When two programs talk to each other over a network, they need to follow a protocol — a set of rules about who sends what, and when. Think of it like a conversation: if you ask someone a question, you expect an answer, not another question back. When programs violate these rules, you get bugs that are notoriously hard to track down — crashes, hangs, or corrupted data that only show up under specific timing conditions.

Traditionally, we enforce these rules by adding checking code inside the applications themselves. NEST flips this idea on its head: what if the network itself enforced the protocol?

The authors take a formal description of a communication protocol — called a session type, which specifies the exact sequence and types of messages two parties should exchange — and automatically compile it into a packet-level monitor that runs in the network's data plane. Concretely, they implement this in P4, a language for programming modern programmable network switches. The monitor inspects packets as they flow through the switch and can detect (or even block) protocol violations at wire speed, before a malformed message ever reaches the application.

This is a genuinely hard problem because real networks aren't clean pipelines:

• Packets get lost. The monitor needs to handle gaps in the conversation without falsely flagging violations.
• Packets arrive out of order. The monitor must reason about reordering without buffering everything in memory-constrained switch hardware.

The paper develops algorithms that extend session type monitoring to handle both of these realities, which is a meaningful contribution beyond the core idea. They evaluate NEST on application-level protocols and show that the monitors add negligible latency — we're talking data-plane speed, not software-in-the-loop speed.

The key insight is one of separation of concerns: application developers shouldn't have to be responsible for protocol enforcement, and the network already sees every packet anyway, so it's the natural place to put the check. It's analogous to how firewalls moved packet filtering out of applications and into the network — except here, instead of filtering by IP and port, you're enforcing the behavioral correctness of a conversation.

The practical implications are significant for microservice architectures, distributed systems, and any environment where many services communicate over internal networks. Instead of trusting every service to implement its protocol correctly, you get a safety net built into the infrastructure itself.