Design and Analysis of Schedules for Virtual Network Migration

The Internet faces well-known challenges in realizing modifications to the core architecture. To help overcome these limitations, virtual networks run over physical networks and use Internet paths and protocols as essentially a link layer in the virtual network. Effective use of the underlying network requires intelligent placement of virtual networks so that underlying resources do not incur over-subscription. Additionally, because virtual networks may come and go over time, and underlying networks may experience their own dynamic changes, virtual networks may need to be migrated— re-mapped to the physical network during active operation— to maintain good performance. In this paper we consider the problem of scheduling the sequence of node moves that take a virtual network from an original placement to a new placement. We build on prior work that achieves migration of a single node with minimal disruption to develop a model for the migration cost and latency for a given network migration schedule. We then develop algorithms for determining a single-node-at-a-time sequence of moves to minimize migration cost, and further consider multiple node moves in parallel to minimize migration time and cost. Our algorithms are the first we are aware of to systematically address the virtual network migration scheduling problem

Improving distributed virtual network embedding with offline optimization

To cope with the complexity of the ever changing internet architecture, network virtualization services are vowed to play an important role in the future. To provide such solutions effectively, internet providers face the problem of optimizing the allocation of virtual networks on their physical resources. Since this problem is known to be NP-hard, heuristic based online solutions tend to provide better response time, however they lead to non-optimal solutions. This paper shows how a periodic live migration of virtual networks, using a state provided by offline optimization, can help an internet provider increase its virtual network load by up to 20%. Due to better packing of virtual load, some physical resources can also be shut down to save energy

Trusted Launch of Virtual Machine Instances in Public IaaS Environments

Cloud computing and Infrastructure-as-a-Service (IaaS) are emerging and promising technologies, however their adoption is hampered by data security concerns. At the same time, Trusted Computing (TC) is experiencing an increasing interest as a security mechanism for IaaS. In this paper we present a protocol to ensure the launch of a virtual machine (VM) instance on a trusted remote compute host. Relying on Trusted Platform Module operations such as binding and sealing to provide integrity guarantees for clients that require a trusted VM launch, we have designed a trusted launch protocol for VM instances in public IaaS environments. We also present a proof-of-concept implementation of the protocol based on OpenStack, an open-source IaaS platform. The results provide a basis for the use of TC mechanisms within IaaS platforms and pave the way for a wider applicability of TC to IaaS security

Uncovering Bugs in Distributed Storage Systems during Testing (not in Production!)

Testing distributed systems is challenging due to multiple sources of nondeterminism. Conventional testing techniques, such as unit, integration and stress testing, are ineffective in preventing serious but subtle bugs from reaching production. Formal techniques, such as TLA+, can only verify high-level specifications of systems at the level of logic-based models, and fall short of checking the actual executable code. In this paper, we present a new methodology for testing distributed systems. Our approach applies advanced systematic testing techniques to thoroughly check that the executable code adheres to its high-level specifications, which significantly improves coverage of important system behaviors. Our methodology has been applied to three distributed storage systems in the Microsoft Azure cloud computing platform. In the process, numerous bugs were identified, reproduced, confirmed and fixed. These bugs required a subtle combination of concurrency and failures, making them extremely difficult to find with conventional testing techniques. An important advantage of our approach is that a bug is uncovered in a small setting and witnessed by a full system trace, which dramatically increases the productivity of debugging