Peer-to-peer Virtual Private Networks and Applications
|
|
- Elinor Gaines
- 8 years ago
- Views:
Transcription
1 Peer-to-peer Virtual Private Networks and Applications Renato Jansen Figueiredo Associate Professor Cloud and Autonomic Computing Center/ACIS Lab University of Florida Visiting Researcher at VU
2 Backdrop Virtual machines in cloud computing On-demand, pay-per-use, user-configurable Federated environments End-to-end Internet connectivity hindered by address space and presence of NATs, firewalls Network virtualization seamlessly connecting virtual machines across multiple providers 2
3 Rationale Virtualization techniques for decoupling, isolation, multiplexing also apply to networking E.g. VLANs, VPNs However, there are challenges in configuration, deployment, and management Peer-to-peer techniques provide a basis for scalable routing, and self-management Software routers, integration at network end-points enables deployment over existing infrastructure Architecture, design needs to account for connectivity constraints, and support TCP/IP efficiently; optimize for common cases 3
4 Application Examples Cloud-bursting Run additional worker VMs on a cloud provider Extending enterprise LAN to cloud VMs seamless scheduling, data transfers Federated Inter-cloud environments Multiple private clouds across various institutions Virtual machines can be deployed on different sites and form a distributed virtual private cluster Connecting devices of social network peers Media streaming, file sharing, gaming, 4
5 Background Talk - Outlook Architecting self-organizing virtual networks Topology, routing, tunneling, addressing, NAT traversal, performance Uses in Grid/cloud and end-user environments Virtual Private Clusters Social VPNs Applications FutureGrid high-throughput computing virtual appliances ConPaaS 5
6 Resource Virtualization Virtual machines (Xen, VMware, KVM) paved the way to Infrastructure-as-a-Service (IaaS) Computing environment decoupled from physical infrastructure Pay-as-you-go for computing cycles Virtual networks complement virtual machines for increased flexibility and isolation in IaaS VMs must communicate seamlessly regardless of where they are provisioned Traffic isolation; security, resource control 6
7 Virtual Machines and Networks Virtual Infrastructure V2 V3 V1 VMM + VN Physical Infrastructure Domain B Domain A WAN Domain C 7
8 Virtual Networks Single infrastructure, many virtual networks E.g. one per user, application, project, social network Each isolated and independently configured Addressing, protocols; authentication, encryption Multiplexing physical network resources Network interfaces, links, switches, routers 8
9 Network Virtualization Where? Software Virtualized endpoints Software Network Device Network Fabric Network Device (Virtual) machine (Virtual) machine Virtualized Fabric (e.g VLAN, OpenSwitch) 9
10 Landscape Peer-wise Internet connectivity constrained IPv4 address space limitations; NATs, firewalls Challenges - shared environment Lack of control of networking resources Cannot program routers, switches Public networks privacy is important Often, lack privileged access to underlying resources May be root within a VM, but lacking hypervisor privileges Dynamic creation, configuration and tear-down Complexity of management 10
11 Technologies and Techniques Amazon VPC: Virtual private network extending from enterprise to resources at a major IaaS commercial cloud OpenFlow: Open switching specification allowing programmable network devices through a forwarding instruction set OpenStack Quantum: Virtual private networking within a private cloud offered by a major open-source IaaS stack ViNe: Inter-cloud, high-performance user-level managed virtual network IP-over-P2P (IPOP) Peer-to-peer, inter-cloud, self-organizing virtual network 11
12 Example: OpenFlow Towards an open platform foundation supporting Software-Defined Networks (SDN) Interface standardized by Open Networking Foundation (ONF) Board members (as of 6/12): Google, Microsoft, Facebook, Yahoo!, Deutsche Telekom, NTT, Verizon Dozens of members: Citrix, Huawei, Orange, IBM, Dell, HP, Oracle, Goldman-Sachs, Current (as of 6/12): OpenFlow Switch
13 OpenFlow Switch and Controller Controller OpenFlow Protocol Secure Channel Group Table OpenFlow ingress port Add, update, delete Match flow Flow table entry Table Pipeline Flow Table Table miss OpenFlow output port 13
14 Peer-to-Peer Virtual Networks Overview User-level IP overlays deployable on Internet end resources (software routers, virtual NICs) Why virtual? Hide complexities associated with NAT traversal, IPv4 address space constraints from applications Support unmodified applications Why peer-to-peer? Self-organizing - reduce management complexity and cost Decentralized architecture for scalability and robustness 14
