CLOUD NETWORKING

Cloud Networking
Software-as-a-Service (SaaS)[3]: This form of service is the most widely implemented form of

Authors Name/s per 1st Affiliation (Author)

Abstract It is predicted that the future of computer applications and services would run on cloud computing network wherein thin-clients based user devices would accesses resources over the network, applications present in remote data centres

cloud computing. Under this category end user applications are delivered as a service. Example www.salesforce.com. Platform-as-a-Service(PaaS)[3]: Under this

category a middleware is provided which could be used by developers to implement customized applications. Accessibility is provided by handles such as API and tools to access database, business process management systems or security systems. This form of implementation of cloud computing provides end users with flexibility to build their own applications to be run on cloud solutions provided by vendors. Azure platform provided by Microsoft windows is one such example. Google apps also fall under this category. The Google apps engine lets the end user to use Google database, web applications can be developed by the end users to suit their requirements, and this could be uploaded on the web to for usage by clients. Infrastructure-as-a-Service(IaaS)[3]: As the

maintained by application service providers [2]. One could visualise cloud based gaming

applications, virtual desktops as classical examples, efficiency of such cloud based networks are optimised by selecting the best location for the current set users which could change depend on various parameters as proximity, traffic statistics. To achieve such an optimised network, resources would be hosted on several virtual machines networked to data centres, best virtual machines will be made available to end user dynamically. Further to enhance reliability of service virtual machines also work as backup resources to other such machines in proximity. In this document a brief overview of cloud computing system and its operational architecture has been explained.
Keywordscloud network, virtual servers, virtual netwwork , cloud computng

name suggests this category of service mainly provides infrastructure requirements on which end user applications run. Hardware such as storage systems, operating systems, database, computing power are provided as per requirements. The end user can cut operation costs by using resources, as

INTRODUCTION Cloud computing services can be broadly classified in three categories

much as it is required, rather than having dedicated resources. Eucalyptus open-source cloud

computing system, Amazon EC 2 (Amazon elastic compute cloud) or (Amazon S 3) Amazon simple

Uob1105@gmail.com

Page 1

CLOUD NETWORKING

storage service are examples [6]. IaaS consists of following blocks Virtualised Servers (hypervisors or VMM such as Microsoft Virtual machine, Xen or VMWare ),

Storage virtualisation (storage arrays or storage services. Customer centric

approach, the storage topology can be dynamically modified as per requirements; there can be two forms of such

Network

virtualisation

[9][10](a

virtualisation.

Block virtualisation here

combination of hardware and software network resources as a single entity to end users there are nothing by virtual nodes which gather information from virtual servers). Network virtualization mediates the communication between the hardware and network. The figure below depicts network virtualization of a Xen system.

multilayer of logical and physical storage are provided, SAS, iSCSI are examples. File Virtualisation storage efficiency is improved by using central storage systems example NFS). Storage virtualization

improves connectivity and efficiency by preventing direct interaction between the end user and the storage system. A user can easily create volumes of virtual storage space space independent of the local storage, to this be storage modified has as the per

flexibility

requirements [4]. Need for Virtualisation and Cloud Network Users rely on thin-clients present in their devices to access the services provided by the cloud. These services could be logically or

geographically separated from one another. End users are required to request for new service which are provided by allocating necessary data and network resources. Cloud based service has gained popularity in areas such as on demand computer based gaming and virtual desktop applications [5]. It is important that there is very little delay in obtaining the cloud service in both the above mentioned examples. In order to achieve the best results the cloud service should be dynamically modify according to the number of end users and in Fig (1) Xen network virtualization an event of overloading of resources at certain servers quick decision making processes should be in place to shift the end users to the next best available server. architecture source [7]

