One document matched: draft-jeong-vnrg-virtual-networks-ps-00.txt
Network Working Group S. Jeong
Internet-Draft ETRI
Intended status: Informational D. Colle
Expires: June 27, 2011 IBBT
December 24, 2010
Virtual Networks Problem Statement
draft-jeong-vnrg-virtual-networks-ps-00.txt
Abstract
This document presents the definition and effectiveness of virtual
networks and discusses the key components and challenges of
supporting virtual networks in the networks. It also describes acid
tests for virtual networks.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 27, 2011.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Jeong & Colle Expires June 27, 2011 [Page 1]
Internet-Draft Virtual Networks PS December 2010
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Motivation and Definition of Virtual Networks . . . . . . . . . 4
2.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2. Definition of Virtual Networks . . . . . . . . . . . . . . 5
2.3. Effectiveness of Virtual Networks . . . . . . . . . . . . . 6
3. Key Components and Challenges for Virtual Networks . . . . . . 6
3.1. Key Components . . . . . . . . . . . . . . . . . . . . . . 6
3.2. Key Challenges . . . . . . . . . . . . . . . . . . . . . . 6
4. Acid Tests for Virtual Networks . . . . . . . . . . . . . . . . 7
5. Security Considerations . . . . . . . . . . . . . . . . . . . . 8
6. Informative References . . . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8
Jeong & Colle Expires June 27, 2011 [Page 2]
Internet-Draft Virtual Networks PS December 2010
1. Introduction
The main objectives of virtualization are to create multiple logical
instances of the resources that can coexist, to separate the uses of
the logical instances, and to simplify the use of the underlying
resources by abstracting the characteristics and interacting with the
resources with limited abstracted knowledge.
The virtualization technology has been extensively studied for
decades from desktop virtualization, application virtualization,
system virtualization, link virtualization, storage virtualization to
network virtualization. All the virtualization technologies above
have relationship with network virtualization technology, but from
the simplified view the network elements may be seen as systems with
links. Thus, network virtualization would be expected to be realized
on the basis of traditional virtualization technologies, especially
system and link virtualization.
The system virtualization is the ability to run an entire virtual
system with its own guest OS over another OS or over a bare-machine.
So, it allows multiple virtual systems with heterogeneous guest OSes
to run in isolation on the same physical system. Each virtual system
has its own set of virtual hardware and can be accessed
independently. Thus, each virtual system can participate in
constructing and providing independent networks. The virtual system
can utilize consistent, normalized set of hardware regardless of the
characteristics of physical hardware specification. Network
virtualization allows dynamic creation and management of virtual
networks over network infrastructures. These virtual networks may be
heterogeneous and multiple separate virtual networks can be
simultaneously coexisted over the network infrastructures.
The benefits of system virtualization are as follows, but these
benefits can also be applied to network virtualization.
o Since several virtual systems share a single set of hardware, it
is possible to achieve better resource utilization and to lower
hardware cost.
o Secure and separate environment can be provided among virtual
systems because each virtual system is isolated from the others.
o System virtualization can provide normalized set of interfaces and
make it easier to provide virtual systems. Also, it can support
seamless migration of virtual systems by setting up a virtual
system using a pre-existing template and shifting virtual system
from one physical system to another to balance workloads or
improve efficiency.
Jeong & Colle Expires June 27, 2011 [Page 3]
Internet-Draft Virtual Networks PS December 2010
There are various technologies for providing virtual networks over
network infrastructures, for example Virtual Private Network (VPN)
technologies provide virtual networks. Although VPN supports
coexistence of separate virtual networks, it is not easy to
dynamically reconfigure the capability of given virtual networks
based on the changes of user's demand.
Network virtualization is one of prominent technologies to support
dynamically reconfigurable, isolated, and separate virtual networks
over network infrastructures. Network virtualization allows multiple
heterogeneous virtual networks that are isolated and independently
manageable to coexist over shared physical network infrastructures.
Since each virtual network can utilize different network
architectures, the shared network infrastructure may support the
architecture of multiple architectures. For example, by utilizing
network virtualization technology, different virtual networks can
provide different end-to-end packet delivery systems and may use
different protocols and packet formats [1]. These virtual networks
may be a way to de-ossify the current network architectures.
