Address-Translation-Based Network Virtualization

Virtualization

Yasusi Kanada & Toshiaki Tarui

Hitachi, Ltd., Central Research Laboratoryy

Introduction

 Network virtualization

isolates multiple services or communities while using the same hardware.

enables users to create their own wide-area networks.

can simplify network architecture and protocols

can simplify network architecture and protocols

because it can be independent from conventional network.

 Conventional network address translation (NAT)

causes complexity and “headaches”.

plays an important role in real-world networks.

 when the number of available IP addresses is less than requiredwhen the number of available IP addresses is less than required.

 when there are IP addresses that should be hidden from the global network.

 We will show Address-Translation-based network Virtualization (ATV)

which is a relatively new method of network virtualization

2

which is a relatively new method of network virtualization.

Two Virtualization Architectures

 Virtualization technology was first developed for virtualizing computer memory.

 Analogy between memory and network virtualization:

User 1 Address Logical memory

spaces

Physical memory space

Segment User 1

Address Address

Logical memory spaces

Physical memory space

Memory virtualization Paging vs Segmentation

Address 000 100 200 300

User 2 Address 000

Segment

registers Address DAT

0000 0100 0200 0300

Page 1-1 Page 1-2 Page 1-3 Page 1-4

User 2 Address 1000 Page 2-1

Address

000 100 200 300 400 500 Page 1-1

Page 1-3

Page 2-2 Page 2-1

Page 3-1 Page 3-2

Paging vs. Segmentation

100

User 3 Address 000 100 200

1100 Page 2-2

User 3 Address 2000 2100 2200

Page 3-1 Page 3-2 Page 3-3

600 700 800 Page 1-2 Page 1-4 Page 2 2

Page 3-3

Segment ID/number in packet

header Virtual network

address spaces Network address space in the WAN Virtual Network 1

172.16/15 Address

Virtual Network 1 172.16/15

Virtual network address spaces

Network address space in the WAN

Analogy

Network virtualization Paging vs. Segmentation

1 header

Virtual Network 2 10.1/16 10.2/16

2

Trans-

lation 150.23/16

150.24/15

150.26/16 150 27/16 Virtual Network 2

10.1/16 10.2/16

Page 1-1

Page 2-2

Page 1-1

Page 3-1 Page 2-1 Page 2-1

Page 2-2

g g g

3

Virtual Network 3 10.1/16

3

150.27/16 Page 3-1 Virtual Network 3

10.2/16Page 3-1

New! Conventional

Paging and Segmentation in Main Memory

 Segmentation

The memory space is divided into logically separated and variable- sized segments and each user uses a segment

sized segments and each user uses a segment.

Logical and physical memories are mapped to each other by using segment(register)s.

Address = <Segment_number, Displacement>.

User 1 Logical memory

spaces

Physical memory space

User 1 Logical memory

spaces

Physical memory space User 1

Address 000 100 200

Segment

registers DAT

User 1 Address 0000 0100 0200

Page 1-1 Page 1-2 Page 1-3

Address

Page 1-1 000 300

User 2 Address 000

0300 Page 1-4

User 2 Address 1000 Page 2 1

100 200 300 400 Page 1-3 Page 2-1

Page 3-1 Page 3-2 000

100

User 3 Address

1000 1100

Page 2-1 Page 2-2

User 3 Address

500 600 700 800 Page 1-2 Page 1-4 Page 2-2

Page 3-3

4

Address 000 100 200

Address 2000 2100 2200

Page 3-1 Page 3-2 Page 3-3

Paging and Segmentation in Main Memory (cont’d)

 Paging

The memory space is divided into fixed-size pages.

Th f ll th f t d i t i l

The pages of all the users of a computer are mapped into a single large physical address-space.

Logical memory is mapped to physical memory by DAT (dynamic address translation).

