Virtualization and Benefits

Transcription

1 Virtualization

2 Virtualization and Benefits Virtualization a central design principle in CS in general! What is virtualization? Where is it used and for what? Virtualization is an abstraction E.g., Java virtual machine, virtual memory, VPN, abstraction = simpler and less details? (but less efficient?) more flexible and efficient use of resources? isolation and robustness Stefan Schmid - 2

3 Virtualization of Networks Virtualization of resources: powerful abstraction in systems engineering virtual machine executes platform independent bytecode, secure executions,... more efficient use of hardware memory, hiding fragmentation, no relative addressing, isolation of processes... Computing examples: virtual memory, virtual devices OS abstracting hardware (Intel vs AMD vs GPU, etc.) e.g., /dev/null Virtual machines: e.g., Java IBM VM OS from 1960 s/70 s mainframes: hypervisor runs on hardware and creates the virtual environment Layering of abstractions: don t sweat the details of the lower layer, only deal with lower layers abstractly Stefan Schmid - 3

4 The Internet: Virtualizing Local Networks The entire Internet is based on the idea of abstraction! Abstracting different networks : multiple unconnected networks ARPAnet (MIT & US Dept. Defense) data-over-cable networks packet satellite network (Aloha) packet radio network.. differing in: addressing conventions packet formats error recovery routing protocols How to unite?? Gateways! Introduces gateways, a TCP with flow-control, ports and multiplexing, etc. (TCP and IP together at the time! Only later recognized that not ideal, e.g., for speech Unreliable communication better...) Stefan Schmid - 4

5 Cerf & Kahn: Interconnecting two networks ARPAnet satellite net interconnection must preserve intact the internal operation of each network...the interface between networks must play a central role in the development of any network interconnection strategy. We give a special name to this interface that performs these functions and call it a GATEWAY... prefer that the interface be as simple and reliable as possible, and deal primarily with passing data between networks that use different packetswitching strategies. address formats is a problem between networks because the local network addresses of TCP's may vary substantially in format and size. A uniform internetwork TCP address space, understood by each GATEWAY and TCP, is essential to routing and delivery of internetwork packets. Stefan Schmid - 5

6 Cerf & Kahn: Interconnecting two networks Internetwork layer: addressing: internetwork appears as a single, uniform entity, despite underlying local network heterogeneity network of networks Gateway: talks both languages embed internetwork packets in local packet format or extract them route (at internetwork level) to next gateway fragmentation (but not reassembly), etc. ARPAnet gateway satellite net TCP enabled to communicate with remote network... Stefan Schmid - 6

7 Historical Aside: Proposed Internetwork packet in 1974: 2-level addressing (encapsulation) local header source address dest. address seq. # byte count flag field text checksum encapsulation: header (and maybe tail) are proprietary network TCP identifier 8 16 translated into local address at final gateway 256 networks sufficient for forseeable future (used to find next gateway) Stefan Schmid - 7

8 Cerf & Kahn s Internetwork Architecture What is virtualized? Two layers of addressing: internetwork ( virtual addresses ) and local network New layer makes everything homogeneous Underlying local network technology (cable, satellite, 56K modem) is invisible at internetwork layer Stefan Schmid - 8

9 Overlay Networks Abstracting networks even more, on higher layers: Nodes, links? Examples and purpose? Nodes: applications, running at various sites as nodes on an applicationlevel network Links: create logical links (e.g., TCP or UDP connections) pairwise between each other each logical link: multiple physical links, routing defined by native Internet routing Examples of overlay networks? E.g., peer-to-peer networks such as BitTorrent, Gnutella, etc., or typically CDNs, Internet itself was overlay over telephone system... Use of overlay networks? E.g., robust routing! Stefan Schmid - 9

