Changes between Version 83 and Version 84 of clusterdvlan


Ignore:
Timestamp:
01/20/10 15:02:04 (14 years ago)
Author:
hmussman@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • clusterdvlan

    v83 v84  
    268268d)  Connection to Amazon Cloud:
    269269
    270 See [http://vise.cs.umass.edu/trac/attachment/wiki/CloudControl/2009-12-23%20Options%20and%20cost%20implications%20for%20GENI%20network%20connectivity_final.pdf  Options and Cost Implications for GENI Network Connectivity] to understand the current options and recommendations, as provided by Emmanuel Cecchet. [[BR]]
     270 See [http://vise.cs.umass.edu/trac/attachment/wiki/CloudControl/2009-12-23%20Options%20and%20cost%20implications%20for%20GENI%20network%20connectivity_final.pdf  Options and Cost Implications for GENI Network Connectivity] to understand the current options and recommendations, as provided by Emmanuel Cecchet. [[BR]]
    271271
    272272Overview:
    273273
    274 1)  Resources allocated on the Amazon EC2 cloud have to be connected with other GENI resources to participate in an experiment. Disk resources (S3 or EBS) can only be accessed from EC2 servers called instances.
    275 
    276 2)  EC2 instances (servers) are dynamically assigned IP addresses when they are created. A public IP address is available for remote connections and a private IP address is created for internal communications (inside EC2). All network traffic between EC2 instances (inside the same availability zone of the same region) is free.  Traffic between resources in different regions is considered Internet traffic.  All network exchanges between GENI
     274 1)  Resources allocated on the Amazon EC2 cloud have to be connected with other GENI resources to participate in an experiment. Disk resources (S3 or EBS) can only be accessed from EC2 servers called instances.
     275
     276 2)  EC2 instances (servers) are dynamically assigned IP addresses when they are created. A public IP address is available for remote connections and a private IP address is created for internal communications (inside EC2). All network traffic between EC2 instances (inside the same availability zone of the same region) is free.  Traffic between resources in different regions is considered Internet traffic.  All network exchanges between GENI
    277277resources outside of EC2 and EC2 resources are charged.
    278278
    279 3)  Amazon offers static IPv4 addresses that can be assigned to instances at an additional cost. A customer is limited to 5 such addresses by default but more can be obtained on demand. An instance first starts with a generic public and private IP addresses and then can be remapped to a static IP address (called Elastic IP).
     279 3)  Amazon offers static IPv4 addresses that can be assigned to instances at an additional cost. A customer is limited to 5 such addresses by default but more can be obtained on demand. An instance first starts with a generic public and private IP addresses and then can be remapped to a static IP address (called Elastic IP).
    280280
    281281Options:
    282282
    283 a)  In order for EC2 instances to be part of a VLAN, the simplest solution is to run a VLAN software like OpenVPN in the EC2 instances. It is the responsibility of the user to setup that VLAN so that it can communicate with the rest of its GENI resources. There is no additional cost for such setup besides the network traffic charges described in Section 1.
    284 
    285 b)  Amazon Virtual Private Cloud service allows setting up a bridge to expand a VLAN with EC2 resources. Note that this can only be a layer 3 VLAN. Amazon VPC provides end-to-end network isolation by utilizing an IP address range that is specified by the user, and routing all network traffic between VPC and the user network through an encrypted IPsec VPN.
     283 a)  In order for EC2 instances to be part of a VLAN, the simplest solution is to run a VLAN software like OpenVPN in the EC2 instances. It is the responsibility of the user to setup that VLAN so that it can communicate with the rest of its GENI resources. There is no additional cost for such setup besides the network traffic charges described in Section 1.
     284
     285 b)  Amazon Virtual Private Cloud service allows setting up a bridge to expand a VLAN with EC2 resources. Note that this can only be a layer 3 VLAN. Amazon VPC provides end-to-end network isolation by utilizing an IP address range that is specified by the user, and routing all network traffic between VPC and the user network through an encrypted IPsec VPN.
    286286The customer gateway can be either software or hardware. The current documentation only lists Cisco Integrated Services routers running Cisco IOS 12.4(or later) software and Juniper J-Series routers running JunOS 9.5 (or later) software as compatible devices.
    287287
    288 Note:  Providing the VPC functionality can only work for a single user (one VPC per AWS account only). This would not allow a broker to manage its resources globally and have
    289 multiple concurrent users using a pool of EC2 resources.
    290 
    291 
    292 Another option illustrated in Figure 3 would consist in having the broker run the
    293 customer gateway and act as a bridge with the end-user resources. This option would still
    294 have the limitation that all users going through the same broker would be sharing the
    295 same VPN on the EC2 side. Having as many AWS accounts as GENI users does not
    296 seem practical and would make accounting and billing much more complex.
    297 
    298 
     288 Note:  Providing the VPC functionality can only work for a single user (one VPC per AWS account only). This would not allow a broker to manage its resources globally and have
     289multiple concurrent users using a pool of EC2 resources.  A workaround solution would consist in having the broker run the customer gateway and act as a bridge with the end-user resources. This option would still have the limitation that all users going through the same broker would be sharing the same VPN on the EC2 side.  (Having as many AWS accounts as GENI users does not seem practical and would make accounting and billing much more complex.)
     290
     291Recommendation;
     292
     293 The EC2 offering is expanding quickly and we expect additional VLAN support for EC2 resources through Amazon VPC or another service (note that Amazon VPC just went from restricted beta to public beta in December 2009).
     294 
     295 Given the current lack of offering for layer-2 connectivity with EC2 resources and the current limitations of the Amazon VPC offering, the recommended solution is just to use the public IP addresses provided by Amazon to address EC2 resources.  Then, if VLAN capabilities are required, the user can easily setup a software IPSec VPN in the EC2 instances it is running.  We propose to offer Amazon images with a pre-installed OpenVPN package for that purpose.
    299296
    300297=== 5.3.3.5 Kansei Aggregates ===