Article

VIPER: Fine Control of Resource Sharing in Virtual Networks

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

We propose, implement, and evaluate VIPER, a system to isolate, provide QoS, and manage virtual networks. Contrary to previous approaches, VIPER guarantees a fine shar-ing of physical resources among virtual networks according to the different parameters that describe the service level agreements. The main components of the proposed system are the resource sharing manager and the virtual network admission controller. The resource sharing manager achieves isolation by dynamically adapting itself to the resource demands of each virtual network. Based on the data monitored by the resource sharing manager, the virtual network admission controller builds network profiles that serve as the basis for arbitrating the access of new virtual networks to the physical substrate. VIPER also supports two levels of QoS control, one for the virtual network operator and the other for the infrastructure provider, reducing delays by up to 18 times in the analyzed scenarios. We developed a prototype whose evaluation reveals that VIPER, when compared to the other solutions in the literature: (i) enforces contracted agreements, (ii) provides an efficient admission control of new virtual networks, and (iii) reduces physical resource utilization by up to 25%.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

Chapter
This chapter explains the architecture design of the developed prototype using Xen and OpenFlow virtualization platforms. It provides a detailed view of how the proposed algorithms interact with each other as well as how virtualization management tools are used by control algorithms. Auxiliary functions, such as plane separation and secure communication, are also described. The chapter presents the XenFlow architecture design, which is a hybrid architecture that combines Xen and OpenFlow virtualization platforms. A performance analysis of the main features of this new platform is also shown. Communication system security; fifth generation systems; virtualisation
Conference Paper
Full-text available
In this paper, we evaluate the performance of a software IP router forwarding plane inside the Xen virtual machine monitor environment with a view to identifying (some) design issues in Virtual Routers. To this end, we evaluate and compare the forwarding performance of two identical Linux software router configurations, run either above the Xen hypervisor or within vanilla Linux. Even with minimal sized packets, we show that the Xen DomO privileged domain offers near native forwarding performance at the condition that the sollicitation to unpriviledged domains stay minimal, whereas Xen unprivileged domains offer very poor performance in every cases. This shows that an important design principle for virtual router platforms must be to handle all forwarding, for all virtual routers, onto the same forwarding engine, in order to avoid much detrimental per-packet context switching.
Conference Paper
Full-text available
In this paper, we address virtual network embedding problem. Indeed, our objective is to map virtual networks in the substrate network with minimum physical resources while satisfying its required QoS in terms of bandwidth, power processing and memory. In doing so, we minimize the reject rate of requests and maximize returns for the substrate network provider. Since the problem is NP-hard and to deal with its computational hardness, we propound a new scalable embedding strategy named VNE-AC based on the Ant Colony metaheuristic. The intensive simulations and evaluation results show that our proposal enhances the substrate provider's revenue and outperforms the related strategies found in current literature.
Conference Paper
Full-text available
We describe Trellis, a platform for hosting virtual networks on shared commodity hardware. Trellis allows each vir- tual network to define its own topology, control protocols, and forwarding tables, while amortizing costs by sharing the physical infrastructure. Trellis synthesizes two contain er- based virtualization technologies, VServer and NetNS, as well as a new tunneling mechanism, EGRE, into a coher- ent platform that enables high-speed virtual networks. We describe the design and implementation of Trellis and evalu- ate its packet-forwarding rates relative to other virtuali zation technologies and native kernel forwarding performance.
Conference Paper
Full-text available
The complexity of network management is widely recognized as one of the biggest challenges facing the Internet today. Point solutions for individual problems further increase sys- tem complexity while not addressing the underlying causes. In this paper, we argue that many network-management problems stem from the same root cause—the need to main- tain consistency between the physical and logical configura- tion of the routers. Hence, we propose VROOM (Virtual ROuters On the Move), a new network-management primi- tive that avoids unnecessary changes to the logical topology by allowing (virtual) routers to freely move from one phys- ical node to another. In addition to simplifying existing network-management tasks like planned maintenance and service deployment, VROOM can also help tackle emerging challenges such as reducing energy consumption. We present the design, implementation, and evaluation of novel migra- tion techniques for virtual routers with either hardware or software data planes. Our evaluation shows that VROOM is transparent to routing protocols and results in no perfor- mance impact on the data traffic when a hardware-based data plane is used.
Conference Paper
Full-text available
The interest in network virtualization has been growing steadily among the networking community in the last few years. Network virtualization opens up new possibilities for the evolution path to the Future Internet by enabling the deployment of different architectures and protocols over a shared physical infrastructure. The deployment of network virtualization imposes new requirements and raises new issues in relation to how networks are provisioned, managed and controlled today. The starting point for this paper is the network virtualization reference model conceived in the framework of the EU funded 4WARD project. In this paper we look at network virtualization mainly from the perspective of the network infrastructure provider, following the 4WARD network virtualization architecture and evaluate the main issues and challenges to be faced in commercial operator environments.
