Center for Autonomic Computing Intel Portland, April 30, 2010 Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments.

Slides:



Advertisements
Similar presentations
Peer-to-Peer Infrastructure and Applications Andrew Herbert Microsoft Research, Cambridge
Advertisements

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Encrypting Wireless Data with VPN Techniques
P2P Media Summit Silicon Valley August 4, 2008 Jeff Capone.
All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.
Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.
Internetworking II: MPLS, Security, and Traffic Engineering
PortLand: A Scalable Fault-Tolerant Layer 2 Data Center Network Fabric
Advanced Computing and Information Systems laboratory Virtual Private Clusters: Virtual Appliances and Networks in the Cloud Renato Figueiredo ACIS Lab.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Packet Switching COM1337/3501 Textbook: Computer Networks: A Systems Approach, L. Peterson, B. Davie, Morgan Kaufmann Chapter 3.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
PortLand: A Scalable Fault-Tolerant Layer 2 Data Center Network Fabric. Presented by: Vinuthna Nalluri Shiva Srivastava.
Addressing the P2P Bootstrap Problem for Small Overlay Networks David Wolinsky, Pierre St. Juste, P. Oscar Boykin, and Renato Figueiredo ACIS P2P Group.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 5: Configuring Access for Remote Clients and Networks.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Towards Virtual Networks for Virtual Machine Grid Computing Ananth I. Sundararaj Peter A. Dinda Prescience Lab Department of Computer Science Northwestern.
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.
Subnetting.
COS 461: Computer Networks
Center for Autonomic Computing Intel Portland, April 30, 2010 Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments.
Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
On the Design of Autonomic, Decentralized VPNs David Wolinsky, Kyungyong Lee, Oscar Boykin, and Renato Figueiredo ACIS P2P Group University of Florida.
Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.
Networking in the cloud: An SDN primer Ben Cherian Chief Strategy Midokura.
Introduction to Networking Concepts. Introducing TCP/IP Addressing Network address – common portion of the IP address shared by all hosts on a subnet/network.
Advanced Computing and Information Systems laboratory Plug-and-play Virtual Appliance Clusters Running Hadoop Dr. Renato Figueiredo ACIS Lab - University.
Common Devices Used In Computer Networks
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Overlay network concept Case study: Distributed Hash table (DHT) Case study: Distributed Hash table (DHT)
Grid Appliance – On the Design of Self-Organizing, Decentralized Grids David Wolinsky, Arjun Prakash, and Renato Figueiredo ACIS Lab at the University.
Objectives: Chapter 5: Network/Internet Layer  How Networks are connected Network/Internet Layer Routed Protocols Routing Protocols Autonomous Systems.
Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
Advanced Computing and Information Systems laboratory Self-configuring Condor Virtual Machine Appliances for Ad-Hoc Grids Renato Figueiredo Arijit Ganguly,
Advanced Computing and Information Systems laboratory Virtual Appliances for Training and Education in FutureGrid Renato Figueiredo Arjun Prakash, David.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications ◦The client requested data.
Cloud Scale Performance & Diagnosability Comprehensive SDN Core Infrastructure Enhancements vRSS Remote Live Monitoring NIC Teaming Hyper-V Network.
Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.
Center for Autonomic Computing Intel Portland, April 30, 2010 Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments.
June, 2006 Stanford 2006 Ethane. June, 2006 Stanford 2006 Security and You  What does security mean to you?  Data on personal PC?  Data on family PC?
A Survey on Parallel Computing in Heterogeneous Grid Environments Takeshi Sekiya Chikayama-Taura Laboratory M1 Nov 24, 2006.
OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.
Advanced Computing and Information Systems laboratory IP over P2P: Enabling Self- configuring Virtual IP Networks for Grid Computing Arijit Ganguly, Abhishek.
Lectu re 1 Recap: “Operational” view of Internet r Internet: “network of networks” m Requires sending, receiving of messages r protocols control sending,
1 | © 2015 Infinera Open SDN in Metro P-OTS Networks Sten Nordell CTO Metro Business Group
CEG 2400 FALL 2012 Chapter 10 Virtual Networks and Remote Access 1.
Skype.
CompTIA Security+ Study Guide (SY0-401)
CIS 700-5: The Design and Implementation of Cloud Networks
Introduction An introduction to the software and organization of the Internet Lab.
Network Layer, and Logical Addresses
ETHANE: TAKING CONTROL OF THE ENTERPRISE
Scaling the Network: The Internet Protocol
Planning and Troubleshooting Routing and Switching
CHAPTER 3 Architectures for Distributed Systems
CompTIA Security+ Study Guide (SY0-401)
Network+ Guide to Networks 6th Edition
Network Virtualization
Goals Introduce the Windows Server 2003 family of operating systems
NTHU CS5421 Cloud Computing
Scaling the Network: The Internet Protocol
Presentation transcript:

