虛擬化技術

Virtualization Techniques

Network Virtualization
Introduction
 Agenda
• Introduction
• External network virtualization
 What to be virtualized
• Network device virtualization
• Network data path virtualization
 How to be virtualized
• Protocol approach
• Internal network virtualization
 KVM approach
 Xen approach
 Case study

2
Introduction
External network virtualization
Internal network virtualization

NETWORK VIRTUALIZATION
 Introduction
• What is computer network ?
 A computer network, often simply referred to as a network, is a
collection of computers and devices interconnected by
communications channels that facilitate communications among
users and allows users to share resources.
• Why should we study network ?
 Computer networks are used for communication and coordination,
as well as commerce by large as well as small organizations.
 Computer networks and the Internet is a vital part of business
infrastructure.
 Network Protocol and Model
• Network protocol
 Rules and procedures governing transmission between computers
 Used to identify communicating devices, secure attention of
intended recipient, check for errors and re-transmissions
 All computers using a protocol have to agree on how to
code/decode the message, how to identify errors, and steps to take
when there are errors or missed communications

Computer
System Protocol

Delivery Protocol

Packaging Protocol
Network Protocol and Model
 Network Topologies
• Topologies
 Topology refers to the physical or logical layout of the computers in
a particular network.
 Commonly used topologies are star, bus and ring.
 Network Types
• LANs and WANs
 Local area network
• Network of computers and other devices within a limited distance
• Use star, bus or ring topologies
• Network interface cards in each device specifies transmission rate,
message structure, and topology
• Network operating system routes and manages communications and
coordinates network resources
 Wide area network
• Network of computers spanning broad geographical distances
• Switched or dedicated lines
• Firms use commercial WANs for communication
 Network Architecture
• Packet switching
 Message/Data is divided into fixed or variable length packets
 Each packet is numbered and sent along different paths to the
destination
 Packets are assembled
at the destination
 Useful for continued
message transmission
even when part of the
network path is
broken
 Network Architecture

Connect two networks

 Network Architecture

Connect multiple networks

 Network Architecture

Connect multiple networks

 Network Architecture
Connect multiple networks
 Network Architecture
The simple view of Internet
Network Design Rules

• Hierarchical approach
 Traffic is aggregated hierarchically
from an access layer into a layer of
distribution switches and finally
onto the network core.
 A hierarchical approach to
network design has proven to
deliver the best results in terms of
optimizing scalability, improving
manageability, and maximizing
network availability.
 Network Virtualization
• What is network virtualization ?

16
 Network Virtualization
• What is network virtualization ?
 In computing, network virtualization is the process of combining
hardware and software network resources and network
functionality into a single, software-based administrative entity, a
virtual network.

• Two categories :
 External network virtualization
• Combine many networks, or parts of networks, into a virtual unit.
 Internal network virtualization
• Provide network-like functionality to the software containers on a single
system.
 Network Virtualization
• Desirable properties of network virtualization :
 Scalability
• Easy to extend resources in need
• Administrator can dynamically create or delete virtual network connection
 Resilience
• Recover from the failures
• Virtual network will automatically redirect packets by redundant links
 Security
• Increased path isolation and user segmentation
• Virtual network should work with firewall software
 Availability
• Access network resource anytime

18
 Network Virtualization
• External network virtualization in different layers :
 Layer 1
• Seldom virtualization implement in this physical data transmission layer.
 Layer 2
• Use some tags in MAC address packet to provide virtualization.
• Example, VLAN.
 Layer 3
• Use some tunnel techniques to form a virtual network.
• Example, VPN.
 Layer 4 or higher
• Build up some overlay network for some application.
• Example, P2P.
 Network Virtualization
• Internal network virtualization in different layers :
 Layer 1
• Hypervisor usually do not need to emulate the physical layer.
 Layer 2
• Implement virtual L2 network devices, such as switch, in hypervisor.
• Example, Linux TAP driver + Linux bridge.
 Layer 3
• Implement virtual L3 network devices, such as router, in hypervisor.
• Example, Linux TUN driver + Linux bridge + iptables.
 Layer 4 or higher
• Layer 4 or higher layers virtualization is usually implemented in guest OS.
• Applications should make their own choice.
Introduction
External network virtualization
Internal network virtualization