Conference Paper
Full-text available
In this paper we investigate the building of a virtual router plat- form that ensures isolation and fairness between concurrent virtual routers. Recent developments in commodity x86 hardware enable us to take advantage of the flexibility and wealth of resource s avail- able to a software router in order to build a virtual router pl atform. Using commodity x86 hardware we show that it is viable to run highly experimental and untrusted router systems along side a pro- duction router on the same hardware platform without sacrifi cing performance. We investigate the extent to which we can isolate a virtual router running experimental code from other virtual routers.
Conference Paper
Full-text available
Virtualization can provide significant benefits in data centers by enabling virtual machine migration to eliminate hotspots. We present Sandpiper, a system that automates the task of mon- itoring and detecting hotspots, determining a new mapping of physical to virtual resources and initiating the necessary mi- grations. Sandpiper implements a black-box approach that is fully OS- and application-agnostic and a gray-box approach that exploits OS- and application-level statistics. We imple- ment our techniques in Xen and conduct a detailed evaluation using a mix of CPU, network and memory-intensive applica- tions. Our results show that Sandpiper is able to resolve sin- gle server hotspots within 20 seconds and scales well to larger, data center environments. We also show that the gray-box approach can help Sandpiper make more informed decisions, particularly in response to memory pressure.
Article
Full-text available
OpenFlow [4] has been demonstrated as a way for researchers to run networking experiments in their production network. Last year, we demonstrated how an OpenFlow controller running on NOX [3] could move VMs seamlessly around an OpenFlow network [1]. While OpenFlow has potential [2] to open control of the network, only one researcher can innovate on the network at a time. What is required is a way to divide, or slice, network resources so that researchers and network administrators can use them in parallel. Network slicing implies that actions in one slice do not negatively affect other slices, even if they share the same underlying physical hardware. A common network slicing technique is VLANs. With VLANs, the administrator partitions the network by switch port and all traffic is mapped to a VLAN by input port or explicit tag. This coarse-grained type of network slicing complicates more interesting experiments such as IP mobility or wireless handover. Here, we demonstrate FlowVisor, a special purpose OpenFlow controller that allows multiple researchers to run experiments safely and independently on the same production OpenFlow network. To motivate FlowVisor’s flexibility, we demonstrate four network slices running in parallel: one slice for the production network and three slices running experimental code (Figure 1). Our demonstration runs on real network hardware deployed on our production network 1 at Stanford and a wide-area test-bed with a mix of wired and wireless technologies.
Article
Full-text available
This whitepaper proposes OpenFlow: a way for researchers to run experimental protocols in the networks they use ev- ery day. OpenFlow is based on an Ethernet switch, with an internal flow-table, and a standardized interface to add and remove flow entries. Our goal is to encourage network- ing vendors to add OpenFlow to their switch products for deployment in college campus backbones and wiring closets. We believe that OpenFlow is a pragmatic compromise: on one hand, it allows researchers to run experiments on hetero- geneous switches in a uniform way at line-rate and with high port-density; while on the other hand, vendors do not need to expose the internal workings of their switches. In addition to allowing researchers to evaluate their ideas in real-world traffic settings, OpenFlow could serve as a useful campus component in proposed large-scale testbeds like GENI. Two buildings at Stanford University will soon run OpenFlow networks, using commercial Ethernet switches and routers. We will work to encourage deployment at other schools; and We encourage you to consider deploying OpenFlow in your university network too.
Article
Full-text available
Today's Internet Service Providers (ISPs) serve two roles: managing their network infrastructure and providing (arguably limited) services to end users. We argue that coupling these roles impedes the deployment of new protocols and architectures. Instead, the future Internet should support two separate entities: infrastructure providers (who manage the physical infrastructure) and service providers (who deploy network protocols and offer end-to-end services). We present a high-level design for Cabo, an architecture that enables this separation, and we describe challenges associated with realizing this architecture.
Article
Full-text available
VMware ESX Server is a thin software layer designed to multiplex hardware resources efficiently among virtual machines running unmodified commodity operating systems. This paper introduces several novel ESX Server mechanisms and policies for managing memory. A ballooning technique reclaims the pages considered least valuable by the operating system running in a virtual machine. An idle memory tax achieves efficient memory utilization while maintaining performance isolation guarantees. Content-based page sharing and hot I/O page remapping exploit transparent page remapping to eliminate redundancy and reduce copying overheads. These techniques are combined to efficiently support virtual machine workloads that overcommit memory.
Article
Linux offers a rich set of traffic control functions. This document gives an overview of the design of the respective kernel code, describes its structure, and illustrates the addition of new elements by describing a new queuing discipline.