10 Overlay Network Connect applications directly via virtual links! abstraction Stefan Schmid - 10

11 Overlay network Focus at the application level Stefan Schmid - 11

12 What s new/what s old here? Old: We re doing routing, but at application layer (e.g., can be contentspecific) New names/addresses: Internet uses IP addresses (reflecting only network physical structure), overlay can use content-specific or applicationspecific names/addresses (e.g., Kad ID, hashed filenames/keywords, multihop routing to Simpsons, ) Virtualizing the Internet: another layer of abstraction Tradeoffs possible: can improve routing performance not just delay/throughput but application-specific measures (e.g., content that I want - efficient publish/subscribe) content matters too! (Overhead ok?) Security and anonymity: easier to add at application layer? Can be used to get around congestion/bad routing in the underlay (can route differently from underlay). Can do more complex routing but lose access to underlying measures like topology, delay, QoS: lose performance (???) but gain flexibility/functionality Overlay is a single entity that combines heterogeneous underlays to provide the homogeneous overlay New data transmission functions: broadcast and multicast can be done in overlay (unlike IP multicast, easy also across multiple providers, no state in routers needed, less error-prone,?) Stefan Schmid - 12

13 Use of Overlays: Internet Routing BGP defines routes between stub networks Berkeley.net Internet 2 UMass.net C&W Mediaone UCLA Noho.net E.g., Noho has BGP routes to UMass and Berkeley! Stefan Schmid - 13

14 Use of Overlays: Internet Routing BGP defines routes between stub networks Internet 2 Berkeley.net UMass.net C&W Mediaone UCLA Noho-to-UMass Noho.net Stefan Schmid - 14

15 Internet Routing BGP defines routes between stub networks Internet 2 Berkeley.net UMass.net C&W Mediaone UCLA Noho-to-Berkeley Noho.net Stefan Schmid - 15

16 Internet Routing BGP defines routes between stub networks Internet 2 Berkeley.net UMass.net Congestion or failure: Noho to Berkeley BGP-determined route may not change (or will change slowly) UCLA Noho-to-Berkeley C&W Mediaone Noho.net Stefan Schmid - 16

17 Internet Routing Berkeley.net Congestion or failure: Noho to Berkely BGP-determined route may not change (or will change slowly) Internet 2 Noho to UMass to Berkeley route not visible or available via BGP! Mediaone can t route to Berkeley via Internet2 C&W Mediaone UMass.net UCLA Noho-to-Berkeley Noho.net Stefan Schmid - 17

18 RON: Resilient Overlay Networks Premise: by building application overlay network, can increase performance, reliability of routing application-layer router Two-hop (application-level) noho-to-berkeley route Stefan Schmid - 18

19 RON: Resilient Overlay Networks Why RON, and why does it work? The Internet offers a high redundancy of paths! BGP must focus on scalability Much aggregation, damps route changes,...: makes things slow In BGP, only /19 block or larger updates accepted! How to make access to my company robust otherwise? E.g., multihoming (small company behind many ISPs), or even use multiple addresses?! Application can choose its metric! (latency vs bandwidth, etc.) Stefan Schmid - 19

20 RON Experiments Measure loss, latency, and throughput with and without RON 13 hosts in the US and Europe 3 days of measurements from data collected in March minute average loss rates A 30 minute outage is very serious! Note: Experiments done with No-Internet2-forcommercial-use policy (Internet2 routes are often more stable, but not always visible) Stefan Schmid - 20

21 An order-of-magnitude fewer failures Table: for how many samples of duration 30min was the loss rate larger than p%? RON win = loss in Internet was >p% and with RON <p%. no change = the same; RON worse = Internet better for this example. Loss Rate 10% 20% 30% 50% 80% 100% RON was below 30% in all the 32 samples when Internet was above 30%. many samples do no appear in table because both were below percentage (many <10% for both) RON Better No Change RON Worse The higher 0 the loss 0 rate, 0 the better RON 0 6,825 path hours represented here 12 path hours of essentially complete outage 76 path hours of TCP outage Stefan Schmid - 21

22 An order-of-magnitude fewer failures Difficult to define outage : TCP only 2-10 minutes; here larger scale... 10% 20% 30% 50% 80% 100% This implies that outage was never on edge! Loss Rate The higher the loss rate, the fewer samples available (happens seldom in Internet). RON loss never above 30%. 30-minute average loss rates RON Better No Change RON Worse ,825 path hours represented here 12 path hours of essentially complete outage 76 path hours of TCP outage RON routed around all of these! (Implication?) One indirection hop provides almost all the benefit! Stefan Schmid - 22

