1

Miguel Angel SotosVirtualization features

FEDERICA TUTORIALJune 7th, 2009, Malaga, Spain

1

2

Agenda

1. Physical resources2. Virtualization in FEDERICA3. Network virtualization4. Hosts virtualization5. Monitoring

2

3

Network topology

GARRIT

DFNDE

CESNETCZSWITCH

CH

Red.esES

GRNETGR

HungarnetHU

PSNCPL

HEAnetIE

i2CATES

KTHSENORDUNET SUNET

FCCNPT

RENATERFR

1 Physical GbE from GN2+

1 Physical GbE tbd

Core Nodes

1 GbE VLAN or L2MPLS

Legenda

All the devices that will compose the FEDERICA infrastructure will be slicedwith different techniques.

Talk about the infrastructure, deployed over L2 and L3 GN2 and NRNs networks (done virtualizing the GN2 and NRNs networks)

3

4

Sample POP

Explain the pop with the components that are going to be virtualized:switcheslinksserversrouters

4

5

Agenda

1. Physical resources2. Virtualization in FEDERICA3. Network virtualization4. Hosts virtualization5. Monitoring

5

6

Virtualization

1. Virtualization in computing systems and in network is available. It creates “resources”, given a supporting physical substrate, which :- Have a looser or none dependency from a specific

physical location or entity (computing, data, circuits may migrate)

- On-the-fly reconfiguration, cancellation and creation of resources in the e-Infrastructure (e.g. a routing element)

- off-the-shelf components offers embedded virtualization functionalities.

An ISP instantiating virtual nodes on remote sites of a third infrastructure provider can minimize the costs of deploying and operating these equipments on his own. Performing test of new protocols on a safe network slice sharing the physical infrastructure of the network slice in production guarantees more reliable results than canonical test activities performed in a lab or on a geographically limited testbed. Running several virtual network instances on the same infrastructure guarantees limited or no impact on existing configurations of a production network when new services must be provided to end users, by leveraging on the isolation guaranteed between each instance.Another interesting application of these techniques refers to the possibility to move virtual routers between different physical locations inside the network; while simplifying existing network maintenance tasks, this application can be seen as a tool to reduce energy consumption in the network, a rising challenge nowadays.In conclusion, network virtualization is going to play a key role in Future Internet not only as enabler for the development of new network protocols and architectures but also as a tool for introducing innovation into current worldwide Internet Service Provider scenarios, by effectively triggering a decoupling between infrastructure and service providers and by improving the operation and maintenance of their networks.

6

7

Virtualization in FEDERICA

FEDERICA Design Principles:

- To provide a virtual infrastructure for the purpose of network, computing, security…Internet research

- Virtualization- Network and systems resources

- Almost clean slate- Simultaneous use- Interconnection with general Internet- Extensible, open to federate and to host users’

resources

All the devices that will compose the FEDERICA infrastructure will be sliced with different techniques.

FEDERICA, an infrasgtructure to be virtualizaed

7

8

8

Slicing the Core (Substrate)

FEDERICA substrate

Switches: Juniper MX480, (virtual and logical routing, MPLS, VLANs, IPv4 v6, QoS linecards)

V-Nodes: Up to 8-16 images/node, Unix OS, 4-8 Ethernet NICs, ~ 1 TB disk, 4core CPUs

Routers will be sliced with the concept of logical routers; alogical router is a partition of a physical router. When a logical router is created, all thehardware’s functionality is replicated creating different routing domains within a singlephysical router. For example, the routing table is replicated for every instance of alogical router created in the physical router. Thanks to this, it is possible to configuredifferent protocols in different logical routers sharing the same physical device and notinterfering between them. Specifically the technique which is going to be used is theone implemented by Juniper networks.Switches have been widely virtualized during the past years; the technique usedto create this virtualization has been Virtual LAN (VLAN). Virtual LAN (VLAN)creates level 2 virtual circuits over the Ethernet infrastructure. While with VLANtechnology it is possible to isolate some ports of the switch from each other, it is not thesame as fully virtualizing the Ethernet switch: a VLAN only isolates some interfacesfrom the others; it does not create independent management domains and control agentsat the switch. In FEDERICA, the protocol IEEE 802.1Q will be used to manageVLANs.

9

SLICES

A global pictura showing what we do in FEDERICA regarding network virtualization, slice creation, etc…

9

10

Virtual world creation

General explanation from the substrate to the final slice, of the proccess of virtualization in FEDERICA, different agents, actors, requestors, etc

10

11

Agenda

1. Physical resources2. Virtualization in FEDERICA3. Network virtualization4. Hosts virtualization5. Monitoring

11

12

12

Network virtualizationin FEDERICA

A simple case of a slice containg only two hosts connected by a single circuit is explained here for simplicity.

Creating a virtual circuit between the two virtual system requires the main steps:

- Connect the network interface(s) in the virtual hosts to one of the physical interface(s) in the hosting platform.

- Create a virtual circuit from one host the other, with a specified assured capacity or with a best effort quality.

The following slides describes the architectural decision to optimize reproducibility in slice behaviour.

Explanation, step by step, of how we create an slice, architectural decisions, slice behaviour, technnical requirements

13

13

Network virtualization (V-nodes)

To avoid contention at the V-Node level, more than one physical interface is installed in the V-Nodes. This to allow to preferably assign only one virtual interface to each physical interface.Also in the virtualization software to the logical interface of each nodes is assigned a single (software) bridge.

Virtualslice

Physicalsubstrate

Why we have chosen to have multiple links between the host and the switches/routers

14

14

Network virtualization (network)

There are various technologies available in FEDERICA to slice the 1 Gbps physical capacity between the two switches(next slide).

