|
NEBULA: Future Internet Architecture |
|
 CSE Home |
About Us |
Search |
Contact Info |
|
|
The next decade will continue to be characterized by the tussle
between the increasing reliance on networked systems and the various
factors that undermine their reliability. Networked computing will
be increasingly integral to all aspects of society, including
entertainment, business operations, government services, energy grid
control, medical care, and so on. Countering this trend, networked
systems will face challenges at every level of the protocol stack.
The frequent ``brownouts'' observed in the Internet suggest that the
state of the art in providing even basic, uninterrupted, network
communication is weak. Even if network communication is possible,
service could be disrupted by both overt state actors (e.g.,
censorship) and non-state actors (e.g., DDoS attacks by botnets and
traffic filtering by ISPs). Even without malicious attempts to
disrupt the infrastructure, distributed services face challenges in
providing consistent and cost-effective service at scale to a
geographically diverse client base. To bridge this gap, we are pursuing the following projects that seek
to increase the network's resiliency and enable more robust and
trustworthy networked services.
Privacy-preserving and Censorship-resistant InternetOver the years, many attempts have been made to define a security architecture for the Internet. Most have focused on authentication in order to prevent faking of IPs and routes. In this project, we ask a different question: what if privacy, not authentication, was our overriding goal? We argue that privacy should be a first principle in the design of a universal data network. Privacy is something that we cannot easily add on top of the Internet. Encrypting traffic can protect the contents, but this would still disclose with whom we are communicating to every ISP along the path. Laundering packets through an anonymizing overlay, such as Tor, can conceal the source and the destination, but governments can blacklist Tor nodes or monitor Tor exit traffic so that traffic analysis can reveal the source. After all, traffic to or from Tor essentially advertises itself as probably worth tracking. Instead, we take an explicitly clean slate approach. It is not our intent to describe a plausible story for how we might fix the existing Internet to improve privacy---there are immense government and corporate interests that would place barriers to any such fix. Rather, we ask the much simpler question: Is a censorship-resistant network layer even possible? Can we build a network that is neutral by construction?Fault-tolerant Datacenter NetworksThe data center network is increasingly a cost, reliability and performance bottleneck for cloud computing. Although multi-tree topologies can provide scalable bandwidth and traditional routing algorithms can provide eventual fault tolerance, we argue that recovery speed can be dramatically improved through the co-design of the network topology, routing algorithm and failure detector. We create an engineered network and routing protocol that directly addresses the failure characteristics observed in data centers. At the core of our proposal is a novel network topology that is essentially a reworked fat-tree with better fault tolerance properties. We then create a series of failover protocols that benefit from this topology and are designed to cascade and complement each other. The resulting system, called F10, is able to quickly reestablish connectivity, restore direct routes and perform global load balancing, even in the presence of multiple failures. Our results show that F10 has much lower packet loss rates than prior proposals following network link and switch failures. In fact, our experiments show that PortLand has 7.6x as many losses as F10 under realistic failure and traffic loads.Prior workConsensus routing: the Internet as a distributed systemJ. John, E. Katz-Bassett, A. Krishnamurthy, T. Anderson, A. Venkataramani Phalanx: Withstanding multimillion-node botnets C. Dixon, T. Anderson, A. Krishnamurthy |
||||||||||||
 |
Computer Science & Engineering Box 352350, University of Washington Seattle, WA 98195-2350 (206) 543-1695 [comments to arvind] Privacy policy and terms of use |