User 1 Logical memory

spaces

Physical memory space

User 1 Logical memory

spaces

Physical memory space User 1

Address 000 100 200

Segment

registers DAT

User 1 Address 0000 0100 0200

Page 1-1 Page 1-2 Page 1-3

Address

Page 1-1 000 300

User 2 Address 000

0300 Page 1-4

User 2 Address 1000 Page 2 1

100 200 300 400 Page 1-3 Page 2-1

Page 3-1 Page 3-2 000

100

User 3 Address

1000 1100

Page 2-1 Page 2-2

User 3 Address

500 600 700 800 Page 1-2 Page 1-4 Page 2-2

Page 3-3

5

Address 000 100 200

Address 2000 2100 2200

Page 3-1 Page 3-2 Page 3-3

Paging and Segmentation in Network

 Network segmentation

distinguishes every network object by <Segment_identifier, OID>

 Segment identifiers are VPN numbers or names, or VLAN identifiers.

 OIDs (object identifiers) are usually addresses of objects in the network.

is widely used in VPNs and experimental virtual networks.y p

Segment ID/ b

Virtual network address spaces

Network address space in the WAN

Virtual Network 1 Virtual Network 1

Virtual network address spaces

Network address space in the WAN

1 ID/number

in packet header

172.16/15 Address

Trans- lation 172.16/15

150.23/16 Page 1-1

Page 2-2

Virtual Network 2

10.1/16 ²

150.24/15 Virtual Network 2

10.1/16

g

Page 1-1 Page 2-1

10.2/16

Virtual Network 3 ³

150.26/16 150.27/16 10.2/16

Page 3-1 Virtual Network 3

Page 2-1 Page 2-2

6

10.1/16 10.2/16 Page 3-1

Paging and Segmentation in Network (cont’d)

 Network paging (or ATV

(address-translation-based virtualization)

)

A VN architecture that distinguishes every network object in all VNs by a single unique address in “physical network” (or WAN)

by a single unique address in physical network (or WAN).

Local addresses of objects are mapped to the unique addresses by using an address translation (a type of NAT).

A virtual-address space may be divided into multiple pages and may be mapped to non-contiguous subspaces in the WAN.

Virtual network address spaces

Network address space in the WAN

Virtual network address spaces

Network address space in the WAN

1 Segment ID/number

in packet header

address spaces space in the WAN Virtual Network 1

172.16/15 Address

Trans- Virtual Network 1

172.16/15

address spaces space in the WAN

Page 1-1

Virtual Network 2

lation 150.23/16

150.24/15 Virtual Network 2

g

Page 2-2

Page 1-1 10.1/16

10.2/16

2

150.26/16 150.27/16 10.1/16

10.2/16

Page 3-1 Page 2-1 Page 2-1

Page 2-2

7 Virtual Network 3

10.1/16

3 Virtual Network 3

10.2/16 Page 3-1

Example: Intranet-type Communication

 Only one page (a single rule) is used.

WAN NAT

Virtual Network VN1 Site S1

R1 G1 ^NAT

R3

NAT

Site S2 H1

Virtual Network VN1

R2 R4

NAT

Site S2

G2 H2

Subnet 172.17/16 Subnet 172.16/16

H1 = 172.16.10.21

NATR4

Subnet 172.17/16 H2 = 172.17.11.32 Address translation rules for Virtual Network 1:

 Required conditions

Address-translation rules for Virtual Network 1:

LAN : 172.16/15 ←→ 150.24/15 : WAN … 1)

Required conditions

Identity of addresses: OIDs for the same object must be identical in all the sites.

Isolation of VNs: No other VN may use the same page (same

Isolation of VNs: No other VN may use the same page (same address range) in the WAN.

8

Example: Extranet-type Communication

 Hosts in S1 can communicate with hosts at S1 and S2.

 Hosts in S3 can communicate only with hosts at S1. … Hosts in S3 can communicate only with hosts at S1. …

Site S3

Virtual Network VN2 Address-translation

rules for Virtual Address-translation

rules for Virtual

Sit S1 ^R3

NAT

G3 H3

Subnet 10.1/16 H3 = 10 1 3 5 Virtual Network WAN

VN1

Network 2: 1, 2 Network 1: 1, 2, 3

Site S1

R1

R2 G1 ^NAT

R3 H1

H3 = 10.1.3.5

Subnet 172 16/16 Site S4

Virtual Network VN3

R2

NATR4 Subnet 172.16/16

H1 = 172.16.10.21 Site S4

G5 H5

Subnet 10.2/16

NAT

NAT

Address-translation rules:

LAN : 172.16/15 ←→ 150.24/15 : WAN … 1)

H5 = 10.2.7.9 Address-translation

9

) LAN : 10.1/16 ←→ 150.26/16 : WAN … 2) LAN : 10.2/16 ←→ 150.27/16 : WAN … 3)

rules for Virtual Network 3: 1, 3

Advantages of ATV

 No overhead and less redundancy in packets

No extra field, such as segment identifier, is required.

