* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download The NEBULA Future Internet Architecture
Survey
Document related concepts
Cracking of wireless networks wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Distributed operating system wikipedia , lookup
Deep packet inspection wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
The NEBULA Future Internet Architecture 1 A Comprehensive Architecture • Technology, Economics and Policy conAnue to evolve • NEBULA is an architecture for the cloud-‐based future Internet – More secure and reliable – Deployable and evolvable – Truly clean slate • Co-‐design Tech, Econ and Policy! IMP Front and Back, CRS-‐1 2 MoAvaAon: Cloud CompuAng • A 21st Century compuAng paradigm – RealizaAon of long-‐desired “compuAng uAlity” • Economic, energy and managerial advantages • Possibly more secure, possibly less secure – Secure Future Internet Architecture is needed now • Excellent validaAon for NEBULA 3 Prelude: Personal Sensors + Data + Cloud • The Internet is full of data on recipes, nutriAon, caloric burn rates, medical advice, … • Cloud-‐based image matchers, e.g., Google Goggles! DieAcian, Coach, Nurse,… in cloud • Monitor food intake as eaAng – Photos of food, menu… • Monitor exercise with device or video (Kinect???) • Monitor meds and condiAons – a[er every checkup, etc. • Cloud provides a daily report – RecommendaAons – MedicaAon reminders • Sci-‐fi? Just barely… What’s missing from this story? • Health info is confidenAal; routes? • Real-‐Ame medical; consistent latency and bandwidth, high reliability • Diagnoses, advice, dosages? – Data quality needs: prevent, idenAfy, clean, audit, repair • Network & system architects need introspecAon tools – Abacks, performance boblenecks, … NEBULA: A Network Architecture to Enable Security NDP – NEBULA Data Plane – distributed path establishment with guarantees NVENT -‐ NEBULA Virtual and Extensible Networking Techniques – extensible control plane NCore – NEBULA Core – redundantly connected high-‐availability routers 7 Network-‐layer security in NEBULA • The “big I” Internet is federated: – Policies must be enforced across realms (e.g., DDoS) • NEBULA addresses problems at right places: – Extensibility + Policy: new control plane (NVENT) – Policy Enforcement: new data plane (NDP) – Availability: high-‐performance, redundant-‐path core with high-‐availability core routers (NCORE) 8 Who should control communicaAons? What should they control? • Many stakeholders: senders, receivers, transit providers, edge providers, middleboxes, … • Each has many policy-‐ and security-‐related goals scrubbing service • Each stakeholder has their own concerns!!! 9 What are the technical challenges? • Lekng the control plane specify arbitrary policies – Requires new interface between control/data planes • Enforcing policy decisions in the data plane – Requires new packet authenAcaAon techniques • DelegaAng policy decisions • Bootstrapping and migraAon 10 What should be the control/data plane interface? General-purpose servers other stuff payload • Policy decisions need to be prior to packet flow • So move policy from routers to evolvable servers • Servers can delegate or abdicate their control • Enables new provider business models (sell transit to anyone) 11 Enforcing policy at high speed? • Data plane must check that path is authorized • Data plane must check that path was followed – This is a hard technical problem • Status quo not even close (BGP only advisory) • Target environment rules out previous techniques – Backbone speeds preclude digital signatures – Federated nature of Internet precludes central root of trust, pre-‐configured shared secrets, etc. 12 NDP in a nutshell • Use cryptography for: • Proof of consent (PoC) – route authorized? • Proof of path (PoP) – route followed? 6 bytes 1 byte counter hop # 42n bytes hop 1 info Domain ID ... 