Uob1105@gmail.com

Page 2

CLOUD NETWORKING

With

cloud

based

services

gaining

users would have to specify requirements such as number virtual machines required, network

popularity transformations of data centres is a continuous process. An increasing number of

configuration specifying inter-connection attributes of the virtual machines and accessibility rules governing these resources. These requirements can be easily changed even when the virtual machines are in use. Cloud based technology Cloud based model consists of a layer between the end user and the virtual machine this layer is known as the virtual server. This layer is useful in implementing hardware virtualisation however the existence of this new layer in turn affects the performance between the data centre and the virtual network, the rate of data exchange is reduced also complexity of system increase thereby increasing cost of implementation. The virtual

applications would be supported to run on virtual machines. The location of these virtual machines are decided based on parameters such best match to serve the current end users. As the end user

requirements change the virtual machine locations also change dynamically based on the number of users or traffic load the virtual machines change locations to different physical locations.

Specialized software are used for such decision making process making it possible to change virtual machine location online even when the virtual machine is in use. A constant check

procedure is adopted and gradually transferring the end user from a source virtual machine to destination virtual machine. Dynamic changing of IP addresses is critical requirement to have interruption free connection service to end user, this is possible only in a LAN network and not in case of WAN network where the IP address is fixed this is an critical limitation of cloud based network services. To have wider acceptance for a cloud based service model proper, a work around to this limitation is important which has been addressed by advance in network virtualisation, here each router is considered logically independent entity of its hardware, the hardware of router is represented as several virtual routers interconnected logically. This approach although complex from

machine or hypervisor software extends to the boundary of the network in the hardware by using vSwitches (or virtual switches). In order to

overcome these drawbacks two approaches have been suggested: EVB (edge virtual bridging) and VEPA (virtual Ethernet port aggregator) technology: This solution is adopted at the server network edge, the network service and its network management software are located close to the network server in order to avoid latency in network traffic. Extension of port: The network traffic is controlled by a central controlling system. This approach is still in research stage. A. Virtual Ethernet Bridges It is basically a virtual ethernet switch implemented in a virtual server environment (VES) virtual Ethernet bridge is more commonly referred as VEB. It can be thought of as an Layer 2

implementation point of view is necessary as the number of virtual machines and its applications are ever increasing. Due to technical advancements in network virtualisation cloud networking has gained popularity from just being a data centric service provider to providing wider range networking across geographically separated locations. End

Uob1105@gmail.com

Page 3

CLOUD NETWORKING

bridge or switch vSwitch, used to connect virtual machine (VM), a VEB hence can communicate with multiple VMs physically present on one or more servers present in a network system. VEBs are commonly deployed as software-based

vSwitches built into a virtual machine (hypervisor). VEBs can also be implemented as hardware-based VEB using SR-IOV standard (single root I/O virtualisation) [8]. a. Software-based VEBs (vSwitch) In a virtualized server, the VMM serve as abstraction layer and distribute physical NICs among several virtual machines, the hypervisor creates virtual NICs for each VM. To the software based VEB, the physical NIC function as the uplink node to external network. Hypervisor may b.

Fig (2) VEB implementation source [1]

Hardware VEBs SR-IOV enabled NICs Various vendors have used SR-IOV technology to customize VEB on the NIC hardware. The advantage of using hardware based VEB are improvement in performance of

implement one or more software-based VEB that map the virtual NICs to physical NICs [11]. Data obtained by a physical NIC is redirected to correspondingly mapped vSwitch. Further this information is forwarded to its final destination based on information gathered from the hypervisor configuration. Any information sent by the

associated with vSwitches. SR-IOV is an I/O virtualization technique for shared PCIe devices present on the same hardware. The NIC using SRIOV have anywhere between 1 to 16 physical PCI entities these are mapped to as many as 32 to 256 virtual functions the virtual functions are also termed as lightweight PCI functions mainly

hypervisor via the virtual NIC is accessed by the VEB and routed based on below mentioned logic:

Data is routed to the physical NIC in case the destination is external to the VEB or physical server. The VEB routes it to the final physical NIC.

focussing

on

data

transfer.

