Download A Cloud Sites

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts
no text concepts found
Transcript 
CloudNet: Where VPNs Meet
Cloud Computing Flexibly
and Dynamically
Timothy Wood
Kobus van der Merwe, K.K. Ramakrishnan,
Alex Gerber, and Prashant Shenoy (U. Mass)
December 18, 2008
© 2008 AT&T Intellectual Property. All rights reserved.
Cloud Computing
• Lease computation and
storage resources on demand
– Amazon EC2, Google App Engine,
Microsoft Azure, VMware vCloud
• Highly dynamic resource
provisioning
– Add new servers within minutes
– Easy to replicate virtual resources
• Only pay for what you use
Provides cheap and
flexible resources
© 2008 AT&T Intellectual Property. All rights reserved.
Cloud Platform
Server Virtualization
• Ability to split a server up into one or more slices
– Virtual Machines are not tied to physical hardware
– Can multiplex access to one set of physical resources
– Still provides strong isolation between each VM
• Virtualization is a key part of Cloud Computing
– Reduces hardware cost
– Improves efficiency through multiplexing
– Abstracts user’s resources away from physical ones
VM
• Nice bonuses
– Dynamic resource allocation
– VM migration, checkpointing
© 2008 AT&T Intellectual Property. All rights reserved.
VM
VM
VM
Existing Cloud Services
• Amazon Elastic Compute Cloud (EC2)
– Lease Xen virtual machines, install own OS and apps
– Can assign internal (cloud only) or public IPs
– “Elastic” IPs can be used to forward to any internal IP (NAT)
– Charges: $0.10 to $0.80/cpu hour + $0.01/GB over WAN
• Similar alternatives: VMware vCloud, GoGrid, others
• Application Level Cloud Services
– Host your application (must be written for platform)
– Automatically scale up resources for app (if mostly stateless)
– Google App Engine - python web applications
– Microsoft Azure - Host .Net applications in the cloud
– IBM Blue Cloud - Hadoop distributed apps
© 2008 AT&T Intellectual Property. All rights reserved.
What is Missing?
• Control over network management
– Can’t request specific IP addresses
– Can’t put VMs on own private network
• Control of Network Resources
at&t
top secret
– Bandwidth, traffic isolation, etc
• Lack of network security
and isolation
– VMs have IP on public internet
– Customer must manage security on VM
itself
Existing systems do not provide
the network security or
features needed by enterprises
© 2008 AT&T Intellectual Property. All rights reserved.
Verizon
pay roll
CloudNet: Bringing VPNs to the Cloud
• Use VPNs to separate customer resources
• Customer’s VMs are only reachable from her other
VPN end points
• More flexible control of how IP addresses are
assigned
• Physical network is transparent to customer
VPNs provide both convenient
network isolation and strong security
© 2008 AT&T Intellectual Property. All rights reserved.
Benefits of VPNs
• Layer 3 VPNs
– Secure access between customer and cloud
• Layer 2 VPLS
– Cloud resources can appear to be directly on the
customer’s LAN
– Combine resources across clouds into single LAN
VPLS
© 2008 AT&T Intellectual Property. All rights reserved.
Challenges
• How to divide up responsibilities?
– Network provider may not own cloud data centers
• VPNs traditionally considered “static”
– Cloud Computing requires “agility”
– Customers expect new resources to be immediately
available
• How to prototype and test this within at&t?
– Don’t want to use dozens of routers
© 2008 AT&T Intellectual Property. All rights reserved.
System Components
• Cloud Manager
Cloud
Manager
– Create VMs
– Resource Allocation
– Controls up to CEs
Cloud 1
CE
…
Cloud 9
• Network Manager
– VPN management
Network
Manager
– Access controls
– Controls PEs
• May be separate business
entities
© 2008 AT&T Intellectual Property. All rights reserved.
CE
VPN Management
• All endpoints need to “match”
• Making changes to all endpoints is a pain!
• Use IRSCP
– Centralized VPN manager
IRSCP
– Looks like route reflector
– Speaks BGP to PEs
• Rewrites VPN route targets
IRSCP Rules:
VPN 1 =
+
VPN 2 =
+
Takes about 5-8 seconds
+
© 2008 AT&T Intellectual Property. All rights reserved.
