Zhifeng Zhao,Feng Hong,Rongpeng Li

DOI: https://doi.org/10.1109/ACCESS.2017.2762362

IF: 3.9

2017-01-01

IEEE Access

Abstract:Nowadays, cloud computing networks significantly benefit the deployment of new services and have become one infrastructure provider in the digital society. The virtual extensible local area network (VxLAN), which belongs to the network schemes to overlay Layer 2 over Layer 3, is one of the most popular methods to realize cloud computing networks. Though VxLAN partially overcomes the capacity limitation of its predecessor virtual local area network, it still faces several challenges like annoying signaling overhead during the multicast period and interrupted communication with a migrating virtual machine (VM). In this paper, we propose a new software defined network (SDN) based VxLAN network architecture. Based on this architecture, we address how we can deploy an intelligent center to enhance the multicast capability and facilitate the VM migration. Besides, we discuss the means to update the global information and guarantee the communication continuum. Finally, we use Mininet to emulate this SDN based VxLAN architecture and demonstrate effective load balancing results. In a word, this proposed architecture could provide a blueprint for future cloud computing networks.

Luo Xuan,Ye Tong,Jin Yaohui

DOI: https://doi.org/10.3969/j.issn.1000-0801.2014.02.013

2014-01-01

Abstract:Data center network has faced several challenges from the arising of cloud computing.Along with the continuous expansive bandwidth requirements，data center network also should provide network isolation and service guarantee for each tenant.Current researches focued on the physical network，network virtualization and service guarantee were introduced.

Qinlu He,Zhanhuai Li,Xiao Zhang

DOI: https://doi.org/10.1109/iccis.2010.351

2010-01-01

Abstract:As the latest development of the distributed storage technology, Cloud storage is the product of the integration of distributed storage and virtual technologies. Cloud storage is a method that allows you to use storage facilities available on the Internet. Relative to the current Commercial cloud storage file systems, introducing P2P network of interest groups put forward the idea of a P2P model based on cloud storage online backup prototype system, and the prototype system architecture and topology analysis, research and development for the following provide a theoretical basis.

Tianlin Huang,Chao Rong,Yazhe Tang,Chengchen Hu,Jinming Li,Peng Zhang

DOI: https://doi.org/10.1109/icc.2014.6883883

2014-01-01

Abstract:It has become a common practice that enterprises outsource their networks to the cloud by renting multiple virtual machines (VMs) in cloud datacenters. Due to the multi-tenant nature of cloud datacenter, how to efficiently share the network resources becomes an important issue. Recent studies, e.g., SecondNet and Oktopus, have taken network bandwidth into consideration when allocating VMs. However, these schemes are problematic in that the allocation is not that accurate, and can result in a low multiplexing rate. To this end, we present VirtualRack (VR), a new bandwidth-aware VM allocation scheme in multi-tenant datacenters. VR simultaneously considers intra-datacenter bandwidth and Internet-access-bandwidth requirements in the allocation process. In addition, we introduce a redundancy factor α that can be specified by tenants to accommodate their dynamic requirements. Simulation results show that VR can guarantee the network performance for each of the multiple tenants, and at the same time keep a high acceptance ratio without any false allocation.

Kashyap Thimmaraju,Saad Hermak,Gábor Rétvári,Stefan Schmid

2024-03-04

Abstract:Multi-tenant cloud computing provides great benefits in terms of resource sharing, elastic pricing, and scalability, however, it also changes the security landscape and introduces the need for strong isolation between the tenants, also inside the network. This paper is motivated by the observation that while multi-tenancy is widely used in cloud computing, the virtual switch designs currently used for network virtualization lack sufficient support for tenant isolation. Hence, we present, implement, and evaluate a virtual switch architecture, MTS, which brings secure design best-practice to the context of multi-tenant virtual networking: compartmentalization of virtual switches, least-privilege execution, complete mediation of all network communication, and reducing the trusted computing base shared between tenants. We build MTS from commodity components, providing an incrementally deployable and inexpensive upgrade path to cloud operators. Our extensive experiments, extending to both micro-benchmarks and cloud applications, show that, depending on the way it is deployed, MTS may produce 1.5-2x the throughput compared to state-of-the-art, with similar or better latency and modest resource overhead (1 extra CPU). MTS is available as open source software.

