Virtual Networks E-Book

Contents

List of Acronyms

Preface

Chapter 1 Virtualization

1.1. Virtualization techniques

1.2. Virtualization tools

1.3. Scenario and methodology

1.4. Performance evaluation

1.5. Summary

1.6. Bibliography

Chapter 2 Virtual Network Interfaces

2.1. Virtual networks: isolation, performance and trends

2.2. Xen prototype

2.3. OpenFlow prototype

2.4. Summary

2.5. Bibliography

Chapter 3 Performance Improvement and Control of Virtual Network Elements

3.1. Xen-based prototype

3.2. OpenFlow-based prototype

3.3. Summary

3.4. Bibliography

Chapter 4 State of the Art in Context-Aware Technologies

4.1. Autonomic systems

4.2. Piloting with multi-agent systems

4.3. Options to build the autonomic platform

4.4. Context-aware technology for network control

4.5. Summary

4.6. Acknowledgments

4.7. Bibliography

Chapter 5 Providing Isolation and Quality-of-Service to Virtual Networks

5.1. Background on control and management of virtual networks

5.2. Challenges in packet forwarding using Xen

5.3. Controlling Domain 0 shared resources

5.4. Summary

5.5. Bibliography

Chapter 6 Piloting System

6.1. Autonomic Piloting Systems

6.2. Piloting plane functions and requirements

6.3. Preliminary piloting plane design

6.4. The piloting agents

6.5. Testbed

6.6. The multi-agent APS

6.7. Results

6.8. Multi-agent system for self-management of virtual networks

6.9. Summary

6.10. Bibliography

Chapter 7 Management and Control: The Situated View

7.1. The dynamic SLA controller

7.2. Update prediction mechanism for local information

7.3. Summary

7.4. Bibliography

Chapter 8 System Architecture Design

8.1. Overall architecture design

8.2. A hybrid Xen and OpenFlow system architecture design

8.3. Summary

8.4. Bibliography

List of Authors

Index

First published 2013 in Great Britain and the United States by ISTE Ltd and John Wiley & Sons, Inc.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address:

ISTE Ltd27-37 St George’s RoadLondon SW19 4EUUKwww.iste.co.uk

John Wiley & Sons, Inc.111 River StreetHoboken, NJ 07030USAwww.wiley.com

© ISTE Ltd 2013

The rights of Otto Carlos M.B. Duarte and Guy Pujolle to be identified as the authors of this work have been asserted by them in accordance with the Copyright, Designs and Patents Act 1988.

Library of Congress Control Number: 2013937861

British Library Cataloguing-in-Publication DataA CIP record for this book is available from the British LibraryISBN: 978-1-84821-406-4