This document presents the definition and effectiveness of virtual
networks. It also discusses the key components and challenges of
supporting virtual networks in the networks. Finally, it describes
acid tests for virtual networks.
2. Motivation and Definition of Virtual Networks
2.1. Motivation
The current network architectures are facing many challenges as they
continuously expand application spaces and environments. Some of the
challenges may require a variety of the new different architectures
so as to resolve the challenges. In order to accelerate the research
and development of the innovative architectures, a common means
should be provided to accommodate the new heterogeneous architecture
researches and experiments in shared network infrastructures. The
common means would be a set of virtual networks.
The virtual networks can be served as non-virtualized networks
without operational interference with other virtual networks while
sharing the components of networks. Thus, multiple virtual networks
can concurrently use a single physical network for multiple virtual
networks and different virtual networks may use heterogeneous network
technologies in the isolated and separate environment. Also,
standardized set of interfaces between virtual networks can make it
easier to provide virtual networks and improve portability. The
provision of standardized interfaces can support seamless migration
Jeong & Colle Expires June 27, 2011 [Page 4]
Internet-Draft Virtual Networks PS December 2010
and update of the capability of virtual networks. Finally,
utilization of physical resources can be increased by accommodating
multiple virtual networks in a single physical resource.
2.2. Definition of Virtual Networks
A virtual network is a network of virtual resources where the
resources can be separated from other virtual resources and their
capabilities can be dynamically reconfigured.
In other words, a virtual network is a logical partition of physical
or logical networks and its capability is the same as or subset of
the networks. Also, the virtual network may expand its capability by
aggregating the capabilities of multiple networks. From the user's
point of view, the virtual network can be seen as a non-virtualized
network.
A virtual resource is an abstraction of physical or logical resource
and its partition and has the same mechanisms as the physical or
logical resource. It can also inherit all existing mechanisms and
tools for the physical or logical resource. In addition to the
mechanisms above, a virtual resource has several interfaces to access
and manage the virtual resource. These interfaces typically include
virtual data plane interfaces, virtual configuration interfaces, and
management interfaces.
A virtual network has following key properties.
o Partitioning: Each virtual resource can be used concurrently by
multiple virtual networks. Multiple applications or OSes can be
simultaneously supported within a single physical resource.
Multiple physical resources can be consolidated into virtual
resources on either a scale-up or scale-down architecture.
o Isolation: Any virtual network can be clearly isolated from all
others. Even though a virtual network crashes, the others are not
affected. Data in one virtual network do not leak across virtual
networks and applications can only communicate over configured
network connections. Unauthorized accesses to other virtual
networks are prohibited.
o Abstraction: A given virtual resource needs not directly
correspond to its component resources. The detailed information
of the physical resource can be abstracted so that other systems,
applications, or users access the capabilities of resources by
using abstracted interfaces. These interfaces can guarantee
compatibility for accessing the virtual resources and provide an
efficient control of the virtual resources..
Jeong & Colle Expires June 27, 2011 [Page 5]
Internet-Draft Virtual Networks PS December 2010
2.3. Effectiveness of Virtual Networks
Virtual networks can be used for the same purposes as non-virtualized
networks without interfering with the operation of other virtual
networks while sharing the key components among virtual networks.
Therefore, the coexistence of multiple virtual networks is possible.
The virtual networks over physical infrastructure are completely
isolated each other, so different virtual networks may use different
network technologies, for example, different protocols and packet
formats or even defining a new layering architecture can be supported
on each virtual network without interfering with the operation of
other virtual networks. In other words, each virtual network can
provide the corresponding user group with full network services
similar to those provided by a traditional non-virtualized network.
From the users' perspective, each user accesses a dedicated network
independently. Also, providing virtual networks can reduce the total
cost by increasing the utilization of resources while still
maintaining secure separation among virtual networks [2].
3. Key Components and Challenges for Virtual Networks
3.1. Key Components
The key components of virtual networks include traditional network
elements, such as hosts, routers, links, etc. In addition to them,
mechanisms for creating and managing the virtual networks are also
included. The virtual network management mechanisms create logical
partitions in the components and connect those partitions in order to
construct a virtual network. The virtual network can be connected
with non-virtualized components. Users can see the virtual network
as a non-virtualized dedicated network, so they can perform any
actions such as deploy new services, network architectures, etc. as
if they own the dedicated network.