NETWORK VIRTUALIZATION
 Network Virtualization

• Two virtualization components :

 Device virtualization
• Virtualize physical devices in the
network
 Data path virtualization
• Virtualize communication path Data Path
between network access points
Router

Switch
22
 Network Virtualization
• Device virtualization
 Layer 2 solution  Layer 3 solution 3
• Divide physical switch into • VRF technique
multiple logical switches. ( Virtual Routing and Forwarding )
• Emulate isolated routing tables
within one physical router.

23
 Network Virtualization
• Data path virtualization
 Hop-to-hop case
• Consider the virtualization
applied on a single hop data-
path.

 Hop-to-cloud case
• Consider the virtualization
tunnels allow multi-hop data-
path.

24
 Network Virtualization
• Protocol approach
 Protocols usually use for data-path virtualization.
 Three implementations
• 802.1Q – implement hop to hop data-path virtualization
• MPLS ( Multiprotocol Label Switch ) – implement router and switch
layer virtualization
• GRE (Generic Routing Encapsulation ) – implement virtualization among
wide variety of networks with tunneling technique.

25
 Network Virtualization
• 802.1Q
 Standard by IEEE 802.1
 Not encapsulate the
original frame
 Add a 32-bit field
between MAC address and
EtherTypes field
• ETYPE(2B): Protocol
identifier
• Dot1Q Tag(2B): VLAN
number, Priority code
CE: Customer Edge router
PE: Provider Edge router
26
 Network Virtualization
• Example of 802.1Q

VN 1

Source destination

Physical Network

VN 2

27
Source destination
 Network Virtualization
• MPLS ( Multiprotocol Label Switch )
 Also classified as layer 2.5 virtualization
 Add one or more labels into package
 Need Label Switch Router(LSR) to read MPLS header

28
 Network Virtualization
• Example of MPLS
5
4 VN 1
2
7 9
8

LSR Physical Network

LER LER
CE LSR CE
LER
CE
5 VN 2
4 2
7
9
29
 Network Virtualization
• GRE ( Generic Routing Encapsulation )
 GRE is a tunnel protocol developed by CISCO
 Encapsulate a wide variety of network layer protocols inside virtual
point-to-point links over an Internet Protocol internetwork
 Stateless property
• This means end-point doesn't keep information about the state

Built Tunnel

30
Introduction
External network virtualization
Internal network virtualization

NETWORK VIRTUALIZATION
 Internal Network Virtualization
• Internal network virtualization
 A single system is configured with containers, such as the Xen
domain, combined with hypervisor control programs or pseudo-
interfaces such as the VNIC, to create a “network in a box”.
 This solution improves overall efficiency of a single system by
isolating applications to separate containers and/or pseudo
interfaces.
 Virtual machine and virtual switch :
• The VMs are connected logically to each other so that they can send data
to and receive data from each other.
• Each virtual network is serviced by a single virtual switch.
• A virtual network can be connected to a physical network by associating
one or more network adapters (uplink adapters) with the virtual switch.
 Internal Network Virtualization
• Properties of virtual switch
 A virtual switch works much like a physical Ethernet switch.
 It detects which VMs are logically connected to each of its virtual
ports and uses that information to forward traffic to the correct
virtual machines.