This

type

of

arrangement gives vendors the flexibility to expand number of functions easily. In SR-IOV technology the virtual NIC direct interact with the end user OS thereby reducing processing complexity enhancing response time to the external ports. The vSwitch manages backend activities as allocation resources monitoring performance.

For data which need not be sent to external network the vSwitch routes it to the next virtual machine.

This logic is depicted in Figure 2: Referred from [1]

B. Edge Virtual Bridging The drawbacks of software based VEB or SR-IOV based hardware VEBs result in low

Uob1105@gmail.com

Page 4

CLOUD NETWORKING

performance of a cloud system. The capabilities of the network are not fully exploited by these technologies. These drawbacks are reduced

VEB and VEPA type, here there are two requirements firstly there is a need to have efficient routing mechanism to enhance virtual machine to virtual machine performance, secondly support in case when the virtual machine dynamical changes connections to multiple switches. This technology makes use of available service VLAN or S tags (a VLAN is a physical network segregated into different broadcast domains) from central router or Q-in-Q standard (IEEE 802.1ad). The S tags are useful to logically divide traffic on a physical network connection, in the case of a hardware NIC system into multiple channels. Each such channel works as an independent port to the external network The following link level protocols have been derived from S channel technology: Channel Discovery and Configuration Protocol (CDCP) This protocol helps in virtualization of the physical link thereby allowing service to multiple VEB, VEPA, it facilitates switch discovery,

significantly in edge virtual bridging which has been termed by IEEE as 802.1qbg. EVB is based on virtual ethernet port aggregator (VEPA) technology. This technology uses the vSwitch to route traffic and take routing decision, hence the virtual machine spends time in taking routing decision reducing latency on the physical server. EVB uses multiple vSwitches to accomplish its data management which further enhances

performance. VEPA uses reflective ray technology, here the data sent out by virtual machine returns back to the same port from which it originated this helps in reducing hardware expense significantly. VEPA provides flexibility in customization as no extra tags would be required minor changes in the VEB are sufficient, here simple VLAN tag is used with slight modifications in the rules to send out data to suit requirements. The disadvantage of EVB as compared to the normal VEB is that it can address limited configurations such as VEPA switches and vSwitch. It is left to the system designer to select appropriate form of implementation between EVB, software based VEB or SR-IOV enabled hardware VEBs.

configuration of the virtual switch. Other protocols such as link layer protocols are used by CDCP to enhance the

performance of virtual machines. Virtual Switch Interface Discovery

Protocol (VDP): Mapping of the virtual connection S-Channel Technology S channel expands the usability of VEPA technology by employing enhanced tagging system. S-channel is used effectively in case when the virtual machine requires to directly communicate with the hardware NIC, the virtual machine require to communicate directly with hardware NIC which shares the physical connection with vSwitches both Figure 3 S technology to corresponding external

connections is done by this protocol, ECP or edge control protocol also is used in tandem with VDP. Physical switches are verified using these two protocols. Below figure depicts S technology:

architecture source [1]

Uob1105@gmail.com

Page 5

CLOUD NETWORKING

Fig (4) comparison of VN and E tags source [1] VN tag or E tag provide information on the connections between the hardware ports on at one end of port extender to the virtual port on the C. Port extension technology This technology is useful to overcome the drawbacks of hardware switch, in this case the hardware switch is connected to external ports by specialised E channel as depicted in the figure below. In port extension technology the hardware switch is connect to virtual ports which is connects to these E channels. The hardware switch and the virtual machine handle the routing of data traffic across the virtual ports. An example of port other end, controlling of traffic Map the physical ports on the port extenders as virtual ports on the upstream switches or controlling of data. extension helps in removing problems Port of

accessibility of virtual ports by reflective ray technology however it adversely affects the performance of the system as an additional layer is introduced bandwidth and latency issues are some of the bottlenecks. extender (FEX). Cloud networking security Since cloud computing is a networking system it is likely that user data can be stored in various location this leads to potential threats from hackers. Hackers adopt several novel techniques to such as packet division, insertion of overlapping packets, shell code mutation, techniques to extract vital information. In order to protect the network from such attacks, techniques such as protection to SaaS by providing an arbitrarily encoded key which is used as a public key (ciphering Example Cisco UCS Fabric

extension could be cited as per the Cisco recommendation where in the interconnection is established by a technology end host technology here virtual machine to virtual machine connection can be established through mediating layers. Port extenders use E tag derived from VN tag. Below figure gives a comparison between E tag and VN tag.

