Presentation is loading. Please wait.

Presentation is loading. Please wait.

Politecnico di Torino Dipartimento di Automatica ed Informatica TORSEC Group Performance of Xen’s Secured Virtual Networks Emanuele Cesena Paolo Carlo.

Published byDeirdre Nelson Modified over 9 years ago

Similar presentations

Presentation on theme: "Politecnico di Torino Dipartimento di Automatica ed Informatica TORSEC Group Performance of Xen’s Secured Virtual Networks Emanuele Cesena Paolo Carlo."— Presentation transcript:

1 Politecnico di Torino Dipartimento di Automatica ed Informatica TORSEC Group Performance of Xen’s Secured Virtual Networks Emanuele Cesena Paolo Carlo Pomi Gianluca Ramunno Davide Vernizzi

2 Outline Introduction Experiments Model Security mechanism Conclusion

3 Introduction

4 Motivations Server consolidation Planning Model of virtual network Emulation Comparison

5 Virtualization “Technique for dividing the resources of a computer into multiple execution environments called virtual machines (VMs)” (A. Singh) Full virtualization Complete emulation of the underlying hardware Unmodified operating system in the VM Paravirtualization VM needs a modified OS Best performance, close to native

6 Virtualization: XEN XEN is a free Virtual Machines Monitor (hypervisor) x86, Intel Itanium, PowerPC platforms Paravirtualization, full virtualization (hw support) Very low overhead when paravirtualized: average 3-5% Virtual machines Domain-0: privileged VM Direct access to hardware Direct interface to the hypervisor Guest domains

7 Virtual Network in XEN Network interfaces Front-end within VM: eth0 Back-end in Domain-0: virtual interface (vif) Connection between netfront and netback provided by the hypervisor XEN hypervisor Domain 0 vif1.0vif2.0 Guest 1 eth0 Guest 2 eth0

8 Virtual Network in XEN Virtual Network Domain-0 manages all the netbacks Bridge as “L2-switch” XEN hypervisor Domain 0 vif0.0vif1.0vif2.0 peth0 eth0 br0 Dom-0Guest 1Guest 2 physical world switch

9 Virtual Network in XEN Example: Guest 1 sends a packet to Guest 2 packet created within Guest 1 stack copied from FE to BE via page flipping forwarded through the bridge copied from BE to FE, then received by Guest 2 we call this a virtual link Domain 0 vif1.0vif2.0 br0 Guest 1 eth0 Guest 2 eth0

10 Experiments

11 HP Compaq dc7700 Intel Core2 Duo 2.13 GHz RAM: 2GB XEN 3.0.4 Linux kernel 2.6.20 10 Virtual Machines (guests) RAM: 128 MB Linux kernel 2.6.20 minimal Debian installation IPerf to test network bandwidth

12 Experiments: Virtual Network Simple topology All VMs connected to the same bridge Client Guest 1 bridge Client Guest 2 Client Guest 3 Client Guest 4 Client Guest 5 Server Guest 1 Server Guest 2 Server Guest 3 Server Guest 4 Server Guest 5

13 Experiments: Virtual Network Simple topology All VMs connected to the same bridge Up to 16 virtual links IPerf TCP channels Example with 7 links Client Guest 1 bridge Client Guest 2 Client Guest 3 Client Guest 4 Client Guest 5 Server Guest 1 Server Guest 2 Server Guest 3 Server Guest 4 Server Guest 5

14 Experiments: tests SMP disabled SMP enabled Static domain scheduling 10 iterations for each experiment 1 minute per link Samples every 5 sec Average value

15 Experiments: Results NoSMP vs. SMP

16 Experiments: Results Dynamic scheduling vs Static scheduling

17 Model

18 Model: assumptions Simple resource model Single type of resource Resources completely separated in system and network Network described by the number of virtual links Bandwidth equally distributed among links

19 Model M: maximal total bandwidth M – K: minimal total bandwidth  (n): total bandwidth Bandwidth Network resources System resources  M K Total resources n links

20 Model Model curve vs. experimental data: error less than 2%

21 Security mechanisms

22 Adding security brings More workload More networking We focused on increase of number of links (eg. firewalls)

23 Security mechanisms Number of links increases by a factor s Depending on topology Depending on the security mechanism The model allows prediction on the loss of bandwidth

24 Model application 1/2 Scenario: server consolidation Computation power available The virtual network must supply the physical interface If the virtual network is well-designed, the virtual network supports the transaction

25 Model application 2/2 What happens if we introduce a firewall? Applying the model we can esteem the resulting bandwidth

26 Conclusions

27 Future works Improve the model Relax assumptions Forecast parameters without experiments Validate the model Other architecture Other security solutions Improve Xen D2D communication Optimization

28 Conclusions We developed a simple (but still effective) model Explain how virtual network works in Xen Foresee performance of the virtual network Planning Impact of security solutions We show the limits of current Xen’s implementation and suggested improvements

29 Thank you Any question?

Download ppt "Politecnico di Torino Dipartimento di Automatica ed Informatica TORSEC Group Performance of Xen’s Secured Virtual Networks Emanuele Cesena Paolo Carlo."

Similar presentations

Live migration of Virtual Machines Nour Stefan, SCPD.

Live migration of Virtual Machines Nour Stefan, SCPD.
Diagnosing Performance Overheads in the Xen Virtual Machine Environment Aravind Menon Willy Zwaenepoel EPFL, Lausanne Jose Renato Santos Yoshio Turner.

Diagnosing Performance Overheads in the Xen Virtual Machine Environment Aravind Menon Willy Zwaenepoel EPFL, Lausanne Jose Renato Santos Yoshio Turner.
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.

XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,

Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
NWCLUG 01/05/2010 Jared Moore Xen Open Source Virtualization.

NWCLUG 01/05/2010 Jared Moore Xen Open Source Virtualization.
Xen Virtualization Andrew Hamilton

Xen Virtualization Andrew Hamilton
Performance Evaluation of Open Virtual Routers M.Siraj Rathore

Performance Evaluation of Open Virtual Routers M.Siraj Rathore
Towards High-Availability for IP Telephony using Virtual Machines Devdutt Patnaik, Ashish Bijlani and Vishal K Singh.

Towards High-Availability for IP Telephony using Virtual Machines Devdutt Patnaik, Ashish Bijlani and Vishal K Singh.
Network Implementation for Xen and KVM Class project for E6998-01: Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)

Network Implementation for Xen and KVM Class project for E : Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)
Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”

Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”
Virtualization for Cloud Computing

Virtualization for Cloud Computing
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.
Xen and the Art of Virtualization. Introduction  Challenges to build virtual machines Performance isolation  Scheduling priority  Memory demand  Network.

Xen and the Art of Virtualization. Introduction  Challenges to build virtual machines Performance isolation  Scheduling priority  Memory demand  Network.
Presented by : Ran Koretzki. Basic Introduction What are VM’s ? What is migration ? What is Live migration ?

Presented by : Ran Koretzki. Basic Introduction What are VM’s ? What is migration ? What is Live migration ?
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.

Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
An Introduction to Xen Prof. Chih-Hung Wu

An Introduction to Xen Prof. Chih-Hung Wu
Hosting Virtual Networks on Commodity Hardware VINI Summer Camp.

Hosting Virtual Networks on Commodity Hardware VINI Summer Camp.
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

Similar presentations

Ads by Google