1 / 9

State Migration

State Migration. Draft-gu-opsawg-policies-migration-01 Yingjie Gu. Internet Gateway2. Virtual Gateway 192.168.0.1/16. Network Architecture Example. VRRP. Internet Gateway1. GW. VPLS-PE1. VPLS-PE2. MPLS. Virtual Gateway 192.168.0.1/16. FW2. FW1. CE1 Agg . Switch. CE2

tender
Download Presentation

State Migration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. State Migration Draft-gu-opsawg-policies-migration-01 Yingjie Gu

  2. Internet Gateway2 Virtual Gateway 192.168.0.1/16 Network Architecture Example VRRP Internet Gateway1 GW VPLS-PE1 VPLS-PE2 MPLS Virtual Gateway 192.168.0.1/16 FW2 FW1 CE1 Agg. Switch CE2 Agg. Switch L2 Network TOR TOR IP:192.168.1.0/16 GW:192.168.0.1 IP:192.168.1.0/16 GW:192.168.0.1 IP:192.168.2.0/16 GW:192.168.0.1 TOR VM41 VM42 VM1 VM2 VM21 VM22 … … VM8 VM28 VM1 : 192.168.1.1 VM21 : 192.168.2.21

  3. Internet Gateway2 Virtual Gateway 192.168.0.1/16 Use Case 1: Intra-communication VRRP Internet Gateway1 GW VPLS-PE1 VPLS-PE2 MPLS Virtual Gateway 192.168.0.1/16 (3) Routed to new location Session Table No VM21->VM1 Record Session Table VM21->VM1 Status CE1 CE2 (1) L2 Network TOR TOR IP:192.168.1.0/16 GW:192.168.0.1 IP:192.168.1.0/16 GW:192.168.0.1 IP:192.168.2.0/16 GW:192.168.0.1 TOR VM41 VM42 VM1 VM21 (2) VM Live Migration

  4. Internet Gateway2 Virtual Gateway 192.168.0.1/16 Use Case 2: Extra-communication VRRP Internet Gateway1 GW VPLS-PE1 VPLS-PE2 MPLS Virtual Gateway 192.168.0.1/16 Session Table VM21->VM1 Status FW2 FW1 Session Table No VM21->VM1 Record CE1 Agg. Switch CE2 Agg. Switch (1) L2 Network TOR TOR IP:192.168.1.0/16 GW:192.168.0.1 IP:192.168.1.0/16 GW:192.168.0.1 IP:192.168.2.0/16 GW:192.168.0.1 TOR VM41 VM42 VM1 … (2) VM Live Migration

  5. Scope • State Migration • To migrate flow-coupled state on Firewall, e.g. Session Table, while the specific flow is still running. • Currently, we consider state migration in the following scenarios: the source and destination Firewall are • 1) within the same DC, same administration domain, and same/different subnets; • 2) belong to different DCs, which is under different administration domains and same/different subnets;

  6. Analyze the Problem • Communication for State Migration: • Firewall Capability • Source Firewall Location • Destination Firewall Location • VM IP Address • And State Transfer Coordinator Firewall • Notification of VM Migration event: • VM Identity (IP Address or VMID) • Source VM Location • Destination VM Location • Stage of VM Live Migration VM migration notifier

  7. Gap analysis with existing protocols Blue: ForCES can support Green: New features ForCES lacks Notification of VM Migration event • Gap analysis is made on MIDCOM, ForCES, and PCP • Got feeling that ForCES could provide a basic mechanism for state migration. • Firewall Capability • VM IP Address • Source Firewall Location • Destination Firewall Location Coordinator • Flow-coupled state LIVE migration Firewall Firewall ForCES State Migration We solicit ForCES Experts to join us to figure out how much we can reuse ForCES.

  8. Backup slide

  9. Characteristic of Flow-coupled State Live migration Time to pre-copy Firewall state Flow-coupled state keep changing during the moment Best time to Final-copy Firewall State

More Related