15 The IP-over-P2P (IPOP) Approach Isolation Virtual address space decoupled from Internet Packets picked, encapsulated, tunneled and delivered within the scope of virtual network Self-organization Overlay topology, routing tables Autonomously deals with joins, leaves, failures Decentralized P2P messaging architecture No global state, no central point of failure Tunnels (UDP, TCP, ), routing Decentralized NAT traversal No need for STUN server infrastructure [IPDPS 2006, Ganguly et al] 15
16 IPOP: Architecture Overview Unmodified applications Connect( ,80) Application Virtual Router Capture/tunnel, scalable, resilient, self-configuring Routing; object store VNIC Isolated, private virtual address space Wide-area Overlay network Virtual Router VNIC Application
17 P2P Overlay (Brunet) Bi-directional ring ordered by 160-bit IPOPid s Structured connections: Near : with neighbors Far : across the ring n2 n3 n4 IPOPid n5 n6 Multi-hop path between n1 and n7 n1 n7 Far n12 n8 Near n1 < n2 < n3 <. < n13 < n14 n11 n10 n9
18 Overlay: Edges and Routing Overlay edges Multiple transports: UDP, TCP, TLS NAT traversal (UDP hole-punching) Greedy routing Deliver to peer closest to destination IPOPid Constant # of edges per node (average k) O((1/k)log 2 (n)) overlay hops On-demand edges Created/trimmed down based on IP communication 18
19 Creating Overlay Edges CTM request A A s endpoint URIs: tcp:// :3000 (local) udp:// :4433 (NAT learned) Link request Overlay path A sends a Connect-to-me (CTM) request to B s IPOPid Contains all its URIs (UDP/TCP IP:port endpoints) Routed over P2P overlay to B B CTM reply B s endpoint URIs: tcp:// :5000 udp:// :6000 B sends CTM reply with its URIs overlay routed B initiates linking with A Attempts linking with parallel requests to A s URIs 19
20 NAT Traversal Direct edge between A and B A B Technique for cone UDP NATs: A s link request message to B creates ephemeral state in A s NAT allowing messages from B to pass through NAT (and vice-versa) Overlay: manage keep-alives so NAT mapping holes stay open; re-link if NAT mappings expire 20
21 Naming and Multiplexing One P2P overlay can multiplex multiple VNs E.g. multiple virtual clusters from different projects IP routing within the scope of a namespace User-provided string identifies IPOP namespace Each IPOP node is configured with a namespace IP-to-P2P address resolution: DHT-Get(namespace:IP) -> IPOPid 21
22 Managing Virtual IP Addresses Address assignment: static, or dynamic Supports DHCP Store configuration (including base address, mask) on DHT entry bound to namespace DHCP proxy runs on each IPOP node Pick DHCP request Lookup DHCP configuration for namespace Guess an IP address at random within range Attempt to store in DHT; wait for majority to acknowledge; retry upon failure 22
23 Optimization: On-demand edges At each node: Count IP-over-P2P packets to other nodes When number of packets within an interval exceeds threshold: Initiate connection setup; create edge Trimming on-demand edges no longer in use Overhead involved in connection maintenance 23
24 Optimization: Tunnel Edges Peers X, Y may not be able to communicate directly if they are behind symmetric NATs X, Y exchange list of neighbor URIs Each attempts to create edge to common intermediary Z to serve as proxy Routing abstracted as regular overlay edge X-Y connected by virtual edge Useful to maintain ring topology in the face of failures (routing outages, symmetric NATs) 24
25 Implementation IPOP open-source system C# user-level router Tap virtual network device Performance 1GbE physical LAN Latency (ms) Bwidth (Mb/s) Mem (KB) Host n/a IPOP IPOP+sec
26 Performance (WAN) Netperf stream native (Mbps) Netperf stream IPOP (Mbps) Netperf RR trans/s native Netperf RR trans/s IPOP EC2/UF EC2GoGrid UF/GoGrid
27 Access Control IPOP provides core primitives for packet capture/injection and overlay routing How to control which nodes connect to a particular IP namespace? Focus on two approaches: Each peer decides the peers they connect with SocialVPN Peers join groups and agree on a trusted third party as mediator GroupVPN 27
28 SocialVPN Users now commonly manage relationships to social peers through Online Social Networks Facebook, Google+ Communication hindered by OSN provider APIs, privacy concerns A generic IP network can enable existing and new social network applications But users don t have public IPs, don t want to necessarily open NATs/firewalls to all users Users don t want to configure and discover network services manually 28
29 Social VPNs Alice's Compute Node Alice's Friend's Compute Node Bob's Compute Node on EC2 OSN IP-over-P2P Tunnel XMPP Alice Bob Carl
30 Social VPNs From a user s perspective: it s simple My computer gets a virtual network card It connects me directly to my social peers All IP packets: authenticated, encrypted, end-to-end Leverage well-known PKI techniques No configuration besides establishing social links All I need to do to is log in to a web based social network Applications, middleware work as if the computers were on the same local-area network Including multicast-based resource discovery UPnP, mdns 30
