Re: [vnrg] Some more Acid tests & VN principles
Sunay Tripathi <sunay.tripathi@gmail.com> Wed, 10 November 2010 03:35 UTC
Return-Path: <sunay.tripathi@gmail.com>
X-Original-To: vnrg@core3.amsl.com
Delivered-To: vnrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 18F573A682B for <vnrg@core3.amsl.com>; Tue, 9 Nov 2010 19:35:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AEHi9zDsELo6 for <vnrg@core3.amsl.com>; Tue, 9 Nov 2010 19:35:24 -0800 (PST)
Received: from mail-pw0-f54.google.com (mail-pw0-f54.google.com [209.85.160.54]) by core3.amsl.com (Postfix) with ESMTP id B56DE3A682A for <vnrg@irtf.org>; Tue, 9 Nov 2010 19:35:24 -0800 (PST)
Received: by pwi10 with SMTP id 10so38729pwi.13 for <vnrg@irtf.org>; Tue, 09 Nov 2010 19:35:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=V1HcRdMlw/YBfb6RUYVamm3gY/R0ziWpYxJorhnXARE=; b=lYYTZdsKlQjP0ZlaZOi0Py8PlqcdyxL/8m3OuETRgWW8Bslcx4aZmPE60iS3R4L3Yy e7IsYdtv5aSWxHYeH1E/qzn6b+jO+QmoUE4mtr7LxtTt5FWNIfvrkDnBRx0yDyBwxxw2 ZEIcAGkvP62x9moD65fDAYMGGonKtne1kb8MI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=FG9atJVXnVe6nLBuh7E8zj9DNsG/X7Yj+hoFtrQDDmnIQTbHvTkr7LyjrK3B4dooa4 js0I+xWT1oes7NlF8gWXbS0mQ7jJPbR/uTrjOBh+v9DIP0l26cENt0aFB9bgYqvkNZKu mDhTXvVODck/JFLWIrw502RBwoUTId3zNaf1s=
Received: by 10.143.34.4 with SMTP id m4mr7325161wfj.18.1289360150343; Tue, 09 Nov 2010 19:35:50 -0800 (PST)
Received: from [192.168.1.9] (173-164-164-42-SFBA.hfc.comcastbusiness.net [173.164.164.42]) by mx.google.com with ESMTPS id y42sm208950wfd.10.2010.11.09.19.35.48 (version=SSLv3 cipher=RC4-MD5); Tue, 09 Nov 2010 19:35:49 -0800 (PST)
Message-ID: <4CDA0F16.9060606@gmail.com>
Date: Tue, 09 Nov 2010 19:18:46 -0800
From: Sunay Tripathi <sunay.tripathi@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.9.1.7) Gecko/20100214 Lightning/1.0b1 Thunderbird/3.0.1
MIME-Version: 1.0
To: Roland Bless <roland.bless@kit.edu>
References: <4CD99BDD.2050208@gmail.com> <4CD9D503.7050002@kit.edu>
In-Reply-To: <4CD9D503.7050002@kit.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: vnrg@irtf.org
Subject: Re: [vnrg] Some more Acid tests & VN principles
X-BeenThere: vnrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Virtual Networks Research Group \(VNRG\) discussion list" <vnrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/vnrg>, <mailto:vnrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/vnrg>
List-Post: <mailto:vnrg@irtf.org>
List-Help: <mailto:vnrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/vnrg>, <mailto:vnrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2010 03:35:26 -0000
Hi Roland,
On 11/ 9/10 03:10 PM, Roland Bless wrote:
> Hi Sunay,
>
> On 09.11.2010 20:07, Sunay Tripathi wrote:
>> So looking at the Acid tests so far and VN principles, it seems like
>> we need to tighten the isolation case a bit more. Specifically, just
>> putting a Virtual Output Queue (VoQ) per VN on each link to provide
>> isolation is not cutting it. The isolation (which translates
>> into per packet latency and B/W) needs to be on a VN fabric level
>> rather than on individual link level. Basically the VN should
>> mirror the non virtualized physical network of same capacity i.e.
>> a VN for 1Gbps on a 10Gbps network should see same or better
>> behavior than if it was on a physical 1Gbps switch fabric by
>> itself. This does need the network elements like switches and
>> routers to do more work.
>
> I don't agree on this, because it's too restrictive IMHO.
> A chance for VNets is that they permit to use a different
> virtual link QoS, too, even if it is not exactly the same
> QoS as a real physical substrate provides. For instance,
> consider that an infrastructure provider can exploit some
> statistical multiplexing gain by multiplexing several virtual
> links over the same physical link, offering lower QoS
> (maybe only a statistical guarantee) at lower costs.
