicate immediately that an error has occurred, and eliminate the separate ``reset'' entirely. .PP The ``rendezvous'' protocol consumes a fair amount of time when both daemons choose to send packets. The alternative of constantly sending status packets when the daemons would be idle was never seriously considered because it was felt that the daemon should have as light a system load as possible; it seems now the daemons are busy most of the time and thus the initial connection tradeoffs should have been studied more closely. .SH The Low-Level Protocol .PP The network transmits over TTY lines through terminal interfaces and system drivers which behave as if the characters coming from another machine are from a terminal. This mode was chosen because it is absolutely the simplest, cheapest interconnection scheme possible. Unfortunately, the .UX terminal drivers cannot accept 8-bit bytes unless they are in .I raw mode. This was judged to be a high system load, so the TTY lines operate in .I cooked, the reverse of .I raw, mode. In this mode certain bit combinations, e.g. ASCII newline and escape, do not transmit through the terminal driver to the user's program but rather are interpreted as control information. .PP After much experimentation, the following transmission method was chosen. Each 3 byte triple is viewed as 24 bits, and broken into 4 6-bit groups. Each 6-bit number is in the range 0-63, and is added to a constant representing the lowest acceptable character code (a blank) in the ASCII sequence. This is sent as an ASCII character to a receiver who gathers 4 bytes, subtracts the increment, and shifts the 4 6-bit groups into 3 bytes. This represents a 3 to 4 expansion of all characters over the link, or a 33% loss of bandwidth. .PP In retrospect, this expansion has a considerable cost. The most scarce resource in the network is the actual hardware speed of the links. The alternative of using raw mode was never seriously considered. .PP The implementor's hope is that better hardware will make better middle- and lower-level protocols easier. Until then, the difficulties of using TTY lines efficiently make further protocol improvements unlikely to yield big increases in speed. .SH A Note About Features this Protocol Lacks .PP In .UX a process may only read or write one I/O device at a time. A daemon approach requires a single process reading and writing on a link to another machine. This process must decide who will receive this packet. I judged (correctly) that this decision was hard to schedule using .UX pipes and signals, and only allow one kind of communication between daemons. This also makes it almost impossible to forward packets through intermediate machines. Thus intermediate machines copy whole requests before sending them again. .PP If the design specification required a simple packet-oriented driver within the system, the .UX kernel could decide which of several special files this was destined to, and allow much more intermixing of traffic than before. I did not realize the importance of this and, in retrospect, would have chosen the other of the two approaches. .SH .sp 1 .ce Portability .sp .5 .PP The acquisition of VAX/UNIX (Version 7) and the divergence of the Computer Center and Cory Hall Version 6 systems made the portability of the network source code important. Until then, the source code on all machines was identical. Fortunately, the .UX implementors encountered these same problems and developed a number of facilities the network now uses. .PP Since many system calls use machine and version dependent data fields, so-called ``include'' files are available to hide the system differences and help standardize the system interface. The conditional compilation feature of the C language was used to select which kinds of code to generate, when the ``include'' files were not sufficient. Roughly, the following command included at the beginning of each C module: .DS # include .DE would define which system, by name, the code was run on. For example, the above defines ``VAX'' on the VAX machine, and then lines such as .DS # ifdef VAX . . # endif .DE control the code generated. In the network, sequences such as this in turn define other sequences, such as .DS # ifdef \s-2CORY\s0 # define \s-2FUID\s0 # define \s-2OLDTTY\s0 # define \s-2PASSWDF\s0 # endif .DE defines the unusual features of the Cory machine: the combined user-id and group-id returned by the .I getuid() system call, that it uses the old 1-character terminal names, and that it has a split password file for security reasons. Each of these symbols, e.g. ``FUID'', is tested in order to compile the correct code for that feature. .PP To help in isolating the changes, attempts were made to create a procedural interface to hide machines differences. These procedures are all in one file. Only one or two cases exist of conditional sections of code not in ``mach.c'' or ``mach.h'', its header file. .PP One problem these features pose is testing changes \- the conditional sections hide errors in inapplicable code. A regimen was adopted: Testing was first done on the VAX (Version 7), then, after it was stable for a few days, moved to Cory, where typically there was some Version 6-dependent error, and after that was fixed and stable, it was moved to the Computer Center machines. This notion of a ``testing'' machine is very important \- the VAX always has an up-to-date copy of the network source, even though other machines may lag in improvements. .PP There is now a ``retrofit library'' that simulates many of the features ``mach.c'' provides. It was not stable enough when the network was converted to Version 7, otherwise I would have used it. .PP At this point, when the entire source for the software for the network is transferred between machines only the first five lines of the ``makefile'' need be changed. .SH .sp 1 .ce .sp .5 Security .PP Over Christmas vacation of 1978, a 15-year old high school student repeatedly broke into the Computer Center and Cory machines. He was able to use the network to gain access to privileged files on the VAX, and the fear of protection ``holes'' caused the staff to take the network down for seven weeks. .PP There were two security problems posed by the network: .RS .IP 1. The threat to the ``root'' account on another system. .IP 2. The threat to a user's remote accounts. .RE .NH 0 Threat to ``root'' .PP Originally the network would allow a user logged in as ``root'' on one machine to execute any command as ``root'' on another network machine. As far