Speaker
Daniel Kouril
(CESNET)
Description
IaaS clouds are becoming a commodity service that attracts an increasing number
of applications. New types of applications also bring new requirements on the
cloud infrastructure, including those related to networking, which may not
always be possible to address using current technologies. Isolated network
environments, arbitrary network topologies and ISO Layer 3 services, full user
control over network flows, etc. are a few examples of services which are hard
to support in current cloud infrastructures.
Our talk will present a framework to establish an overlay network for IaaS
clouds. Using common network technologies the framework builds a network on the
top of a cloud, which provides an ISO Layer 2 network interconnecting the cloud
machines into user-driven network topologies. These isolated network
environments, so-called sandboxes, provide users with full control over the
networking on Layer 3. This approach allows the user to establish sandboxes
with arbitrary addressing schemas of IPv4 and IPv6 or even non-IP protocols.
The framework manages the pseudo-wires used as L2 links between the nodes and
makes it possible to handle them separately. Individual connections therefore
can be monitored or even configured to emulate various network characteristics
like particular bandwidth limits, delays, packet loss, etc. In this way it is
possible to simulate various kinds of connectivity models, including mobile
networks, ADSLs, etc. The framework presented has been designed to be used by
the end users and is mostly implemented using customized virtual machines
deployed in the cloud. The setup of the framework requires only minimal support
from the cloud provider.
The concept of the framework has been successfully demonstrated in the
environment of the Cyber Providing Ground that is being developed to
facilitate security research and training. The prototype implementation of the
environment will be briefly introduced in the presentation.
Primary author
Daniel Kouril
(CESNET)
Co-authors
Michal Prochazka
(CESNET)
Tomas Rebok
(Masaryk University/CESNET)
