Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2008 AT&T Intellectual Property. All rights reserved. CloudNet: Where VPNs Meet Cloud Computing Flexibly and Dynamically Timothy Wood Kobus van der Merwe,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2008 AT&T Intellectual Property. All rights reserved. CloudNet: Where VPNs Meet Cloud Computing Flexibly and Dynamically Timothy Wood Kobus van der Merwe,"— Presentation transcript:

1 © 2008 AT&T Intellectual Property. All rights reserved. CloudNet: Where VPNs Meet Cloud Computing Flexibly and Dynamically Timothy Wood Kobus van der Merwe, K.K. Ramakrishnan, Alex Gerber, and Prashant Shenoy (U. Mass) December 18, 2008

2 © 2008 AT&T Intellectual Property. All rights reserved. Cloud Computing Lease computation and storage resources on demand –Amazon EC2, Google App Engine, Microsoft Azure, VMware vCloud Highly dynamic resource provisioning –Add new servers within minutes –Easy to replicate virtual resources Only pay for what you use Cloud Platform Provides cheap and flexible resources

3 © 2008 AT&T Intellectual Property. All rights reserved. Server Virtualization Ability to split a server up into one or more slices –Virtual Machines are not tied to physical hardware –Can multiplex access to one set of physical resources –Still provides strong isolation between each VM Virtualization is a key part of Cloud Computing –Reduces hardware cost –Improves efficiency through multiplexing –Abstracts user’s resources away from physical ones Nice bonuses –Dynamic resource allocation –VM migration, checkpointing VM

4 © 2008 AT&T Intellectual Property. All rights reserved. Existing Cloud Services Amazon Elastic Compute Cloud (EC2) –Lease Xen virtual machines, install own OS and apps –Can assign internal (cloud only) or public IPs –“Elastic” IPs can be used to forward to any internal IP (NAT) –Charges: $0.10 to $0.80/cpu hour + $0.01/GB over WAN Similar alternatives: VMware vCloud, GoGrid, others Application Level Cloud Services –Host your application (must be written for platform) –Automatically scale up resources for app (if mostly stateless) –Google App Engine - python web applications –Microsoft Azure - Host.Net applications in the cloud –IBM Blue Cloud - Hadoop distributed apps

5 © 2008 AT&T Intellectual Property. All rights reserved. What is Missing? Control over network management –Can’t request specific IP addresses –Can’t put VMs on own private network Control of Network Resources –Bandwidth, traffic isolation, etc Lack of network security and isolation –VMs have IP on public internet –Customer must manage security on VM itself at&t top secret Verizon pay roll Existing systems do not provide the network security or features needed by enterprises

6 © 2008 AT&T Intellectual Property. All rights reserved. CloudNet: Bringing VPNs to the Cloud Use VPNs to separate customer resources Customer’s VMs are only reachable from her other VPN end points More flexible control of how IP addresses are assigned Physical network is transparent to customer VPNs provide both convenient network isolation and strong security

7 © 2008 AT&T Intellectual Property. All rights reserved. Benefits of VPNs Layer 3 VPNs –Secure access between customer and cloud Layer 2 VPLS –Cloud resources can appear to be directly on the customer’s LAN –Combine resources across clouds into single LAN VPLS

8 © 2008 AT&T Intellectual Property. All rights reserved. Challenges How to divide up responsibilities? –Network provider may not own cloud data centers VPNs traditionally considered “static” –Cloud Computing requires “agility” –Customers expect new resources to be immediately available How to prototype and test this within at&t? –Don’t want to use dozens of routers

9 © 2008 AT&T Intellectual Property. All rights reserved. System Components Cloud Manager –Create VMs –Resource Allocation –Controls up to CEs Network Manager –VPN management –Access controls –Controls PEs May be separate business entities Cloud 1Cloud 9 Network Manager Cloud Manager … CE

10 © 2008 AT&T Intellectual Property. All rights reserved. VPN Management All endpoints need to “match” Making changes to all endpoints is a pain! Use IRSCP –Centralized VPN manager –Looks like route reflector –Speaks BGP to PEs Rewrites VPN route targets IRSCP IRSCP Rules: VPN 1 = + + VPN 2 = + Takes about 5-8 seconds

