Secure and Dependable Multi-Cloud Network Virtualization

Detalhes bibliográficos
Autor(a) principal: Alaluna, Max
Data de Publicação: 2019
Idioma: eng
Título da fonte: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Texto Completo: http://hdl.handle.net/10451/42534
Resumo: Virtualization is a consolidated technology in modern computers, enabling distinct virtual machines to share the same hardware resources. This technology underpinned cloud computing, enabling infrastructure providers to extend their services with elastic computing and storage services. Today, the number of virtual servers already surpasses the number of physical servers, in a clear demonstration of the success of this technology. Unfortunately, networking has lagged behind. Traditional network primitives (e.g., VLANs) do not present the scalability and flexibility that is necessary for the“as-a-service” model of cloud computing. As a result, existing cloud services do not offer network guarantees, hindering their adoption by a large class of applications. This situation has started changing with Software-defined networking (SDN), a new paradigm that proposes the logical centralization of network control. Advanced network virtualization platforms use SDN to give cloud users the freedom to specify their virtual network topologies and addressing schemes, for the first time enabling complete network virtualization. These solutions were a huge step forward, but they still have limitations. First, they target a single datacenter of a cloud provider. This limits their scalability and is effectively a single point of failure for the tenant’s virtual networks. Second, the virtual network services offered are restricted to traditional services, such as L2 switching, L3 routing, or Access Control List (ACL) filtering. This establishes them as insufficient to support (critical) applications that need to be deployed across multiple trust domains for resiliency while enforcing diverse security requirements. In addition, most solutions that are efficient in mapping the tenant’s virtual network requests to the substrate typically do not scale to large networks. Finally, they also fail to provide the elasticity required in cloud computing, not allowing virtual networks to scale out or scale in. In this thesis, we address these limitations by proposing Sirius: the first multicloud network virtualization platform. Sirius allows virtual networks to seamlessly span across a substrate composed of multiple cloud infrastructures, including public clouds and private data centers. By replicating elements across different clouds, tenants avoid any single point of failure, thus addressing the first challenge. Besides enhancing the substrate, Sirius also enhances the virtual networks with security and dependability. For this purpose, in this thesis we propose novel network embedding algorithms to find efficient mappingsof virtual network requests onto the substrate network that consider security and availability of virtual resources. Specifically, we propose an optimal solution based on Mixed-Integer Linear Programming (MILP), and also heuristics that scale to very large networks, while achieving results close to optimal. These solutions enable us to address challenges two and three. Finally, to address the last challenge we propose new algorithms that allow virtual networks to scale out and scale in,enabling elasticity to tenant’s environments. We implemented a prototype of Sirius, and evaluated all solutions using both large scale simulations and a real testbed environment running our prototype. The latter consists of a substrate composed of a private data center and two public clouds (Amazon and Google). Our evaluations demonstrate that the system scales well for networks of thousands of switches employing diverse topologies and improves on the virtual network acceptance ratio and provider profit when compared to the state-of-the-art. In particular, the acceptance ratios are less than 1% from the optimal, and the system can provision a 10 thousand container virtual network in approximately 2 minutes. Overall, the evaluations demonstrate the feasibility of our proposal in achieving good trade-offs concerning security and performance, and are therefore a step forward in the enrichment of cloud computing services.
id RCAP_e4a1b363adfb91feec5e2ef8b23e5c98
oai_identifier_str oai:repositorio.ulisboa.pt:10451/42534
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Secure and Dependable Multi-Cloud Network VirtualizationNetwork VirtualizationCloud ComputingMulti-cloudVirtualNetwork EmbeddingDomínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaVirtualization is a consolidated technology in modern computers, enabling distinct virtual machines to share the same hardware resources. This technology underpinned cloud computing, enabling infrastructure providers to extend their services with elastic computing and storage services. Today, the number of virtual servers already surpasses the number of physical servers, in a clear demonstration of the success of this technology. Unfortunately, networking has lagged behind. Traditional network primitives (e.g., VLANs) do not present the scalability and flexibility that is necessary for the“as-a-service” model of cloud computing. As a result, existing cloud services do not offer network guarantees, hindering their adoption by a large class of applications. This situation has started changing with Software-defined networking (SDN), a new paradigm that proposes the logical centralization of network control. Advanced network virtualization platforms use SDN to give cloud users the freedom to specify their virtual network topologies and addressing schemes, for the first time enabling complete network virtualization. These solutions were a huge step forward, but they still have limitations. First, they target a single datacenter of a cloud provider. This limits their scalability and is effectively a single point of failure for the tenant’s virtual networks. Second, the virtual network services offered are restricted to traditional services, such as L2 switching, L3 routing, or Access Control List (ACL) filtering. This establishes them as insufficient to support (critical) applications that need to be deployed across multiple trust domains for resiliency while enforcing diverse security requirements. In addition, most solutions that are efficient in mapping the tenant’s virtual network requests to the substrate typically do not scale to large networks. Finally, they also fail to provide the elasticity required in cloud computing, not allowing virtual networks to scale out or scale in. In this thesis, we address these limitations by proposing Sirius: the first multicloud network virtualization platform. Sirius allows virtual networks to seamlessly span across a substrate composed of multiple cloud infrastructures, including public clouds and private data centers. By replicating elements across different clouds, tenants avoid any single point of failure, thus addressing the first challenge. Besides enhancing the substrate, Sirius also enhances the virtual networks with security and dependability. For this purpose, in this thesis we propose novel network embedding algorithms to find efficient mappingsof virtual network requests onto the substrate network that consider security and availability of virtual resources. Specifically, we