Conference Paper
Isolation and performance are critical issues for virtual networking. In this paper, we consider the use of Xen virtualization platform for building software-based virtual routers. We propose a network monitor for Xen to increase the isolation and the performance on packet forwarding. The network monitor controls the use of shared resources and punishes misbehaving virtual routers, guaranteeing an isolated operation of the virtual networks. The results obtained with the developed prototype show that our proposal guarantees availability of the virtual-network control and packet forwarding services and also provides a fair resource sharing.
Conference Paper
Cloud systems require elastic resource allocation to minimize resource provisioning costs while meeting service level objectives (SLOs). In this paper, we present a novel PRedictive Elastic reSource Scaling (PRESS) scheme for cloud systems. PRESS unobtrusively extracts fine-grained dynamic patterns in application resource demands and adjust their resource allocations automatically. Our approach leverages light-weight signal processing and statistical learning algorithms to achieve online predictions of dynamic application resource requirements. We have implemented the PRESS system on Xen and tested it using RUBiS and an application load trace from Google. Our experiments show that we can achieve good resource prediction accuracy with less than 5% over-estimation error and near zero under-estimation error, and elastic resource scaling can both significantly reduce resource waste and SLO violations.
Conference Paper
Virtualization is a key technology that enables multiple re- search groups to test new protocols simultaneously on the same physical network and also allows service providers to incrementally add new services. In this paper we focus on virtualization of the data plane, allowing for customized packet handling in each virtual network. Much work has been done on virtualization technology. However, this has been focused on the user application expe- rience or on a fixed networking stack. Rather than running custom data planes in user space or running separate guest operating systems, both of which come at a performance hit, we propose running a single kernel-level custom data-plane by synthesizing the configuration of the per-virtual-network data planes. In this paper we present this idea using Click, where packet processing is specified as an interconnection of fixed net- working tasks. We then demonstrate the idea using an un- virtualized Linux kernel as the target platform, showing how we provided isolation between the customized data plane.
Article
Currently, there is a strong effort of the research community in rethinking the Internet architecture to cope with its current limitations and support new requirements. Many researchers conclude that there is no one-size-fits-all solution for all of the user and network provider needs and thus advocate for a pluralist network architecture, which allows the coexistence of different protocol stacks running at the same time over the same physical substrate. In this paper, we investigate the advantages and limitations of the virtualization technologies for creating a pluralist environment for the Future Internet. We analyze two types of virtualization techniques, which provide multiple operating systems running on the same hardware, represented by Xen, or multiple network flows on the same switch, represented by OpenFlow. First, we define the functionalities needed by a Future Internet virtual network architecture and how Xen and OpenFlow provide them. We then analyze Xen and OpenFlow in terms of network programmability, processing, forwarding, control, and scalability. Finally, we carry out experiments with Xen and OpenFlow network prototypes, identifying the overhead incurred by each virtualization tool by comparing it with native Linux. Our experiments show that OpenFlow switch forwards packets as well as native Linux, achieving similar high forwarding rates. On the other hand, we observe that the high complexity involving Xen virtual machine packet forwarding limits the achievable packet rates. There is a clear trade-off between flexibility and performance, but we conclude that both Xen and OpenFlow are suitable platforms for network virtualization.
Article
Click is a new software architecture for building flexible and configurable routers. A Click router is assembled from packet processing modules called elements. Individual elements implement simple router functions like packet classification, queueing, scheduling, and interfacing with network devices. Complete configurations are built by connecting elements into a graph; packets flow along the graph's edges. Several features make individual elements more powerful and complex configurations easier to write, including pull processing, which models packet flow driven by transmitting interfaces, and flow-based router context, which helps an element locate other interesting elements. We demonstrate several working configurations, including an IP router and an Ethernet bridge. These configurations are modular---the IP router has 16 elements on the forwarding path---and easy to extend by adding additional elements, which we demonstrate with augmented configurations. On commodity PC hardware ...
Article
This paper presents Click, a flexible, modular software architecture for creating routers. Click routers are built from fine-grained components; this supports fine-grained extensions throughout the forwarding path. The components are packet processing modules called elements. The basic element interface is narrow, consisting mostly of functions for initialization and packet handoff, but elements can extend it to support other functions (such as reporting queue lengths). To build a router configuration, the user chooses a collection of elements and connects them into a directed graph. The graph's edges, which are called connections, represent possible paths for packet handoff. To extend a configuration, the user can write new elements or compose existing elements in new ways, much as UNIX allows one to build complex applications directly or by composing simpler ones using pipes
Virtualization of linux based computers: The linuxvserver project
  • B Ligneris
B. des Ligneris, "Virtualization of linux based computers: The linuxvserver project," High Performance Computing Systems and Applications, Annual International Symposium on, vol. 0, pp. 340-346, 2005.