Identity Management and Resource Allocation in the Network

Identity Management and Resource Allocation in the Network Virtualization Environment Mosharaf Chowdhury School of Computer Science University of Waterloo January 21, 2009 1

NETWORK VIRTUALIZATION January 21, 2009 2

Why Network Virtualization? • Internet is almost ossified – Lots of band-aids and makeshift solutions (e. g. , overlays) – A new architecture (aka clean-slate) is needed • Hard to come up with a one-size-fits-all architecture – Almost impossible to predict what future might unleash • Why not create an all-sizes-fit-into-one architecture instead! – Open and expandable – Coexistence of heterogeneous architectures January 21, 2009 3

What is Network Virtualization? • Transparent abstraction of networking platform and resources – Multiple logical interpretations of the physical characteristics • Multiple virtual networks (VNs) • Additional level of indirection – Indirect access to network resources • Resource partitioning and isolation – Physical and logical – Dynamic provisioning and configuration January 21, 2009 4

Network Virtualization Environment January 21, 2009 5

Challenges Virtual Network Embedding Instantiation – Concerned with issues related to successful creation of virtual networks – Deals with operations of virtual networks and virtual components Management – Manages co-existing virtual networks January 21, 2009 Identity Management Operations 6

Identity Management in the Network Virtualization Environment IMARK January 21, 2009 7

Motivation • High level of dynamism – Macro Level: Merge/Separate VNs – Micro Level: Add/Join/Migration of end hosts and virtual routers • Mobility – Geographical – Logical • Überhoming – Simultaneously connect to multiple In. Ps and VNs January 21, 2009 8

Design Principles 1. Separation of Identity and Location – Inherent support for mobility and Überhoming 2. Local Autonomy – Flexibility of naming and addressing in different VNs – Defined interfaces and mechanisms for cooperation 3. Global Identifier Space – Local identifiers have no end-to-end significance January 21, 2009 9

i. Mark Overview • Concepts 1. Identifier Spaces 2. Mappings • Components 1. Controllers 2. Adapters January 21, 2009 10

Operations: Macro Level • Federation – Multiple VNs create common administrative domain – Controller network • Hierarchy – Aggregation of mappings in representative controllers – Balanced and unbalanced January 21, 2009 11

Operations: Micro Level • Join – Add mappings • Lookup and Connection Setup – State setup in the network • Leave – Remove mappings • Mobility – Soft handoff January 21, 2009 12

Evaluation Mean Mapping Size Per Controller January 21, 2009 Mean Lookups Resolved 13

Intra-domain Resource Allocation through Virtual Network Embedding VINEYARD January 21, 2009 14

Virtual Network Embedding 10 80 a 10 b A 12 c 10 10 55 B 22 12 90 10 C 60 20 15 D 15 20 E F 85 17 25 e 5 5 G d f 70 20 January 21, 2009 50 10 20 17 H 65 15

Substrate Graph Augmentation a ∞ 80 A 10 b 10 c 10 C 60 c ∞ ∞ ∞ 12 90 12 10 B 22 ∞ a 10 55 15 20 D 15 E 50 10 F 85 17 25 G 17 70 H 65 ∞ ∞ b January 21, 2009 16

D-Vi. NE and R-Vi. NE For each VN request: – Augment the substrate graph – Solve the resulting LP – For each virtual node: • Calculate the probability for each meta-node to be selected for the corresponding virtual node • Selection: INITIALIZATION NODE MAPPING – D-Vi. NE: Select the meta-node with the highest probability – R-Vi. NE: Select a meta-node randomly with the calculated probability – Use MCF to map virtual edges LINK MAPPING – If the VN request is accepted FINALIZATION • January 21, 2009 Update residual capacities of the substrate resources 17

Acceptance Ratio January 21, 2009 18

Revenue Vs Cost Revenue January 21, 2009 Cost 19

Resource Utilization Node Utilization January 21, 2009 Link Utilization 20

What have we done? What will we do? SUMMARY January 21, 2009 21

Contributions • Survey of Network Virtualization (Submitted + Tech. Report) – Historical perspective – Categorization of existing projects – Enumeration of open problems • Identity Management Framework (IM’ 09) – Interoperability with flexibility to support mobility and Überhoming • Virtual Network Embedding Algorithms (INFOCOM’ 09) – Better embedding quality – Mathematical foundation January 21, 2009 22

Future Work • i. Mark Prototype Development – Further evaluation • Theoretical Analysis of D-Vi. NE and R-Vi. NE – Approximation factors – Economic models • Inter-domain VN embedding January 21, 2009 23

Collaborators • Fida-E Zaheer (i. Mark) • Muntasir Raihan Rahman (Vi. NEYard) • Network Virtualization Project Members January 21, 2009 24

