Survey							
                            
		                
		                * Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
CloudNet: Where VPNs Meet Cloud Computing Flexibly and Dynamically Timothy Wood Kobus van der Merwe, K.K. Ramakrishnan, Alex Gerber, and Prashant Shenoy (U. Mass) December 18, 2008 © 2008 AT&T Intellectual Property. All rights reserved. Cloud Computing • Lease computation and storage resources on demand – Amazon EC2, Google App Engine, Microsoft Azure, VMware vCloud • Highly dynamic resource provisioning – Add new servers within minutes – Easy to replicate virtual resources • Only pay for what you use Provides cheap and flexible resources © 2008 AT&T Intellectual Property. All rights reserved. Cloud Platform Server Virtualization • Ability to split a server up into one or more slices – Virtual Machines are not tied to physical hardware – Can multiplex access to one set of physical resources – Still provides strong isolation between each VM • Virtualization is a key part of Cloud Computing – Reduces hardware cost – Improves efficiency through multiplexing – Abstracts user’s resources away from physical ones VM • Nice bonuses – Dynamic resource allocation – VM migration, checkpointing © 2008 AT&T Intellectual Property. All rights reserved. VM VM VM Existing Cloud Services • Amazon Elastic Compute Cloud (EC2) – Lease Xen virtual machines, install own OS and apps – Can assign internal (cloud only) or public IPs – “Elastic” IPs can be used to forward to any internal IP (NAT) – Charges: $0.10 to $0.80/cpu hour + $0.01/GB over WAN • Similar alternatives: VMware vCloud, GoGrid, others • Application Level Cloud Services – Host your application (must be written for platform) – Automatically scale up resources for app (if mostly stateless) – Google App Engine - python web applications – Microsoft Azure - Host .Net applications in the cloud – IBM Blue Cloud - Hadoop distributed apps © 2008 AT&T Intellectual Property. All rights reserved. What is Missing? • Control over network management – Can’t request specific IP addresses – Can’t put VMs on own private network • Control of Network Resources at&t top secret – Bandwidth, traffic isolation, etc • Lack of network security and isolation – VMs have IP on public internet – Customer must manage security on VM itself Existing systems do not provide the network security or features needed by enterprises © 2008 AT&T Intellectual Property. All rights reserved. Verizon pay roll CloudNet: Bringing VPNs to the Cloud • Use VPNs to separate customer resources • Customer’s VMs are only reachable from her other VPN end points • More flexible control of how IP addresses are assigned • Physical network is transparent to customer VPNs provide both convenient network isolation and strong security © 2008 AT&T Intellectual Property. All rights reserved. Benefits of VPNs • Layer 3 VPNs – Secure access between customer and cloud • Layer 2 VPLS – Cloud resources can appear to be directly on the customer’s LAN – Combine resources across clouds into single LAN VPLS © 2008 AT&T Intellectual Property. All rights reserved. Challenges • How to divide up responsibilities? – Network provider may not own cloud data centers • VPNs traditionally considered “static” – Cloud Computing requires “agility” – Customers expect new resources to be immediately available • How to prototype and test this within at&t? – Don’t want to use dozens of routers © 2008 AT&T Intellectual Property. All rights reserved. System Components • Cloud Manager Cloud Manager – Create VMs – Resource Allocation – Controls up to CEs Cloud 1 CE … Cloud 9 • Network Manager – VPN management Network Manager – Access controls – Controls PEs • May be separate business entities © 2008 AT&T Intellectual Property. All rights reserved. CE VPN Management • All endpoints need to “match” • Making changes to all endpoints is a pain! • Use IRSCP – Centralized VPN manager IRSCP – Looks like route reflector – Speaks BGP to PEs • Rewrites VPN route targets IRSCP Rules: VPN 1 = + VPN 2 = + Takes about 5-8 seconds + © 2008 AT&T Intellectual Property. All rights reserved. Shadownet • Provides infrastructure for CloudNet • Uses Juniper router support for logical routers – Subdivide a physical router • Instantiates arbitrary networks based on topology description • Simplifies and automates router configuration – Tracks links, used interfaces, VLAN ids, etc Site 1 Site 2 © 2008 AT&T Intellectual Property. All rights reserved. CloudNet Prototype Logical Setup Cloud N VM VM Customer W CE PE PE VM Cloud E CE VM PE VM PE CE VM Customer S Physical Instantiation VM VM VM VM VM VM CE PE CE PE CE PE CE CE PE CE © 2008 AT&T Intellectual Property. All rights reserved. VM VM VM VM VM VM Adding a New VM Customer Sites Cloud Site PE PE VM VM VM PE Logical CEs Servers Timing: VM Startup = 30 sec L3 VPN Setup = 20 sec © 2008 AT&T Intellectual Property. All rights reserved. Multiple Cloud Sites • Building many small data centers may be cheaper • Provide geographic separation for fault tolerance • Decrease latency by being closer to customer • Easier for initial deployments Using multiple sites benefits both customer and provider, plus VPNs make it easy © 2008 AT&T Intellectual Property. All rights reserved. Multiple Cloud Sites Example Customer Sites Cloud Sites PE PE VM VM L3 PE VPLS PE VM VPLS hides physical layout of the cloud © 2008 AT&T Intellectual Property. All rights reserved. VM Migration • LAN migration supported by many virtualization platforms – Transparently move a VM between two hosts – No application downtime – Useful for load balancing, maintenance, etc • VPLS makes sites across WAN be on same LAN – Allows for WAN migration without modifying VM platform! • But, storage migration remains an issue… © 2008 AT&T Intellectual Property. All rights reserved. Migration Example Customer Sites PE Cloud Sites PE A B ARP! VPLS PE PE ARP! VM B VM Currently seeing 5-20 second network downtime after migration. Switch is caching MAC mapping? © 2008 AT&T Intellectual Property. All rights reserved. VM Summary • Cloud Computing is a rapidly growing market • Existing offerings fail to provide many network related features that are critical for enterprise customers • VPNs are a natural way to provide these features CloudNet brings VPNs to Cloud Computing to provide both better security and isolation to customers, and more efficient resource utilization to providers © 2008 AT&T Intellectual Property. All rights reserved. Thank you! Questions??? twood@cs.umass.edu © 2008 AT&T Intellectual Property. All rights reserved.