31 Applications Social VPN is not the application It is not tied to an application either It enables applications that are of interest for collaboration Security needed beyond network layer Authenticated end-to-end private IP tunnels provide a foundation Traditional applications Media streaming, desktop sharing, file sharing, cycle sharing Platform for decentralized social network applications Fault-tolerant micro-blogging, private file sharing,.. 31
32 IPOP Social VPN Internals NAT traversal and routing core Private end-to-end tunnels Peer discovery and certificate exchange XMPP Jabber, Google Facebook APIs (was in first prototype; no longer in the code) Dynamic IP address assignment Facebook: more users than IPv4 24-bit private space Also must avoid conflicts with local private networks, and support mobility 32
33 Addressing and Mapping 160-bit P2P IDs used for overlay routing Each node generates random P2P ID Node issues a self-signed public key certificate with its P2P identifier; publishes through OSN APIs Certificates of friends nodes are discovered, retrieved, revoked through OSN APIs IPv4 addresses seen by applications Dynamically-generated non-conflicting private subnet Local node and friends nodes are mapped dynamically to addresses within range Naming possible through SocialDNS IP src/dest addresses translated (ports are not) [COPS 2008]
34 Address Translation Alice's Compute Node Alice's Friend's Compute Node Bob's Compute Node on EC2 Alice Send-to BobP2P Recv-from AliceP2P SVPN: /16 Alice: Bob: > BobP2P SVPN: /16 Bob: Alice: > AliceP2P
35 35 Group-oriented VPNs Well-suited for collaborative environments for cluster computing Nodes who join a group have peer-wise connectivity to all other nodes Based on public key cryptography Owner of a group is a certificate authority signing GroupVPN certificates Centralized Web-based interface hides lowlevel management from users Users create groups, determine who can join group Certificate signing automated; group membership Certificate revocation lists disseminated via P2P
36 36 Grid appliance clusters Virtual appliances Encapsulate software environment in image Virtual disk file(s) and virtual hardware configuration The Grid appliance Encapsulates cluster software environments Current examples: Condor, MPI, Hadoop Homogeneous images at each node IPOP/GroupVPN connecting nodes forms a cluster Deploy within or across domains
37 Grid appliance - virtual clusters Same image, per-group VPNs Condor + Virtual Network GroupVPN Credentials (from Web site) copy Group VPN A Condor worker instantiate Virtual machine Virtual IP - DHCP Repeat Another Condor worker Virtual IP - DHCP
38 38 Grid appliance configuration At the end of GroupVPN initialization: Each node of a private virtual cluster gets a DHCP address on virtual tap interface A barebones cluster Additional configuration required depending on middleware Which node is the Condor negotiator? Hadoop front-end? Which nodes are in the MPI ring? Leverage P2P/IPOP primitives: Distributed hash table Advertise (put namespace,managerip); discover (get namespace) IP multicast discovery over GroupVPN
39 39 Applications in FutureGrid FutureGrid testbed DAS-like system distributed across US institutions Research, education, development, testing of Grid and cloud computing middleware, applications IaaS partitions: Nimbus, OpenStack, Eucalyptus Virtual networks: ViNe and IPOP Virtual appliances Lower barrier to entry pre-configured environments
40 40 IPOP + ConPaaS at VU ConPaaS framework/runtime to manage platform-asa-service environments Examples: Web service, task farming service Build upon IaaS primitives to create VMs Integration with IPOP Allow deployments to span across multiple providers (federation; bursting; fault-tolerance) Within VMs - no changes to IaaS stack Isolate data plane communications from public Internet Thilo Kielmann, Guillaume Pierre, Contrail/ConPaaS teams
41 IPOP + ConPaaS ConPaaS applications, IPOP namespaces N N1 N3 IaaS Providers Private Cloud DAS site WAN EC2 Zone 41
42 Deployed Systems PlanetLab bootstrap overlays Grid appliance deployments: Archer - ~700-CPU cluster SocialVPN deployments: Thousands of downloads, hundreds of deployed nodes
43 On-going Work Integration of IPOP with IPsec for dynamicallyprovisioned cloud virtual networks Contrail, ConPaaS Overlay by-pass, integration with OpenFlow software-defined networks IPv6/IPv4 overlays, virtual clusters for highthroughput computing, education Archer (computer architecture) FutureGrid (virtual appliances for education) PRAGMA (Pacific Rim Grid) Unstructured P2P SocialVPN Discover, bootstrap, route through friends 43
44 Acknowledgments ACIS P2P group (IPOP) Over the years: P. O. Boykin, Heungsik Eom, Arijit Ganguly, Pierre St. Juste, Kyungyong Lee, Yonggang Liu, Girish Venkatasubramanian, David Wolinsky, Jiangyan Xu Vrije Universiteit, ConPaaS team FutureGrid, National Science Foundation Awards , ,
45 Thank you For more information and downloads:
46 46
