1 / 29

Performance of Xen’s Secured Virtual Networks

Performance of Xen’s Secured Virtual Networks. Emanuele Cesena <cesena@mat.uniroma3.it> Paolo Carlo Pomi <paolo.pomi@polito.it> Gianluca Ramunno <ramunno@polito.it> Davide Vernizzi <davide.vernizzi@polito.it>. Outline. Introduction

duggins
Download Presentation

Performance of Xen’s Secured Virtual Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Performance of Xen’s Secured Virtual Networks Emanuele Cesena <cesena@mat.uniroma3.it> Paolo Carlo Pomi <paolo.pomi@polito.it> Gianluca Ramunno <ramunno@polito.it> Davide Vernizzi <davide.vernizzi@polito.it>

  2. Outline • Introduction • Experiments • Model • Security mechanism • Conclusion

  3. Introduction

  4. Motivations • Server consolidation • Planning • Model of virtual network • Emulation • Comparison

  5. Virtualization • “Technique for dividing the resources of a computer into multiple execution environments called virtual machines (VMs)” (A. Singh) • Full virtualization • Complete emulation of the underlying hardware • Unmodified operating system in the VM • Paravirtualization • VM needs a modified OS • Best performance, close to native

  6. Virtualization: XEN • XEN is a free Virtual Machines Monitor (hypervisor) • x86, Intel Itanium, PowerPC platforms • Paravirtualization, full virtualization (hw support) • Very low overhead when paravirtualized: average 3-5% • Virtual machines • Domain-0: privileged VM • Direct access to hardware • Direct interface to the hypervisor • Guest domains

  7. Domain 0 Guest 1 Guest 2 vif1.0 vif2.0 eth0 eth0 XEN hypervisor Virtual Network in XEN • Network interfaces • Front-end within VM: eth0 • Back-end in Domain-0: virtual interface (vif) • Connection between netfront and netback provided by the hypervisor

  8. Domain 0 physical world switch peth0 br0 eth0 Dom-0 vif0.0 vif1.0 Guest 1 vif2.0 Guest 2 XEN hypervisor Virtual Network in XEN • Virtual Network • Domain-0 manages all the netbacks • Bridge as “L2-switch”

  9. Guest 1 Guest 2 Domain 0 br0 eth0 eth0 vif1.0 vif2.0 Virtual Network in XEN • Example: Guest 1 sends a packet to Guest 2 • packet created within Guest 1 stack • copied from FE to BE via page flipping • forwarded through the bridge • copied from BE to FE, then received by Guest 2 • we call this a virtual link

  10. Experiments

  11. Experiments • HP Compaq dc7700 • Intel Core2 Duo 2.13 GHz • RAM: 2GB • XEN 3.0.4 • Linux kernel 2.6.20 • 10 Virtual Machines (guests) • RAM: 128 MB • Linux kernel 2.6.20 • minimal Debian installation • IPerf to test network bandwidth

  12. Client Guest 1 bridge Server Guest 1 Client Guest 2 Server Guest 2 Client Guest 3 Server Guest 3 Client Guest 4 Server Guest 4 Client Guest 5 Server Guest 5 Experiments: Virtual Network • Simple topology • All VMs connected to the same bridge

  13. Client Guest 1 bridge Server Guest 1 Client Guest 2 Server Guest 2 Client Guest 3 Server Guest 3 Client Guest 4 Server Guest 4 Client Guest 5 Server Guest 5 Experiments: Virtual Network • Simple topology • All VMs connected to the same bridge • Up to 16 virtual links • IPerf TCP channels • Example with 7 links

  14. Experiments: tests • SMP disabled • SMP enabled • Static domain scheduling • 10 iterations for each experiment • 1 minute per link • Samples every 5 sec • Average value

  15. Experiments: Results • NoSMP vs. SMP

  16. Experiments: Results • Dynamic scheduling vs Static scheduling

  17. Model

  18. Model: assumptions • Simple resource model • Single type of resource • Resources completely separated in system and network • Network described by the number of virtual links • Bandwidth equally distributed among links

  19. Bandwidth Network resources System resources F M Total resources K n links Model • M: maximal total bandwidth • M – K: minimal total bandwidth • F(n): total bandwidth

  20. Model • Model curve vs. experimental data: error less than 2%

  21. Security mechanisms

  22. Security mechanisms • Adding security brings • More workload • More networking • We focused on increase of number of links (eg. firewalls)

  23. Security mechanisms • Number of links increases by a factor s • Depending on topology • Depending on the security mechanism • The model allows prediction on the loss of bandwidth

  24. Model application 1/2 • Scenario: server consolidation • Computation power available • The virtual network must supply the physical interface • If the virtual network is well-designed, the virtual network supports the transaction

  25. Model application 2/2 • What happens if we introduce a firewall? • Applying the model we can esteem the resulting bandwidth

  26. Conclusions

  27. Future works • Improve the model • Relax assumptions • Forecast parameters without experiments • Validate the model • Other architecture • Other security solutions • Improve Xen • D2D communication • Optimization

  28. Conclusions • We developed a simple (but still effective) model • Explain how virtual network works in Xen • Foresee performance of the virtual network • Planning • Impact of security solutions • We show the limits of current Xen’s implementation and suggested improvements

  29. Thank youAny question?

More Related