Questions? Mosharaf Chowdhury http: // www. mosharaf. com/ January 21, 2009 25

BACKUP SLIDES January 21, 2009 26

Related Concepts 1. 2. 3. 4. Virtual Local Area Networks (VLAN) Virtual Private Networks (VPN) Active and Programmable Networks Overlay Networks January 21, 2009 27

Downsides of Overlay Networks • Largely used as narrow fixes for specific problems – No holistic view • Most overlays are designed in the application layer – Cannot support radically different concepts Anderson et al. January 21, 2009 28

What is a Virtual Network (VN)? • A collection of virtual nodes and virtual links forming a virtual topology – Subset of physical topology – Basic entity of the NVE • A virtual node is hosted on a particular physical node – Multiple virtual nodes can coexist • A virtual link spans over a physical path – Includes a portion of the underlying physical resources January 21, 2009 29

Business Model Players • Relationships Infrastructure Providers (In. P) – Manage underlying physical networks • End User Service Providers (SP) – Create and manage virtual networks – Deploy customized end-to-end services • End Users – Buy and use services from different service providers • Brokers – Mediators/Arbiters January 21, 2009 SLA Broker Service Provider NPA Infrastructure Provider EIA SIA IIA 30

Hierarchy of Roles January 21, 2009 31

Basic Concepts Principles • • Concurrence Recursion Inheritance Revisitation January 21, 2009 Design Goals • • • Flexibility Manageability Scalability Isolation Stability and Convergence Programmability Heterogeneity Experimental and Deployment Facility Legacy Support 32

What is Network Virtualization? (Revisited) Network virtualization is a networking environment that allows multiple service providers to dynamically compose multiple heterogeneous virtual networks that coexist together in isolation from each other, and to deploy customized end-toend services on-the-fly as well as manage them on those virtual networks for the end-users by effectively sharing and utilizing underlying network resources leased from multiple infrastructure providers. January 21, 2009 33

Classification • Networking technology – Targeted technology for virtualization • Layer of virtualization – Particular layer in the network stack where virtualization is introduced • Architectural domain – Specific problem domain that virtualization addresses • Level of virtualization – Granularity at which virtualization is realized January 21, 2009 34

Existing Projects Project Architectural Domain Networking Technology VNRMS Virtual network management ATM/IP Tempest Enabling alternate control architectures ATM Link Net. Script Dynamic composition of services IP Network Node Genesis Spawning virtual network architectures Network Node/Link January 21, 2009 Layer of Virtualization Level of Virtualization Node/Link 35

Existing Projects (Cont. ) Project Architectural Domain VNET Virtual machine Grid computing VIOLIN Deploying on-demand value-added services on IP overlays X-Bone Layer of Virtualization Level of Virtualization Link Node IP Application Node Automating deployment of IP overlays IP Application Node/Link Planet. Lab Deploy and manage overlay-based testbeds IP Application Node UCLP Dynamic provisioning and reconfiguration of lightpaths SONET Physical Link January 21, 2009 Networking Technology 36

Existing Projects (Cont. ) Project Architectural Domain Networking Technology Layer of Virtualization AGAVE End-to-end Qo. S-aware service provisioning IP Network GENI Creating customized virtual network testbeds Heterogeneous VINI Evaluating protocols and services in a realistic environment CABO Deploying value-added end-to-end services on shared infrastructure January 21, 2009 Level of Virtualization Link Heterogeneous Full 37

Major Ongoing Projects Project Originated In Link 4 WARD Europe http: //www. 4 ward-project. eu/ AKARI Japan http: //akari-project. nict. go. jp/ CABO USA http: //www. cs. princeton. edu/~jrex/virtual. html Clean Slate USA http: //cleanslate. stanford. edu/ GENI USA http: //www. geni. net/ Nou. Veau Canada http: //netlab. cs. uwaterloo. ca/virtual/ Planet. Lab USA http: //www. planet-lab. org/ Trilogy Europe http: //www. trilogy-project. org/ UCLP Canada http: //www. uclp. ca/ VINI USA http: //www. vini-veritas. net/ January 21, 2009 38

Entities and Identifier Spaces Entities Identifier Spaces 1. 2. 3. 4. 5. Service Provider Virtual Network Virtual Resource Infrastructure Provider / Physical Network 5. Physical Resource 6. End User January 21, 2009 IDS_ISP IDS_VN IDS_VR IDS_PR IDS_EH 39

Relationships between Entities January 21, 2009 40

Mappings between Different Identifiers January 21, 2009 41

Sequence Diagram: Join January 21, 2009 42

Sequence Diagram: Lookup January 21, 2009 43

January 21, 2009 44

January 21, 2009 45

D-Vi. NE January 21, 2009 46

R-Vi. NE January 21, 2009 47

Summary of Compared Algorithms January 21, 2009 48

January 21, 2009 49

January 21, 2009 50

January 21, 2009 51