47 Related Work There exist several VPN technologies: Enterprise VPNs (e.g. Cisco); Open-source (e.g OpenVPN); Consumer/gaming/SMB (e.g. Hamachi) Not easily applicable to federating cloud resources Proprietary code; difficulty in configuration/management Research work in the context of Grid/cloud computing VNET (Northwestern University), VIOLIN (Purdue University), Private Virtual Cluster (INRIA), ViNe (Tsugawa, UF) VU 47
48 Bootstrapping a New Node Received by left and right neighbors Forwarder MyIPOPid CTM (MyIPOPid) Forms a leaf connection with a public node - forwarder Selected at random from list of bootstrap nodes Sends CTM request addressed to its own IPOPid Received by nearest neighbors Creates structured connections; trims leaf connection 48
49 IPOP Namespaces D 1 Namespace N1: / C 1 D 2 C 2 N1 N2 A 1 : IPOPid ARP cache x7 B 1 : IPOP packet x8 x6 N2: IPOPid x2 A 2 DHTCreate(N2:A2,x2) x1 x2 DHTCreate(N2, / ) DHTLookup(N1:B1) x3 x1 x5 x4 N1: IPOPid x1 B 2 49
50 Motivation: Social DNS Users cannot define domain names used to access their services in VPN settings Dynamic private networks; difficult to keep track of services by IP addresses Objective: A decentralized, naming service that gives individuals the ability to select and share the domain names for their resources with SocialVPN peers Approach: Short names within social context Decentralized architecture where each node runs a local DNS server and communicates via SocialVPN Rank-based name conflict resolution 50
51 Security End-to-end authentication and encryption IPsec tunneling over IPOP Reuse existing software stack End-to-end security implemented in IPOP RSA priv/pub keys X.509 certificates Point-to-point authentication and encryption TLS edges have been implemented Difficulty to deal with NAT traversal Point-to-point security in IPOP: ongoing work Reuses framework and code base from end-to-end Avoid double-traversal of security stack for performance (e.g. shortcut connections based on IP traffic inspection) 51
52 Appliance firewall Security Block outgoing packets to physical net Except DHCP, DNS, IPOP s UDP port Confine traffic to within WOW and host-only IPsec or IPOP security With IPsec, kernel/user tools reused unmodified Network routing is P2P, however: Trust can be managed by central CA All intra-wow communication authenticated and end-toend encrypted using X.509-based PKI Private net/netmask 10 lines of IPsec configuration for entire WOW 52
53 Linking and NAT traversal R:A M:X Outgoing packet to N:Y (hole punched) N:Y S:B Outgoing packet to M:X (hole punched) Exchange each other s NAT assigned IP:port Dropped Src = N:Y Dst = M:X Src = S:B Dst = M:X R:A M:X N:Y Allow S:B Src = R:A Dst = N:Y Src = M:X Dst = N:Y Src = M:X Dst = S:B NAT M NAT N
54 Avoiding LAN overheads LAN Router Application NIC Application VNIC Virtual Router Wide-area Overlay network Local Interface NIC Virtual Router Application VNIC
55 Supporting IPOP Routers Single IPOP router for a (V)LAN Virtual Router TAP Device Avoid need for IPOP software stack on end host VPN Software NIC1 NIC0 IP= Eth=A:B:C:D:E:0 Avoid IPOP overhead on LAN communication Internet IP= Eth=A:B:C:D:E:2 IP= Eth=A:B:C:D:E:1
56 DHCP Provides address allocation and DNS settings IPOP router keeps a history of allocations and ignores packets destined for them sent within the (V)LAN Virtual Router DHT TAP Device VPN Software NIC1 NIC0 DHCP request IP= Eth=A:B:C:D:E:0 Internet IP= Eth=A:B:C:D:E:2 IP= Eth=A:B:C:D:E:1
57 ARP Lookup Ethernet address from IP address IPOP router ignores ARP if IP in (V)LAN If destination is not on the LAN, check if such a peer exists in the overlay Virtual Router Reply IPOP router addr. not in router table? DHT TAP Device VPN Software NIC1 NIC0 ARP IP= Eth=A:B:C:D:E:0 Local reply Internet IP= Eth=A:B:C:D:E:2 IP= Eth=A:B:C:D:E:1
58 Social VPN Prototype Connectivity Each node is given an IP address and domain name Trust Use current social networking systems (XMPP) to bootstrap secure connections with friends Access Control The user locally decides to allow or block another user
59 Computation offloading Alice's Compute Node Alice's Friend's Compute Node Bob's Compute Node on EC2 Alice can leverage Her own resources to add more computational power to her device and save energy Alice Flexibility in selecting from a collection of trusted compute nodes Bob Carl Cloud provider is now just one more compute node Better QoS by leveraging proximity or social trust
60 Example: Resource discovery Service discovery time 100 UPnP servers over WAN U. Chicago, UC San Diego, and U. Texas UPnP client located at U. Florida Servers connected to PlanetLab SocialVPN overlay
61 Resource Discovery Service discovery time U. Texas U. Chicago UC San Diego Service discovery time (ms) min max min max min max SocialVPN supports unmodified UPnP applications with service discovery time commensurable to WAN latency Wi-Fi setup has longer service discovery time than wired LAN (figure)
