TheNEBULAFutureInternetArchitecture:AResearchAgenda
1
AComprehensiveArchitecture
• NEBULAisanarchitectureforthecloud‐basedfutureInternet– Cloudis1960scompu*ngu*lity
– Requiresanewkindofnet• Keygoals– Moresecureandreliable
– Deployableandevolvable– Trulycleanslate– Co‐designTech,EconandPolicy!
IMP
FrontandBack,CRS‐12
• MonitorfoodintakeaseaRng– Photosoffood,menu…
• Monitorexercisewithdeviceorvideo(Kinect???)
• MonitormedsandcondiRons– aXereverycheckup,etc.
• Cloudprovidesadailyreport– RecommendaRons– MedicaRonreminders
• Sci‐fi?Justbarely…
DieRcian,Coach,Nurse,…incloud
• HealthinfoisconfidenRal;routes?
• Real‐Rmemedical;consistentlatencyandbandwidth,highreliability
• Diagnoses,advice,dosages?• Network&systemarchitectsneedintrospecRontools– A_acks,performancebo_lenecks,…
What’smissingfromthisstory?
NEBULA:ANetworkArchitecturetoEnableSecurity
NVENT‐NEBULAVirtualandExtensibleNetworkingTechniques–extensiblecontrolplane(extensibility+policy)
NCore–NEBULACore–redundantlyconnectedhigh‐availabilityrouters(availability)
NDP–NEBULADataPlane–distributedpathestablishmentandpolicyenforcement
5
• Manystakeholders:senders,receivers,transitproviders,edgeproviders,middleboxes,…
• Eachhasmanypolicy‐andsecurity‐relatedgoals
scrubbingservice
• Each stakeholder has their own concerns!!!
WhoshouldcontrolcommunicaRons?Whatshouldtheycontrol?
6
Whatarethetechnicalchallenges?• Lefngthecontrolplanespecifyarbitrarypolicies– Requiresnewinterfacebetweencontrol/dataplanes
• Enforcingpolicydecisionsinthedataplane– RequiresnewpacketauthenRcaRontechniques
• DelegaRngpolicydecisions
• BootstrappingandmigraRon
7
Whatshouldbethecontrol/dataplaneinterface?
General-purpose servers
other stuff
• Policydecisionsneedtobepriortopacketflow• Somovepolicyfromrouterstoevolvableservers
• Serverscandelegateorabdicatetheircontrol
• Enablesnewproviderbusinessmodels(selltransittoanyone)
payload
8
Enforcingpolicyathighspeed?• Dataplanemustcheckthatpathisauthorized
• Dataplanemustcheckthatpathwasfollowed
– Thisisahardtechnicalproblem
• Statusquonotevenclose(BGPonlyadvisory)• Targetenvironmentrulesoutprevioustechniques– Backbonespeedsprecludedigitalsignatures– FederatednatureofInternetprecludescentralrootoftrust,pre‐configuredsharedsecrets,etc.
9
NDPinanutshell• Usecryptographyfor:• Proofofconsent(PoC)–routeauthorized?• Proofofpath(PoP)–routefollowed?
10
NDPisfeasible(frompriorworkofPIs):• Spaceoverhead?
– Averageheader:~250bytes– Averagepacketsize:~1300bytes[CAIDA]– So,totaloverhead:~20%morespace
• Whatisthehardwarecost?
– NetFPGAgatecounts:13.4M(IPis8.7M)
– NetFPGAforwardingspeed:~80%ofIP– ComparisontosimpleIPingates/(Gbits/sec):~2x
R0 R1 R2 R3 R4 M
24 bytes (ECC) 18 bytes
11
NDPResearchQuesRons:
• MustNDPrunonallpaths?• Realmmanagement(roughlyAS‐like?)
• Mappingtointra‐domain/inter‐domain?– Economic/policyimplicaRons?
• Public‐keyinfrastructurechallenges– RevocaRon,etc.