Cryptography and Security,Networking and Internet Architecture

Pengze Guo,Yongkai Zhou,Zhi Xue,Xinxing Yin,Liang Pang,Yan Zhu,Xiao Chen,Fangbiao Li

2014-01-01

Abstract:The past decade has witnessed the rapid development of cloud computing. Virtualization, which is the basis of delivering Infrastructure as a Service (IaaS), has led to an explosive growth in the cloud computing industry. Meanwhile, new threats are also introduced. This paper explores different aspects of cloud virtualization security, including security threats of virtualization infrastructure and attacks that can be launched on virtual cloud. The research mainly focuses on hypervisor security, vSwitch security and virtual machine security. The paper also discusses state-of-the-art solutions to those threats, which are beneficial for implementing effective protection methods for virtual cloud environment.

Pengfei Sun,Qingni Shen,Liang Gu,Yangwei Li

DOI: https://doi.org/10.1109/anthology.2013.6784967

2013-01-01

Abstract:Virtualization technologies enable multi-tenancy cloud business models by providing a scalable, shared resource platform for all tenants. Computing capacity, storage, and network are shared between multi-tenants. However, placing different customers' workloads on the same virtualization platform may lead to security vulnerabilities, which include the failure of mechanisms separating storage, memory, routing, and even reputation between different tenants of the shared infrastructure. The co-location of many customers inevitably causes conflict for the cloud provider as customers' communication security requirements are likely to be divergent from each other. In this paper, we introduce Multi-lateral Security concept to multi-tenancy cloud platform. It is difficult to analyze policies defined by consumers in the same virtualization platform in order to guarantee configuration stability given that policies may have conflicts leading to unpredictable effects. We present the Multilateral Security Architecture for Virtualization platform (VPMS) which enables the multilateral security for consumers.

Chuang Lin,Min Yao,Yin Li

DOI: https://doi.org/10.1007/s11704-015-5056-3

IF: 2.6688

2015-01-01

Frontiers of Computer Science

Abstract:Enterprises build private clouds to provide IT resources for geographically distributed subsidiaries or product divisions. Public cloud providers like Amazon lease their platforms to enterprise users, thus, enterprises can also rent a number of virtual machines (VMs) from their data centers in the service provider networks. Unfortunately, the network cannot always guarantee stable connectivity for their clients to access the VMs or low-latency transfer among data centers. Usually, both latency and bandwidth are in unstable network environment. Being affected by background traffics, the network status can be volatile. To reduce the latency uncertainty of client accesses, enterprises should consider the network status when they deploy data centers or rent virtual data centers from cloud providers. In this paper, we first develop a data center deployment and assignment scheme for an enterprise to meet its users’ requirements under uncertain network status. To accommodate to the changes of the network status and users’ demands, a VMs migration-based redeployment scheme is adopted. These two schemes work in a joint way, and lay out a framework to help enterprises make better use of private or public clouds.

Dongsheng Li,Jinkun Pan,Yixin Chen,Feng Huang

2013-01-01

Abstract:Virtual network is an important basic service for cloud computing environments. In this paper, a scalable and efficient virtual network, called VirNet, is proposed. VirNet is designed completely in user space, and the peer-to-peer communication pattern is designed, to improve its performance and scalability. VirNet can build multiple customized and isolated virtual networks simultaneously, in the same physical network, and it enables existing distributed applications written for LANs to run seamlessly on Internet. Experimental evaluation performed by a reference implementation shows that VirNet can achieve good performance and scalability.

Yukun Zhang,Bo Li

DOI: https://doi.org/10.1109/cscloud.2016.22

2016-01-01

Abstract:Virtual network management is a basic component provided by cloud computing system. In cloud environment, the fact that VMs in the same subnet are located in different hosts, the traffic of VMs attached to different users should be isolated, the VM would be migrated to other hosts makes network management different from that in physical network. Technology like overlay and SDN is usually introduced to establish a reliable and efficient virtual network management scheme. However, there are many drawbacks such as flexibility and hardware costs in most schemes introducing technology above-mentioned. We addressing these problems by designing a scheme on the hyper-visor layer of physical hosts based on overlay and SDN technology, which means the tradition virtual network can be easily transformed to our system without purchasing new devices supported OpenFlow or VXLAN(a kind of technology in overlay) protocol. Besides additional functions like monitor and traffic mirror can be customized by users' needs for the system's flexibility and scalability the SDN technology endowing. We also design a Distributed Virtual Router(DVR) on each host to solve the general problem of traffic between Internet and Intranet concentrating in most schemes. The experimental evaluation shows that our system has achieve the basic intercommunication under the situation of tenant isolation and its performance of communication between Internet and Intranet acts obviously better than that in OpenStack scheme for our DVR design.