23 RON Research Issues How to design overlay networks? Measurement (active) and self-configuration Understanding performance of underlying net ( reality matters ) Fast fail-over Sophisticated metrics (latency vs bandwidth: what is needed?) Application-sensitive (e.g., delay versus throughput) path selection Effect of RON on underlying network If everyone does RON, are we better off? Experiments were smallscale Stability?... Bootstrap: How to learn about other RON nodes? E.g., directory service (on web or well-known nodes?) Then compute 2-hop neighborhood? Compare also bootstrap in P2P? Stefan Schmid - 23

24 IP-over-ATM IP-over-ATM virtualization: give the illusion of a different network (to support IP services...) ATM = Asynchronous Transfer Mode Properties: Goal, e.g., real-time audio and video transmission Virtual circuit-switched Explicit set up of virtual channel (VC) needed Several layers Application layer: ATM Adaption Layer Different services... IP vs ATM? ATM connection oriented, has QoS concepts,... How to offer IP services over ATM? IP-over-ATM! Make it look like an IP network... Idea overlay approach : view ATM as link layer protocol... Stefan Schmid - 24

25 IP-Over-ATM Classic IP only 3 networks (e.g., LAN segments) MAC (802.3) and IP addresses IP-over-ATM replace network (e.g., LAN segment) with ATM network ATM addresses, IP addresses ATM network Ethernet LANs Ethernet LANs Stefan Schmid - 25

26 IP-Over-ATM app transport IP Eth phy IP AAL Eth ATM phy phy ATM adaption layer: transport layer (only at end systems): e.g., error detection, segmentation,... ATM phy ATM phy app transport IP AAL ATM phy Stefan Schmid - 26

27 IP View of the World ATM is encapsulated... IP network ATM network Stefan Schmid - 27

28 Classical IP-over-ATM [RFC 1577] IP-over-ATM network can support usual IP subnetting... divide ATM net in IP prefix subnets: A B C D LIS 1 LIS 2 LIS 3 R1 R2 Why subnets? Given address space, divide into different domains (e.g. users on site vs other department) s.t. communication goes via router, security,... Or: not enough addresses in big address chunk! E LIS: logical IP subnet End systems in same LIS have same IP network prefix LIS looks like a LAN ATM net divided into multiple LIS Intra-LIS communication via direct ATM connections How to go from IP addr to ATM addr: ATMARP resolves IP addr to ATM addr (similar to ARP) Stefan Schmid - 28

29 Classical IP-over-ATM [RFC 1577] A B C D E Inter-LIS communication: source, dest. in different LIS each LIS looks like a LAN LIS 1 LIS 2 LIS 3 hop-by hop forwarding via routers: R1 R2 A-R1-R2-E Traffic between different logical subnets goes via routers, although it s the same ATM network! This is quite an overhead (latency, bw bottleneck etc.), and there are sometimes short-cut approaches! How could they look like?? Stefan Schmid - 29

30 NHRP (Next Hop Resolution Protocol) [RFC 2332] A NHRP server, S 1 B C D LIS 1 LIS 2 LIS 3 NHRP server, S 2 E NHRP server, S 3 Source/dest. not in same LIS: ATMARP can not provide ATM dest. address NHRP: resolve IP-to-ATM address of remote dest. client queries local NHRP server NHRP server routes NHRP request to next NHRP server destination NHRP returns dest ATM address back through NHRP server chain (like routed DNS) Source can send directly to dest. using provided ATM address Stefan Schmid - 30

31 Virtual Private Networks (VPN) VPNs Networks perceived as being private networks by customers using them, but built over shared infrastructure owned by service provider (SP) Why virtualization here? private over shared infrastructure yields efficient resource sharing: looks like private but cheaper, no own line has to be built! (shared backbone) How does the VPN architecture look like? Service Provider infrastructure: backbone provider edge devices Customer: customer edge devices (communicating over shared backbone) Stefan Schmid - 31

32 VPN: Logical View virtual private network Two customer historical types: provider edge - device leased lines edge device - customer-premises-based Stefan Schmid - 32

