Re: [vnrg] FW: Fwd: I-DAction:draft-jeong-vnrg-virtual-networks-ps-00.txt

[Vishwas Manral <vishwas.ietf@gmail.com>]

Hi Sanjing,

I found this NIST document and it seems to have a lot of relevent
points for your draft.

http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf

Thanks,
Vishwas

On Thu, Jan 6, 2011 at 7:33 AM, Sangjin Jeong <sjjeong@etri.re.kr> wrote:
> Hello Vishwas,
>
> Thanks for your comments and editorial suggestion.
> I generally agree with you.
> Please see inline.
>
>> Hi,
>>
>> I had a brief look at the document. I had a few comments on the same:
>>
>> 1. Introduction - We have talked about advantages of virtualization.
>> One of the big benefits of virtualization are the economy of scale. As
>> the CPU/ Memory is costs are decreasing, so using a system with higher
>> CPU and Memory is better then using 10 systems with 1/10 the memory.
>>
>> 1.1 Another advantage WRT physical infrastructure, I can see is that
>> we can partition resources into chunks that was not possible earlier.
>> So we can have links which are like 1.7 Mbps, which allows a higher
>> level of compartmentalization.
>>
>> 2. Introduction - From the way you are talking about network
>> virtualization, there is an overhead of resources required for the
>> physical topology connectivity, over which the virtual topology
>> resides.
>>
>> 2.2 A disadvantage I can see is that physical topology change will
>> cause effect to the virtual links, though the effects may not be
>> visible to the virtual topology itself.
>
> One of the ways to support virtualization is to adopt additional layer
> such as virtualization layer in resources. But, this approach can cause
> performance degradation due to the additional layer, as you pointed out.
> Also, the virtual networks will be affected by the change of physical
> network infrastructure, so how to provide dynamic reconfiguration of
> virtual networks without interruption of the operation is an important
> challenge.
>
>>
>> 3. A lot of routers have virtual router functionality, which allows
>> for sharing of resources, between various different instances, in a
>> non-interfering fashion, over the same OS instance though. We cannot
>> impose any virtual topology on the physical topology, but can be a
>> subset of the same. Another example of the same is Multitopology
>> extensions. You can talk about these things in the Motivation section
>> you mention.
>>
>> 4. I think one important aspect of isolation is to allow for
>> paritioning of resources so that one misbehaving resource does not
>> affect the other.
>
> Agree. Misbehavior of resource or virtual network such as security problem,
> overconsumption of physical resource, etc. should not be spread over other
> resources or networks.
>
>>
>> 5. From the management perspective, we need different layers of
>> management. One which partitions the physical resource to a virtual
>> resource, then each virtual resource needs an isolated manager.
>
> Managers (or management functions) for creating and managing the virtual
> networks are one of key components for supporting virtual networks. This
> management function can be included in virtualization layer or separate
> layer.
>
>>
>> 6. I think one of the important security issue is physical security
>> will no longer work. By adding a new layer virtualization increases
>> overload, as well as a new vector for security.
>
> Right. Introducing additional layer or management function can cause
> new security problems, for example, compromised management function may
> affect all the virtual resources over the physical resource.
>
> Also, I will incorporate editorial suggestions into the next version of
> the document.
>
> Regards,
> Sangjin
>
>>
>> Typo:
>>
>> 1. Abstract -  This document presents the definition and effectiveness
>> of virtual networks and discusses the key components and challenges of
>> supporting virtual networks on "physical network infrastructure".
>>
>> Added the words in "...".
>>
>> 2.
>>    s/ The virtual networks over physical infrastructure are completely
>> isolated each other, /  The virtual networks over physical
>> infrastructure are completely isolated from each other, /
>>
>> 3. s/ Virtualization resource is typically realized by adopting
>> virtualization layer in the physical resources,/ Virtualization of a
>> resource is typically realized by adopting virtualization layer in the
>> physical resources,/
>>
>> 4. s/efficient control of the virtual resources../ efficient control
>> of the virtual resources./
>>
>> Thanks,
>> Vishwas
>>
>> =============================================
>> Dear VNRG folks,
>>
>> As a follow-up of last Beijing meeting, we have developed a document that
>> investigates the definition, key components and challenges, and acid tests
>> for
>> virtual networks.
>>
>> Please find the document from link below.
>> Any comments are appreciated.
>>
>> Regards,
>> Sangjin
>>
>> ---------- Forwarded message ----------
>> From: <Internet-Drafts at ietf.org>
>> Date: Fri, Dec 24, 2010 at 5:00 PM
>> Subject: I-D Action:draft-jeong-vnrg-virtual-networks-ps-00.txt
>> To: i-d-announce at ietf.org
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>>
>> Title : Virtual Networks Problem Statement
>> Author(s) : S. Jeong, D. Colle
>> Filename : draft-jeong-vnrg-virtual-networks-ps-00.txt
>> Pages : 9
>> Date : 2010-12-23
>>
>> This document presents the definition and effectiveness of virtual
>> networks and discusses the key components and challenges of
>> supporting virtual networks in the networks. ?It also describes acid
>> tests for virtual networks.
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-jeong-vnrg-virtual-networks-ps-00.tx
>> t
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>
>