1

Cloud Computing Infrastructure (41891 and 42891)

Session 5 - Cloud Infrastructure and Network

Virtualization

Professor Doan B. Hoang

School of Computing and Communications

iNEXT- Centre for Innovation in IT Services and Applications

University of Technology, Sydney

Email: Doan.Hoang@uts.edu.au

Cloud Computing Terminology

Cloud service: any IT resource that is made remotely accessible via a

cloud

Cloud provider: The organization that provides cloud-based IT resources

Cloud consumer: The organisation (or human) that has a formal

contract or arrangement with a cloud provider to use IT resources made available by the cloud provider

Cloud service owner: The person or organization that legally owns

a cloud service

Cloud administrator: The person or organization responsible for

the administering a cloud-based IT resources (including cloud services)

Cloud Carrier: provides connectivity between cloud consumers and

cloud providers. 2

Sara Farahmandian ICSSC 2013 Keynote,

August 19-20, 2013,

Shanghai

3

4

Cloud characteristics

Resource pooling: IT resources are mostly underutilized and

scattered

Broadband network access: backbone for

communications, distribution, control, and administration of services

On-demand self-service: consumer has the freedom of

self-provision IT resources

Rapid elasticity: resources and services need to be scaled

to meet the demand when they are needed

Measured service: pay per usage model provides a fair

and acceptable service model

Cloud Service Model: IaaS

5

IaaS Cloud Service Contract

Product: Virtual Server, 32GB RAM, 4GB local storage

SLA: availability=99.5%, no failover

Price: $0.95 per hour, $0.05 per GB transferred out of cloud

Virtual

server

Physical

server

Cloud provider

Cloud consumer

Building IaaS Environment

Two most fundamental IT resources that are delivered as part of a standard architecture within IaaS environment: virtual server and cloud storage device. They are offered in various standardized configurations that are defined by the following properties:

Operating system

Primary memory capacity

Processing capacity

Virtualized storage capacity

6

7

Cloud Service Model: PaaS

PaaS Cloud Service Contract

Product: Application Server + DMBS platform

SLA: availability=99.5%, auto scaling

Price: $0.45 per hour (500,000 requests)

Virtual

server

Cloud provider

Cloud consumer

Ready-made environment

8

Cloud Service Model: SaaS

SaaS Cloud Service Contract

SLA: response time=0.5ms

Price: $0.05 per 100 requests

Cloud

service

consumer

Cloud service

Infrastructure of Cloud Service Provider

Data centre Technology Data Centre facilities: housing, racks, cabling, power supplies,

environmental control stations (heating, ventilation, air conditioning, fire protection, and other sub systems)

Computing Hardware: server, blade servers, etc.

Storage Hardware: Hard Disk Arrays, Storage Area Network (SAN), Network-Attached Storage (NAS)

Network Hardware: Carrier and External Network Interconnection. LAN Fabric, SAN Fabric, NAS Gateways

Broadband Networks and the Internet Architecture Internet Service Providers (ISPs)

Cloud consumer networks

ISPs – Cloud carriers

Backbone ISP

Cloud provider networks (Data-Centre Interconnection Networks) 9

Virtualization Technology Servers – A physical server can be abstracted into a virtual

server

Storage – virtual storage device or a virtual disk

Network – Physical routers and switches can be abstracted into logical network fabrics, such as VLANs

Power – virtual UPS

Web Technology and Service Technology Web services, REST services, Service agents, Service

middleware. Web technology is generally used as both implementation medium and the management interface for cloud services.

10

Cloud Infrastructure Mechanisms

Logical Network Perimeters are established via network devices that supply and control the connectivity of a data centre and are deployed as virtual IT environments that include: Virtual Firewall and Virtual Network

Virtual Server: a form of virtualization software that emulates a physical server

Cloud Storage Device: represent storage devices that are designed specifically for cloud-based provisioning

Cloud Usage Monitor is an autonomous software program responsible for collecting and processing IT resource usage data

Resource Replication mechanism uses virtualization technology to replicate cloud-based IT resources.

11

Cloud Management Mechanisms

Remote Administration System

Resource Management System

SLA Management System

Billing Management System

Cloud Security Mechanisms

12

Virtualization (Nathan Binkert)

• Virtualization is a conversion process that translates unique IT

hardware into Emulated and Standardized software-based copies.