Zongjian He,Guanqing Liang

DOI: https://doi.org/10.1109/icndc.2012.18

2012-01-01

Abstract:Network virtualization in cloud computing environment has attracted many attentions recently. With the help of network virtualization, VMM is able to provide fine-grained isolation among different VMs. However, the performance and overhead introduced by network virtualization is also important concerns when applying network virtualization to the cloud computing environment. In this paper, we evaluated the security, performance and QoS of popular virtual switch software Open vSwitch. The results can provide several guidelines for cloud application developer and administrators.

Jin Qin,Yizhen Wu,Yutong Chen,Kaiping Xue,David S. L. Wei

DOI: https://doi.org/10.1109/ACCESS.2019.2891115

IF: 3.9

2019-01-01

IEEE Access

Abstract:Virtual machine (VM) re-deployment and migration has been proven to be a key technique for cloud data centers to implement resource optimization and load balance. Also, live VM migration aims to guarantee the continuity of the existing data flows. Though VM management has been well studied, it has so far mostly focused on optimizing resource utilization, while the important issue of users' quality of experience has been ignored. In mobile cloud computing, user distribution changes dynamically over time and it can significantly affect both the service latency and network resource utilization. In the traditional network, VM migration may cause a flash crowd of flow changing and a long service downtime due to VM's IP address changing. Software-defined networking is an emerging paradigm to logically centralize the network control plane and automate the configuration of individual network elements, which can be ubiquitously deployed in data centers and serve as an effective means for flow handling. In this paper, we design a user distribution-aware virtual machine re-deployment mechanism and propose a traffic-redirection virtual machine migration scheme to keep the active flows from being interrupted. We further provide simulations to show the effectiveness and superiority of the proposed approaches over existing schemes.

Yang Yi,Tan Chengxiang,Wang Haihang

DOI: https://doi.org/10.3969/j.issn.1671-0428.2007.03.004

2007-01-01

Abstract:Different trusted filed networks should be physical isolated,but in practice,lots of applications need to work correctly whether there is physical isolation or not. So it is valuable to research how to provide high-speed,low-delay transmission when two filed networks are isolated. This paper form a scheme for Isolation Device,based on distributed system.

Xiang Wang,Zhi Liu,Jun Li,Baohua Yang,Yaxuan Qi

DOI: https://doi.org/10.1109/icccn.2014.6911782

2014-01-01

Abstract:Multi-tenant infrastructures deployed in cloud datacenters need network security protection. However, the rigid control mechanism of current security middleboxes induces inflexible orchestration, limiting the agile and on-demand security provision in virtualized datacenters. This paper presents Tualatin, a consolidated framework of delivering security services in multi-tenant datacenters. It meets security requirements of different scenarios by hardware and software co-design. Leveraging Software-Defined Networking (SDN) and OpenFlow techniques, Tualatin provides fine-grained security protection in dynamically changing network topologies, where both switches and security middleboxes are programmatically controlled by logically centralized controllers. With service-level APIs exposed, Tualatin could be easily integrated with other Cloud Management System (CMS). A proof-of-concept system has been deployed in a Tier-IV datacenter, providing customizable network security services for tenant Virtual Private Cloud (VPC) infrastructure.

Fekri Saleh,Saleem Karmoshi,Shuangwu Chen,Feng Yang,Jian Yang

DOI: https://doi.org/10.1109/mnet.106.2100617

IF: 10.294

2023-01-01

IEEE Network

Abstract:The shared nature of the network in Multi-Tenant Data Centers (MTDC) implies that network performance for tenants varies significantly. Efficient utilization of limited resources in MTDC is a challenge. Network virtualization is a promising technology for MTDC to provide customized and isolated networks to accommodate various tenants' demands. Driven by the massive increase of data traffic in MTDC, efficient and flexible network virtualization schemes are essential to guarantee seamless network resource sharing and complete isolation. This article presents a novel approach to customizing Virtual Topology (vTopology) for each tenant with self-control capability based on network slicing technology. The key technology behind this, a novel virtual MAC address (vMAC) is used to define network slices and act as a data link layer unique identifier in communications within vTopology virtual switches. Moreover, we propose Optimal Back-Forwarding Path (OBFP) to overcome interconnecting and data forwarding challenges between virtual switch ports allocated on different physical switches. With vTopology, we believe that the customization of virtual networks through network slicing technology enables MTDC operators to create more agile and flexible virtual networks and guarantee isolation and self-control for each tenant.

