| 268 | d) Connection to Amazon Cloud: |
| 269 | |
| 270 | See [http://vise.cs.umass.edu/trac/attachment/wiki/CloudControl/2009-12-23%20Options%20and%20cost%20implications%20for%20GENI%20network%20connectivity_final.pdf Options and Cost Implications for GENI Network Connectivity] to understand the current options and recommendations, as provided by Emmanuel Cecchet. [[BR]] |
| 271 | |
| 272 | Overview: |
| 273 | |
| 274 | 1) Resources allocated on the Amazon EC2 cloud have to be connected with other GENI resources to participate in an experiment. Disk resources (S3 or EBS) can only be accessed from EC2 servers called instances. |
| 275 | |
| 276 | 2) EC2 instances (servers) are dynamically assigned IP addresses when they are created. A public IP address is available for remote connections and a private IP address is created for internal communications (inside EC2). All network traffic between EC2 instances (inside the same availability zone of the same region) is free. Traffic between resources in different regions is considered Internet traffic. All network exchanges between GENI |
| 277 | resources outside of EC2 and EC2 resources are charged. |
| 278 | |
| 279 | 3) Amazon offers static IPv4 addresses that can be assigned to instances at an additional cost. A customer is limited to 5 such addresses by default but more can be obtained on demand. An instance first starts with a generic public and private IP addresses and then can be remapped to a static IP address (called Elastic IP). |
| 280 | |
| 281 | Options: |
| 282 | |
| 283 | a) In order for EC2 instances to be part of a VLAN, the simplest solution is to run a VLAN software like OpenVPN in the EC2 instances. It is the responsibility of the user to setup that VLAN so that it can communicate with the rest of its GENI resources. There is no additional cost for such setup besides the network traffic charges described in Section 1. |
| 284 | |
| 285 | b) Amazon Virtual Private Cloud service allows setting up a bridge to expand a VLAN with EC2 resources. Note that this can only be a layer 3 VLAN. Amazon VPC provides end-to-end network isolation by utilizing an IP address range that is specified by the user, and routing all network traffic between VPC and the user network through an encrypted IPsec VPN. |
| 286 | The customer gateway can be either software or hardware. The current documentation only lists Cisco Integrated Services routers running Cisco IOS 12.4(or later) software and Juniper J-Series routers running JunOS 9.5 (or later) software as compatible devices. |
| 287 | |
| 288 | Note: Providing the VPC functionality can only work for a single user (one VPC per AWS account only). This would not allow a broker to manage its resources globally and have |
| 289 | multiple concurrent users using a pool of EC2 resources. |
| 290 | |
| 291 | |
| 292 | Another option illustrated in Figure 3 would consist in having the broker run the |
| 293 | customer gateway and act as a bridge with the end-user resources. This option would still |
| 294 | have the limitation that all users going through the same broker would be sharing the |
| 295 | same VPN on the EC2 side. Having as many AWS accounts as GENI users does not |
| 296 | seem practical and would make accounting and billing much more complex. |
| 297 | |
| 298 | |