The main distinction is whether assured capacity is requested or only reachability with no capacity guarantees.Computing elements is supposed to be dedicated

Virtualslice

Physicalsubstrate

Question about assured capacity and the technniques we use and the issue of guaranteed bandwith

15

15

Network virtualization (network)initial technologies

Technology Non assured Capacity

Capacity Guarantees

Without HW

With HW assistance

MPLS no limitation

Ethernet VLAN 4K vlans

Physical circuitIP packet based policers Limited to IP*

The switches have line rate switching capabilities for all its ports and the V-Nodes contain HW capable of supporting full line rate in each interface.

----------- Limited availability (1G) -----------

Technnologies available and the relation with assured and not-assured capacity

16

16

Network Virtualization

Although the mentioned technologies all work well on a single point to point link, in the case of assured capacity requests, the extension to a multi-hop meshed virtual network requires additional planning to avoid resource congestion.

By a careful engineering of each virtual network topology and hardware assistance the NOC can provide, on a the FEDERICA scale, capacity assurances for virtual networks in each slice.

For these reasons it is not possible to allow, at least in the first phase of the project, complete open access to researchers. The request will instead be served through the UPB/NOC.

Finosh of the example and why we have choosed not to give complete access of the infrastructure to the researchers.

17

Network Virtualization – virtual routers

Slices can be implemented over virtual routers, using virtual links

How the slices can be implemented in the FEDERICA substrate

17

18

Virtual routers

Key concept for Network VirtualizationEven in one chassi you can have serveral routersShare resources

ChassisElectricity

Different routing control planes and different interfacesSoftware routers

On Virtualization serversImage for VMWare

Hardware routersJuniper MX

General ideas about virtual routers (logical routers)Maybe include some words about software routers

18

19

Virtual routers

A general explanation of the concept of a virtual router and a possible use

19

20

Terminology

Juniper boxes – what we use in FEDERICA

Virtual router – routing instanceOne routing table

Logical system – Phisical partitionDifferent routers in same chassisNew routing daemonmultiple logical devices that perform independent routingtasks

logical routers:is a feature that segments a physical router to be configured and operate as multiple independent routers within a platformprovides flexible segmentation of routing

20

21

Agenda

1. Physical resources2. Virtualization in FEDERICA3. Network virtualization4. Hosts virtualization5. Monitoring

21

22

22

VM comparison table

Docs and Examples of the Management API

Management API interface

Jumbo Frames support

Physical NICs per host

Virtual NICs per Virtual Machine

XEN Poor XML-RPC Yes 6 7 VirtualBox Poor SOAP No 10 6 VMWare Rich SOAP Yes 25 6

Comparison

- -

The last technique used to virtualize computers it is the technique used during allthe past years: the hypervisor. A hypervisor is a virtualization platform that allowsrunning different operating systems in the same host at the same time. Every instancethat is running an operating system is called a Virtual Machine (VM). A hypervisor alsovirtualizes the hardware of the host; for example, if the host has one network interfacecard (NIC), it is possible to generate different virtual NICs bridged to this physical one.Then it is possible to assign these different virtual NICs to different VMs. Also theCPU, the RAM memory, the CD-ROM, the hard disk or the USB port can be virtualizedand shared by different VMs. There are two main types of hypervisor: native hypervisoror hosted hypervisor. The former is the one that directly runs on a given hardwareplatform as an operating system control program. The latter runs within an operatingsystem environment. The one that will be used in FEDERICA is the native hypervisor.The reason is very straightforward: native hypervisors have better performance thanhosted hypervisors. The hypervisor selected to manage the virtual machines is VMwareESXi [5]; it has been selected because it has good performance, it has fewer hardwarelimitations than other tools and it has a good remote management API.FEDERICA will also manage software routers; a virtual machine with somesoftware installed that makes it work as a router. A software router in FEDERICA willbe a virtual machine with Ubuntu Server [6] as the main OS and Xorp [7] as the routingtool installed. Xorp has been selected because it is open source and supports a lot ofprotocols comparing with other similar tools. All these kind of tools are managed by acommand line interface (CLI).

23

Server Virtualization

We choose VMWare:

Fewer hardware limitationsIt’s the easiest tool

To installTo develop code

Widely usedSupportExperienceESXi server freeGood remote managementNative mode – better performance

Why we have chosen Vmware

23

24

Software routersOur suggested chocie

VM with a software installedWork as a routerUbuntu serverXORP as the routing toolOpen sourceSupport of a wide range of protocols

Why we have chosen Vmware

24

25

Server Virtualization

We use VMWare to divide one physical server into multiple isolated virtual environments

PartitionsInstances

Virtual Machine modelDifferent operating systems running side by side on the same hardware

Running under a virtual machineThe guest operating system runs without modifications

General ideas about Vmware

25

26

Virtual machines

A general explanation of how we use ESXi to provide VM

26

27

Server Virtualization

Provision new services

EncapsulationVM saved to a fileState, memory, I/O, devicestateRapid provisioning

IsolationFault and security isolationat the hardware levelPerformance guaranteed

General ideas about server virtualziation

27

28

Server Virtualization

How we provide the VM to the users

28

29

Server Virtualization

Explain how VM ware works with ethernet interfaces

29

30

Agenda

1. Physical resources2. Virtualization in FEDERICA3. Network virtualization4. Hosts virtualization5. Monitoring

30

31

Monitoring

We are monitoring the substrateWe are extending to virtual slices:

As virtual slices are created, we take into account:Physical connectivity between equipment participating in slice must be validatedVirtual connectivity within/between slices must be validatedMonitoring infrastructure is enabled on virtual nodes/hostsPhysical and virtual statistics are provided for operationVirtual statistics are be provided to the end user, owner of theslice

31