张萧,祝明发,肖利民

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2008.10.052

2008-01-01

Abstract:In this paper, a new solution is put forward for integration and utilization of the distributed I/O resources effectively. This solution is built between the operating system layer and the system hardware layer, mainly based on the latest hardware virtualization. It may virtualize and integrate the I/O resources distributed on multiple computer nodes, present a uniform virtual I/O space for the upper guest operating system, carry out the uniform management and utilization of distributed I/O resources for the guest operating system. This solution implements in the system software level, advanced in the performance and the implement cost. Additionally, the guest operating system dispenses with any modification.

Xianzhi Lu,Haibo Hu

DOI: https://doi.org/10.16791/j.cnki.sjg.2015.07.032

2015-01-01

Abstract:A construction approach on virtual platform network for security experiment based upon open source architecture is proposed.The proposed scheme is implemented with KVM (Kernel-based Virtual Machine), SDN (Software-Define Networking),and based on ISCSI protocol of network storage technology as well.Two common experimental templates are presented to facilitate the usage of the proposed platform.By using the templates,users can perform variable experiments on the proposed platform,such as network exploitation test and virtual enterprise network data storage environment.Compared with VMware-based virtualization technology,the proposed mechanism manifest is beneficial to laboratory of network security with flexible network access control,less hardware costs,and without software license fees as well.

Yiduo Mei,Ling Liu,Xing Pu,Sankaran Sivathanu,Xiaoshe Dong

DOI: https://doi.org/10.1109/tsc.2011.36

IF: 11.019

2013-01-01

IEEE Transactions on Services Computing

Abstract:Server consolidation and application consolidation through virtualization are key performance optimizations in cloud-based service delivery industry. In this paper, we argue that it is important for both cloud consumers and cloud providers to understand the various factors that may have significant impact on the performance of applications running in a virtualized cloud. This paper presents an extensive performance study of network I/O workloads in a virtualized cloud environment. We first show that current implementation of virtual machine monitor (VMM) does not provide sufficient performance isolation to guarantee the effectiveness of resource sharing across multiple virtual machine instances (VMs) running on a single physical host machine, especially when applications running on neighboring VMs are competing for computing and communication resources. Then we study a set of representative workloads in cloud-based data centers, which compete for either CPU or network I/O resources, and present the detailed analysis on different factors that can impact the throughput performance and resource sharing effectiveness. For example, we analyze the cost and the benefit of running idle VM instances on a physical host where some applications are hosted concurrently. We also present an in-depth discussion on the performance impact of colocating applications that compete for either CPU or network I/O resources. Finally, we analyze the impact of different CPU resource scheduling strategies and different workload rates on the performance of applications running on different VMs hosted by the same physical machine.

Xuewei Zhang,Xiaoliang Wang,Cam-Tu Nguyen,Jian Wang,Zhuzhong Qian,Sanglu Lu

DOI: https://doi.org/10.1109/ICPADS.2017.00065

2017-01-01

Abstract:Hardware middleboxes are widely used in current cloud datacenter to provide network functions such as firewalls, intrusion detection system, load balancers, etc. Unfortunately, they are expensive and unable to offer customized functions for individual tenant. To overcome this issue, there is an increasing interest in deploying software middleboxes to enable flexible security, network access functionality. This paper addresses the software middleboxes placement problem with minimum bandwidth guarantee. We first specify the model of tenants' requirement that specifies the need for virtual machines of application and middleboxes, as well as communication traffic. A virtual middlebox placement algorithm called MISSILE is then proposed to offer predictable network performance for each accepted tenant, and minimize datacenter bandwidth utilization. Extensive simulation results based on current large-scale datacenter networks verify that MISSILE is effective and provides network performance guarantee for tenants.

Yan Yao,Jian Cao,Minglu Li

DOI: https://doi.org/10.1007/978-3-642-40820-5_7

2013-01-01

Abstract:In a cloud computing environment, virtual machine allocation is an important task for providing infrastructure services. Generally, the datacenters, on which a cloud computing platform runs, are distributed over a wide area network. Therefore, communication cost should be taken into consideration when allocating VMs across servers of multiple datacenters. A network-aware VM allocation algorithm for cloud is developed. It tries to minimize the communication cost and latency between servers, with the number of VMs, VM configurations and communication bandwidths are satisfied to users. Specifically, a two-dimensional knapsack algorithm is applied to solve this problem. The algorithm is evaluated and compared with other ones through experiments, which shows satisfying results.