Peer-to-peer Virtual Private Networks and Applications Renato Jansen Figueiredo Associate Professor Cloud and Autonomic Computing Center/ACIS Lab University of Florida Visiting Researcher at VU Backdrop Virtual machines in cloud computing  On-demand, pay-per-use, user-configurable  Federated environments  End-to-end Internet connectivity hindered by address  space and presence of NATs, firewalls Network virtualization – seamlessly connecting  virtual machines across multiple providers 2 Rationale Virtualization techniques for decoupling,  isolation, multiplexing also apply to networking E.g. VLANs, VPNs  However, there are challenges in configuration,  deployment, and management Peer-to-peer techniques provide a basis for  scalable routing, and self-management Software routers, integration at network end-points  enables deployment over existing infrastructure Architecture, design needs to account for  connectivity constraints, and support TCP/IP efficiently; optimize for common cases 3 Application Examples Cloud-bursting  Run additional worker VMs on a cloud provider  Extending enterprise LAN to cloud VMs – seamless  scheduling, data transfers Federated “Inter-cloud” environments  Multiple private clouds across various institutions  Virtual machines can be deployed on different sites  and form a distributed virtual private cluster Connecting devices of social network peers  Media streaming, file sharing, gaming, …  4 Talk - Outlook Background  Architecting self-organizing virtual networks  Topology, routing, tunneling, addressing, NAT  traversal, performance Uses in Grid/cloud and end-user environments  Virtual Private Clusters  Social VPNs  Applications  FutureGrid – high-throughput computing virtual  appliances ConPaaS  5 Resource Virtualization Virtual machines (Xen, VMware, KVM) paved  the way to Infrastructure-as-a-Service (IaaS) Computing environment decoupled from physical  infrastructure Pay-as-you-go for computing cycles  Virtual networks complement virtual machines  for increased flexibility and isolation in IaaS VMs must communicate seamlessly – regardless of  where they are provisioned Traffic isolation; security, resource control  6 Virtual Machines and Networks Virtual V2 Infrastructure V3 V1 VMM + VN Physical Infrastructure Domain B WAN Domain C Domain A 7 Virtual Networks Single infrastructure, many virtual networks  E.g. one per user, application, project, social  network… Each isolated and independently configured  Addressing, protocols; authentication, encryption  Multiplexing physical network resources  Network interfaces, links, switches, routers  8 Network Virtualization – Where? Virtualized endpoints Software Software Network Network Network Fabric Device Device (Virtual) (Virtual) machine machine Virtualized Fabric (e.g VLAN, OpenSwitch) 9 Landscape Peer-wise Internet connectivity constrained  IPv4 address space limitations; NATs, firewalls  Challenges - shared environment  Lack of control of networking resources  Cannot program routers, switches  Public networks – privacy is important  Often, lack privileged access to underlying resources  May be “root” within a VM, but lacking hypervisor privileges  Dynamic creation, configuration and tear-down  Complexity of management  10