The architectural stability of the Internet was crucial in fostering the development of new applications and networking technologies by giving the former a stable base upon which to build and giving the latter a fixed set of requirements to support. However, in recent years this architectural stability has become a liability, as there are areas of increasing importance ? most notably inadequate support of security and availability, lack of adequate mechanisms for privacy, mobility, middleboxes, and data-oriented functionality ? where the original Internet architecture falls short. The persistence of the Internet's architectural deficiencies is not because they are intellectually intractable, but because they are beyond the reach of incrementally deployable changes. Based on this observation, the research team takes a different approach than recent clean-slate designs, focusing not on a new fixed architecture but instead on providing a platform to enable architectural innovation through incrementally deployable changes, without massive disruption in the infrastructure.
In this research project, the research team focuses on the ?hardware-defined functionality? challenge and proposes a ?platform for innovation? that allows the network infrastructure to support new architectures without changes to the underlying hardware. In particular, this approach will enable forwarding hardware to support a wide range of alternative designs. In addition, so that changes can be introduced alongside the current design, hardware will also be able to support multiple designs simultaneously.
The proposed platform will use a newly developed paradigm called Software-Defined Networks (SDN), currently embodied in the OpenFlow and NOX projects. OpenFlow is an open hardware forwarding interface. NOX is an open-source software platform that provides global abstractions to network management software and in turn communicates the decisions made by this software to the individual forwarding boxes. This effort will provide a solid foundation for more general SDN designs that are open, comprehensive and can meet long-term needs.
The research team will also explore and demonstrate applicability of the SDN approach including abstractions and programming model for different domains of network use. These include enterprise, WAN, home, and wireless. To demonstrate the ability of the proposed platform to support innovation in radically new network mechanisms, the research team will deploy prototype novel architectures on SDN.
If successful, the proposed approach would allow the use of known approaches and design proposals currently available in the literature to address many of the Internet's current problems, as these solutions would be incrementally deployable, without major disruption to the underlying infrastructure. Furthermore, current commercial efforts to address Internet?s deficiencies are disjointed, proprietary, and tailored for short-term needs. The next generation of SDN technology provides a solid basis for coordinated, long-term efforts to address critical needs in areas of security, mobility and support of content-centric application and services. More importantly, the proposed approach would allow the Internet to meet future requirements as they arise through incrementally deployable modifications, relieving network designers of the burden of predicting what these future requirements might be.
This project is studied new designs for computer networks that can be built on top of Software Defined Networks (SDN). SDN is a network architecture which enables more programmable networking. This project jump-started work in three areas in which SDN-style techniques increase the reliability and efficiency of networks. First, we developed a novel packet forwarding protocol which provides flexibility in the choice of paths through a network, yet allows packets to 'slip' around failures in the network with fast local re-routing. Slick Packets uses non-IP-style forwarding operations, and thus could be eased by interfaces like OpenFlow that provide richer functionality. Second, the project funded in part early work on Jellyfish, a novel data center network architecture. Industry experience indicates that the ability to incre- mentally expand data centers is essential. However, existing high-bandwidth network designs have rigid structure that interferes with incremental expansion. We developed Jellyfish, a high-capacity network interconnect which, by adopting a random graph topology, yields itself naturally to incremental expansion. Somewhat surprisingly, Jellyfish is more cost-efficient than a fat-tree, supporting as many as 25% more servers at full capacity using the same equipment at the scale of a few thousand nodes, and this advantage improves with scale. However, Jellyfish’s unstructured design brought new challenges, particularly in routing, where a greater diversity of paths were necessary to exploit the potential of high throughput in Jellyfish's unstructured network design. Here, we employed SDN's centralized control to optimize routing. Third, the project initiated development of a technique we call data plane verification, which helps network operators ensure security and correctness of networks. For example, operators can rigorously verify whether their network is behaving as expected, such as by making sure that every packet passes through a firewall, or that virtual networks are properly isolated. Our first system, Anteater, scanned a static snapshot of a network. Our second system, Veriflow, checks SDNs in real time as each update to the data plane is inserted into the network. Veriflow's operation is made much simpler by the logically-centralized management architecture of SDN; and both Veriflow and Anteater benefit from the fact that SDN provides a standardized data plane interface. This work led to a best paper award, the discovery of numerous vulnerabilities in real-world deployed networks, and two small businesses building products based on our approach.