as we know, this feature was never used to break into a system. However, the network has been changed to prevent a user from logging in as ``root'' on another machine, regardless of the password. This check is performed on the sending machine. Since ``root'' could conceivably circumvent this check by altering the command, the receiving end of a command checks the user-id of all commands being executed. If it is zero (i.e. ``root'') only a set of five commands is allowed, all needed by the network internally, and believed ``safe''. .PP We believe this makes the network ``safer'' than many local machine features such as the use of dial-up lines. .NH Threat to user's remote accounts. .PP If a user places remote passwords in his ``.netrc'' file, an illicit superuser could get the password to all the user's remote accounts. Even if the user does not care, system managers dislike this because the illicit superuser could now use a legal account on another system to break into it. .PP We have no good solutions to this. Users are now warned of this danger in the documentation, and a ``.netrc'' file with passwords must be readable only by the owner of the file. .PP Various solutions have been proposed: .RS .IP a) Disallow passwords in ``.netrc'' files. .br Unfortunately, heavy network users would have to repeatedly type their password. .IP b) Encrypt the ``.netrc'' file. .br A program would have to exist to decrypt the file. A superuser could get access to whatever key technique that program used, if it were on the local machine. A public-key encryption scheme would make this option possible. We decided it was too much work to implement this. .IP c) Once-a-session passwords. .br In this scheme, a user would register his password when he logged in, then use the network without needing to type in a password. When he logged off, the password would be removed. We discarded this because we could not guarantee the password would disappear unless we wrote a daemon, which itself could be compromised. The best solution along this line uses the ``alias'' feature of the C shell. Each net command is aliased with itself and the \fB\-l\fP, \fB\-p\fP options. When the user logs in, he sets a shell variable to his password. When he logs off, his shell dies and the passwords are forgotten. .RE .PP I believe the current alternatives are sufficient for a conscientious user to protect himself and still have an easy-to-use network interface. .SH .sp 1 .ce Future Plans .sp .5 .NH 0 Hardware .PP The net has suffered with low speed hardware. Short-term plans include speeding up the current terminal interface hardware from 1200 Baud to 9600 Baud and writing a driver for the device to bypass the internal .UX character queues. This driver will improve the reliability of transmission and decrease the character interrupt overhead. The speedup from 1200 Baud to 9600 Baud may overload the systems due to the number of hardware interrupts it causes. .PP In the longer term, the EECS Department is considering acquiring direct-memory-access (DMA) devices such as the Logical Network Interface (LNI) or the Digital Corp. DMC-11 links for high-speed transmission. These devices are capable of over 1-megabit speeds, and would increase the speed of the current network by factors of hundreds. .NH Adding More Machines to the Network .PP The \s-2INGRES\s0 Research group and various other research units within the EECS department have expressed interest in being added to the network. .NH Remote Use of the Typesetter Facilities .PP The Computer Center A machine has a Graphics Systems phototypesetter and the VAX Research machine has a Versatec 36'' dot-matrix plotter with a .I troff simulator. Software now being debugged will allow remote use of the typesetter by running the .I troff program locally and sending the typesetter device codes to the remote machine. .PP This will distribute the typesetting load and help overloading on the A and VAX machines. It will also allow the use of .I troff macro packages only available on some machines. .NH Remote Mail Forwarding .PP The .UX mail programs will be modified to forward mail to another account on another machine, allowing a user with accounts on many machines to read it all on one designated machine. .SH .sp 1 .ce Summary Points .sp .5 .PP The author would like to stress these points about his experience: .IP 1. Success in building networking software depends on having ready access to the correct hardware. The minimum is two terminals connected to two usable machines with two magnetic tape drives or some other existing means of software transfer. .IP 2. Design in portability and security. More careful attention to machine dependence and security in the first phase would have saved much later re-programming. .IP 3. Develop good local debugging techniques. The ``self-loop'' trick for network debugging depends on the accuracy of that simulation. .UX pipes, for example, were not sufficient to simulate TTY lines because TTY lines are 7-bits with a restricted ASCII range. .IP 4. Encourage users to use the system. Their feed back is important. However, it is necessary to have an unused network link for new protocol development, etc. .IP 5. There is a fine line between support of an existing network and research. In the best of all possible worlds, support of research-developed software would be the responsibility of the systems staff for the machines it runs on. This is seldom the case. .IP 6. The concept of layers of networks was very helpful in this project. There appear to be these levels: .DS L .ce 99 .ls 2 .sp 2 user interface queues and daemons command protocol packet protocol transmission protocol teletype lines .sp 2 .ls 1 .ce 0 .DE These levels are quite distinct. If a new, better network not involving queues is built, the transfer of files could still be by .I netcp. If state-of-the-art link hardware is used, perhaps all of the levels below the command protocol could be discarded. .IP 7. The chief virtue of the current system is its extreme flexibility and low start-up costs. No modifications to the .UX kernel are required and all local features are conditionally specified in a header file. .IP 8. Networks are hard to build because .RS .IP a) They involve mutually-cooperating copies of software on (usually) differing computers. .IP b) Many options are not practical because of compatibility considerations \- new networks need drivers in unchangeable systems, and new protocols have to accept the old protocols until the old protocols are extinct. .RE