Shadownet
• Provides infrastructure for CloudNet
• Uses Juniper router support for logical routers
– Subdivide a physical router
• Instantiates arbitrary networks based on topology
description
• Simplifies and automates router configuration
– Tracks links, used interfaces, VLAN ids, etc
Site 1
Site 2
© 2008 AT&T Intellectual Property. All rights reserved.
CloudNet Prototype
Logical Setup
Cloud N
VM
VM
Customer W
CE
PE
PE
VM
Cloud E
CE
VM
PE
VM
PE
CE
VM
Customer S
Physical Instantiation
VM VM
VM VM
VM VM
CE PE
CE PE
CE
PE CE
CE
PE CE
© 2008 AT&T Intellectual Property. All rights reserved.
VM VM
VM VM
VM VM
Adding a New VM
Customer Sites
Cloud Site
PE
PE
VM
VM
VM
PE
Logical
CEs
Servers
Timing:
VM Startup = 30 sec
L3 VPN Setup = 20 sec
© 2008 AT&T Intellectual Property. All rights reserved.
Multiple Cloud Sites
• Building many small data centers may be cheaper
• Provide geographic separation for fault tolerance
• Decrease latency by being closer to customer
• Easier for initial deployments
Using multiple sites benefits both customer
and provider, plus VPNs make it easy
© 2008 AT&T Intellectual Property. All rights reserved.
Multiple Cloud Sites Example
Customer Sites
Cloud Sites
PE
PE
VM
VM
L3
PE
VPLS
PE
VM
VPLS hides physical layout of the cloud
© 2008 AT&T Intellectual Property. All rights reserved.
VM
Migration
• LAN migration supported by many virtualization
platforms
– Transparently move a VM between two hosts
– No application downtime
– Useful for load balancing, maintenance, etc
• VPLS makes sites across WAN be on same LAN
– Allows for WAN migration without modifying VM platform!
• But, storage migration remains an issue…
© 2008 AT&T Intellectual Property. All rights reserved.
Migration Example
Customer Sites
PE
Cloud Sites
PE
A
B
ARP!
VPLS
PE
PE
ARP!
VM
B
VM
Currently seeing 5-20 second network downtime
after migration. Switch is caching MAC mapping?
© 2008 AT&T Intellectual Property. All rights reserved.
VM
Summary
• Cloud Computing is a rapidly growing market
• Existing offerings fail to provide many network
related features that are critical for enterprise
customers
• VPNs are a natural way to provide these features
CloudNet brings VPNs to Cloud Computing to provide
both better security and isolation to customers, and
more efficient resource utilization to providers
© 2008 AT&T Intellectual Property. All rights reserved.
Thank you!
Questions???
[email protected]
© 2008 AT&T Intellectual Property. All rights reserved.
Related documents
ASTR2050 Introduction to Astronomy and Astrophysics Studio lab April 1, 2005
ASTR2050 Introduction to Astronomy and Astrophysics Studio lab April 1, 2005
I am a tornado - Santee School District
I am a tornado - Santee School District
1 - OnCourse
1 - OnCourse
Formation of the Solar System
Formation of the Solar System
Water cycle crossword
Water cycle crossword
mossberg on cloud
mossberg on cloud
Slides
Slides
BUILDING A CLOUD INFRASTRUCTURE WITH OPEN SOURCE SOFTWARE Nimal Ratnayake
BUILDING A CLOUD INFRASTRUCTURE WITH OPEN SOURCE SOFTWARE Nimal Ratnayake
Clouds
Clouds
CLOUD ADOPTION
CLOUD ADOPTION
weather terms - Stafford County Public Schools
weather terms - Stafford County Public Schools
Securing The Cloud
Securing The Cloud
Volley: Automated Data Placement for Geo
Volley: Automated Data Placement for Geo
A Maturity Model for Earth Science Data and Information Services
A Maturity Model for Earth Science Data and Information Services
Commercial Sales
Commercial Sales
Virtual Private Network
Virtual Private Network