TheNEBULAFutureInternetArchitecture:AResearchAgenda

1

AComprehensiveArchitecture

•  NEBULAisanarchitectureforthecloud‐basedfutureInternet– Cloudis1960scompu*ngu*lity

– Requiresanewkindofnet•  Keygoals– Moresecureandreliable

– Deployableandevolvable– Trulycleanslate– Co‐designTech,EconandPolicy!

IMP

FrontandBack,CRS‐12

• MonitorfoodintakeaseaRng– Photosoffood,menu…

• Monitorexercisewithdeviceorvideo(Kinect???)

• MonitormedsandcondiRons– aXereverycheckup,etc.

•  Cloudprovidesadailyreport– RecommendaRons– MedicaRonreminders

•  Sci‐fi?Justbarely…

DieRcian,Coach,Nurse,…incloud

•  HealthinfoisconfidenRal;routes?

•  Real‐Rmemedical;consistentlatencyandbandwidth,highreliability

•  Diagnoses,advice,dosages?•  Network&systemarchitectsneedintrospecRontools– A_acks,performancebo_lenecks,…

What’smissingfromthisstory?

NEBULA:ANetworkArchitecturetoEnableSecurity

NVENT‐NEBULAVirtualandExtensibleNetworkingTechniques–extensiblecontrolplane(extensibility+policy)

NCore–NEBULACore–redundantlyconnectedhigh‐availabilityrouters(availability)

NDP–NEBULADataPlane–distributedpathestablishmentandpolicyenforcement

5

• Manystakeholders:senders,receivers,transitproviders,edgeproviders,middleboxes,…

•  Eachhasmanypolicy‐andsecurity‐relatedgoals

scrubbingservice

•  Each stakeholder has their own concerns!!!

WhoshouldcontrolcommunicaRons?Whatshouldtheycontrol?

6

Whatarethetechnicalchallenges?•  Lefngthecontrolplanespecifyarbitrarypolicies– Requiresnewinterfacebetweencontrol/dataplanes

•  Enforcingpolicydecisionsinthedataplane– RequiresnewpacketauthenRcaRontechniques

•  DelegaRngpolicydecisions

•  BootstrappingandmigraRon

7

Whatshouldbethecontrol/dataplaneinterface?

General-purpose servers

other stuff

•  Policydecisionsneedtobepriortopacketflow•  Somovepolicyfromrouterstoevolvableservers

•  Serverscandelegateorabdicatetheircontrol

•  Enablesnewproviderbusinessmodels(selltransittoanyone)

payload

8

Enforcingpolicyathighspeed?•  Dataplanemustcheckthatpathisauthorized

•  Dataplanemustcheckthatpathwasfollowed

– Thisisahardtechnicalproblem

•  Statusquonotevenclose(BGPonlyadvisory)•  Targetenvironmentrulesoutprevioustechniques– Backbonespeedsprecludedigitalsignatures– FederatednatureofInternetprecludescentralrootoftrust,pre‐configuredsharedsecrets,etc.

9

NDPinanutshell•  Usecryptographyfor:•  Proofofconsent(PoC)–routeauthorized?•  Proofofpath(PoP)–routefollowed?

10

NDPisfeasible(frompriorworkofPIs):•  Spaceoverhead?

– Averageheader:~250bytes– Averagepacketsize:~1300bytes[CAIDA]– So,totaloverhead:~20%morespace

• Whatisthehardwarecost?

– NetFPGAgatecounts:13.4M(IPis8.7M)

– NetFPGAforwardingspeed:~80%ofIP– ComparisontosimpleIPingates/(Gbits/sec):~2x

R0 R1 R2 R3 R4 M

24 bytes (ECC) 18 bytes

11

NDPResearchQuesRons:

• MustNDPrunonallpaths?•  Realmmanagement(roughlyAS‐like?)

• Mappingtointra‐domain/inter‐domain?– Economic/policyimplicaRons?

•  Public‐keyinfrastructurechallenges– RevocaRon,etc.