• A hypervisor is generally limited to ONE physical server and can

therefore ONLY create virtual images of that server.

• A hypervisor can ONLY assign virtual servers it generates to

resource pools that reside on the SAME underlying PHYSICAL

server.

Virtual Machines and Hypervisor

14

The functions of the hypervisor include:

Creating VMs

Allocating “hardware resources” to VMs from the

virtualized pool of hardware resources belonging to the

physical server

Monitoring the status of the VMs

Taking part in the movement of VMs from one system to

another

Network Virtualization

Network virtualization aims at creating multiple virtual networks (VNs) on top of a shared physical network substrate, allowing each VN to be implemented and managed independently.

A Virtual Network (VN) is a set of virtual networking resources: virtual nodes (end hosts, switches, routers) and virtual links

Virtualized ISP (VNs) networks mostly consist of packet forwarding elements (routers)

Virtualized data centre networks involves different types of nodes including servers, routers, switches, and storage nodes.

15

Customer - ISP – Cloud Provider Networks

16

Cloud Provider Network

Consumer Network

ISP Cloud Carrier

ISP Cloud Carrier

Backbone ISP

ISP Cloud Carrier

External user

Network-as-a-Service (NaaS)

17

Network-as-a-Service (NaaS) paradigm that exposes networking

resources and functionalities as services that can be composed with

computing services in a Cloud environment

VMWARE Networking Architecture

A virtual environment: vNIC, vSwitch, and Port Groups

Each VM has its own vNICs. The OS and applications talk to the vNICs through a standard networking device driver (just as through the vNIC is a physical NIC)

To the outside world also, each vNIC appears just like a physical NIC – it has its own MAC address, one or more IP addresses and it responds to the standard Ethernet protocol exactly as a physical NIC would

18

VMware Virtual Networking Concepts (from VMWARE INFORMATION GUIDE)

19

VMWARE Networking Architecture

A vSwitch works like a Layer 2 physical switch. Each physical server has its own vSwitches. On one side of the vSwitch are Port Groups which connect to virtual machines. On the other side are uplink connections to physical Ethernet adapters. Virtual machines connects to the outside world through the physical Ethernet adapters that are connected to the vSwitch uplinks.

A virtual switch can connect its uplinks to more than one physical Ethernet adapter to enable NIC teaming two or more physical adapters used to share the traffic load or provide failover in the event of an adapter hardware failure.

20

Networking on a Physical Network (adapted from Yong Wang, Vmware)

21

00 A0 C9 A8 15 70

6 bytes

Networking on a physical host

•OS runs on bare-metal hardware •Networking stack (TCP/IP) •Network device driver •Network Interface Card (NIC) •Ethernet: Unique MAC

address for identification and communication

Host

Device Driver

OS

TCP/IP Stack

Networking on a Physical Network (adapted from Yong Wang, Vmware)

22

… destination source

Ethernet frame format

Port 4 Port 5 Port 6 Port 7

Port 0 Port 1 Port 2 Port 3

6 6

Switch: A device that connects

multiple network segments

It knows the MAC address of the NIC

associated with each port

It forwards frames based on their

destination MAC addresses

• When a port receives a frame, it read

the frame’s destination MAC address

• port4->port6

• port1->port7

Networking in Virtual Environments

23

ESX Server

?

?

Questions:

1. Imagine you want to watch a youtube video from within a VM now

• How are packets delivered to the NIC?

2. Imagine you want to get some files from another VM running on the same host

• How will packets be delivered to the other VM?

Virtual Networks on ESX

24

ESX Server

?

?

VM0 VM1 VM2 VM3

ESX Server

vmknic vNIC

pNIC

vSwitch

pSwitch

Virtual Network Adapter (vNIC) (adapted from Yong Wang, Vmware)

25

Guest

Device Driver

Physical

Device Driver

vSwitch

Device Emulation

Guest OS

Host

Guest TCP/IP stack

What does a virtual NIC implement?

