Upload
erhan-boduk
View
228
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Â
Citation preview
1
Cloud Computing Infrastructure (41891 and 42891)
Session 5 - Cloud Infrastructure and Network
Virtualization
Professor Doan B. Hoang
School of Computing and Communications
iNEXT- Centre for Innovation in IT Services and Applications
University of Technology, Sydney
Email: [email protected]
Cloud Computing Terminology
Cloud service: any IT resource that is made remotely accessible via a
cloud
Cloud provider: The organization that provides cloud-based IT resources
Cloud consumer: The organisation (or human) that has a formal
contract or arrangement with a cloud provider to use IT resources made available by the cloud provider
Cloud service owner: The person or organization that legally owns
a cloud service
Cloud administrator: The person or organization responsible for
the administering a cloud-based IT resources (including cloud services)
Cloud Carrier: provides connectivity between cloud consumers and
cloud providers. 2
Sara Farahmandian ICSSC 2013 Keynote,
August 19-20, 2013,
Shanghai
3
4
Cloud characteristics
Resource pooling: IT resources are mostly underutilized and
scattered
Broadband network access: backbone for
communications, distribution, control, and administration of services
On-demand self-service: consumer has the freedom of
self-provision IT resources
Rapid elasticity: resources and services need to be scaled
to meet the demand when they are needed
Measured service: pay per usage model provides a fair
and acceptable service model
Cloud Service Model: IaaS
5
IaaS Cloud Service Contract
Product: Virtual Server, 32GB RAM, 4GB local storage
SLA: availability=99.5%, no failover
Price: $0.95 per hour, $0.05 per GB transferred out of cloud
Virtual
server
Physical
server
Cloud provider
Cloud consumer
Building IaaS Environment
Two most fundamental IT resources that are delivered as part of a standard architecture within IaaS environment: virtual server and cloud storage device. They are offered in various standardized configurations that are defined by the following properties:
Operating system
Primary memory capacity
Processing capacity
Virtualized storage capacity
6
7
Cloud Service Model: PaaS
PaaS Cloud Service Contract
Product: Application Server + DMBS platform
SLA: availability=99.5%, auto scaling
Price: $0.45 per hour (500,000 requests)
Virtual
server
Cloud provider
Cloud consumer
Ready-made environment
8
Cloud Service Model: SaaS
SaaS Cloud Service Contract
SLA: response time=0.5ms
Price: $0.05 per 100 requests
Cloud
service
consumer
Cloud service
Infrastructure of Cloud Service Provider
Data centre Technology Data Centre facilities: housing, racks, cabling, power supplies,
environmental control stations (heating, ventilation, air conditioning, fire protection, and other sub systems)
Computing Hardware: server, blade servers, etc.
Storage Hardware: Hard Disk Arrays, Storage Area Network (SAN), Network-Attached Storage (NAS)
Network Hardware: Carrier and External Network Interconnection. LAN Fabric, SAN Fabric, NAS Gateways
Broadband Networks and the Internet Architecture Internet Service Providers (ISPs)
Cloud consumer networks
ISPs – Cloud carriers
Backbone ISP
Cloud provider networks (Data-Centre Interconnection Networks) 9
Virtualization Technology Servers – A physical server can be abstracted into a virtual
server
Storage – virtual storage device or a virtual disk
Network – Physical routers and switches can be abstracted into logical network fabrics, such as VLANs
Power – virtual UPS
Web Technology and Service Technology Web services, REST services, Service agents, Service
middleware. Web technology is generally used as both implementation medium and the management interface for cloud services.
10
Cloud Infrastructure Mechanisms
Logical Network Perimeters are established via network devices that supply and control the connectivity of a data centre and are deployed as virtual IT environments that include: Virtual Firewall and Virtual Network
Virtual Server: a form of virtualization software that emulates a physical server
Cloud Storage Device: represent storage devices that are designed specifically for cloud-based provisioning
Cloud Usage Monitor is an autonomous software program responsible for collecting and processing IT resource usage data
Resource Replication mechanism uses virtualization technology to replicate cloud-based IT resources.