List of Acronyms

ADAGA

Anomaly Detection for Autonomous manaGement of virtuAl networks

AMD-V

AMD Virtualization

ARP

Address Resolution Protocol

BGP

Border Gateway Protocol

CSS

Cascading Style Sheets

DMA

Direct Memory Access

dom0

Domain 0

domU

User domain

DoS

Denial of Service

GUI

Graphical User Interface

HTTP

HyperText Transfer Protocol

ICMP

Internet Control Message Protocol

ISP

Internet Service Provider

I/O

Input/Output

IT

Information Technology

IVT

Intel Virtualization Technology

LAN

Local Area Network

LLDP

Link Layer Discovery Protocol

MASR

Memory Allocation, Set and Read

MMU

Memory Management Unit

MUC

Maximum Usage Controller

NIC

Network Interface Card

OS

Operating System

OSPF

Open Shortest Path First

QoS

Quality of Service

RIP

Routing Information Protocol

RTT

Round Trip Time

SLA

Service Level Agreement

SMP

Symmetric Multi Processing

SOAP

Simple Object Access Protocol

SR-IOV

Single Root I/O Virtualization

SSH

Secure Shell

SVG

Scalable Vector Graphics

TCP

Transmission Control Protocol

TLV

Type-Length-Value

ToS

Type of Service

TSC

Time Stamp Counter

UDP

User Datagram Protocol

vCPU

Virtual CPU

VLAN

Virtual Local Area Network

VM

Virtual Machine

VMM

Virtual Machine Monitor

VMS

Virtual Machine Server

VoIP

Voice over IP

VPN

Virtual Private Network

VPS

Virtual Private Server

XML

Extensible Markup Language

ZFG

Zero File Generator

Preface

Currently, there is a strong effort on the part of the research community in rethinking the Internet architecture to cope with its current limitations and support new requirements. Many researchers conclude that there is no one-size-fits-all solution for all user, and network provider, needs, and thus advocate a pluralist network architecture. This new architecture radically changes the Internet because it allows the coexistence of different protocol stacks running at the same time over the same physical substrate. Hence, this book describes a pluralist approach as a new architecture for a post-Internet protocol (IP) environment. This post-IP architecture is mainly based on virtual networking with a piloting system able to cope with the constraints. The piloting system is intelligence oriented and helps to choose the best parameters to optimize the behavior of the network through mechanisms coming from multiagent systems. Indeed, the autonomic-oriented architecture associates with each piece of network equipment (router, box and so on) a situated view that will be used to determine the context and to choose and optimize control algorithms and parameters.

Another very important concept for post-IP networking that we are proposing to use is network virtualization to abstract networks as virtual domains (slices/substrates). A virtual domain represents a coherent functional group of instances of virtual routers rather than physical routers. In this dynamic multistack network, multiple virtual networks coexist on top of a shared substrate. These domains will use the piloting system to distribute physical resources and determine what virtual network will be used by a customer. In this context, a service provider will be able to simultaneously run multiple end-to-end services with different performance and security levels.

Virtual networks can be created and deleted when necessary. Virtualization enables a much better use of physical resources of the network, bringing adapted networks for the customers.

Most of the experimental results presented in this book are from the Horizon Project, a binational research project financed by the Agence Nationale de la Recherche (ANR) in France and Financiadora de Estudos e Projetos (Finep) in Brazil. The consortium is composed of five academic and three industrial partners. The academic partners are UPMC - Paris 6 (Laboratoire d’Informatique de Paris 6 - LIP6), Telecom SudParis, Universidade Federal do Rio de Janeiro (UFRJ), Universidade Estadual de Campinas (Unicamp) and Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio). The industrial partners are Ginkgo-Networks SA, which has led the work on the knowledge plane, Devoteam, which has worked on convergence infrastructure, and Netcenter Informática LTDA, which has worked on network devices.

Chapter 1, written by Luís Henrique M.K. Costa, discusses virtualization techniques that basically allow us to share computational resources, i.e. to slice a physical computational environment into virtual computational environments that are isolated from each other. This chapter describes the main features and identifies the performance trade-offs of Xen, VMware, and OpenVZ virtualization tools. Performance results of the virtualization tools in terms of resources used by a virtual router – CPU, RAM memory, hard disk and network – are presented. We thank Marcelo Duffles Donato Moreira, Carlo Fragni, Diogo Menezes Ferrazani Mattos and Lyno Henrique Gonçalves Ferraz who have defined the benchmarks and carried out the performance tests.

Chapter 2, written by Miguel Elias M. Campista, presents Xen and OpenFlow virtualization platforms in detail and provides a performance analysis of both. These two platforms were chosen to serve as the basis for new proposals developed in the Horizon project. This chapter also defines the primitives that the network virtualization infrastructure must provide to allow the piloting plane to manage virtual network elements. We thank Natalia Castro Fernandes, Marcelo Duffles Donato Moreira, Lyno Henrique Gonçalves Ferraz, Rodrigo de Souza Couto, and Hugo Eiji Tibana Carvalho who have defined the interfaces and carried out the experiments.