11 © 2008 AT&T Intellectual Property. All rights reserved. Shadownet Provides infrastructure for CloudNet Uses Juniper router support for logical routers –Subdivide a physical router Instantiates arbitrary networks based on topology description Simplifies and automates router configuration –Tracks links, used interfaces, VLAN ids, etc Site 1Site 2

12 © 2008 AT&T Intellectual Property. All rights reserved. CloudNet Prototype Logical Setup Physical Instantiation PE CE VM CE VM PECE VM Customer W Cloud E PE Customer S PE Cloud N PECE VM PECE VM PECE VM PE VM CE

13 © 2008 AT&T Intellectual Property. All rights reserved. Adding a New VM PE Logical CEs Servers VM PE VM Cloud SiteCustomer Sites VM Timing: VM Startup = 30 sec L3 VPN Setup = 20 sec

14 © 2008 AT&T Intellectual Property. All rights reserved. Multiple Cloud Sites Building many small data centers may be cheaper Provide geographic separation for fault tolerance Decrease latency by being closer to customer Easier for initial deployments Using multiple sites benefits both customer and provider, plus VPNs make it easy

15 © 2008 AT&T Intellectual Property. All rights reserved. Multiple Cloud Sites Example PE Customer Sites PE VM Cloud Sites VM PE VM PE L3 VPLS VPLS hides physical layout of the cloud

16 © 2008 AT&T Intellectual Property. All rights reserved. Migration LAN migration supported by many virtualization platforms –Transparently move a VM between two hosts –No application downtime –Useful for load balancing, maintenance, etc VPLS makes sites across WAN be on same LAN –Allows for WAN migration without modifying VM platform! But, storage migration remains an issue…

17 © 2008 AT&T Intellectual Property. All rights reserved. Migration Example PE VM PE Customer Sites PE A Cloud Sites VPLS PE VM B B ARP! Currently seeing 5-20 second network downtime after migration. Switch is caching MAC mapping?

18 © 2008 AT&T Intellectual Property. All rights reserved. Summary Cloud Computing is a rapidly growing market Existing offerings fail to provide many network related features that are critical for enterprise customers VPNs are a natural way to provide these features CloudNet brings VPNs to Cloud Computing to provide both better security and isolation to customers, and more efficient resource utilization to providers

19 © 2008 AT&T Intellectual Property. All rights reserved. Thank you! Questions??? twood@cs.umass.edu

20 © 2008 AT&T Intellectual Property. All rights reserved. Implementation Details Routers –Juniper M7i routers, JUNOS 9.0 oMix of gigabit and fast ethernet PICs Collection of Perl scripts –Interact with Xen virtualization platform –Low level network operations done through shadownet –Configure routers using NetConf connection oSend XML router configuration specifications Shadownet –Perl library with interactive prompt interfaces –MySQL database tracks network state

Download ppt "© 2008 AT&T Intellectual Property. All rights reserved. CloudNet: Where VPNs Meet Cloud Computing Flexibly and Dynamically Timothy Wood Kobus van der Merwe,"

Similar presentations

Elastic Provisioning In Virtual Private Clouds

Elastic Provisioning In Virtual Private Clouds
Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Ed Duguid with subject: MACE Cloud

Ed Duguid with subject: MACE Cloud
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal
University of Notre Dame

University of Notre Dame
System Center 2012 R2 Overview

System Center 2012 R2 Overview
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Infrastructure as a Service (IaaS) Amazon EC2

Infrastructure as a Service (IaaS) Amazon EC2
Xen , Linux Vserver , Planet Lab

Xen , Linux Vserver , Planet Lab
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Ken Birman. Massive data centers We’ve discussed the emergence of massive data centers associated with web applications and cloud computing Generally.

Ken Birman. Massive data centers We’ve discussed the emergence of massive data centers associated with web applications and cloud computing Generally.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.

What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Virtualization in Data Centers Prashant Shenoy

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Virtualization in Data Centers Prashant Shenoy
Class 3: SDN Stack Theophilus Benson. Outline Background – Routing in ISP – Cloud Computing SDN application stack revisited Evolution of SDN – The end.

Class 3: SDN Stack Theophilus Benson. Outline Background – Routing in ISP – Cloud Computing SDN application stack revisited Evolution of SDN – The end.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Center Traffic Management COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Center Traffic Management COS 597E: Software Defined Networking.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.
ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.

ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.

Similar presentations

Ads by Google