Network Working Group S. Jeong Internet-Draft M-K. Shin Intended status: Informational ETRI Expires: January 14, 2011 T. Egawa NEC H. Otsuki NiCT July 13, 2010 Network Virtualization Problem Statement draft-shin-virtualization-meta-arch-02.txt Abstract This document analyzes and discusses the problem space of supporting network virtualization in the networks. Furthermore, some key requirements for enabling network virtualization in the networks are investigated and described. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 14, 2011. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Jeong, et al. Expires January 14, 2011 [Page 1] Internet-Draft Network Virtualization PS July 2010 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Definition of Network Virtualization and Virtual Networks . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. Effectiveness of Virtual Networks . . . . . . . . . . . . . 5 2. Problem Statement for Network Virtualization . . . . . . . . . 5 3. Requirements for Network Virtualization . . . . . . . . . . . . 6 4. Applicability and Use Cases . . . . . . . . . . . . . . . . . . 8 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 9 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 9 7. Informative References . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 Jeong, et al. Expires January 14, 2011 [Page 2] Internet-Draft Network Virtualization PS July 2010 1. Introduction The main objectives of virtualization are to create multiple logical instances of the resources that can coexist, to separate the uses of the logical instances, and to simplify the use of the underlying resources by abstracting the characteristics and interacting with the resources with limited abstracted knowledge. The followings list the benefits of virtualization. o Partitioning: Multiple applications or operating systems can be simultaneously supported within a single physical resource. Multiple physical resources can be consolidated into virtual resources on either a scale-up or scale-down architecture. A typical example is to construct a uniform pool by aggregating multiple computing resources and to allocate the resources to virtual resources in a controlled manner. o Isolation: Virtual resources can be completely isolated from the physical resource or other virtual resources in the physical resource. Even though a virtual resource crashes, the others are not affected. Data in one virtual resource do not leak across virtual resources and applications can only communicate over configured network connections. Unauthorized accesses to other virtual resources are prohibited. o Abstraction: The detailed information of the physical resource can be abstracted so that other systems, applications, or users access the capabilities of resources by using abstracted interfaces. These interfaces can guarantee compatibility for accessing the virtual resources and provide an efficient control of the virtual resources. The virtualization technology has been extensively studied for decades from desktop virtualization, application virtualization, system virtualization, link virtualization to storage virtualization. All the virtualization technologies above have relationship with network virtualization technology, but from the simplified view the network elements may be seen as systems with links. Thus, the network virtualization would be expected to be realized on the basis of traditional virtualization technologies, especially system and link virtualization. The system virtualization is the ability to run an entire virtual system with its own guest OS over another OS or over a bare-machine. So, it allows multiple virtual systems with heterogeneous guest OSes to run in isolation on the same physical system. Each virtual system has its own set of virtual hardware and can be accessed independently. Thus, each virtual system can participate in constructing and providing independent virtual Jeong, et al. Expires January 14, 2011 [Page 3] Internet-Draft Network Virtualization PS July 2010 networks. The virtual system can utilize consistent, normalized set of hardware regardless of the characteristics of physical hardware specification. The advantages of system virtualization are as follows. These advantages can be applied to network virtualization. o Since several virtual systems share a single set of hardware, it is possible to achieve better resource utilization and to lower hardware cost. o Secure environment can be provided among virtual systems because each system is isolated from the others. o System virtualization can provide normalized set of interfaces and make it easier to provision virtual systems. Also, it support seamless migration of virtual systems by setting up a virtual system using a pre-existing template and shifting virtual system from one physical system to another to balance workloads or improve efficiency. This document analyzes and discusses the problem space of supporting virtual networks in the network infrastructures by using network virtualization technology. Furthermore, some high level requirements for realizing network virtualization are investigated and described. 1.1. Definition of Network Virtualization and Virtual Networks Network virtualization is the technology that enables the creation of logically isolated network partitions over shared physical network infrastructures so that multiple heterogeneous virtual networks can simultaneously coexist over the shared infrastructures. Also, network virtualization allows the aggregation of multiple resources and makes the aggregated resources appear as a single resource [2]. A virtual network is a logical partition of a physical or logical network and its capability is the same as or subset of the network. Also, the virtual network may expand its capability by aggregating the capabilities of multiple networks. From the user's point of view, the virtual network can be seen as a non-virtualized network. The key components of virtual networks include traditional network elements, such as hosts, routers, links, etc. In addition to them, methods for creating and managing the virtual networks are also included. The virtual network management methods create logical partitions in the components and connect those partitions in order to construct a virtual network. The virtual network can be connected with non-virtualized components. Users can see the virtual network Jeong, et al. Expires January 14, 2011 [Page 4] Internet-Draft Network Virtualization PS July 2010 as a non-virtualized dedicated network, so they can perform any actions such as deploy new services, network architectures, etc. as if they own the dedicated network. 