Network virtualization gives each "tenant" in a data center its own network topology and control over the flow of its traffic. By offering a standard interface between controller applications and switch forwarding tables, Software Defined Networking (SDN) is a natural platform for network virtualization. Yet, supporting a large number of tenants with different topologies and controller applications raises scalability challenges. In this paper, we present the FlowN architecture, which provides each tenant the illusion of its own address space, topology, and controller. The FlowN controller platform leverages database technology to efficiently store and manipulate mappings between the virtual networks and the physical switches. Rather than running a separate controller per tenant, FlowN performs lightweight containerbased virtualization. Experiments with our FlowN prototype, built as an extension to the NOX OpenFlow controller, show that our solution scales to a large number of tenants.
Cloud computing is quickly becoming the platform of choice for many web services. Virtualization is the key underlying technology enabling cloud providers to host services for a large number of customers. Unfortunately, virtualization software is large, complex, and has a considerable attack surface. As such, it is prone to bugs and vulnerabilities that a malicious virtual machine (VM) can exploit to attack or obstruct other VMs -a major concern for organizations wishing to move "to the cloud." In contrast to previous work on hardening or minimizing the virtualization software, we eliminate the hypervisor attack surface by enabling the guest VMs to run natively on the underlying hardware while maintaining the ability to run multiple VMs concurrently. Our NoHype system embodies four key ideas: (i) pre-allocation of processor cores and memory resources, (ii) use of virtualized I/O devices, (iii) minor modifications to the guest OS to perform all system discovery during bootup, and (iv) avoiding indirection by bringing the guest virtual machine in more direct contact with the underlying hardware. Hence, no hypervisor is needed to allocate resources dynamically, emulate I/O devices, support system discovery after bootup, or map interrupts and other identifiers. NoHype capitalizes on the unique use model in cloud computing, where customers specify resource requirements ahead of time and providers offer a suite of guest OS kernels. Our system supports multiple tenants and capabilities commonly found in hosted cloud infrastructures. Our prototype utilizes Xen 4.0 to prepare the environment for guest VMs, and a slightly modified version of Linux 2.6 for the guest OS. Our evaluation with both SPEC and Apache benchmarks shows a roughly 1% performance gain when running applications on NoHype compared to running them on top of Xen 4.0. Our security analysis shows that, while there are some minor limitations with current commodity hardware, NoHype is a significant advance in the security of cloud computing.
Abstract.A self-reconfiguring platform is reported that enables an FPGA to dynamically reconfigure itself under the control of an embedded microprocessor. This platform has been implemented on Xilinx Virtex II¦ § and Virtex II Pro¦ © § devices. The platform's hardware architecture has been designed to be lightweight. Two APIs (Application Program Interface) are described which abstract the low level configuration interface. The Xilinx Partial Reconfiguration Toolkit (XPART), the higher level of the two APIs, provides methods for reading and modifying select FPGA resources. It also provides support for relocatable partial bitstreams. The presented self-reconfiguring platform enables embedded applications to take advantage of dynamic partial reconfiguration without requiring external circuitry.
Energy communication networks (ECNs) play an integral role in electrical substations. Substations host many Intelligent Electronic Devices (IEDs) that monitor the state of the electricity infrastructure. This critical data is packaged and transmitted between multiple IEDs for proper system monitoring and control. The modern network that interconnects IEDs, while a significant improvement over the historic serial interconnection, has many challenges which have yet to be addressed -ranging from setup complexity to security policies. In this paper we propose that software-defined networking can alleviate many of today's problems and create a network which can evolve with changing technologies and needs. We demonstrate an autoconfiguring substation network which eliminates many substation network management issues. Our prototype is built using a Ryubased, software-defined network controller and tested with actual IEDs used in substations. We also discuss how our softwaredefined energy communication network (SDECN) architecture not only solves problems of today, but enables substation networks to easily evolve with the rapid evolution of the smart grid.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.