 Availability of WAN functions

Virtualized packets may utilize WAN functions because the packets

t l d

are not capsuled.

E.g. If the WAN is an IP network, the functions of ICMP or routing may be useful.

 Availability of NAT implementations

Conventional NAT implementations may be used.

 E.g. A high-performance carrier-grade (large-scale) NAT may be used.

Implementations may be modified because conventional NAT and address translation required for virtualization are different. q

10

Disadvantages of ATV

 Potentially large-memory-size and slow rate of processing

It requires a translation-rule table or translation logic.

 Restriction on OID formats

Address mapping may cause restrictions on the syntax or semantics of the OIDs (addresses).

 Possible conflict with WAN function

 Possible conflict with WAN function

VN functions may cause conflict with WAN functions because the packets are not capsuled.

E.g. If the WAN is an IP network, address translation may make routing work in an unexpected way on the VN.

11

Application To VM Migration (an experiment)

 The feasibility of ATV was tested using wide-area live- migration example.

 Wide-area live migration of VMs between data centers

can solve problems such as load balancing, disaster avoidance and

d i

recovery, and power saving.

causes “address warping” problem, which can be solved using ATV.

 Method

 Method

Site S3

Virtual Network VN1 Virtual Network VN2

Site S3

Virtual Network VN1 Virtual Network VN2

Before migration After migration Dynamially configured Dynamially

configured

R1 G1

NAT

R3

NAT

Site S3

H1 G3 H3

Subnet 10.1/16 H3 = 10.1.3.5 Subnet 172.16/16

VM1 = 172.16.10.21 Data Center DC1 WAN VM1

Migration Virtual Network VN2

150.25/16

R1 G1

NAT

R3

NAT

Site S3

H1 G3 H3

Subnet 10.1/16 H3 = 10.1.3.5 Subnet 172.16/16

VM1 = 172.16.10.21 Data Center DC1 WAN VM1

Migration Virtual Network VN2

150.25/16

R2 12

R4

NAT

NAT

G4 Subnet 172.16/16 Virtual Network VN3

Data Center DC2 H4

Migration

Site S5

G5 H5

Subnet 10.2/16 H5 = 10.2.7.9 150.28/16

R2 R4

NAT

NAT

G4 Subnet 172.16/16 Virtual Network VN3

Data Center DC2 H4

Migration

Site S5

G5 H5

Subnet 10.2/16 H5 = 10.2.7.9 150.28/16

Subnet 172.16/16 VM1 = 172.16.10.21

Subnet 172.16/16 VM1 = 172.16.10.21

Application To VM Migration (cont’d)

 Network structure

RARP capture and config tool

L3 switch (AX6608S) Translator 1

(PC) VMware

VCenter NAT rule configuration

g

Dynamially

L3 switch (AX6608S)

OSPF Translator 2

(PC) Server 1 with

VMware ESX Server Blade servers (BS2000)

Static routing

Dynamially configured

Server

Management

Migration VLAN _Static

Cli t

L3 it h (AX6608S) Server 2 with OSPF

S

VLAN routing Client

OSPF PC

L3 switch (AX6608S)

L3 switch (AX6608S) VMware ESX

Server Blade servers (BS2000)

 The VNs worked in an expected way.

13

Conclusion and Future Work

 Summary and conclusion

Two network virtualization (NV) architectures were described and compared: Network paging and network segmentation.

Network-paging-based (ATV) method was investigated.

 Intranet- and extranet-type communication methods based on this yp architecture were proposed.

ATV has several advantages compared to segmentation:

 less packet overheadless packet overhead

 flexible page size

 page-by-page processing

Network paging is a promising NV architecture

Network paging is a promising NV architecture.

 Future work

To develop and evaluate ATV-based methods and networks

To develop and evaluate ATV-based methods and networks.

14