syslog
29Mar/111

End to end arguments in Virtualised System Design

We've come a long way in virtualisation (some would say around in a big circle, but that's a different blog entry). Now we have routine cloud services (commercial, public and private) based on VMs all over the place. We also have routine VPNs, at least in most layer 2 net setups, and (at much greater expense) as commercial offerings between large corporate sites.

What virtualisation does is combine two properties - statistical multiplexing (resource pooling) together with isolation (privacy). Some VMs and VPNs allow you to tune the amount of resource pooling (for a price) that you are prepared to tolerate.

What seems to be lacking is a seamless integration of VM and VPN, and it seems that it is not a trivial thing to solve in a clean way. Obviously, one can simply map a service (e.g. a large Skywriting app running on a set of data centers) to a VPN. But that isn't terribly useful in general. More typically if there are resource pooling design goals, they are more likely, in the network layer to lie in having a wide set of user demands from outside of the VPN (e.g. a hose or sink tree).

So what should virtualised host+net look like as a building block, and what should the tools be to "provision" such things in an expressive, checkable, and simple way?

 

Seems like this is a good current challenge... ...

Comments (1) Trackbacks (0)
  1. Relevant paper at NSDI 2011 on moving network management tasks into end-hosts (rather than central management). Example apps are NAT, IDS, web cache, bandwidth allocation. Downside: needs trusted computing chip…

    http://www.cs.umass.edu/~hardeep/ettm-nsdi.pdf


Leave a comment

No trackbacks yet.