62 Offloading Offloading to PC and EC2 Energy consumption The benefits are compelling at large image sizes Higher power consumption of offloading to Amazon EC2 than offloading to local workstation due to network latency
63 Grid Appliance / Archer 1: Download appliance 2. Boot appliance: automatically joins Archer pool Free pre-packaged Archer Virtual appliances - run on free VMMs (VMware, VirtualBox, KVM) Archer Global Virtual Network 3. Run architecture simulation jobs on the Archer pool through Condor Portal and Wiki: Community-contributed content: applications, datasets, tutorials Simulators: Simics, SESC, Simplescalar Archer seed resources 300+ cores Fall 2008 System software: Condor scheduler NFS file systems
Peer-to-peer Virtual Private Networks and Applications
Peer-to-peer Virtual Private Networks and Applications Renato Jansen Figueiredo Associate Professor Cloud and Autonomic Computing Center/ACIS Lab University of Florida Visiting Researcher at VU Backdrop
More informationPlug-and-play Virtual Appliance Clusters Running Hadoop. Dr. Renato Figueiredo ACIS Lab - University of Florida
Plug-and-play Virtual Appliance Clusters Running Hadoop Dr. Renato Figueiredo ACIS Lab - University of Florida Advanced Computing and Information Systems laboratory Introduction You have so far learned
More informationIPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks
IPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks Renato Figueiredo Advanced Computing and Information Systems Lab University of Florida ipop-project.org Unit 3: Intra-cloud Virtual Networks
More informationISPASS-2009 Tutorial Proposal Archer: Zero-configuration Virtual Appliances for Architecture Simulation
ISPASS-2009 Tutorial Proposal Archer: Zero-configuration Virtual Appliances for Architecture Simulation Tutorial audience and goals: This tutorial targets computer architecture researchers and students
More informationDESIGN, IMPLEMENTATION, AND APPLICATIONS OF PEER-TO-PEER VIRTUAL PRIVATE NETWORKS FROM GRIDS TO SOCIAL NETWORKS
DESIGN, IMPLEMENTATION, AND APPLICATIONS OF PEER-TO-PEER VIRTUAL PRIVATE NETWORKS FROM GRIDS TO SOCIAL NETWORKS By DAVID ISAAC WOLINSKY A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY
More informationComparison of Virtual Networks Solutions for Community Clouds
KTH Royal Institute of Technology Bachelor Thesis Comparison of Virtual Networks Solutions for Community Clouds Author: Albert Avellana Examiner: Vladimir Vlassov Supervisors: Paris Carbone, Hooman Peiro
More informationICST Transactions Preprint TinCan: User-Defined P2P Virtual Network Overlays for Ad-hoc Collaboration
TinCan: User-Defined P2P Virtual Network Overlays for Ad-hoc Collaboration Pierre St Juste 1, Kyuho Jeong 1, Heungsik Eom 1, Corey Baker 2, Renato Figueiredo 1 1 Advanced Computing and Information Systems
More informationEthernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心
Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane
More informationCloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam
Cloud Networking Disruption with Software Defined Network Virtualization Ali Khayam In the next one hour Let s discuss two disruptive new paradigms in the world of networking: Network Virtualization Software
More informationAddressing the P2P Bootstrap Problem for Small Overlay Networks
Addressing the P2P Bootstrap Problem for Small Overlay Networks David Isaac Wolinsky, Pierre St. Juste, P. Oscar Boykin, and Renato Figueiredo Advanced Computing Information Systems Lab University of Florida
More informationVON/K: A Fast Virtual Overlay Network Embedded in KVM Hypervisor for High Performance Computing
Journal of Information & Computational Science 9: 5 (2012) 1273 1280 Available at http://www.joics.com VON/K: A Fast Virtual Overlay Network Embedded in KVM Hypervisor for High Performance Computing Yuan
More informationvcloud Air - Virtual Private Cloud OnDemand Networking Guide
vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationOpen Source Network: Software-Defined Networking (SDN) and OpenFlow
Open Source Network: Software-Defined Networking (SDN) and OpenFlow Insop Song, Ericsson LinuxCon North America, Aug. 2012, San Diego CA Objectives Overview of OpenFlow Overview of Software Defined Networking
More informationExperiences with Self-Organizing, Decentralized Grids Using the Grid Appliance
Experiences with Self-Organizing, Decentralized Grids Using the Grid Appliance David Isaac Wolinsky and Renato Figueiredo University of Florida (davidiw,renato)@acis.ufl.edu ABSTRACT Give a man a fish,
More informationCyberinfrastructure Education and Hands-on Training Using the CH3D-GTM Virtual Appliance on SURAGrid
Cyberinfrastructure Education and Hands-on Training Using the CH3D-GTM Virtual Appliance on SURAGrid Renato Figueiredo http://grid-appliance.org J. Davis, J. Fortes, P. Sheng, V. Paramygin, B. Tutak, D.
More informationVMware vcloud Air Networking Guide
vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationSoftware Defined Networking What is it, how does it work, and what is it good for?
