Reduce, Reuse, RecycleImproving Reliability by Simplifying Infrastructure

Vivek Pai

Princeton University

                                                                                                                                                                                                                                                                                           

ISP/Enterprise Infrastructure, Sorted Alphabetically Anti-DDoS box DNS server Firewall IM Server Intrusion detector LDAP server Load balancer Mail server

P2P cache Proxy server Router Spam blocker Traffic shaper Virus scanner WAN optimizer Web server

Should You Feel Safe? Many boxes are appliances

With their custom Oses With their “sufficient” hardware And their own little quirks

Examples DoS the university packet shaper DDoSing the department firewall

Proposal: Bumps In the Wire Reduce

Build sharable OS/appliance infrastructure Multiple services per box

Reuse DoS – Firewall, Web, DNS, Mail Cache – WAN, Web, P2P Scan – Web, Mail, IM

Recycle Underutilized CPU, memory

Hardware DirectionsMultiple cores/chip

+

Hardware VM support

=

Multiple domains per box,

With fine-grained resource control

Research Areas Protection

VM, OS, Process, Language Allocation

Design OS, substrate, service, hardware Composition, decomposition Multi-box coordination

Feasibility Technical

We’re doing it for TCP request/reply New protections for Apache, Flash, etc

Administrative What about ICAP, OPES?

Commercial Focus on service, not hardware