1.2. Effectiveness of Virtual Networks Virtual networks can be used for the same purposes as non-virtualized networks without interfering the operation of other virtual networks while sharing the key components among virtual networks. Therefore, the coexistence of multiple virtual networks is possible. The virtual networks over physical infrastructure are completely isolated each other, so different virtual networks may use different network technologies, for example, different protocols and packet formats or even defining a new layering architecture can be supported on each virtual network without interfering the operation of other virtual networks. In other words, each virtual network can provide the corresponding user group with full network services similar to those provided by a traditional non-virtualized network. From the users' perspective, each user accesses a dedicated network independently. Also, network virtualization can reduce the total cost by increasing the utilization of resources [1]. 2. Problem Statement for Network Virtualization Network virtualization allows multiple heterogeneous virtual networks that are isolated and independently manageable to coexist over shared physical infrastructures. Since each virtual network can utilize different network architectures, the shared network infrastructure may support the architecture of multiple architectures. For example, by utilizing network virtualization technology, different virtual networks can provide different end-to-end packet delivery systems and may use different protocols and packet formats [1]. This may provide a way to de-ossify the current network architectures. As discussed in the previous section, network virtualization has three typical characteristics, partitioning, isolation, and abstraction. Although the current virtual network technologies, for example, VPNs support partitioning and isolation capabilities but the supported capabilities may not complete and possibly need more improvement. Similarly, there are other technologies that support some of network virtualization characteristics, but these technologies are not complete from the view point of virtual network and network virtualization definition. The followings investigate the problem spaces for network virtualization. Jeong, et al. Expires January 14, 2011 [Page 5] Internet-Draft Network Virtualization PS July 2010 o Performance: Virtualization is typically realized by adopting virtualization layer in the physical resources, so network virtualization also can require virtualization layer for creating and managing the virtual networks. Therefore, the performance of the virtual networks may not be as good as the non-virtualized network and how to reduce the performance degradation is a challenge. o Isolation: Multiple virtual networks coexist over the key components of virtual networks, so isolation among the virtual networks is the challenge. The isolation includes various aspects such as security isolation, performance isolation, etc. Since multiple virtual networks exist over shared physical infrastructures, unexpected behavior of a virtual network may affect other coexisting services and may cause security problems, performance degradation of other services, and so on. How to guarantee isolation of virtual networks by creating isolated virtual network environments between users belonging to separate groups is a key challenge. o Flexibility: After creating a virtual network based on user's requirements, the requirements can be changed. In that case, it will be necessary to modify the capability of the virtual network. The update of virtual network's capability may be done dynamically and without interrupting the operation of the current virtual network. o Scalability: How many virtual networks can be simultaneously existed or how many key components can be connected and managed are problems. o Aggregation: One of features of network virtualization is to offer logical resources encompassing the physical capability of the resources by aggregating multiple resources into single resource. Supporting the aggregation is a one of the challenges. o Management: Since each virtual network can be separately configured and managed, how to provide independent management functions for each virtual network is a challenge. Also, the management functions need to collaborate with the management for the physical infrastructures. 3. Requirements for Network Virtualization The following list discusses high level requirements, which need to be supported by the network to provide network virtualization features. Jeong, et al. Expires January 14, 2011 [Page 6] Internet-Draft Network Virtualization PS July 2010 o Network virtualization should simulataneously support the multiple virtual networks over shared network infrastructures. o network virtualization should provide methods to aggregatie multiple resources into single logical resource. o Virtual networks can be multiplexed over a shared network infrastructure. However, this can be liable to restrict network performance and cause instability due to interference by other virtual networks. The network virtualization should be capable of providing the complete isolation among virtual networks. o The virtual network may want to avoid complex physical network operations that are fully dependent on the types of network layers and equipment vendors. To disengage the virtual network from the complexity of the physical network, the network virtualization should be capable of abstracting the physical network information and provides the standardized interfaces for resource control to the virtual networks. o