• Typical virtual network configuration

 Communication network
• Connect VMs on different hosts
 Storage network
• Connect VMs to remote storage system
 Management network
• Individual links for system administration
Internal Network Virtualization
Network virtualization example form VMware
 KVM Approach
• In KVM system
 KVM focuses on CPU and memory virtualization, so IO
virtualization framework is completed by QEMU.
 In QEMU, network interface of virtual machines connect to host by
TUN/TAP driver and Linux bridge.
• Virtual machines connect to host by a virtual network adapter, which is
implemented by TUN/TAP driver.
• Virtual adapters will connect to Linux bridges, which play the role of
virtual switch.
 KVM Approach
• TUN/TAP driver
 TUN and TAP are virtual network kernel drivers :
• TAP (as in network tap) simulates an Ethernet device and operates with
layer 2 packets such as Ethernet frames.
• TUN (as in network TUNnel) simulates a network layer device and
operates with layer 3 packets such as IP.

 Data flow of TUN/TAP driver

• Packets sent by an operating system via a TUN/TAP device are delivered to
a user-space program that attaches itself to the device.
• A user-space program may pass packets into a TUN/TAP device. TUN/TAP
device delivers (or "injects") these packets to the operating system
network stack thus emulating their reception from an external source.
KVM Approach
 KVM Approach
• Linux bridge
 Bridging is a forwarding technique used in packet-switched
computer networks.
 Unlike routing, bridging makes no assumptions about where in a
network a particular address is located.
 Bridging depends on flooding and examination of source addresses
in received packet headers to locate unknown devices.
 Bridging connects multiple network
segments at the data link layer
(Layer 2) of the OSI model.
 KVM Approach
TAP/TUN driver + Linux Bridge
 Xen Approach
• In Xen system
 Since implemented by para-virtualization, guest OS loads modified
network interface drivers.
 Modified network interface drivers, which act as TAP in KVM
approach, communicate with virtual switches in Dom0.
 Virtual switch in Xen can be
implemented by Linux bridge
or work with other approaches.
 Xen Approach
Detail in Xen System
 Xen Approach
• Some performance issues :
 Page remapping
• Hypervisor remaps memory page
for MMIO.
 Context switching
• Whenever packets sent, induce
one context switch from guest to
Domain 0 to drive real NIC.
 Software bridge management
• Linux bridge is a pure software
implementation.
 Interrupt handling
• When interrupt occur, induce one
context switch again.
 Xen Approach
• Improve Xen performance by software
 Large effective MTU
 Fewer packets
 Lower per-byte cost
 Xen Approach
• Improve Xen performance by hardware
 CDNA (Concurrent Direct Network Access) hardware adapter
 Remove driver domain from data and interrupts
 Hypervisor only responsible for virtual interrupts and assigning
context to guest OS
 Case Study

• VMware offer a hybrid

solution of network
virtualization in Cloud.
 Use redundant links to
provide high availability.
 Virtual switch in host OS
will automatically detect
link failure and redirect
packets to back-up links.
 Network Virtualization Summary
• Virtualization in layers
 Usually in Layer 2 and Layer 3
• External network virtualization
 Layer 2
• 802.1q
 Layer 3
• MPLS, GRE
• Internal network virtualization
 Traditional approach
• TAP/TUN + Linux bridge
 New technique
• Virtual switch
 Reference
• Books :
 Kumar Reddy & Victor Moreno, Network Virtualization, Cisco Press 2006

• Web resources :
 Linux Bridge http://www.ibm.com/developerworks/cn/linux/l-tuntap/index.html
 Xen networking http://wiki.xensource.com/xenwiki/XenNetworking
 VMware Virtual Networking Concepts
http://www.vmware.com/files/pdf/virtual_networking_concepts.pdf
 TUN/TAP wiki http://en.wikipedia.org/wiki/TUN/TAP
 Network Virtualization wiki http://en.wikipedia.org/wiki/Network_virtualization

• Papers :
 A. Menon, A. Cox, and W. Zwaenepoel. Optimizing Network Virtualization in Xen.
Proc. USENIX Annual Technical Conference (USENIX 2006), pages 15–28, 2006.