Cloud computing provides economic advantages from shared resources, but security is a major risk for remote operations and a major barrier to the approach, with challenges for both hosts and the network. NEBULA is a potential future Internet architecture providing trustworthy networking for the emerging cloud computing model of always-available network services. NEBULA addresses many network security issues, including data availability with a new core architecture (NCore) based on redundant connections to and between NEBULA core routers, accountability and trust with a new policy-driven data plane (NDP), and extensibility with a new control plane (NVENT) that supports network virtualization, enabling results from other future Internet architectures to be incorporated in NEBULA. NEBULA?s data plane uses cryptographic tokens as demonstrable proofs that a path was both authorized and followed. The NEBULA control plane provides one or more authorized paths to NEBULA edge nodes; multiple paths provide reliability and load-balancing. The NEBULA core uses redundant high-speed paths between data centers and core routers, as well as fault-tolerant router software, for always-on core networking. The NEBULA architecture removes network (in) security as a prohibitive factor that would otherwise prevent the realization of many cloud computing applications, such as electronic health records and data from medical sensors. NEBULA will produce a working system that is deployable on core routers and is viable from both an economic and a regulatory perspective.
NEBULA is a future Internet architecture to provide greater security and availability to emerging cloud computing resources. Its architecture surrounds a highly-available and extensible core network interconnecting data centers with new trustworthy transit and access networks. To support NEBULA's focus on datacenter services and policy-compliant, resilient paths, we designed and built a new end-to-end service access layer (that sits on top of the traditional layer-3 network layer) and end-host network stack that supports its new abstractions. This stack provides a service end-point abstraction that enables service-level anycast with affinity. Applications communicate on opaque service names that ``late bind'' to a service instance using anycast, while maintaining affinity to the instance across mobility or changes over policy-compliant paths. Thus, the network stack and corresponding architecture, named Serval, shields applications from changes in both the set of processes offering a service and the current network address(es) of each instance. The Serval stack provides resilient network access for mobile, multi-homed clients. It includes the ability to use multiple interfaces (and paths) concurrently, either dynamically switching flows between paths or (in the future) supporting multi-path transport protocols that use multiple paths simultaneously for greater performance and fault-tolerance. As such, the Serval stack exposes NEBULA's focus on robust connectivity to the endpoints. It allows applications to transparently bind to service names, rather than remote endpoint attachment points, and provides the framework for user-space control of the end-point service routing table. The latter provides greater policy compliance through the choice and adaption of the underlying network connectivity and path selection. We also designed and built a flexible network resource management system for mobile devices, called Tango. Tango used Serval's capabilities to take advantage of multi-homing in a policy-compliant fashion. Tango, with its focus on edge device network resource management, plays an important role within the overall NEBULA architecture. After all, NEBULA's focus is on networking for reliable cloud computing, yet achieving such requires that we ensure reliable access both from the edge and within the network. We need to ensure that critical edge applications have sufficient and reliable network resources from the device, e.g., elder care or glucose monitoring applications are not interfered with by a music streaming app. In other words, even if we allocate paths in the network, we need to ensure that the edge device operating system extends that allocation to the appropriate application. Tango plays that role within the NEBULA architecture, and uses Serval to take advantage of dynamically-changing or multiple paths that may be available to edge devices.