Chapter 3, written by Igor M. Moraes, presents the management tools for the two platforms discussed in the previous chapter. To control and manage virtual network elements, five primitives which the network virtualization infrastructure must provide are defined: instantiate, delete, migrate, monitor and set. One prototype for the Xen platform and another prototype for the OpenFlow platform were designed and developed using the proposed interfaces for both platforms for the sake of proof of concept. We thank Diogo Menezes Ferrazani Mattos, Lyno Henrique Gonçalves Ferraz, Pedro Silveira Pisa, Hugo Eiji Tibana Carvalho, Natalia Castro Fernandes, Daniel José da Silva Neto, Leonardo Pais Cardoso, Victor Pereira da Costa, Victor Torres da Costa, Rodrigo de Souza and Rafael dos Santos Alves who were the main developers of the tools and carried out the experiments.

Chapter 4, written by Edmundo R.M. Madeira and Guy Pujolle, describes context-aware technologies and multiagent systems. The piloting system is based on the multiagent paradigm, developed in a distributed fashion to increase the network scalability. Thus, three platforms for building agents are presented.

Chapter 5, written by Miguel Elias M. Campista, discusses existing control algorithms for virtual networking. This chapter also analyzes the main challenges for packet forwarding using Xen as a virtualization tool and describes in more detail a proposal for local control of virtual networks. Within each physical node, this proposal provides virtual network isolation, guaranteeing the service level acquired by each virtual network, even in the presence of misbehaving virtual networks. The secure virtual network monitor, called XNetMon, described in this chapter was proposed and evaluated by Natalia Castro Fernandes and Otto Carlos Muniz Bandeira Duarte.

Chapter 6, written by Edmundo R.M. Madeira and Nelson Luís S. da Fonseca, describes the piloting system. The idea is to introduce an autonomic system to cope with the increasing complexity of communication networks, releasing the needed network administrators to deal with tasks that require human intervention, such as setting management policies and promoting automation of tasks – system configuration and optimization, disaster recovery and security. A multi-agent self-management prototype is presented. The experiments were carried out by Carlos Roberto Senna and Daniel Macêdo Batista.

Chapter 7, written by Otto Carlos M.B. Duarte, deals with management and control functions. After monitoring and obtaining the usage profile, a knowledge plane uses prediction mechanisms to proactively detect the necessity for updates in the virtual network configuration. The knowledge plane stores information, assists management decisions and executes network maintenance. The fuzzy control scheme was proposed and evaluated by Hugo Eiji Tibana Carvalho and the ADAGA scheme was proposed and evaluated by Pedro Silveira Pisa.

Chapter 8, written by Otto Carlos M.B. Duarte, details the virtualization technologies used for the system architecture. Xen-based routers, OpenFlow switches and a combination of both, called XenFlow, are used to integrate machine and network virtualization techniques. The key idea of XenFlow is to use OpenFlow for managing flows and also for supporting flow migration without packet losses and to use Xen for providing routing and packet forwarding. XenFlow was proposed and evaluated by Diogo Menezes Ferrazani Mattos and Otto Carlos Muniz Bandeira Duarte.