Center for Autonomic Computing Intel Portland, April 30, 2010 Autonomic Virtual Networks and Applications in Cloud and Collaborative Computing Environments Renato Figueiredo Associate Professor Center for Autonomic Computing ACIS Lab University of Florida

2 Outlook  Architecting autonomic virtual networks Isolation, security, encapsulation, dynamic configuration, migration Self-configuration, self-healing, self-optimization  Applications in cloud and collaborative environments Virtual Private Clusters Social VPNs  Archer: a collaborative environment for computer architecture simulation  Ongoing/future work

3 3 Background Collaboration, entertainment: streaming, data sharing, games Resource aggregation: Cross-institution sharing, opportunistic computing, on-demand provisioning Public Internet NATNAT NATNAT Self-configuring End-to-end Virtual Private Network

4 Self-organizing virtual networks  Focus: Software overlays that provide virtual network infrastructure over existing Internet infrastructure  Why virtual? Support unmodified TCP/IP applications and existing Internet physical infrastructure Hide heterogeneity of physical network (firewalls, NATs), avoid IPv4 address space constraints  Why self-organizing? Autonomous behavior: low management cost compared to typical VPNs Decentralized architecture for scalability and fault tolerance

5 Virtual networking  Isolation: dealt with similarly to VMs Multiple, isolated virtual networks time-share physical network  Key technique: tunneling (VPNs)  Related work Grid computing  VNET (P. Dinda at Northwestern U.)  Violin (D. Xu at Purdue U.)  ViNe (J. Fortes at U. Florida)  PVC (F. Cappello at INRIA) “P2P” VPNs  Hamachi, tinc, Gbridge

6 The IP-over-P2P (IPOP) Approach  Isolation Virtual address space decoupled from Internet address space  Self-managing Self-organizing, self-healing topology  Decentralized – structured peer-to-peer (P2P)  No global state, no central points of failure Self-optimizing IP overlay routing  On-demand direct/relay connections Self-configuring decentralized NAT traversal

7 Use case scenarios  Sharing resources/services in a virtual end host VM provides isolation Virtual appliances provide software encapsulation  Distributed virtual appliance clusters Homogeneous software environment on top of heterogeneous infrastructure Homogeneous virtual network on top of wide-area, NATed environments Cross-institution collaboration; cloud-bursting

8 Example: virtual clusters Physical machines Switched network NOWs, COWs “WOWs” Wide-area Virtual machines (VMs) Self-organizing overlay IP tunnels, P2P routing Installation image Virtual machines VM image Local-area Physical machines Self-organizing switching (e.g. Ethernet spanning tree)

9 Use case scenarios  There are various successful overlays enabling peer-to-peer communication among users VoIP sessions over skype File transfers over bittorrent iChat (video, chat, desktop sharing)  Application (and/or platform) specific  Users: richer set of applications over a generic IP network for communication and collaboration But they don’t have public IPs, and don’t want to directly connect to all users – hence NATs And they don’t want to or know how to configure and discover network services manually

10 Example: Social VPNs Alice Carol Bob Social Network Web interface Social network (e.g. Facebook) Overlay network (IPOP) carol.facebook.ipop node0.alice.facebook.ipop Social Network API Social network Information system Alice’s public keys Bob’s public keys Carol’s public key Bob: browses Alice’s SMB share Alice’s services: Samba share RDP server VoIP, Chat Advertise to Bob, Carol

11 IP-over-P2P Tunneling  As in many other VPNs, use virtual network device to capture/inject IP (e.g. tap/tun) Tunnel IP over UDP or TCP  Unlike traditional VPNs, tunnels are not established by an administrator Rather, IPOP implements self-organizing techniques to discover, establish and maintain overlay links Each IPOP peer is capable of picking packets, injecting packets, and routing