• Emulate a NIC in software

• Implement all functions and resources of a NIC

even though there is no real hardware

• Each vNIC has a unique MAC address

For better out-of-the-box experience,

VMware emulates two widely-used NICs

• vlance: strict emulation of AMD Lance PCNet32

• e1000: strict emulation of Intel e1000 and is

more efficient than vlance

vNICs are completely decoupled from

hardware NIC

Virtual Switch (vSwitch)

26

Host

Physical

Device Driver

vSwitch

Device Emulation

Guest

Device Driver

Guest OS

Guest TCP/IP stack

How virtual switch works

• A software switch implementation

• Work like any regular physical switch

• Forward frames based on their destination MAC addresses

The virtual switch forwards frames between the

vNIC and the pNIC

• Allow the pNIC to be shared by all the vNICs on the same

vSwitch

• Network traffic cannot flow directly from one virtual switch to

another virtual switch within the same host

The packet can be dispatched to either another

VM’s port or the uplink pNIC’s port

• VM-VM

• VM-Uplink

(Optional) bandwidth management, security filters,

and uplink NIC teaming

Virtual Ports, Uplink Ports, Uplinks

Virtual ports on a virtual switch provide logical connection points among virtual devices and between virtual and physical devices.

Uplink ports are ports associated with physical adapters, providing a connection between a virtual network and a physical network

Uplinks: Physical Ethernet adapters serve as bridges between virtual and physical networks.

27

Port Groups

Port groups are user-named objects that contain enough configuration information to provide persistent and consistent access for virtual Ethernet adapters Virtual switch name

VLAN ID and policies for tagging and filtering

Teaming policy

Layer 2 security options

Traffic shaping parameters

Port group definitions capture all the settings for a switch ports. To connect a virtual machine to a particular kind of port, just specify the name of the port group with an appropriate definition.

28

vSwitch

A vSwitch can have multiple Port Groups. Instead of connecting to a particular port on the vSwitch, a VM connect its vNIC to a Port Group.

All VMs that connect to the same Port Group belong to the same network inside the virtual environment even they are on different physical servers.

A VM can VMotion from one physical server to another onky if both servers have the same vSwitch (with the same Port Group), even if all other conditions are met.

The network connection is maintained after following the VMotion Migration because the virtual machine is automatically connected to the same Port Group on the same vSwitch on new hosting server.

29

vSwitch: Virtual Switch (from VMWARE INFORMATION GUIDE)

Data Center Network Design before VMs

31

Ben Pfaff, Nicira Networks, Inc.

Data Center Network Design with VMs

32 Ben Pfaff, Nicira Networks, Inc.

Problem with Connectivity

33 Ben Pfaff, Nicira Networks, Inc.

Solution: Network Virtualization

34

Path of a Packet (No Tunnel)

35 Ben Pfaff, Nicira Networks, Inc.

Path of a Packet (Via Tunnel)

36 Ben Pfaff, Nicira Networks, Inc.

A Network Virtualization Distributed System

37 Ben Pfaff, Nicira Networks, Inc.

Controller Duties

38

O P E N F L OW S W I T C H S P E C I F I C AT I O N

39

Virtual switches that can encapsulate L2 or L3 payloads in UDP (VXLAN) envelopes appear as IP

hosts to the network

40

Virtual Data Centre (VDC)

A data centre (DC) is a facility consisting of servers (physical machines), storage and network devices (e.g., switches, routers, and cables), power distribution systems, cooling systems.

A data centre network is the communication infrastructure used in a data centre, and is described by the network topology, routing/switching equipment, and the used protocols (e.g., Ethernet, IP)

A Virtualization Data Centre is a data centre where some or all of the hardware (e.g., servers, routers, switches, and links) are virtualized.

A Virtualized Data Centre is a physical data centre with deployed resource virtualization techniques

A Virtual Data Centre (VDC) is a collection of virtual resources (VMs, virtual switches, and virtual routers) connected via virtual links. A Virtual Data Centre is a logical instance of a Virtualized data Centre consisting of a subset of the physical data centre resources.

41

Network Virtualization: State of the Art and Research Challenges

N. M. Mosharaf Kabir Chowdhury and Raouf Boutaba (IEEE Communications Magazine • July 2009)

42

Virtualized ISP (VNs) – Virtualised data centre networks

virtualized ISP (VNs) networks mostly consist of packet forwarding elements (routers)

virtualized data centre networks involves different types of nodes including servers, routers, switches, and storage nodes.