Yes, but then it is not isolation at VNet level but more at
individual component level. So coming back to my favorite
example, what happens when virtual machines for two different
virtual networks are trying to send packets out of the same
egress link. The cumulative egress B/W for one Vnet on that
egress would have been within its quota but the traffic for
other Vnet causes the link capacity to exceed. On their
individual ingress policy basis, the offending vnet
might be within its QoS limits but collectively the traffic is
over the quota on the egress link. Which means that switching
fabric will drop traffic for both vnets (based on RED) and
our isolation axiom doesn't hold.
But I do agree with you that this is much harder to implement
(although not impossible). We do want to exploit the
benefits of statistical multiplexing. Absolutely for it
when possible but we do want to make sure that vnets
operating within their set limits are isolated for other
offending vnets.
> In my view, a virtual network consists of virtual
> nodes and virtual links that connect the virtual nodes.
> So a VNet at "network layer" provides logical/direct
> point-to-point connections between the virtual nodes.
> Which underlying substrate network technology is used
> to provide the virtual link between to virtual nodes
> (which are hosted on substrate nodes) may vary widely,
> for example it could be a TCP connection,
> an IP-based tunnel (e.g., L2TP),
> an MPLS LSP, a dedicated L2 connection, a VLAN,
> some wave length on a WDM connection, or even shared
> memory if the virtual nodes are hosted on the same physical
> host. Similarly, what is running inside the virtual node
> is completely independent of the substrate technology,
> e.g., it could be the same technology or some future
> networking layer.
>
> Coming back to your proposal: I find it valuable to
> realize a virtual 100 Mbit/s link using an IP-tunnel
> within an EF-PHB over a 1 Gbit/s physical network.
> The DiffServ-based QoS may not be comparable to a
> dedicated 100 Mbit/s physical link, but may be good
> enough for most uses and may span a much larger
> distance and may be less expensive to realize.
Like I said before, promise me 100 Mbps and give me
1Gbps and I am happy. Promise me 100Mbps and give me
50Mbps, and I am very unhappy. As Robert mentioned, we
are talking to several cloud operators who want to
deploy vnets for their end customers. Some of these
requirements came from there. Making the cloud operators
happy would be a good use case of the VNRG effort.
>> The other thing is related to management. A VN administrator
>> needs to be able to administer his resources and name space
>> independently.
>
> Independently of what? Independently of what is running as
> substrate technology, yes.
Yes. But it is easier said than done. For true virtualization,
the VN administrator should be assigned physical resources
(which links he can use, B/W, etc) but then be allowed to
create Virtual Machines with his own MAC addresses or use
his vlan tags.
I think the fundamental question that we need to agree on
is what is it that we want to virtualize? Is the L2
resources partitioned allowing the L3 to get virtualized?
Perhaps one proposal for a Vnet would be:
1) L2 resources (substrate) are partitioned i.e. VLAN tags
or set of VLAN tags are assigned to a vnet
2) A set of MAC addresses are assigned to vnet or perhaps a
MAC address prefix (IP style) is assigned to the vnet.
3) Also assigned are physical resources where possible
(space in flow table to configure openflow style flows,
bandwidth, etc) per vnet.
These can collectively be termed as Virtual Resource Group
(VRG) and the control for this is handed to the vnet
administrator. At this point, L3 is fully virtualized
(barring few caveats) and each vnet administrator can deploy
his IP subnets, dhcp servers, virtual routers, etc. The
acid test can much easier fall out if we put a stake in
the ground as to what is being partitioned and what gets
virtualized.
There are more complicated scenarios but if there is some
acceptance, we can probably start with the simplistic
scenarios and expand on that.
>
>> But the issue that is bogging us down is what is the non virtualized
>> part that ties entities to VN and allows the H/W to enforce the
>> virtualization - is it the MAC address? Is it the VLAN? The problem
>> with VLAN is that most hosts don't support Q-in-Q. Do people
>> have thoughts on this?
>
> As I said: substrate technologies to realize virtual links may vary
> widely, this also implies different isolation properties.
I think we need to define what you are terming as substrate first.
Not sure if there were any discussions f2f but I don't see much on
the mailing list and hence the open ended questions.
Cheers,
Sunay
- [vnrg] Some more Acid tests & VN principles Sunay Tripathi
- Re: [vnrg] Some more Acid tests & VN principles Robert Drost
- Re: [vnrg] Some more Acid tests & VN principles Roland Bless
- Re: [vnrg] Some more Acid tests & VN principles Roland Bless
- Re: [vnrg] Some more Acid tests & VN principles Sunay Tripathi