We would like to acknowledge Professors Carlos José Pereira de Lucena, Firmo Freire, Djalmal Zeghlache, Jean-François Perrot, Thi-Mai-Trang Nguyen and Zahia Guessoum. Our thanks also go to Marcelo Macedo Achá and Cláudio Marcelo Torres de Medeiros. We would like to acknowledge the authors of original ideas and papers in Portuguese who are not referenced here but who have introduced concepts discussed in this book. Finally, we also acknowledge all the people who have worked with the Horizon project and have provided many constructive and insightful comments: Alessandra Yoko Portella, André Costa Drummond, Andrés Felipe Murillo Piedrahita, Callebe Trindade Gomes, Camila Patrícia Bazílio Nunes, Carlo Fragni, Carlos Roberto Senna, Claudia Susie C. Rodrigues, Cláudio Siqueira Carvalho, Daniel José da Silva Neto, Daniel Macêdo Batista, Diogo Menezes Ferrazani Mattos, Eduardo Rizzo Soares Mendes de Albuquerque, Elder José Reioli Cirilo, Elysio Mendes Nogueira, Esteban Rodriguez Brljevich, Fabian Nicolaas Christiaan van’t Hooft, Filipe Pacheco Bueno Muniz Barretto, Gustavo Bittencourt Figueiredo, Gustavo Prado Alkmim, Hugo Eiji Tibana Carvalho, Igor Drummond Alvarenga, Ilhem Fejjari, Ingrid Oliveira de Nunes, Jessica dos Santos Vieira, João Carlos Espiúca Monteiro, João Vitor Torres, Juliana de Santi, Laura Gomes Panzariello, Leonardo Gardel Valverde, Leonardo Pais Cardoso, Luciano Vargas dos Santos, Lucas Henrique Mauricio, Lyno Henrique Gonçalves Ferraz, Marcelo Duffles Donato Moreira, Martin Andreoni Lopez, Milton Aparecido Soares Filho, Natalia Castro Fernandes, Neumar Costa Malheiros, Nilson Carvalho Silva Junior, Othmen Braham, Pedro Cariello Botelho, Pedro Henrique Valverde Guimarães, Pedro Silveira Pisa, Rafael de Oliveira Faria, Rafael dos Santos Alves, Raphael Rocha dos Santos, Renan Araujo Lage, Renato Teixeira Resende da Silva, Ricardo Batista Freitas, Rodrigo de Souza Couto, Sávio Rodrigues Antunes dos Santos Rosa, Sylvain Ductor, Tiago Noronha Ferreira, Tiago Salviano Calmon, Thiago Valentin de Oliveira, Victor Pereira da Costa and Victor Torres da Costa.

Otto Carlos DUARTEand Guy PUJOLLEJune 2013

Chapter 1

Virtualization

In this book, we focus on a novel Internet architecture based on the pluralistic approach. An example of a pluralistic architecture is shown in Figure 1.1. In Figure 1.1, each router layer represents a different network with independent protocol stacks that share the resources from the underlying network infrastructure at the bottom layer. Virtualization is a key technique to make such a pluralistic architecture possible. Virtualization is a technique that basically allows sharing of computational resources [POP 74]. Virtualization divides a real computational environment into virtual computational environments that are isolated from each other and interact with the upper computational layer as would be expected from the real non-virtualized environment. A comparison between a virtualized and a non-virtualized environment is shown in Figure 1.2. The left-hand side of the figure shows a traditional computational environment where applications are executed on top of an Operating System (OS) that controls the underlying hardware. On the right-hand side of the figure, a virtualized environment is shown, where a virtualization layer allows multiple OSs to run concurrently, each with its own applications, and control their access to the hardware. As we deal with virtual networks, we consider router resources, such as the processor, memory, hard disk, queues and bandwidth, as the computational environment to be virtualized. A set of virtual routers and links is called a virtual network. Therefore, using the virtualization technique, we can have multiple concurrent virtual networks, each with a particular network protocol stack, sharing a single physical network infrastructure, as shown in Figure 1.1.

Figure 1.1. Pluralistic architecture example

Figure 1.2. Virtualized environment example

Virtualization is commonly implemented by a software layer called a hypervisor, which is responsible for multiplexing the computational resources between the multiple virtual environments or Virtual Machines (VMs). Each VM runs over the hypervisor, which controls the access to the physical resources. Different hypervisors and virtualization techniques exist. In this chapter, we give an overview of the main features and identify the performance trade-offs of the most prevalent virtualization tools: Xen [BAR 03, CHI 08], VMware [VMW 07a], and OpenVZ [KOL 06]. The study compares virtualization tools regarding their performance with respect to a virtual router’s resources of interest: central processing unit (CPU), random access memory (RAM) memory, hard disk and network. CPU is used by the virtual routers to process incoming packets and route them based on the forwarding tables. RAM is used to store the forwarding tables. The main use of hard disk is to store the VM images. Network resources are used to forward packets, the main task of a router. For normal operation of virtual routers, CPU, RAM and network are the most sensitive resources to virtualization overhead. Disk performance overhead is of interest because it impacts the instantiation of new routers and migration of virtual routers. To better understand the overhead introduced by such tools, native performance is also presented whenever applicable.

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!