Software Defined Networking What is it, how does it work, and what is it good for? slides stolen from Jennifer Rexford, Nick McKeown, Michael Schapira, Scott Shenker, Teemu Koponen, Yotam Harchol and David
More informationExtending Networking to Fit the Cloud
VXLAN Extending Networking to Fit the Cloud Kamau WangŨ H Ũ Kamau Wangũhgũ is a Consulting Architect at VMware and a member of the Global Technical Service, Center of Excellence group. Kamau s focus at
More informationWhite Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com
SDN 101: An Introduction to Software Defined Networking citrix.com Over the last year, the hottest topics in networking have been software defined networking (SDN) and Network ization (NV). There is, however,
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationWhat is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates
What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates 1 Goals of the Presentation 1. Define/describe SDN 2. Identify the drivers and inhibitors of SDN 3. Identify what
More informationState of the Art Cloud Infrastructure
State of the Art Cloud Infrastructure Motti Beck, Director Enterprise Market Development WHD Global I April 2014 Next Generation Data Centers Require Fast, Smart Interconnect Software Defined Networks
More informationSoftware Defined Network (SDN)
Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario
More informationSDN in the Public Cloud: Windows Azure. Albert Greenberg Partner Development Manager Windows Azure Networking albert@microsoft.com
SDN in the Public Cloud: Windows Azure Albert Greenberg Partner Development Manager Windows Azure Networking albert@microsoft.com Microsoft s big bet on public cloud service Lets companies move their IT
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationAvailability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013
the Availability Digest Redundant Load Balancing for High Availability July 2013 A large data center can comprise hundreds or thousands of servers. These servers must not only be interconnected, but they
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control
More informationOVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS
OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight
More informationExpert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts
Expert Reference Series of White Papers vcloud Director 5.1 Networking Concepts 1-800-COURSES www.globalknowledge.com vcloud Director 5.1 Networking Concepts Rebecca Fitzhugh, VMware Certified Instructor
More informationVyatta Network OS for Network Virtualization
Complete Security and Compliance for Virtual Environments Vyatta takes the concept of virtualization beyond just applications and operating systems and allows enterprise IT to also virtualize network components
More informationInstallation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure
Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure August 2015 Table of Contents 1 Introduction... 3 Purpose... 3 Products... 3
More informationNetworking in the Era of Virtualization
SOLUTIONS WHITEPAPER Networking in the Era of Virtualization Compute virtualization has changed IT s expectations regarding the efficiency, cost, and provisioning speeds of new applications and services.
More information1 COPYRIGHT 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
Welcome to this overview about Software-Defined Networking, or SDN, and Network Virtualization. This training course will not only provide the technical background to SDN, but will also show the value
More informationSoftware-Defined Networks Powered by VellOS
WHITE PAPER Software-Defined Networks Powered by VellOS Agile, Flexible Networking for Distributed Applications Vello s SDN enables a low-latency, programmable solution resulting in a faster and more flexible
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationSDN Unlocks New Opportunities for Cloud Service Providers
White Paper SDN Unlocks New Opportunities for Cloud Service Providers Prepared by Caroline Chappell Senior Analyst, Heavy Reading www.heavyreading.com on behalf of www.juniper.net March 2014 Executive
More informationNetwork Virtualization Solutions
Network Virtualization Solutions An Analysis of Solutions, Use Cases and Vendor and Product Profiles October 2013 The Independent Community and #1 Resource for SDN and NFV Tables of Contents Introduction
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationUIP1868P User Interface Guide
UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting
More informationUsing Resource Virtualization Techniques to Grid-enable Coupled Coastal Ocean Models
Using Resource Virtualization Techniques to Grid-enable Coupled Coastal Ocean Models Renato Figueiredo Arijit Ganguly Advanced Computing and Information Systems Lab Peter Sheng, Justin Davis, Vladimir
More informationThe Road to SDN: Software-Based Networking and Security from Brocade
WHITE PAPER www.brocade.com SOFTWARE NETWORKING The Road to SDN: Software-Based Networking and Security from Brocade Software-Defined Networking (SDN) presents a new approach to rapidly introducing network
More informationVirtualized Network Services SDN solution for enterprises
Virtualized Network Services SDN solution for enterprises Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise s locations
More informationMicrosoft Azure Configuration
Microsoft Azure Configuration Azure Setup for VNS3 2015 copyright 2015 1 Table of Contents Introduction 3 Create Azure Private VLAN 10 Launch VNS3 Image from Azure Marketplace 15 VNS3 Configuration Document
More informationFundamentals of Windows Server 2008 Network and Applications Infrastructure
Fundamentals of Windows Server 2008 Network and Applications Infrastructure MOC6420 About this Course This five-day instructor-led course introduces students to network and applications infrastructure
More informationDistrict of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification
1.1 Multipoint Control Unit (MCU) A. The MCU shall be capable of supporting (20) continuous presence HD Video Ports at 720P/30Hz resolution and (40) continuous presence ports at 480P/30Hz resolution. B.
More informationCloud Models and Platforms
Cloud Models and Platforms Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF A Working Definition of Cloud Computing Cloud computing is a model
More informationTechnical Brief: Virtualization
Technical Brief: Virtualization Technology Overview Tempered Networks automates connectivity and network security for distributed devices over trusted and untrusted network infrastructure. The Tempered
More informationEnabling Large-Scale Testing of IaaS Cloud Platforms on the Grid 5000 Testbed
Enabling Large-Scale Testing of IaaS Cloud Platforms on the Grid 5000 Testbed Sébastien Badia, Alexandra Carpen-Amarie, Adrien Lèbre, Lucas Nussbaum Grid 5000 S. Badia, A. Carpen-Amarie, A. Lèbre, L. Nussbaum
More informationTesting Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES
Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Eric Choi < echoi@brocade.com> Senior Manager, Service Provider Business Unit, APJ 2012 Brocade Communications Systems, Inc. EPF 7 2012/09/17 Software-Defined Networking
More informationSANE: A Protection Architecture For Enterprise Networks
Fakultät IV Elektrotechnik und Informatik Intelligent Networks and Management of Distributed Systems Research Group Prof. Anja Feldmann, Ph.D. SANE: A Protection Architecture For Enterprise Networks WS
More information"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"
To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: aparnagulhane@gmail.com Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of
More informationSoftware Defined Networking A quantum leap for Devops?