6 bytes hop n info Proof of Path other fields Proof of Consent payload MPLS-style token 42 bytes 13 NDP is feasible (from prior work of PIs): • Space overhead? R0 R1 R2 R3 R4 24 bytes (ECC) M 18 bytes – Average header: ~250 bytes – Average packet size: ~1300 bytes [CAIDA] – So, total overhead: ~20% more space • What is the hardware cost? – NetFPGA gate counts: 13.4 M (IP is 8.7 M) – NetFPGA forwarding speed: ~80% of IP – Comparison to simple IP in gates/(Gbits/sec): ~2x 14 NDP Research QuesAons: • Must NDP run on all paths? • Realm management (roughly AS-‐like?) • Mapping to intra-‐domain/inter-‐domain? – Economic implicaAons? • Public-‐key infrastructure challenges • Control of enforcement 15 NEBULA Virtual and Extensible Network Techniques (NVENT) request ApplicaAon Interface paths Service Discovery (Database) NDP (policy2) IPV6 Network Services NDP (policy1) • Secure control plane for naming, path exchange, etc. • Service access • New service injecAon • Generalized path discovery for specifying policies, mulAple paths and dynamic path construcAon via NDP 16 NDP and NVENT roles: NVENT 2 policy engine 5 1 policy engine policy engine 2 3 consent engine policy engine consent engine consent engine consent engine 4 path req d a t a d a t a path spec 6 7 SLA 1 d a t a SLA 2 8 d a t a 9 employees lan gst 10 d a t a NDP 17 NVENT Research QuesAons: • How do NVENT nodes peer? • What is the right division between roles of NVENT: 1) API, 2) Policy/Consent server, 3) means for introducing and offering new services / slicing up services? • Policy specificaAon and management? • (So[)-‐state management versus dynamics? • Changes in dynamics if routers more resilient? 18 Ncore redundancy: paths • High availability via redundant high-‐throughput links • A rou3ng complex from mulAple chassis • Sufficient capacity for easy VM replicaAon/migraAon 19 Ncore redundancy: so[ware • High-‐ availability router control so[ware • Ideas from distributed systems and cluster compuAng Process i (Line Card B) Process j (Line Card C) Process m (Line Card K) Availability Middleware Resource and Fabric Management External (e.g., OpenFlow) Internal Open Source Internal Proprietary Line Card G Line Card A Fabric Line Card F Line Card K 20 Ncore Research QuesAons: • What are the scalability barriers? • What are the technical/economic tradeoffs among redundancy: 1) inside routers, 2) inside data centers and 3) between routers? • Algorithms and Interfaces for path management • Interfaces with NDP and NVENT 21 NEBULA Architectural Choices Design Goal CommunicaAon must conAnue despite loss of networks, links, or gateways. NEBULA NEBULA uses mulAple dynamically allocated paths and reliable transport. Allow host abachment and operaAon with a NVENT/NDP is as easy to automate and use low level of effort as DHCP/IP. Support secure communicaAon (authenAcaAon, authorizaAon, integrity, confidenAality) among trusted nodes. Mutually suspicious NDP nodes self-‐select paths exhibiAng cryptographic proofs of properAes required for security. Provide a cost-‐effecAve communicaAons infrastructure Ncore places resources where architecturally needed; regulatory/policy analysis. Implement network and user policies Policies implemented with NDP and NVENT. The architecture must accommodate a variety of networks. NDP sends packets by encapsulaAon, NVENT networks by virtualizaAon The architecture must permit distributed management of its resources. NDP path establishment decentralized, NVENT 22 NEBULA Research QuesAons: • Can we design the overall system for ByzanAne Faults? – E.g., an enAre naAon’s routers “go bad”… • Economic implicaAons for (new?) industry? – Customer demand for NEBULA features? • How does NEBULA interact with regulatory requirements? • Nebula policies, versus, e.g., Net Neutrality? 23 Tom Anderson The NEBULA Team Ken Birman Robert Broberg Mabhew Caesar Douglas Comer Chase Cobon Michael Freedman Andreas Haeberlen Zack Ives Arvind Krishnamurthy William Lehr Boon Thau Loo David Mazieres Antonio Nicolosi Jonathan Smith Ion Stoica Robbert van Renesse Michael Walfish Hakim Weatherspoon Christopher Yoo 24