33 VPN Reference Architecture customer edge device provider edge device customer sites of VPN2 Stefan Schmid - 33

34 Leased-line VPN Customer (actually: PE) sites interconnected via static virtual channels (e.g., ATM VCs on layer 2), leased lines customer site connects to provider edge Expensive: connection-oriented, dedicated channels, states on routers, etc. Stefan Schmid - 34

35 Customer Premise VPN All VPN functions (e.g., over IP!) implemented by customer PE sites interconnected via tunnels tunnels typically encrypted SP treats VPN packets like all other packets! But configuration of expensive VPN gateways at customer Stefan Schmid - 35

36 Customer Premise VPN IP-based: Stefan Schmid - 36

37 VPNs: Benefits? Support for mobility: looks like you are always at home or pretend to be somewhere local (e.g., VPN providers in US) Privacy & security CE-CE encryption vs PE-PE encryption? Or both? (E.g., IPsec) also to circumvent ISP traffic shaping (e.g., BitTorrent)? Cost: many forms of newer VPNs are cheaper than leased line VPN s ability to share at lower layers exploit multiple paths, redundancy, fault-recovery (lower layers), that do not exist in leased line VPN s need isolation mechanisms to ensure appropriate resources sharing Abstraction and manageability: all machines with addresses that are in are trusted no matter where they are Stefan Schmid - 37

38 VPN Business Stefan Schmid - 38

39 Drawbacks? Leased-line VPN: configuration costs, maintainance by SP: long time, much manpower CPE-based VPN (CPE = customer premise equipment): expertise by customer to acquire, configure, manage VPN, IPSec tunnel for each CE pair of same VPN The new wave : Network-based VPN IP-based VPNs offered by SP (often together with other services such as firewalls, QoS,...) over its shared IP backbone Customer s routers connect to SP routers Less burden at customer: no need to implement VPN functions such as tunneling SP routers maintain separate (independent) IP contexts for each VPN sites can use private addressing (e.g., different VPNs with same IP addresses) traffic from one VPN cannot be injected into another Stefan Schmid - 39

40 Network-based Layer 3 VPNs PE s are IP routers that maintain separate IP contexts (routing and forwarding tables) for every supported VPN, and ensure IP reachability between distant sites of same VPN How to realize? Concept of virtual routers (VR) IP-encapsulation and backbone tunnels between PE routers Stefan Schmid - 40

41 Network-based Layer 3 VPNs multiple virtual routers in single provider edge device tunnels (over IP network) only between PEs (and not CEs); backbone routers do not need to be aware of different contexts (inner IP headers) Stefan Schmid - 41

42 Network-based Layer 3 VPNs Realization: Virtual Router (VR) per VPN in each PE E.g., each VR has different IP address Backbone tunnels between PEs (backbone routers need not process inner IP headers of VPN, etc.!) Tunnels = concept that logic/support only needed at edges! Each PE pair sharing a VPN context needs one tunnel Techniques: IP-in-IP, MPLS multiplexing (with good automation, traffic enigneering, etc.), GRE, etc. Stefan Schmid - 42

43 Tunneling Tunneling is a mechanism to concentrate logic on the edges of the core network! Stefan Schmid - 43

44 Tunneling Tunneling is a mechanism to concentrate logic on the edges of the core network! Stefan Schmid - 44

45 VPNs: Further Reading Stefan Schmid - 45

46 Network Virtualization: Vision Success of Node Virtualization a.k.a. end-host virtualization VMWare revamped server business VM = basic unit in datacenters hardly any physical resources! VM = flexible allocation, migration... Success of Link Virtualization Success of MPLS (due to multipath no backup network necessary so less redundancy!, but complexity, management QoS?), VPN networks Trend: VLANs (scalability?), OpenFlow,... Unified, fully virtualized networks (a.k.a. CloudNets) Combine networking with heterougeneous cloud resources (e.g., storage, CPU,...)! Stefan Schmid - 46

