Celebrating advances in network functions virtualization and software packet processing
VMware is pleased to announce the 2020 recipient of the early career Systems Research Award: Justine Sherry, Assistant Professor of Computer Science at Carnegie Mellon University. Justine is recognized for seminal contributions to the field of networking, in particular the fields of network functions virtualization and software packet processing. In recognition of the work’s originality, impact, and future potential CMU will receive a gift of US $125,000 to support Prof. Sherry’s research.
Prof. Sherry is known for early and influential work to identify and drive a research agenda around network “middleboxes”. Middleboxes are deployed to perform in-band packet processing functions ranging from network address translation to security inspection to load balancing to firewalling. As recently as 10 years ago, middleboxes were seen as deviations from an otherwise clean and principled Internet architecture. However, Justine initiated a widely-referenced survey showing that these middleboxes comprised as much as 1/3 of deployed infrastructure – clearly of significant practical importance. Justine then embarked on a research agenda to advance the understanding and engineering of middleboxes.
An early and key contribution was the recognition that the middleboxes functionality could be practically deployed flexibly “in the cloud” rather than managed as a collection of dedicated physical components. Prof. Arvind Krishnamurthy (University of Washington) noted that “the idea that an enterprise would send its traffic to a cloud provider was very radical, whereas today it seems perfectly natural. Justine’s work was very much ahead of its time in terms of setting up the problem and posing a solution”. Ideas from Justine’s early work were echoed in a subsequent ETSI proposal on “Network Functions Virtualization” (NFV). NFV is now a $12B market, and the role of packet processing in the network has been elevated with new products and focused R&D, including at VMware.
Justine has made well-rounded contributions to the field of NFV. Her early work included proposals for cleanly incorporating middleboxes into the internet architecture (netcalls) as well as a framework for network operators to deploy middleboxes in their network (APLOMB). This project combination highlighted her ability to view problems from different perspectives, in those cases the application programmer and the network administrator.
Packet processing is at the heart of NFV, and manifests a variety of challenges including performance, scalability, security, isolation, and fault tolerance. Justine has systematically advanced understanding in each of these areas with novel systems. For example, her work on “BlindBox” tackled the inherent contradiction between deep packet inspection (needed for security) and encryption (needed for privacy). Melding state-of-the-art cryptography and networking, BlindBox brought new privacy models to bear in a security context while achieving practical performance. About this work, Sherry’s PhD advisor Prof. Sylvia Ratnasamy (UC Berkeley), says “Justine goes broad and develops good collaborations across disciplinary boundaries. Combining systems work effectively with theory is one of her many strengths.” Justine’s work on Fault Tolerant Middleboxes (FTMB) was awarded Best Student Paper at SIGCOMM 2015 and was later documented in an ETSI standard. More recently Justine has tackled performance by bringing FPGAs to bear on packet inspection (“Pigasus”), achieving 100Gbs on a single server with a fraction of the CPU cores and with substantial energy savings. Prof. Srini Seshan (CMU) says, “Justine’s work shows an aspect of fearlessness. She does a great job with problems that are risky or could take a long time to pay off, making them work out, and seeing where they will go.”
In another illustrative thread of research, Prof. Sherry has “changed the way people are thinking about deployability and testing” of new congestion control protocols on the internet. Despite many decades of research on TCP and “TCP-friendly” congestion-control algorithms, Justine and her colleagues have been able to shed fresh light on an old problem. They have demonstrated a sound, practical principle for quantifying whether a new protocol is safe to introduce based on harm that it could cause to legacy protocols. This work has been awarded an IRTF Applied Networking Research Prize and is causing reconsideration of important recent protocols.
The VMware Systems Research Award celebrates early-career faculty within the first five years of their first tenure-track appointment. VMware Fellow Pratap Subrahmanyam observed that “Justine has shown the ability to collaborate and synthesize ideas across disciplinary boundaries, which is one of the traits we look for in our Systems Research Award candidates”. Says Ole Agesen, also a VMware fellow, “Justine has pursued a coherent and impactful research agenda with interesting problem formulations, ambitious systems projects, and heavy lifting. These are also characteristics that the award is meant to celebrate. With this workstyle and results, it is not surprising that top-tier systems venues like OSDI, NSDI, and SIGCOMM publish her work. Additionally, indications of industry adoption confirm the practicality and significance of the technologies that Justine developed.”
This year, the selection committee was chaired by Professor Greg Ganger (CMU) and included Professor Anastasia Ailamaki (EPFL), Ole Agesen (VMware), Professor Edouard Bugnion (EPFL), Professor Charles Isbell (Georgia Tech), Chris Ramming (VMware), Professor Jennifer Rexford (Princeton), and Pratap Subrahmanyam (VMware). VMware sees the award as one way to support and give back to the academic research community, which plays a crucial role in exploring new technology.
–Chris Ramming, Senior Director, VMware Research & Emerging Technologies