Jeuk, S; Salgueiro, G; Baker, F; Zhou, S; (2015) Network Segmentation in the Cloud A Novel Architecture Based on UCC and IID. In: Boutaba, R and Limam, N and Kantarci, B and Badonnel, R, (eds.) Proceedings of 4th International Conference on Cloud Networking (CloudNet), IEEE 2015. (pp. pp. 58-63). IEEE: Niagara Falls, ON, Canada.

Preview

Text Zhou_Network Segmentation_Open.pdf - Accepted Version Download (462kB) | Preview

Abstract

Cloud Computing is known for its scalability, flexibility and on-demand workload creation. Today, cloud-enabled data centers utilize VLAN, VxLAN or GRE segmentations but these techniques, despite being widely deployed, have a variety of inherent technical and architectural limitations. In this paper we introduce a novel architecture leveraging UCC and IID for segmentation, rather than those traditionally used today (e.g., VLAN, VxLAN, etc.). The proposed architecture is entirely based on IPv6 and, for illustrative purposes only, is demonstrated using OpenStack as the cloud framework. This proposed reference architecture is based entirely on UCC and IID, two OpenStackindependent concepts, could easily be realized in outer cloud frameworks as well. UCC introduces cloud-specific traffic isolation within IPv6 extension headers. IIDs can be incorporated as a unique identifier within an IPV6 address to identify endpoints. The combination of both allows network devices to segregate traffic according to cloud service, cloud tenants and endpoint affiliation. Here, we highlight current shortcomings of existing segmentation techniques as well as define design considerations for the cloud framework in question (i.e. in this case OpenStack) to circumvent such limitations. The proposed architecture is depicted and explained in the context of a traffic flow example.

Download activity - last month

Export as XMLCSVJSON

Download activity - last 12 months

Export as XMLJSONCSV

Downloads by country - last 12 months

Export as XMLCSVJSON

Archive Staff Only

View Item