47 Objectives (1) Based on layer 2: can experiment with new network protocols! Today s Internet protocol stack: One size fits it all! (Narrow waist...) Not always optimal: service-tailored networks, e.g., for social networking (heavy-tailed?), news service, delay-tolerant bulk data transfers,...? Ossification: I cannot innovate the network core! Problem dependency on IP: introduction of IPv6? Small address space and suboptimal prefix distribution? Central organization? Other routing protocols? (E.g., for wireless?) Add functionality to routers (programmable core, e.g., for intrusion detection,...) Virtualization: Can migrate seamlessly (IP addresses stay!), can allocate physical resources where needed or cheap, automatic recovery and robustness,... Stefan Schmid - 47

48 Objectives (2) Flexible spec, Goal focused migration Multi-provider Result driven Resource Solution oriented sharing QoS Precise guarantees On-demand, Blunt short duration Heterogeneous Challenging resources Servicetailored Assertive Innovation in Confident network core Stefan Schmid - 48

49 Virtualization = Flexible Embedding CloudNet CPU, location, OS,... benefit, duration, compatibility,... Some specifications may be missing and can be optimized! bw, latency, duplex,... CPU, location, OS,... Physical Infrastructure bw, latency, duplex,... Unlike VPN: flexible placement, migration, QoS,... Stefan Schmid - 49

50 Use Cases (1) VPN++ Datacenters Goal: Fully specified CloudNet mapping constraints (e.g., end-points for a telco), but with QoS guarantees (e.g., bandwidth) along links Palo Alto 1Mbit/s 1Mbit/s Berlin 1Mbit/s Tel Aviv November 22, 1pm-2pm! < 10ms > 100 MB/s any any < 10ms > 100 MB/s < 10ms > 100 MB/s any Guaranteed resources, job deadlines met, no overhead! Cloud Bursting / Cloud Spillover / Out-Sourcing Migration Berlin < 50ms 50 TB storage, 10 TFlops computation! Goal: Move with the sun, with the commuters, (QoS) allow for maintenance, avoid roaming costs : e.g., SAP server, game server, small CDN server, translator service Berlin < 50ms (corporate access network) any European cloud provideer (e.g., due to legal issues?) Stefan Schmid - 50

51 Use Cases (2) CloudNet Request disk access Infrastructure and Embedding CPU CPU disk CPU Access Network spillover to cloud Cloud CPU disk Stefan Schmid - 51

52 Use Cases (3) CloudNet 1: Computation Specification: 1. > 1 GFLOPS per node 2. Monday 3pm-5pm 3. multi provider ok CloudNet 2: Mobile service w/ QoS Specification: 1. close to mobile clients 2. >100 kbit/s bandwidth for synchronization CloudNet requests Provider 1 Provider 2 Physical infrastructure (e.g., accessed by mobile clients) Stefan Schmid - 52

53 Use Cases (4) Stefan Schmid - 53

54 Use Cases (5) Stefan Schmid - 54

55 Economical Roles Service Provider (SP): uses CloudNets to offer its services (e.g., value-added application CloudNet, or transport CloudNet) Virtual Network Operator (VNO): Installs and operates CloudNet over topology provided by VNP, offers tailored connectivity service, triggers cross-provider migration (by setting requirements),... Virtual Network Provider (VNP): Broker /reseller that assembles virtual resources from different PIPs to provide virtual topology (no need to know PIP, can be recursive,...) Physical Infrastructure Provider (PIP): Owns and manages physical infrastructure Stefan Schmid - 55

56 Prototype at TU Berlin! Joint project with Deutsche Telekom and NTT DoCoMo Based on VLAN technology (alternative would be OpenFlow) Embedding using mathematical programming (using CPLEX solvers) YouTube: Stefan Schmid - 56

57 Theoretical Research (1) Embedding algorithms, online migration, online resource allocation Example 1: A mobile service provider can move services to locations where they are most useful: Example 2: Virtual networks (VNets) can be allocated where the least resources are used, or where most energy can be saved, or...: on service!? CPU, mem, OS,... reqs bw, lat,... Stefan Schmid - 57

58 Theoretical Research (2) Which requests to price how? Stefan Schmid - 58

59 Theoretical Research (3) Stefan Schmid - 59

60 Enabling Technology E.g., VLANs, Xen, Juniper, OpenFlow virtualized switches (flow-level virtualization / SW-defined and typically centralized switch controllers, FlowVisor for isolation),... Interested? Contact us for more details! Project website: Stefan Schmid - 60