Data provenance at internet scale: architecture, experiences, and the road ahead

January 24, 2017July 31, 2017 ~ adriancolyer ~ 5 Comments

Data provenance at Internet scale: Architecture, experiences, and the road ahead Chen et al., CIDR 2017 Provenance within the context of a single database has been reasonably well studied. In this paper though, Chen et al., explore what happens when you try to trace provenance in a distributed setting and at larger scale. The context … Continue reading Data provenance at internet scale: architecture, experiences, and the road ahead

FaSST: Fast, scalable and simple distributed transactions with two-sided (RDMA) datagram RPCs

December 15, 2016July 31, 2017 ~ adriancolyer ~ 6 Comments

FaSST: Fast, scalable and simple distributed transactions with two-sided (RDMA) datagram rpcs Kalia et al., OSDI 2016 Back in January I wrote a short piece entitled ‘All change please’ looking at some of the hardware changes making their way to our datacenters and the implications. One of those changes is super-fast networking (as exploited by … Continue reading FaSST: Fast, scalable and simple distributed transactions with two-sided (RDMA) datagram RPCs

BlindBox: Deep packet inspection over encrypted traffic

June 21, 2016July 27, 2017 ~ adriancolyer ~ 1 Comment

BlindBox: Deep packet inspection over encrypted traffic Sherry et al. SIGCOMM 2015 This is the final paper from the inaugural Research for Practice selections, and the third of Justine Sherry's three picks. The fundamental problem addressed is the same as we looked at yesterday: how do you accommodate middleboxes in HTTPS traffic? More specifically, this … Continue reading BlindBox: Deep packet inspection over encrypted traffic

Multi-context TLS (mcTLS): Enabling secure in-network functionality in TLS

June 20, 2016July 27, 2017 ~ adriancolyer ~ 3 Comments

Multi-Context TLS (mcTLS): Enabling secure in-network functionality in TLS Naylor et al. SIGCOMM 2015 We're rushing to deploy HTTPS everywhere - and about time - but this has interesting implications for middleboxes since it's hard for them to do their job when traffic is encrypted end-to-end. Say you want to add caching, compression, an intrusion … Continue reading Multi-context TLS (mcTLS): Enabling secure in-network functionality in TLS

E2: A framework for NFV applications

June 17, 2016July 27, 2017 ~ adriancolyer ~ 2 Comments

E2: A Framework for NFV Applications Palkar et al. SOSP 2015 Today we move into the second part of the Research for Practice article, which is a selection of papers from Justine Sherry on Network Function Virtualization. We start with 'E2,' which seeks to address the proliferation and duplication of network function (NF) specific management … Continue reading E2: A framework for NFV applications

IX: A protected dataplane operating system for high throughput and low latency

June 15, 2016July 27, 2017 ~ adriancolyer ~ 8 Comments

IX: A Protected Dataplane Operating System for High Throughput and Low Latency Belay et al. OSDI 2014 This is the second of Simon Peter's recommended papers in the 'Data Center OS Design' Research for Practice guide. Like Arrakis, IX splits the operating system into a control plane and data plane for networking. To quote Simon … Continue reading IX: A protected dataplane operating system for high throughput and low latency

Arrakis: the operating system is the control plane

June 14, 2016July 27, 2017 ~ adriancolyer ~ 3 Comments

Arrakis: The Operating System is the Control Plane - Peter et al. OSDI 2014 ACM Queue just introduced their "Research for Practice" series with Peter Bailis. Each edition contains 'expert curated guides to the best of CS research,' and in the first instalment Simon Peter selects a set of papers on data-center operating system trends, … Continue reading Arrakis: the operating system is the control plane

Universal Packet Scheduling

March 22, 2016July 27, 2017 ~ adriancolyer ~ 6 Comments

Universal Packet Scheduling - Mittal et al. 2015 (presented at NSDI '16) Is there a universal scheduling algorithm, such that simply by changing its configuration parameters, we can produce any desired schedule? In Universal Packet Scheduling, Mittal et al. show us that in theory there can be no Universal Packet Scheduling (UPS) algorithm which achieves … Continue reading Universal Packet Scheduling

Maglev: A Fast and Reliable Software Network Load Balancer

March 21, 2016July 27, 2017 ~ adriancolyer ~ 7 Comments

Maglev: A Fast and Reliable Software Network Load Balancer - Eisenbud et al. 2016 Maglev is Google's software load balancer used within all their datacenters. It offers greater scalability and availability than hardware load balancers, enables quick iteration, and is much easier to upgrade. Maglev is a just another distributed system running on the commodity … Continue reading Maglev: A Fast and Reliable Software Network Load Balancer

Not-quite-so-broken TLS: lessons in re-engineering a security protocol specification and implementation

February 23, 2016July 27, 2017 ~ adriancolyer ~ 7 Comments

Not-quite-so-broken TLS: lessons in re-engineering a security protocol specification and implementation - Kaloper-Meršinjak et al. 2015 Update: fixed broken paper link above. On the surface this is a paper about a TLS implementation, but the really interesting story to me is the attempt to 'do it right,' and the techniques and considerations involved in that … Continue reading Not-quite-so-broken TLS: lessons in re-engineering a security protocol specification and implementation