Shuwen Jethro Sun – Publications

Networks today increasingly support in-network functionality via network function virtualization (NFV) or similar technologies. Such approaches enable a wide range of functionality to be deployed on behalf of end systems, such as offloading security or privacy enforcement, accelerating applications, or enabling new in-network services. However, most of the research in this area focuses on relatively simple functions intended to run on behalf of a network provider or enterprise, assume limited opportunities for resource contention, and evaluate performance using metrics like packet throughput. In this paper, we consider what would happen if end systems (eg, user devices, servers) bring their own end device defined functionality and deploy it in their network provider, wherever they are connected}. Specifically, we show that these new functions consume a broader set of network resources (similar to VMs in the cloud computing environment) but with relatively predictable resource utilization due to the single-purpose nature of each function (similar to traditional NFs). Thus, we identify an opportunity to design and implement a new kind of in-network functionality that we call endpoint-defined, in-network functions (EDFs). We show that \edfs require different performance metrics than simple packet throughput and latency, and that their performance can be accurately modeled and predicted based on baseline resource consumption measurements. We then demonstrate the advantage of these models, namely enabling intelligent placement of EDFs on servers to minimize such harmful interactions under contention.

 @inproceedings{sun:EDIF:2022,
 author = {Sun, Shuwen and Choffnes, David},
 title = {{Endpoint-Defined} {In-Network} {Functions}},
 journal= {Under submission},
 year = {2022},
}

Networks today increasingly support in-network functionality via network function virtualization (NFV) or similar technologies. Such approaches enable a wide range of functionality to be deployed on behalf of end systems, such as offloading Tor services, enforcing network usage policies on encrypted traffic, or new functionality in 5G. An important open problem with such approaches is auditing. Namely, such services rely on third-party network providers to faithfully deploy and run their functionality as intended, but often have little to no insight as to whether providers do so. To address this problem, prior work provides point solutions such as verifiable routing with per-packet overhead, or audits of security practices; however, these approaches are not flexible, they are limited to auditing a small set of functionality and do not allow trade-offs between auditing coverage and overhead. In this paper, we propose NFAudit, which allows auditing of deployed NFs with a flexible approach where a wide range of important properties can be audited with configurable, low overhead. Our key insight is that the design of simple, composable, and flexible auditing primitives, combined with limited trust (in the form of secure enclaves) can permit a wide range of auditing functionality and configurable, and often low-cost.

 @inproceedings{sun:FlexibleAuditing:2022,
 author = {Sun, Shuwen and Choffnes, David},
 title = {{Toward} {Flexible} {Auditing} for {In-Network} {Functionality}},
 journal= {CoNEXT Student Workshop},
 year = {2022},
}

Changing demands on datacenter networking have resulted in a host of new networking protocals in recent years. Unfortunately, today’s datacenter architectures generally impose a “one-size-fits-all” solution, where a protocol must accomodate all applications, and all applications must use the same protocol. We introduce FlexNet a new datacenter network architecture that creates a narrow waist for the datacenter, enabling multiple protocols to co-exist and applications to pick and choose between them. We evaluate FlexNet through a prototype implementation and deployment, and demonstrate that it can accommodate different networking technologies and upgrades, and foster innovation.

 @inproceedings{yu:Flexibility:2018,
 author = {Yu, Da and Mai, Luo and Sun, Shuwen and Sambasivan, Raja and Hennessey, Jason and Saowarattitada, Piyanai and Fonseca, Rodrigo and Krieger, Orran },
 title = {{FlexNet:} {Enabling} {Flexibility} in {Cloud} {Network}},
 booktitle = {TBA},
 series = {TBA},
 year = {2018},
 location = {TBA},
}