•  Controlofenforcement

12

NEBULAVirtualandExtensibleNetworkTechniques(NVENT)

• Securecontrolplanefornaming,pathexchange,etc.• Serviceaccess• NewserviceinjecRon• Generalizedpathdiscoveryforspecifyingpolicies,mulRplepathsanddynamicpathconstrucRonviaNDP

13

ApplicaRonInterface

ServiceDiscovery(Database)

NetworkServices

NDP(policy1)

IPV6

NDP(policy2)

request

paths

NVENTResearchQuesRons:

•  HowdoNVENTnodespeer?• WhatistherightdivisionbetweenrolesofNVENT:1)API,2)Policy/Consentserver,3)meansforintroducingandofferingnewservices/slicingupservices?

•  PolicyspecificaRonandmanagement?

•  (SoX)‐statemanagementversusdynamics?

•  Changesindynamicsifroutersmoreresilient?

14

Ncoreredundancy:paths

• Highavailabilityviaredundanthigh‐throughputlinks• Arou*ngcomplexfrommulRplechassis• SufficientcapacityforeasyVMreplicaRon/migraRon 15

Ncoreredundancy:soXware• High‐availabilityroutercontrolsoXware• IdeasfromdistributedsystemsandclustercompuRng

Fabric

LineCardA

LineCardK

LineCardF

LineCardG

Processi(LineCardB)

AvailabilityMiddleware

ResourceandFabricManagement

Processj(LineCardC)

Processm(LineCardK)

External(e.g.,OpenFlow)InternalOpenSourceInternalProprietary

16

NcoreResearchQuesRons:

• Whatarethescalabilitybarriers?• Whatarethetechnical/economictradeoffsamongredundancy:1)insiderouters,2)insidedatacentersand3)betweenrouters?

•  AlgorithmsandInterfacesforpathmanagement

•  InterfaceswithNDPandNVENT

17

NEBULAArchitecturalChoicesDesignGoal NEBULA

CommunicaRonmustconRnuedespitelossofnetworks,links,orgateways.

NEBULAusesmulRpledynamicallyallocatedpathsandreliabletransport.

Allowhosta_achmentandoperaRonwithalowlevelofeffort

NVENT/NDPisaseasytoautomateanduseasDHCP/IP.

SupportsecurecommunicaRon(authenRcaRon,authorizaRon,integrity,confidenRality)amongtrustednodes.

MutuallysuspiciousNDPnodesself‐selectpathsexhibiRngcryptographicproofsofproperResrequiredforsecurity.

Provideacost‐effecRvecommunicaRonsinfrastructure

Ncoreplacesresourceswherearchitecturallyneeded;regulatory/policyanalysis.

Implementnetworkanduserpolicies PoliciesimplementedwithNDPandNVENT.

Thearchitecturemustaccommodateavarietyofnetworks.

NDPsendspacketsbyencapsulaRon,NVENTnetworksbyvirtualizaRon

Thearchitecturemustpermitdistributedmanagementofitsresources.

NDPpathestablishmentdecentralized,NVENT

18

NEBULAResearchQuesRons:

•  CanwedesigntheoverallsystemforByzanRneFaults?– E.g.,anenRrenaRon’srouters“gobad”…

•  EconomicimplicaRonsfor(new?)industry?– CustomerdemandforNEBULAfeatures?

•  HowdoesNEBULAinteractwithregulatoryrequirements?

•  Nebulapolicies,versus,e.g.,NetNeutrality?

19

Acknowledgements

•  NEBULAissupportedbytheNaRonalScienceFoundaRonunderitsFutureInternetArchitectureprogram

•  NEBULAissupportedbyCiscoSystems

20

TheNEBULATeamTomAnderson

KenBirman

RobertBroberg

Ma_hewCaesar

DouglasComer

ChaseCo_on

MichaelFreedman

AndreasHaeberlen

ZackIves

ArvindKrishnamurthy

WilliamLehr

BoonThauLoo

DavidMazieres

AntonioNicolosi

JonathanSmith

IonStoica

RobbertvanRenesse

MichaelWalfish

HakimWeatherspoon

ChristopherYoo 21