3.2. Key Challenges
The followings investigate the key challenges for virtual networks.
o Performance: Virtualization resource is typically realized by
adopting virtualization layer in the physical resources, so
creation and management of virtual network also needs to interact
with the virtualization layer. Therefore, the performance of the
virtual networks may not be as good as the non-virtualized network
and how to reduce the performance degradation is a challenge.
Jeong & Colle Expires June 27, 2011 [Page 6]
Internet-Draft Virtual Networks PS December 2010
o Isolation: Multiple virtual networks coexist over the key
components of virtual networks, so isolation among the coexisting
virtual networks is the challenge. The isolation includes various
aspects such as security isolation, performance isolation, etc.
Since multiple virtual networks exist over shared physical
infrastructures, unexpected behavior of a virtual network may
affect other coexisting services and may cause security problems,
performance degradation of other services, and so on. How to
guarantee isolation of virtual networks by creating isolated
virtual network environments between users belonging to separate
groups is a key challenge.
o Flexibility: After creating a virtual network based on user's
requirements, the requirements can be changed. In that case, it
will be necessary to modify the capability of the virtual network.
The update of virtual network's capability may be done dynamically
and without interrupting the operation of the current virtual
network.
o Scalability: How many virtual networks can be simultaneously
supported or how many key components can be connected and managed
are also a challenge.
o Management: Since each virtual network can be separately
configured and managed, how to provide independent management
functions for each virtual network is a challenge. Also, the
management functions need to collaborate with the management for
the physical infrastructures.
4. Acid Tests for Virtual Networks
In the network community, virtual networks has been used as a general
term without clear definition or requirements, so provision of
virtual networks across various heterogeneous systems such as network
operators, network equipment vendors, service providers, etc. has
been difficult. This section discusses acid tests for virtual
networks in order to build common understanding about virtual
networks.
o Control isolation: Since multiple virtual networks concurrently
exist in virtual resources, each virtual networks need to be
separately managed. Thus, isolated control is necessary so that
separate virtual networks can be individually configured and
managed.
o Access control and virtual network labeling: Since any virtual
network can be isolated from others, it is necessary to prevent a
Jeong & Colle Expires June 27, 2011 [Page 7]
Internet-Draft Virtual Networks PS December 2010
user in a virtual network from accessing other virtual networks
without authorization. In order to support the clear isolation,
virtual resources should be able to uniquely identify virtual
networks and enforce access control for users and applications.
o Virtualization of address and port ranges: Since multiple virtual
networks share a single physical resource, overlapping address
ranges should be possible. It is necessary to provide translation
of virtual address into internal physical address at ingress
points of the physical resource and vice versa at egress points.
o Regulation of resource usage: Considering the utility of
customers, each virtual network should be capable of using
physical network resources and constructing a network topology.
However, one possible problem is that some abnormal virtual
networks may occupy most of the resources, which deteriorates
other virtual network performance due to network resource
exhaustion. Therefore, it is necessary to regulate the upper
limit of resource consumption by each virtual network in order to
maintain the overall utility and performance. Injecting the
resource owner's policy into usage of the resource also needs to
be supported.
5. Security Considerations
TBD
6. Informative References
[1] Mosharaf, N. and R. Boutaba, "Network Virtualization: State of
the Art and Research Challenges", IEEE Communications Magazine ,
July 2009.
[2] Mosharaf, N. and R. Boutaba, "A Survey of Network
Virtualization", Computer Networks , April 2010.
Jeong & Colle Expires June 27, 2011 [Page 8]
Internet-Draft Virtual Networks PS December 2010
Authors' Addresses
Sangjin Jeong
ETRI
138 Gajeongno, Yuseong
Daejeon, 305-700
Korea
Phone: +82 42 860 1877
Email: sjjeong@etri.re.kr
Didier Colle
Ghent University
Gaston Crommenlaan 8
Gent, B-9050
Belgium
Phone: +32 9 331 49 70
Email: didier.colle@intec.ugent.be
Jeong & Colle Expires June 27, 2011 [Page 9]
| PAFTECH AB 2003-2026 | 2026-04-23 11:42:51 |