11
Cloud Management Mechanisms
Remote Administration System
Resource Management System
SLA Management System
Billing Management System
Cloud Security Mechanisms
12
Virtualization (Nathan Binkert)
• Virtualization is a conversion process that translates unique IT
hardware into Emulated and Standardized software-based copies.
• A hypervisor is generally limited to ONE physical server and can
therefore ONLY create virtual images of that server.
• A hypervisor can ONLY assign virtual servers it generates to
resource pools that reside on the SAME underlying PHYSICAL
server.
Virtual Machines and Hypervisor
14
The functions of the hypervisor include:
Creating VMs
Allocating “hardware resources” to VMs from the
virtualized pool of hardware resources belonging to the
physical server
Monitoring the status of the VMs
Taking part in the movement of VMs from one system to
another
Network Virtualization
Network virtualization aims at creating multiple virtual networks (VNs) on top of a shared physical network substrate, allowing each VN to be implemented and managed independently.
A Virtual Network (VN) is a set of virtual networking resources: virtual nodes (end hosts, switches, routers) and virtual links
Virtualized ISP (VNs) networks mostly consist of packet forwarding elements (routers)
Virtualized data centre networks involves different types of nodes including servers, routers, switches, and storage nodes.
15
Customer - ISP – Cloud Provider Networks
16
Cloud Provider Network
Consumer Network
ISP Cloud Carrier
ISP Cloud Carrier
Backbone ISP
ISP Cloud Carrier
External user
Network-as-a-Service (NaaS)
17
Network-as-a-Service (NaaS) paradigm that exposes networking
resources and functionalities as services that can be composed with
computing services in a Cloud environment
VMWARE Networking Architecture
A virtual environment: vNIC, vSwitch, and Port Groups
Each VM has its own vNICs. The OS and applications talk to the vNICs through a standard networking device driver (just as through the vNIC is a physical NIC)
To the outside world also, each vNIC appears just like a physical NIC – it has its own MAC address, one or more IP addresses and it responds to the standard Ethernet protocol exactly as a physical NIC would
18
VMware Virtual Networking Concepts (from VMWARE INFORMATION GUIDE)
19
VMWARE Networking Architecture
A vSwitch works like a Layer 2 physical switch. Each physical server has its own vSwitches. On one side of the vSwitch are Port Groups which connect to virtual machines. On the other side are uplink connections to physical Ethernet adapters. Virtual machines connects to the outside world through the physical Ethernet adapters that are connected to the vSwitch uplinks.
A virtual switch can connect its uplinks to more than one physical Ethernet adapter to enable NIC teaming two or more physical adapters used to share the traffic load or provide failover in the event of an adapter hardware failure.
20
Networking on a Physical Network (adapted from Yong Wang, Vmware)
21
00 A0 C9 A8 15 70
6 bytes
Networking on a physical host
•OS runs on bare-metal hardware •Networking stack (TCP/IP) •Network device driver •Network Interface Card (NIC) •Ethernet: Unique MAC
address for identification and communication
Host
Device Driver
OS
TCP/IP Stack
Networking on a Physical Network (adapted from Yong Wang, Vmware)
22
… destination source
Ethernet frame format
Port 4 Port 5 Port 6 Port 7
Port 0 Port 1 Port 2 Port 3
6 6
Switch: A device that connects
multiple network segments
It knows the MAC address of the NIC
associated with each port
It forwards frames based on their
destination MAC addresses
• When a port receives a frame, it read
the frame’s destination MAC address
• port4->port6
• port1->port7
Networking in Virtual Environments
23
ESX Server
?
?
Questions:
1. Imagine you want to watch a youtube video from within a VM now
• How are packets delivered to the NIC?
2. Imagine you want to get some files from another VM running on the same host
• How will packets be delivered to the other VM?
Virtual Networks on ESX
24
ESX Server
?
?
VM0 VM1 VM2 VM3
ESX Server
vmknic vNIC
pNIC
vSwitch
pSwitch
Virtual Network Adapter (vNIC) (adapted from Yong Wang, Vmware)
25
Guest
Device Driver
Physical
Device Driver
vSwitch
Device Emulation
Guest OS
Host
Guest TCP/IP stack
What does a virtual NIC implement?
