Cloud computing provides economic advantages from shared resources, but security is a major risk for remote operations and a major barrier to the approach, with challenges for both hosts and the network. NEBULA is a potential future Internet architecture providing trustworthy networking for the emerging cloud computing model of always-available network services. NEBULA addresses many network security issues, including data availability with a new core architecture (NCore) based on redundant connections to and between NEBULA core routers, accountability and trust with a new policy-driven data plane (NDP), and extensibility with a new control plane (NVENT) that supports network virtualization, enabling results from other future Internet architectures to be incorporated in NEBULA. NEBULA?s data plane uses cryptographic tokens as demonstrable proofs that a path was both authorized and followed. The NEBULA control plane provides one or more authorized paths to NEBULA edge nodes; multiple paths provide reliability and load-balancing. The NEBULA core uses redundant high-speed paths between data centers and core routers, as well as fault-tolerant router software, for always-on core networking. The NEBULA architecture removes network (in) security as a prohibitive factor that would otherwise prevent the realization of many cloud computing applications, such as electronic health records and data from medical sensors. NEBULA will produce a working system that is deployable on core routers and is viable from both an economic and a regulatory perspective.
The Nebula project was a multidisciplinary, multi-university networking research project focused on developing a trusted cloud services Future Internet Architecture (FIA). The Nebula-FIA was motivated by the recognition that today's Internet cannot adequately support important future requirements. These range from providing support for ambitious and demanding applications such as remote control of a diabetics insulin pump via the Internet to meeting scalability performance requirements for future core routers. Today's routers are pressing the boundaries between high-performance computing and high-speed networking. Scaling to still faster speeds and higher capacity core data transport links will require a distributed software operating system architecture for routers. To address this challenge, the Nebula team developed a three-part architecture comprised of a hyper-reliable core to provide the data plane infrastructure (NCORE); an end-to-end flow-based data service (NDP) to provide fine-grained control over trusted per-flow management; and a control plane (NVENT) to allow service providers who participate in the architecture to control their interactions. This architecture and the vision of Internet services it supports is a vision of a hyper-reliable cloud computing network that incorporates significant in-network support for security, reliability, computing, storage, and other enhanced functionality. Realization of this architecture poses significant challenges and opportunities for industry value chain economics and communications policymakers. The role of the economics and policy research agenda was to help the Nebula design team understand how its technical choices might interact with the larger societal and economic environment in which the Nebula-FIA is expected to live. This work was on-going during the life of the project and helped keep the project relevant and focused on real-world challenges. Two specific challenges that confront the Nebula architecture are the need to ensure a hyper-reliable core routing infrastructure and the challenges of ensuring incentives to participate so as to ensure end-to-end trustworthy service. The essential challenge is how to ensure reliability exceeding "5 9s" (or 99.999% availability) in a network where ownership and control over functionality is distributed across multiple service providers. This challenge may be decomposed into the policy challenges of managing ultra-reliability and resiliency in a cloud architecture, and the challenge of regulating network interconnection. The NCORE platform needs to be ultrareliable because it is expected to scale to handle large volumes of aggregate traffic that will include life-critical and latency sensitive applications like the insulin pump example mentioned earlier. The NCORE needs to simultaneously meet high performance standards while supporting vanishingly small tolerance for down time and system robustness and resiliency to unspecified attacks (Byzantine robustness). From a policy perspective, this means that enforcement needs to shift from outcome-based methods to input and process-based methods when reliability and the costs of outages becomes extremely high. Moreover, the Nebula architecture highlights the need for new metrics and methods for managing the performance of cloud applications in real time. A second critical challenge confronting the Nebula cloud architecture is how to support its functionality across interprovider domains. This remains an open question in the Internet economics and policy community. The Nebula architecture maps well to an industry structure where individual ISPs deploy the Nebula architecture within a single operator's network; however, ensuring interoperability and incentive compatibility to support interconnection across multiple Nebula-networks presumes a level of trust and the existence of SLAs that have proved difficult to implement in today's Internet. This is not a failing of the Nebula architecture. Rather it highlights a challenge confronting all of the FIA that seek to support seamless end-to-end connectivity and high-cost/high-value services across multiprovider networks. Because the Nebula architecture maps closely to existing Internet industry structure, it provides a good framework for evaluating the challenges for commercializing more complex interprovider interconnection and Service Level Agreements (SLAs). The light shed by this research contributes to current policy discussions over Internet governance and regulation.