Uob1105@gmail.com

Page 6

CLOUD NETWORKING

techniques, garbling of data are used commonly to generate public key), adding a layer of software to protect the hypervisor from attacks and border gateway protocol based network design.[12][13] Summary Cloud networking is a fast expanding

[4] Karpoff, W., & Lake, B. (2005). U.S. Patent No. 6,857,059. Washington, DC: U.S. Patent and Trademark Office. [5] Boss, G., Malladi, P., Quan, D., Legregni, L., & Hall, H. (2007). Cloud computing. IBM white paper, 1369. [6] Cloud, A. E. C. (2011). Amazon web services. Retrieved November, 9, 2011. [7] Rixner, S. (2008). Network virtualization: Breaking the performance barrier. Queue, 6(1), 36-ff. [8] Dong, Y., Yu, Z., & Rose, G. (2008, December). SR-IOV networking in Xen:

technology which provide services to the end user from a virtual world, the implementation is complex requiring several advance technology assistance virtual machines existing in logically separated locations interact with virtual switches which are inturn controlled by hypervisors these complex architecture system introduce system latency and increased bandwidth issues which are to some extent solved by hardware VEB based on SR-IOV/MR-IOV [1] technology, but these

technologies have their own shortcoming too. Research on these and many more related areas are being done all over the world, as per Gartner report it is estimated that by 2013 approximately 61% of activity executed on a x86 machine would be virtualized [2].

architecture, design and implementation. In USENIX Workshop on I/O Virtualization (WIOV) (pp. 10-10). [9] Chowdhury, N. M., & Boutaba, R. (2010). A survey of network virtualization. Computer Networks, 54(5), 862-876.

References [1] HP Systems Technology brief Virtual

[10] Tutschku, K., Zinner, T., Nakao, A., & Tran-Gia, P. (2009). Network virtualization: Implementation steps towards the future internet. Electronic Communications of the EASST, 17. [11] Jiang, X., & Xu, D. (2005). Violin: Virtual internetworking on overlay infrastructure. Parallel and Distributed Processing and Applications, 937-946. [12] Oberheide, J., Cooke, E., & Jahanian, F. (2008, July). CloudAV: N-version antivirus in Page 7

networking technologies at the server network edge Internet: http://h20000.www2.hp.com

[2] Pfaff, B., Pettit, J., Koponen, T., Amidon, K., Casado, M., & Shenker, S. (2009). Extending networking into the virtualization layer. Proc. HotNets (October 2009). [3] Bakshi, K. (2009). Cisco Cloud ComputingData Center Strategy, Architecture, and Solutions. DOI= http://www. cisco. com/web/strategy/docs/gov/CiscoCloudComp uting_WP. pdf. Uob1105@gmail.com

CLOUD NETWORKING

the network cloud. In Proceedings of the 17th conference on Security symposium (pp. 91106). USENIX Association. [13] Safwat, A., Hassanein, H., & Mouftah, H. (2003, December). ECPS and E2LA: new paradigms for energy efficiency in wireless ad hoc and sensor networks. In Global 2003.

Telecommunications

Conference,

GLOBECOM'03. IEEE (Vol. 6, pp. 3547-3552). IEEE. [14] Hamdi, M. (2012, May). Security of cloud computing, storage, and networking. In Collaboration Technologies and Systems (CTS), 2012 International Conference on (pp. 1-5). IEEE. [15] Sadeghi, A. R., Schneider, T., & Winandy, M. (2010). Token-based cloud computing. Trust and Trustworthy Computing, 417-429.

Uob1105@gmail.com

Page 8