• Emulate a NIC in software
• Implement all functions and resources of a NIC
even though there is no real hardware
• Each vNIC has a unique MAC address
For better out-of-the-box experience,
VMware emulates two widely-used NICs
• vlance: strict emulation of AMD Lance PCNet32
• e1000: strict emulation of Intel e1000 and is
more efficient than vlance
vNICs are completely decoupled from
hardware NIC
Virtual Switch (vSwitch)
26
Host
Physical
Device Driver
vSwitch
Device Emulation
Guest
Device Driver
Guest OS
Guest TCP/IP stack
How virtual switch works
• A software switch implementation
• Work like any regular physical switch
• Forward frames based on their destination MAC addresses
The virtual switch forwards frames between the
vNIC and the pNIC
• Allow the pNIC to be shared by all the vNICs on the same
vSwitch
• Network traffic cannot flow directly from one virtual switch to
another virtual switch within the same host
The packet can be dispatched to either another
VM’s port or the uplink pNIC’s port
• VM-VM
• VM-Uplink
(Optional) bandwidth management, security filters,
and uplink NIC teaming
Virtual Ports, Uplink Ports, Uplinks
Virtual ports on a virtual switch provide logical connection points among virtual devices and between virtual and physical devices.
Uplink ports are ports associated with physical adapters, providing a connection between a virtual network and a physical network
Uplinks: Physical Ethernet adapters serve as bridges between virtual and physical networks.
27
Port Groups
Port groups are user-named objects that contain enough configuration information to provide persistent and consistent access for virtual Ethernet adapters Virtual switch name
VLAN ID and policies for tagging and filtering
Teaming policy
Layer 2 security options
Traffic shaping parameters
Port group definitions capture all the settings for a switch ports. To connect a virtual machine to a particular kind of port, just specify the name of the port group with an appropriate definition.
28
vSwitch
A vSwitch can have multiple Port Groups. Instead of connecting to a particular port on the vSwitch, a VM connect its vNIC to a Port Group.
All VMs that connect to the same Port Group belong to the same network inside the virtual environment even they are on different physical servers.
A VM can VMotion from one physical server to another onky if both servers have the same vSwitch (with the same Port Group), even if all other conditions are met.
The network connection is maintained after following the VMotion Migration because the virtual machine is automatically connected to the same Port Group on the same vSwitch on new hosting server.
29
vSwitch: Virtual Switch (from VMWARE INFORMATION GUIDE)
Data Center Network Design before VMs
31
Ben Pfaff, Nicira Networks, Inc.
Data Center Network Design with VMs
32 Ben Pfaff, Nicira Networks, Inc.
Problem with Connectivity
33 Ben Pfaff, Nicira Networks, Inc.
Solution: Network Virtualization
34
Path of a Packet (No Tunnel)
35 Ben Pfaff, Nicira Networks, Inc.
Path of a Packet (Via Tunnel)
36 Ben Pfaff, Nicira Networks, Inc.
A Network Virtualization Distributed System
37 Ben Pfaff, Nicira Networks, Inc.
Controller Duties
38
O P E N F L OW S W I T C H S P E C I F I C AT I O N
39
Virtual switches that can encapsulate L2 or L3 payloads in UDP (VXLAN) envelopes appear as IP
hosts to the network
40
Virtual Data Centre (VDC)
A data centre (DC) is a facility consisting of servers (physical machines), storage and network devices (e.g., switches, routers, and cables), power distribution systems, cooling systems.
A data centre network is the communication infrastructure used in a data centre, and is described by the network topology, routing/switching equipment, and the used protocols (e.g., Ethernet, IP)
A Virtualization Data Centre is a data centre where some or all of the hardware (e.g., servers, routers, switches, and links) are virtualized.
A Virtualized Data Centre is a physical data centre with deployed resource virtualization techniques
A Virtual Data Centre (VDC) is a collection of virtual resources (VMs, virtual switches, and virtual routers) connected via virtual links. A Virtual Data Centre is a logical instance of a Virtualized data Centre consisting of a subset of the physical data centre resources.
41
Network Virtualization: State of the Art and Research Challenges
N. M. Mosharaf Kabir Chowdhury and Raouf Boutaba (IEEE Communications Magazine • July 2009)
42
Virtualized ISP (VNs) – Virtualised data centre networks
virtualized ISP (VNs) networks mostly consist of packet forwarding elements (routers)
virtualized data centre networks involves different types of nodes including servers, routers, switches, and storage nodes.