Since there exist multiple virtual networks in the shared network infrastructure, those virtual networks will be managed by management systems. Network virtualization should provide standardized interfaces to such management systems in order to realize an efficient control of a virtual networks. o When combined with programmability feature in network elements, users of virtual networks can program the network elements on any layers from physical layer to application layer according to users' requirements. It can realize virtual networks with programmable network elements, so that users can perform experimentation on any layers.Therefore, virtual networks may be capable of supporting programmability. o It is known that some of emerging network services will require extremely high bandwidth, for example more than hundreds Gbps with low latency and jitter. However, it may not be possible to satisfy such high end requirements with the current network and transport layer technologies. Thus, each virtual network may be capable of directly utilizing lower-layer transmission technologies in order to guarantee required bandwidth for services. o Since today's network application traffic tends to indicate more and more unpredictable variations, each virtual network would require methods to adjust available bandwidth according to traffic demand changes. Jeong, et al. Expires January 14, 2011 [Page 7] Internet-Draft Network Virtualization PS July 2010 o Users may dynamically request new capability that is not supported by the current virtual network configuration. Thus, the network virtualization should offer a method that the virtual networks are capable of easily and rapidly creating their own network topologies and dynamically reconfiguring them. o To support diverse network services, the virtual network should retain the capability of customizing network control and operations independent from those in the physical network or other virtual networks. o Considering the utility of customers, each virtual network should be capable of using physical network resources and constructing a network topology. However, one possible problem is that some abnormal virtual networks may occupy most of the resources, which deteriorates other virtual network performance due to network resource exhaustion. So, the network virtualization should provide the capability to regulate the upper limit of resource consumption by each virtual network in order to maintain the overall utility and performance. 4. Applicability and Use Cases This section describes the applicability of network virtualization. The applicability of network virtualization may be classified into two broad categories according to the characteristics of virtualization; namely isolation and aggregation [2]. [Note] This section will be refined in the next version of this document. From the view point of isolation, network virtualization enables the complete isolation between each logical network partition. Typical use case of this category is that it is possible to create new business model by separating the conventional Internet service provider's role into network provider and service provider. The network provider creates customized logical network partitions according to the service providers' requirements, such as network bandwidth, the number and functional capability of network elements in the logical network partitions, total cost, and so on. The service provider can provide various services and applications for users without the burden of building its own network infrastructure. Moreover, the service provider can safely test an innovative pilot service or application that requires special features of network without affecting other existing services. From the perspective of network providers, they can increase the hardware utilization ratio and can reduce the operational cost of network infrastructure. From Jeong, et al. Expires January 14, 2011 [Page 8] Internet-Draft Network Virtualization PS July 2010 the viewpoint of service providers, it is possible to reduce the cost for building network infrastructure. Also, they can utilize the flexibility for the creation of network and application services. The second applicability is aggregation. In the computing field, it is common to logically aggregate multiple computing resources into a single resource in order to support applications or services that require very high performance exceeding single resource's capability. Building a high performance computing node by clustering many smaller nodes would be the typical use case of resource aggregation. Similar to this use case, network virtualization can allow building a logical network element whose capability is hard to be supported by a single one. The logical network element can support various functions and can easily expand its capability by aggregating multiple network elements. 5. Security Considerations TBD 6. Acknowledgments This version of the problem statement reflects the discussion results of the following people. Many thanks to Takashi Kurimoto, Takashi Miyamura, Alex Galis for their comments. 7. Informative References [1] Mosharaf, N. and R. Boutaba, "Network Virtualization: State of the Art and Research Challenges", IEEE Communications Magazine , July 2009. [2] Jeong, S. and H. Otsuki, "Framework of Network Virtualization", ITU-T Focus Group on Future Networks , January 2010. [3] Mosharaf, N. and R. Boutaba, "A Survey of Network Virtualization", Computer Networks , April 2010. Jeong, et al. Expires January 14, 2011 [Page 9] Internet-Draft Network Virtualization PS July 2010 Authors' Addresses Sangjin Jeong ETRI 138 Gajeongno, Yuseong Daejeon, 305-700 Korea Phone: +82 42 860 1877 Email: sjjeong@etri.re.kr Myung-Ki Shin ETRI 138 Gajeongno, Yuseong Daejeon, 305-700 Korea Phone: +82 42 860 4847 Email: mkshin@etri.re.kr Takashi Egawa NEC Corporation 1753 Shimonumabe Nakahara-Ku, Kawasaki Kanagawa, 211-8666 Japan Phone: +81 44 431 7770 Email: t-egawa@ct.jp.nec.com Hideki Otsuki NiCT 4-2-1 Nukui-Kitamachi Koganei Tokyo, 184-8795 Japan Phone: +81 42 327 6931 Email: hideki.otsuki@nict.go.jp Jeong, et al. Expires January 14, 2011 [Page 10]