Software Defined Networking A quantum leap for Devops? TNG Technology Consulting GmbH, http://www.tngtech.com/ Networking is bottleneck in today s devops Agile software development and devops is increasing
More informationQuantum Hyper- V plugin
Quantum Hyper- V plugin Project blueprint Author: Alessandro Pilotti Version: 1.0 Date: 01/10/2012 Hyper-V reintroduction in OpenStack with the Folsom release was primarily focused
More informationVMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
More informationPanel: Cloud/SDN/NFV 黃 仁 竑 教 授 國 立 中 正 大 學 資 工 系 2015/12/26
Panel: Cloud/SDN/NFV 黃 仁 竑 教 授 國 立 中 正 大 學 資 工 系 2015/12/26 1 Outline Cloud data center (CDC) Software Defined Network (SDN) Network Function Virtualization (NFV) Conclusion 2 Cloud Computing Cloud computing
More informationCloud Infrastructure Planning. Chapter Six
Cloud Infrastructure Planning Chapter Six Topics Key to successful cloud service adoption is an understanding of underlying infrastructure. Topics Understanding cloud networks Leveraging automation and
More informationNetwork Virtualization
Network Virtualization What is Network Virtualization? Abstraction of the physical network Support for multiple logical networks running on a common shared physical substrate A container of network services
More informationHow To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan
Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud Table of Contents Virtualization Fueling New Possibilities Virtual Private Cloud Offerings... 2 Current Approaches
More informationSolving I/O Bottlenecks to Enable Superior Cloud Efficiency
WHITE PAPER Solving I/O Bottlenecks to Enable Superior Cloud Efficiency Overview...1 Mellanox I/O Virtualization Features and Benefits...2 Summary...6 Overview We already have 8 or even 16 cores on one
More informationData Center Virtualization and Cloud QA Expertise
Data Center Virtualization and Cloud QA Expertise Highlights Broad Functional QA Experience Deep understanding of Switching and Routing Protocols Strong hands on experience in multiple hyper-visors like
More informationEnabling Solutions in Cloud Infrastructure and for Network Functions Virtualization
Enabling Solutions in Cloud Infrastructure and for Network Functions Virtualization Gateway Use Cases for Virtual Networks with MX Series Routers 1 Table of Contents Executive Summary... 3 Introduction...4
More informationTransform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure
White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure
More informationCisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems
Cisco Prime Network Services Controller Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Agenda Cloud Networking Challenges Prime Network Services Controller L4-7 Services Solutions
More informationOverviews of Cloud Computing and SDN activities in WIDE Project
CJK Workshop 2014 1 Overviews of Cloud Computing and SDN activities in WIDE Project Yuji Sekiya The Univ. of Tokyo / WIDE Project CJK Workshop 2014 2 Research Consortium WIDE Project http://www.wide.ad.jp/
More informationAnalysis of Network Segmentation Techniques in Cloud Data Centers
64 Int'l Conf. Grid & Cloud Computing and Applications GCA'15 Analysis of Network Segmentation Techniques in Cloud Data Centers Ramaswamy Chandramouli Computer Security Division, Information Technology
More informationVirtualized Network Services SDN solution for service providers
Virtualized Network Services SDN solution for service providers Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise customers
More informationNetwork Performance Comparison of Multiple Virtual Machines
Network Performance Comparison of Multiple Virtual Machines Alexander Bogdanov 1 1 Institute forhigh-performance computing and the integrated systems, e-mail: bogdanov@csa.ru, Saint-Petersburg, Russia
More informationRobust Communication for Jungle Computing
Robust Communication for Jungle Computing Jason Maassen Computer Systems Group Department of Computer Science VU University, Amsterdam, The Netherlands Requirements (revisited) Resource independence Transparent
More informationUsing LISP for Secure Hybrid Cloud Extension
Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF 89, London, UK A New Use Case for LISP It s a use
More informationPrivate Distributed Cloud Deployment in a Limited Networking Environment
Private Distributed Cloud Deployment in a Limited Networking Environment Jeffrey Galloway, Susan Vrbsky, and Karl Smith The University of Alabama jmgalloway@crimson.ua.edu, vrbsky@cs.ua.edu, smith102@crimson.ua.edu
More information基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器
基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器 楊 竹 星 教 授 國 立 成 功 大 學 電 機 工 程 學 系 Outline Introduction OpenFlow NetFPGA OpenFlow Switch on NetFPGA Development Cases Conclusion 2 Introduction With the proposal
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationAdvanced Computer Networks. Datacenter Network Fabric
Advanced Computer Networks 263 3501 00 Datacenter Network Fabric Patrick Stuedi Spring Semester 2014 Oriana Riva, Department of Computer Science ETH Zürich 1 Outline Last week Today Supercomputer networking
More informationExploring Software-Defined Networking with Brocade
WHITE PAPER www.brocade.com IP Network Exploring Software-Defined Networking with Brocade This paper provides an overview of Software-Defined Networking (SDN), its expected role in cloud-optimized networks,
More informationNetwork Virtualization and Software-defined Networking. Chris Wright and Thomas Graf Red Hat June 14, 2013
Network Virtualization and Software-defined Networking Chris Wright and Thomas Graf Red Hat June 14, 2013 Agenda Problem Statement Definitions Solutions She can't take much more of this, captain! Challenges
More informationSILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE
VSPEX IMPLEMENTATION GUIDE SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE Silver Peak Abstract This Implementation Guide describes the deployment of Silver Peak
More informationNote: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.
Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. CHAPTER 5 OBJECTIVES Configure a router with an initial configuration. Use the
More informationDefinition. A Historical Example
Overlay Networks This lecture contains slides created by Ion Stoica (UC Berkeley). Slides used with permission from author. All rights remain with author. Definition Network defines addressing, routing,
More informationCisco Which VPN Solution is Right for You?
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
More informationArchitecture des plates-formes IaaS Etat des lieux et perspectives
Architecture des plates-formes IaaS Etat des lieux et perspectives Frédéric Dang Tran Orange Labs Joint CompatibleOne and OSCi workshop, 7 June 2011 1 Outline > Scope and objectives > User-facing API and
More informationSIP Trunking Configuration with
SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL
More informationBRINGING NETWORKS TO THE CLOUD ERA
BRINGING NETWORKS TO THE CLOUD ERA SDN enables new business models Aruna Ravichandran VICE PRESIDENT, MARKETING AND STRATEGY ARAVICHANDRAN@JUNIPER.NET SOFTWARE DEFINED NETWORKING (SDN), JUNIPER NETWORKS
More informationEthernet-based Software Defined Network (SDN)
Ethernet-based Software Defined Network (SDN) Tzi-cker Chiueh Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 Cloud Data Center Architecture Physical Server
More informationNetwork performance in virtual infrastructures
Network performance in virtual infrastructures A closer look at Amazon EC2 Alexandru-Dorin GIURGIU University of Amsterdam System and Network Engineering Master 03 February 2010 Coordinators: Paola Grosso
More informationRIDE THE SDN AND CLOUD WAVE WITH CONTRAIL
RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL Pascal Geenens CONSULTING ENGINEER, JUNIPER NETWORKS pgeenens@juniper.net BUSINESS AGILITY Need to create and deliver new revenue opportunities faster Services
More informationWhy Software Defined Networking (SDN)? Boyan Sotirov
Why Software Defined Networking (SDN)? Boyan Sotirov Agenda Current State of Networking Why What How When 2 Conventional Networking Many complex functions embedded into the infrastructure OSPF, BGP, Multicast,
More informationImpact of Virtualization on Cloud Networking Arista Networks Whitepaper
Overview: Virtualization takes IT by storm The adoption of virtualization in datacenters creates the need for a new class of networks designed to support elasticity of resource allocation, increasingly
More informationApplication Note. Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0
Application Note Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0 1 FIREWALL REQUIREMENTS FOR ONSIGHT MOBILE VIDEO COLLABORATION SYSTEM AND HOSTED
More informationA Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks
A Coordinated Virtual Infrastructure for SDN in Enterprise Networks Software Defined Networking (SDN), OpenFlow and Application Fluent Programmable Networks Strategic White Paper Increasing agility and
More informationNetwork Virtualization
Network Virtualization Petr Grygárek 1 Network Virtualization Implementation of separate logical network environments (Virtual Networks, VNs) for multiple groups on shared physical infrastructure Total
More informationCisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release
Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release PB526545 Cisco ASA Software Release 8.2 offers a wealth of features that help organizations protect their networks against new threats
More informationQuantum StorNext. Product Brief: Distributed LAN Client
Quantum StorNext Product Brief: Distributed LAN Client NOTICE This product brief may contain proprietary information protected by copyright. Information in this product brief is subject to change without
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationFREE AND OPEN SOURCE SOFTWARE FOR CLOUD COMPUTING SERENA SPINOSO (serena.spinoso@polito.it) FULVIO VALENZA (fulvio.valenza@polito.
+ FREE AND OPEN SOURCE SOFTWARE FOR CLOUD COMPUTING SERENA SPINOSO (serena.spinoso@polito.it) FULVIO VALENZA (fulvio.valenza@polito.it) + OUTLINE INTRODUCTION OF CLOUD DEFINITION OF CLOUD BASIC CLOUD COMPONENTS
More informationVNS3 Secure Network Appliance Service Defnition for G-Cloud 7
VNS3 Secure Network Appliance Service Defnition for G-Cloud 7 What does VNS3:net do? VNS3:net secures your applications in the cloud. VNS3:net is a cloud native network, routing and security solution which
More informationIBM 000-281 EXAM QUESTIONS & ANSWERS
IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of
More informationHow To Understand The Power Of The Internet
DATA COMMUNICATOIN NETWORKING Instructor: Ouldooz Baghban Karimi Course Book: Computer Networking, A Top-Down Approach, Kurose, Ross Slides: - Course book Slides - Slides from Princeton University COS461
More informationvcloud Director User's Guide
vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More information