Another key difference between data centre networks and ISP networks is the number of nodes. While the number of nodes in ISP backbones is in order of HUNDREDs (471 in Sprintlink, 487 in AT&T, 862 nodes in Verio ISPs , it can go up to thousands in today’s data centres (around 12,000 servers in one Google Compute cluster).

Furthermore, different from ISP networks, data centre networks are built using topologies like the conventional tree, fat-tree, or Clos topologies with well-defined properties, allowing to develop embedding algorithms optimised for such particular topologies.

43

Reference Model

44

Service-oriented network virtualization

45

Core Technologies

VLANs

Virtual Private Networks

Tunneling Protocols

shunt traffic to a provisioned endpoint

“hide” private addresses

send IP or non-IP traffic over the Internet

L2VPN (L2TP, L2F)

L3VPN (IPSec, GRE)

Active and programmable networks

Overlay networks

47

Thank You

Questions?

Additional slides

Additional slides for further information

Reading References

48

M. Chowdhury and R. Boutaba, “A Survey of Network Virtualization,”

Computer Networks, vol. 54, no. 5, pp. 862–876, 2010

Qiang Duan, Yuhong Yan, and Athanasios V. Vasilakos, “A Survey on Service-

Oriented Network Virtualization Toward Convergence of

Networking and Cloud Computing,” IEEE TRANSACTIONS ON NETWORK AND

SERVICE MANAGEMENT, VOL. 9, NO. 4, DECEMBER 2012

Virtualization Capabilities - Usages

49

Distributed Switch

Aggregated datacenter-level virtual networking (vs. per-host)

Simplified management

Network statistics follow VMs

Broadband Networks and Internet Architecture

Cloud services consist not only computing and storage functions provided by Cloud infrastructure but also communications functions offered by the Internet.

Networking plays a crucial role in Cloud computing: Internet for delivery of cloud services to users. Data communications in cloud data centers as well as among data centers distributed at different locations.

An example: An high performance application may use the storage capacity of Amazon S3 (Simple Storage Service) and the computing capability provided by Amazon EC2 (Elastic Compute Cloud). The underlying network infrastructure must provide network services for i) transmitting data from the application to C3 virtual disk, ii) communications between virtual disk and the EC2 virtual machines, and iii) deliver results back to the applications.

Networking resources are needed: transmission bandwidth and packet forwarding capacity)

51

Business Model

One of the differences between the traditional networking model and network virtualization model is participating players. In the traditional networking model there are two players: ISP and end users; the network virtualization model separate the role of the traditional ISP into two: an Infrastructure provider (InP) and a Service Provider (SP), InP is a company that owns and maintains the physical infrastructure and SP is to deploying protocols and services.

In the context of Data Center virtualization, InP is a company that owns and manages the physical infrastructure of a data center. An InP leases virtualized resources to multiple service providers/tenants.

Each tenant creates a VDC over the physical over the physical infrastructure owned by the InP for further deployment of services and applications offered to end-users.

52

Virtual LANs (VLANs)

53

Label-Switched Path – MPLS

54

Label switched path

Label Switched Path (LSP) is like a pipe or tunnel

While traveling on a label switched path, forwarding is based on the label only, not on destination IP address in packet

Virtual Private Networks (VPNs)

55

NETWORK DEVICE VIRTUALIZATION

56

Multiple VRFs on a Router

57

VRF RED

VRF GREEN

e1/0

e1/2

e4/2

s2/0.102

s2/0.103

s2/1.103

• VRF- A VPN Routing Forwarding instance. A VRF consists of an IP

routing table, a derived forwarding table, a set of interfaces that use

the forwarding table, and a set of rules and routing protocols that determine

what goes into the forwarding table

• A VRF partitions a router by creating multiple routing tables and multiple

forwarding instances. Dedicated interfaces are bound to each VRF

Virtual Private LAN Services (VPLS)

58

DATA PATH VIRTUALIZATION

59

Generalized Routing Encapsulation (GRE)

60

MPLS Forwarding

61