VNToR: Network Virtualization at the Top-of-Rack Switch
| Title | VNToR: Network Virtualization at the Top-of-Rack Switch |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Fietz, Jonas, Whitlock, Sam, Ioannidis, George, Argyraki, Katerina, Bugnion, Edouard |
| Conference Name | Proceedings of the Seventh ACM Symposium on Cloud Computing |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4525-5 |
| Keywords | network virtualization, pubcrawl, security, security groups, SR-IOV, top-of-rack switch, virtual machine, virtual machine security |
| Abstract | Cloud providers typically implement abstractions for network virtualization on the server, within the operating system that hosts the tenant virtual machines or containers. Despite being flexible and convenient, this approach has fundamental problems: incompatibility with bare-metal support, unnecessary performance overhead, and susceptibility to hypervisor breakouts. To solve these, we propose to offload the implementation of network-virtualization abstractions to the top-of-rack switch (ToR). To show that this is feasible and beneficial, we present VNToR, a ToR that takes over the implementation of the security-group abstraction. Our prototype combines commodity switching hardware with a custom software stack and is integrated in OpenStack Neutron. We show that VNToR can store tens of thousands of access rules, adapts to traffic-pattern changes in less than a millisecond, and significantly outperforms the state of the art. |
| URL | http://doi.acm.org/10.1145/2987550.2987582 |
| DOI | 10.1145/2987550.2987582 |
| Citation Key | fietz_vntor:_2016 |