• Controlofenforcement
12
NEBULAVirtualandExtensibleNetworkTechniques(NVENT)
• Securecontrolplanefornaming,pathexchange,etc.• Serviceaccess• NewserviceinjecRon• Generalizedpathdiscoveryforspecifyingpolicies,mulRplepathsanddynamicpathconstrucRonviaNDP
13
ApplicaRonInterface
ServiceDiscovery(Database)
NetworkServices
NDP(policy1)
IPV6
NDP(policy2)
request
paths
NVENTResearchQuesRons:
• HowdoNVENTnodespeer?• WhatistherightdivisionbetweenrolesofNVENT:1)API,2)Policy/Consentserver,3)meansforintroducingandofferingnewservices/slicingupservices?
• PolicyspecificaRonandmanagement?
• (SoX)‐statemanagementversusdynamics?
• Changesindynamicsifroutersmoreresilient?
14
Ncoreredundancy:paths
• Highavailabilityviaredundanthigh‐throughputlinks• Arou*ngcomplexfrommulRplechassis• SufficientcapacityforeasyVMreplicaRon/migraRon 15
Ncoreredundancy:soXware• High‐availabilityroutercontrolsoXware• IdeasfromdistributedsystemsandclustercompuRng
Fabric
LineCardA
LineCardK
LineCardF
LineCardG
Processi(LineCardB)
AvailabilityMiddleware
ResourceandFabricManagement
Processj(LineCardC)
Processm(LineCardK)
External(e.g.,OpenFlow)InternalOpenSourceInternalProprietary
16
NcoreResearchQuesRons:
• Whatarethescalabilitybarriers?• Whatarethetechnical/economictradeoffsamongredundancy:1)insiderouters,2)insidedatacentersand3)betweenrouters?
• AlgorithmsandInterfacesforpathmanagement
• InterfaceswithNDPandNVENT
17
NEBULAArchitecturalChoicesDesignGoal NEBULA
CommunicaRonmustconRnuedespitelossofnetworks,links,orgateways.
NEBULAusesmulRpledynamicallyallocatedpathsandreliabletransport.
Allowhosta_achmentandoperaRonwithalowlevelofeffort
NVENT/NDPisaseasytoautomateanduseasDHCP/IP.
SupportsecurecommunicaRon(authenRcaRon,authorizaRon,integrity,confidenRality)amongtrustednodes.
MutuallysuspiciousNDPnodesself‐selectpathsexhibiRngcryptographicproofsofproperResrequiredforsecurity.
Provideacost‐effecRvecommunicaRonsinfrastructure
Ncoreplacesresourceswherearchitecturallyneeded;regulatory/policyanalysis.
Implementnetworkanduserpolicies PoliciesimplementedwithNDPandNVENT.
Thearchitecturemustaccommodateavarietyofnetworks.
NDPsendspacketsbyencapsulaRon,NVENTnetworksbyvirtualizaRon
Thearchitecturemustpermitdistributedmanagementofitsresources.
NDPpathestablishmentdecentralized,NVENT
18
NEBULAResearchQuesRons:
• CanwedesigntheoverallsystemforByzanRneFaults?– E.g.,anenRrenaRon’srouters“gobad”…
• EconomicimplicaRonsfor(new?)industry?– CustomerdemandforNEBULAfeatures?
• HowdoesNEBULAinteractwithregulatoryrequirements?
• Nebulapolicies,versus,e.g.,NetNeutrality?
19
Acknowledgements
• NEBULAissupportedbytheNaRonalScienceFoundaRonunderitsFutureInternetArchitectureprogram
• NEBULAissupportedbyCiscoSystems
20
TheNEBULATeamTomAnderson
KenBirman
RobertBroberg
Ma_hewCaesar
DouglasComer
ChaseCo_on
MichaelFreedman
AndreasHaeberlen
ZackIves
ArvindKrishnamurthy
WilliamLehr
BoonThauLoo
DavidMazieres
AntonioNicolosi
JonathanSmith
IonStoica
RobbertvanRenesse
MichaelWalfish
HakimWeatherspoon
ChristopherYoo 21