propose an optimal solution based on Mixed-Integer Linear Programming (MILP), and also heuristics that scale to very large networks, while achieving results close to optimal. These solutions enable us to address challenges two and three. Finally, to address the last challenge we propose new algorithms that allow virtual networks to scale out and scale in,enabling elasticity to tenant’s environments. We implemented a prototype of Sirius, and evaluated all solutions using both large scale simulations and a real testbed environment running our prototype. The latter consists of a substrate composed of a private data center and two public clouds (Amazon and Google). Our evaluations demonstrate that the system scales well for networks of thousands of switches employing diverse topologies and improves on the virtual network acceptance ratio and provider profit when compared to the state-of-the-art. In particular, the acceptance ratios are less than 1% from the optimal, and the system can provision a 10 thousand container virtual network in approximately 2 minutes. Overall, the evaluations demonstrate the feasibility of our proposal in achieving good trade-offs concerning security and performance, and are therefore a step forward in the enrichment of cloud computing services.Financiado pelo CNPQ e pelo Exército BrasileiroRamos, Fernando Manuel ValenteRepositório da Universidade de LisboaAlaluna, Max2020-03-20T17:30:41Z2019-072019-062019-07-01T00:00:00Zdoctoral thesisinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10451/42534TID:101507518enginfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-03-17T14:18:04Zoai:repositorio.ulisboa.pt:10451/42534Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T03:08:05.687172Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Secure and Dependable Multi-Cloud Network Virtualization
title Secure and Dependable Multi-Cloud Network Virtualization
spellingShingle Secure and Dependable Multi-Cloud Network Virtualization
Alaluna, Max
Network Virtualization
Cloud Computing
Multi-cloud
Virtual
Network Embedding
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
title_short Secure and Dependable Multi-Cloud Network Virtualization
title_full Secure and Dependable Multi-Cloud Network Virtualization
title_fullStr Secure and Dependable Multi-Cloud Network Virtualization
title_full_unstemmed Secure and Dependable Multi-Cloud Network Virtualization
title_sort Secure and Dependable Multi-Cloud Network Virtualization
author Alaluna, Max
author_facet Alaluna, Max
author_role author
dc.contributor.none.fl_str_mv Ramos, Fernando Manuel Valente
Repositório da Universidade de Lisboa
dc.contributor.author.fl_str_mv Alaluna, Max
dc.subject.por.fl_str_mv Network Virtualization
Cloud Computing
Multi-cloud
Virtual
Network Embedding
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
topic Network Virtualization
Cloud Computing
Multi-cloud
Virtual
Network Embedding
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
description Virtualization is a consolidated technology in modern computers, enabling distinct virtual machines to share the same hardware resources. This technology underpinned cloud computing, enabling infrastructure providers to extend their services with elastic computing and storage services. Today, the number of virtual servers already surpasses the number of physical servers, in a clear demonstration of the success of this technology. Unfortunately, networking has lagged behind. Traditional network primitives (e.g., VLANs) do not present the scalability and flexibility that is necessary for the“as-a-service” model of cloud computing. As a result, existing cloud services do not offer network guarantees, hindering their adoption by a large class of applications. This situation has started changing with Software-defined networking (SDN), a new paradigm that proposes the logical centralization of network control. Advanced network virtualization platforms use SDN to give cloud users the freedom to specify their virtual network topologies and addressing schemes, for the first time enabling complete network virtualization. These solutions were a huge step forward, but they still have limitations. First, they target a single datacenter of a cloud provider. This limits their scalability and is effectively a single point of failure for the tenant’s virtual networks. Second, the virtual network services offered are restricted to traditional services, such as L2 switching, L3 routing, or Access Control List (ACL) filtering. This establishes them as insufficient to support (critical) applications that need to be deployed across multiple trust domains for resiliency while enforcing diverse security requirements. In addition, most solutions that are efficient in mapping the tenant’s virtual network requests to the substrate typically do not scale to large networks. Finally, they also fail to provide the elasticity required in cloud computing, not allowing virtual networks to scale out or scale in. In this thesis, we address these limitations by proposing Sirius: the first multicloud network virtualization platform. Sirius allows virtual networks to seamlessly span across a substrate composed of multiple cloud infrastructures, including public clouds and private data centers. By replicating elements across different clouds, tenants avoid any single point of failure, thus addressing the first challenge. Besides enhancing the substrate, Sirius also enhances the virtual networks with security and dependability. For this purpose, in this thesis we propose novel network embedding algorithms to find efficient mappingsof virtual network requests onto the substrate network that consider security and availability of virtual resources. Specifically, we propose an optimal solution based on Mixed-Integer Linear Programming (MILP), and also heuristics that scale to very large networks, while achieving results close to optimal. These solutions enable us to address challenges two and three. Finally, to address the last challenge we propose new algorithms that allow virtual networks to scale out and scale in,enabling elasticity to tenant’s environments. We implemented a prototype of Sirius, and evaluated all solutions using both large scale simulations and a real testbed environment running our prototype. The latter consists of a substrate composed of a private data center and two public clouds (Amazon and Google). Our evaluations demonstrate that the system scales well for networks of thousands of switches employing diverse topologies and improves on the virtual network acceptance ratio and provider profit when compared to the state-of-the-art. In particular, the acceptance ratios are less than 1% from the optimal, and the system can provision a 10 thousand container virtual network in approximately 2 minutes. Overall, the evaluations demonstrate the feasibility of our proposal in achieving good trade-offs concerning security and performance, and are therefore a step forward in the enrichment of cloud computing services.
publishDate 2019
dc.date.none.fl_str_mv 2019-07
2019-06
2019-07-01T00:00:00Z
2020-03-20T17:30:41Z
dc.type.driver.fl_str_mv doctoral thesis
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10451/42534
TID:101507518
url http://hdl.handle.net/10451/42534
identifier_str_mv TID:101507518
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833601605654544384

Registros relacionados