Work package 2: The virtual networking environment

Workpackage chair LIP6
Partners Devoteam, Netcenter, Ginkgo, PUC, telecom SudParis, UFRJ, Unicamp

The Horizon project will be interested in the control of virtual networks. Within this project, virtualisation mechanisms will be used to virtualise entire networks. A single physical network is virtualised to a number of concurrent virtual networks, sharing the same physical resources. Each virtual network consists of virtual routers and has its own protocol stack. XEN 2.0 is an example of virtualization technique enabling such features. The virtualisation software (hypervisor) of XEN runs as OS directly on the hardware. Figure 8 shows how a physical interface can be shared by multiple virtual machines with XEN2.0.
This enables a physical network to support several different network architectures simultaneously. VINI is an example of such virtual network infrastructures. The network element hardware is virtualised, enabling different virtual network elements on a single device. Different virtual networks are separated from each other and are unaware of their virtualisation, the underlying physical network, or their concurrency to other virtual networks. Virtual routers may be created, destroyed, moved, cloned, started, and stopped on the underlying hardware.

Fig. 8. Virtualization of a physical interface

Control of Virtual Networks

The virtualization of resources on virtual networks allows the creation of multiple virtual networks that use different communication protocols and paradigms. As an example, a CISCO packet-switched virtual network may coexist with a Junos packet-switched virtual network. Figure 9 illustrates a virtualised physical network consisting of four virtual networks that use different protocol stacks.

Fig. 9. A virtualized network

Advanced algorithms must be developed to gather information about virtual networks, the load of virtual routers, the physical network, the remaining capacities of the physical network, and the currently supported and required services. Control schemes are crucial tasks in virtual networks since resources are shared by the different virtual networks. Two kinds of control could be addressed: the control of the resources of the underlying real networks and the optimization of the control algorithms in the control plane of each virtual network.
In the Horizon project, activity parameters and capabilities from physical networks that have to be virtualised will be identified, enabling service driven virtualisation of networks. To achieve this, physical and virtual resources have to be monitored to gather information for a flexible control of the virtual networks. Some control algorithms have to be identified or conceived to define:
- The best virtual network for transporting a new flow entering the physical network. This choice depends on the profile, the SLA, the security, the mobility, the quality of service requested by the user, and the availability, the utilisation, and the characteristics of the virtual networks. The Horizon project will develop a server of virtual router instances that will permit a new virtual network to be open instantaneously (or almost) to satisfy the requirements of the demand. In the same way some virtual networks could be dropped if unused or attacked.

- Physical resource distribution between the different virtual networks to satisfy the previous requirement. Indeed, both types of control schemes have to be correlated.
Interfaces for monitoring, managing, and controlling the virtual networks will be defined, reflecting the security concepts of the architecture.

Finally an appropriate virtualisation solution has to be found to support the interfaces as far as possible, by comparing available virtualisation solutions. The most appropriate answer will correspond to the solution that meets the required performance and the defined interfaces. The VirtuOR (subcontractor of LIP6) first beta virtual routers will be tested and could be improved to meet the previous requirement. Indeed, a trade-off between isolation and performance will have to be chosen. More precisely, the virtual routers will have to comply with ToIP traffics, and the hypervisor will have to be chosen or defined, or modified to perform such a constraints. This problem is also depending on the control algorithms and the choices that will be decided by the project. For example, it can be decided to multiplex all ToIP traffics on a unique virtual network or to share the flows between all the virtual networks, or to have an intermediate solution.

This work package will be divided into three tasks.

Task 1: Identification and Comparison of Appropriate Virtualisation Solutions

This task will evaluate the existing solutions to identify which meet the requirements of virtual networks: Performance requirements, security issues, monitoring capabilities, and management capabilities.

 Task 2: Definition of Virtual Interfaces

The interfaces defined in this task are used to interact with the virtual/physical resources and the piloting system defined in WP3. The interfaces will consider management and control of the flows entering the network and the allocation of physical resources. These interfaces must support the security concepts of the architecture (mainly the isolation between the different virtual networks). Indeed, when looking at Figure 3, the interfaces to be defined will link up the virtualisation plane and the control & management planes and through these planes the data and piloting planes. The VirtuOR virtual router should be the basis for defining these interfaces.

Task 3: Modification/adoption of the Identified Virtualisation Solution

This task will provide virtual resources that adhere to the defined interfaces. It will also address the Integration of the solution with the piloting system defined in WP 3. In other words, this task will have to define the virtualization scheme or modify a current scheme to meet all the constraints that can be found in a large network.
efinition of the task Deadline Leader

Research areas