12 Virtual network architecture Application VNIC Virtual Router Virtual Router VNIC Application Wide-area Overlay network Isolated, private virtual address space Unmodified applications Connect( ,80) Capture/tunnel, scalable, resilient, self-configuring routing and object store

13 Bi-directional structured overlay (Brunet library) Constant number of edges (K) per node O((1/k)log2(n)) overlay hops Self-organizing topology Near edge Overlay router Overlay architecture Overlay router Shortcut (far) edge Ordered ID space

14 Abstract bi-directional communication channels Edges can use various transports: UDP; TCP; DTLS; Tunnel UDP/DTLS: NAT traversal “Tunnel” edge Overlay router Overlay Edges Overlay router UDP edge TCP edge

15 Reflection: learn NAT-mapped endpoints From public overlay peers Peers exchange “connect to me” through overlay Set up hole punching Self-configuring 2. Exchange learned Endpoint with peer NAT traversal 1. Reflection: udp://IP:port 3. Simultaneous open: NAT traversal

16 Greedy routing relies on consistent bi-directional ring topology Faults in structure due to routing outages, symmetric NATs Tunnel near edges Self-healing structure Peers exchange neighbor set Unavailable physical path Tunnel edge

17 Create direct edges based on traffic inspection O(log2(N)) -> O(1) Direct connection when NAT traversal possible Relay through a peer – “far” tunnel edge 2. Exchange learned Endpoint with peer Self-optimization 1. Reflection: udp://IP:port 3. Simultaneous open: NAT traversal

18 Bootstrapping New P2P node Forms a “leaf” connection with a well-known node Selected at random from list of “bootstrap” nodes Sends “Connect to me” CTM request addressed to itself Received by nearest neighbors Forwarder CTM request Received by left and right neighbors

19 Autonomous IP allocation  One P2P overlay supports multiple IPOP namespaces IP routing within a namespace  Each IPOP namespace: a unique string Distributed Hash Table (DHT) stores mapping  Key=namespace  Value=DHCP configuration (IP range, lease,...)  IPOP node configured with a namespace Query namespace for DHCP configuration Guess an IP address at random within range Attempt to store in DHT  Key=namespace+IP  Value=IPOPid (160-bit)  IP->P2P Address resolution: Given namespace+IP, lookup IPOPid

20 Avoiding overlay overheads VNIC Virtual Router Virtual Router VNIC Application Wide-area Overlay network Local Interface LAN Router NIC Application NIC Application

21 VN Interfaces ● Each machine has local VN Interface ● ARP, DHCP captured locally ● Router responds as gateway ● DHCP: DHT put/get

22 Supporting VN Routers ● Single VN (Router) for entire cluster ● Avoid need for VN software stack on end host ● Avoid VN overhead on LAN communication

23 VN Hybrid ● VN instance for each member in a cluster ● VN hosts in the same LAN bypass VN software stack

24 Autonomic features  Self-configuration [IPDPS’06, HPDC’06, PCgrid’07] Routing tables using structured P2P links NAT traversal, DHCP over DHT  Self-optimization [HPDC’06] Direct shortcut connections created/trimmed based upon IP traffic inspection for fast end-to-end IP tunnels Proximity neighbor selection based on network coordinate estimates for improved structured routing  Self-healing [HPDC’08] “Tunnel” edges created to maintain overlay structure to deal with routing outages and NATs/firewalls that are not traversable  VLAN routers, overlay bypass within VLAN [VTDC09, SC09]

25 Overlay security architecture  Abstract senders encapsulate security logic Supports both edge (point-to-point) and IPOP (end- to-end) authentication and encryption Public key infrastructure  Keys/certificates  Symmetric key exchange DTLS (Datagram TLS) library or native IPOP stack  UDP-based; amenable to NAT traversal  IPsec tunneling also supported

26 Performance  IPOP implementation C# user-level router Tap virtual network device Latency (ms)Bwidth (Mb/s)Mem (KB) Host n/a C C# IPOP IPOP sec

27 Security management  Overlay point-to-point and/or end-to-end security need to be configured PKI management can be complex and error-prone  Certificate signing/distribution, revocation  Approach: leverage Web 2.0, social networking infrastructures for security management SocialVPN: enable point-to-point VPN connectivity among socially-networked peers GroupVPN: enable sharing of resources with all-to-all VPN connectivity within a group of users

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.