Another key difference between data centre networks and ISP networks is the number of nodes. While the number of nodes in ISP backbones is in order of HUNDREDs (471 in Sprintlink, 487 in AT&T, 862 nodes in Verio ISPs , it can go up to thousands in today’s data centres (around 12,000 servers in one Google Compute cluster).
Furthermore, different from ISP networks, data centre networks are built using topologies like the conventional tree, fat-tree, or Clos topologies with well-defined properties, allowing to develop embedding algorithms optimised for such particular topologies.
43
Reference Model
44
Service-oriented network virtualization
45
Core Technologies
VLANs
Virtual Private Networks
Tunneling Protocols
shunt traffic to a provisioned endpoint
“hide” private addresses
send IP or non-IP traffic over the Internet
L2VPN (L2TP, L2F)
L3VPN (IPSec, GRE)
Active and programmable networks
Overlay networks
47
Thank You
Questions?
Additional slides
Additional slides for further information
Reading References
48
M. Chowdhury and R. Boutaba, “A Survey of Network Virtualization,”
Computer Networks, vol. 54, no. 5, pp. 862–876, 2010
Qiang Duan, Yuhong Yan, and Athanasios V. Vasilakos, “A Survey on Service-
Oriented Network Virtualization Toward Convergence of
Networking and Cloud Computing,” IEEE TRANSACTIONS ON NETWORK AND
SERVICE MANAGEMENT, VOL. 9, NO. 4, DECEMBER 2012
Virtualization Capabilities - Usages
49
Distributed Switch
Aggregated datacenter-level virtual networking (vs. per-host)
Simplified management
Network statistics follow VMs
Broadband Networks and Internet Architecture
Cloud services consist not only computing and storage functions provided by Cloud infrastructure but also communications functions offered by the Internet.
Networking plays a crucial role in Cloud computing: Internet for delivery of cloud services to users. Data communications in cloud data centers as well as among data centers distributed at different locations.
An example: An high performance application may use the storage capacity of Amazon S3 (Simple Storage Service) and the computing capability provided by Amazon EC2 (Elastic Compute Cloud). The underlying network infrastructure must provide network services for i) transmitting data from the application to C3 virtual disk, ii) communications between virtual disk and the EC2 virtual machines, and iii) deliver results back to the applications.
Networking resources are needed: transmission bandwidth and packet forwarding capacity)
51
Business Model
One of the differences between the traditional networking model and network virtualization model is participating players. In the traditional networking model there are two players: ISP and end users; the network virtualization model separate the role of the traditional ISP into two: an Infrastructure provider (InP) and a Service Provider (SP), InP is a company that owns and maintains the physical infrastructure and SP is to deploying protocols and services.
In the context of Data Center virtualization, InP is a company that owns and manages the physical infrastructure of a data center. An InP leases virtualized resources to multiple service providers/tenants.
Each tenant creates a VDC over the physical over the physical infrastructure owned by the InP for further deployment of services and applications offered to end-users.
52
Virtual LANs (VLANs)
53
Label-Switched Path – MPLS
54
Label switched path
Label Switched Path (LSP) is like a pipe or tunnel
While traveling on a label switched path, forwarding is based on the label only, not on destination IP address in packet
Virtual Private Networks (VPNs)
55
NETWORK DEVICE VIRTUALIZATION
56
Multiple VRFs on a Router
57
VRF RED
VRF GREEN
e1/0
e1/2
e4/2
s2/0.102
s2/0.103
s2/1.103
• VRF- A VPN Routing Forwarding instance. A VRF consists of an IP
routing table, a derived forwarding table, a set of interfaces that use
the forwarding table, and a set of rules and routing protocols that determine
what goes into the forwarding table
• A VRF partitions a router by creating multiple routing tables and multiple
forwarding instances. Dedicated interfaces are bound to each VRF
Virtual Private LAN Services (VPLS)
58
DATA PATH VIRTUALIZATION
59
Generalized Routing Encapsulation (GRE)
60
MPLS Forwarding
61