Cloud computing provides economic advantages from shared resources, but security is a major risk for remote operations and a major barrier to the approach, with challenges for both hosts and the network. NEBULA is a potential future Internet architecture providing trustworthy networking for the emerging cloud computing model of always-available network services. NEBULA addresses many network security issues, including data availability with a new core architecture (NCore) based on redundant connections to and between NEBULA core routers, accountability and trust with a new policy-driven data plane (NDP), and extensibility with a new control plane (NVENT) that supports network virtualization, enabling results from other future Internet architectures to be incorporated in NEBULA. NEBULA?s data plane uses cryptographic tokens as demonstrable proofs that a path was both authorized and followed. The NEBULA control plane provides one or more authorized paths to NEBULA edge nodes; multiple paths provide reliability and load-balancing. The NEBULA core uses redundant high-speed paths between data centers and core routers, as well as fault-tolerant router software, for always-on core networking. The NEBULA architecture removes network (in) security as a prohibitive factor that would otherwise prevent the realization of many cloud computing applications, such as electronic health records and data from medical sensors. NEBULA will produce a working system that is deployable on core routers and is viable from both an economic and a regulatory perspective.
In this project, we have tackled some of the key problems that confront today’s Internet and datacenter networks. In particular, our work spans three areas. We focused our research in the areas of Network Performance Optimization, Resource Allocation and Scheduling, and Security. First, we have focused on improving the network performance by taking into account the application semantics. Leveraging the application semantics has allowed us to significantly improve the end-to-end performance of the applications, as compared to optimizing the network traffic alone. Second, we have extended the ubiquitous max-min fair allocation policy to two important use cases: resource allocation and scheduling across different resource types, and across multiple network paths. Finally, we have worked on improving the security in the Internet, by proposing a new network architecture that significantly strengthens the security without compromising the network’s flexibility or functionality, and on improving the security in multi-tenant datacenters, by proposing an incrementally deployable architecture that requires no changes to routers or switches. Our work has not only resulted in publications at top conferences (i.e., SIGCOMM, NSDI, OSDI, CoNext), but has had also impacted industry (e.g., Facebook is currently implementing some of the techniques we proposed for optimizing writes in a distributed file system, such as the Hadoop File System).
