Cloud computing provides economic advantages from shared resources, but security is a major risk for remote operations and a major barrier to the approach, with challenges for both hosts and the network. NEBULA is a potential future Internet architecture providing trustworthy networking for the emerging cloud computing model of always-available network services. NEBULA addresses many network security issues, including data availability with a new core architecture (NCore) based on redundant connections to and between NEBULA core routers, accountability and trust with a new policy-driven data plane (NDP), and extensibility with a new control plane (NVENT) that supports network virtualization, enabling results from other future Internet architectures to be incorporated in NEBULA. NEBULA?s data plane uses cryptographic tokens as demonstrable proofs that a path was both authorized and followed. The NEBULA control plane provides one or more authorized paths to NEBULA edge nodes; multiple paths provide reliability and load-balancing. The NEBULA core uses redundant high-speed paths between data centers and core routers, as well as fault-tolerant router software, for always-on core networking. The NEBULA architecture removes network (in) security as a prohibitive factor that would otherwise prevent the realization of many cloud computing applications, such as electronic health records and data from medical sensors. NEBULA will produce a working system that is deployable on core routers and is viable from both an economic and a regulatory perspective.
The Nebula research project was a large, collaborative effort in which eighteen researchers from twelve institutions investigated a new Internet architecture that will support Cloud Computing. We began with the observation that the current Internet is designed to permit communication among a set of individual endpoints. If computing and data storage move to the cloud model, computing and storage facilities will be clustered in large data centers, and current desktops will be replaced with devices, such as smart phones, that will allow a user to contact a data center, but will not offer significant local computing facilities. Consequently, the Internet will need to be redesigned as a mechanism that provides communication between users and data centers as well as from one data center to another. The Nebula project explored a three-tier architectural approach in which a high-speed Core provides communication between data centers, a transit network provides communication between the edge of the network and a data center, and access network technologies (both wired and wireless) connect users' devices to transit networks. The project assumed standard access technologies, including cellular networks and Wi-Fi wireless technologies as well as wired technologies, such as Ethernet and cable modem access. The transit network used in Nebula includes the provision for path specifications not possible in the current Internet. For example, a user can request a path that meets the HIPPA requirements for the transfer of medical data. In general, the Nebula research revealed that resilience is an important network property not guaranteed by the current Internet architecture, and we looked for ways to improve resilience. The Nebula project was a close collaboration between researchers in academia and engineers at Cisco Systems. The input from Cisco helped keep the project grounded in reality; input from academic researchers helped focus the project on long-term research rather than on short-term product goals. Researchers at Purdue worked on the Core piece of the Nebula project, and contributed in several major ways. In the first year of the project, we helped create the overall architecture and identify components. We also worked closely with Cisco to evaluate a software platform that could improve resilience in core routers -- the routers used to interconnect data centers. During the second and third years of the project, we worked on a problem that Cisco identified as a major concern in core networks: inter-domain routing. Specifically, we investigated ways to improve the Border Gateway Protocol (BGP), the protocol major ISPs use to exchange global routing information. Cisco pointed out that BGP misconfigurations had caused routing errors in the Internet because once incorrect BGP information was injected, the routing system propagated the information. Cisco asked whether it was possible to create a computationally-efficient mechanism to detect incorrect BGP information and prevent it from propagating. We chose a hybrid approach that combines information from external routing databases with information obtained by observing the stream of BGP messages. In terms of outcomes, our measurements of the core router platform convinced Cisco that the overhead was too high. Although negative, it was a valuable outcome because it prevented Cisco from pursuing an approach that was infeasible. Our work on BGP yielded a much more positive outcome: we discovered a new way to detect and stop invalid BGP messages with as much accuracy as the best known mechanisms, but our mechanism has significantly lower computational overhead (which is important in the context of a core router control plane). In terms of broader impacts, our project included female students as well as many foreign students.
