The modern cloud environment deploys large-scale servers to fulfill the diverse and increasing demands. In such an environment, network virtualization is the fundamental key component of the overall system that orchestrates communication among servers and applications. However, current network virtualization architectures face three challenges to achieving system resilience: safety, predictable performance, and security. First, the system must integrate robust monitoring and configuration methodology across multiple virtualization stack layers for fault tolerance while ensuring low overhead. Secondly, a multi-tenant cloud environment complicates achieving performance predictability. Third, the network virtualization framework must provide a comprehensive security mechanism to minimize potential security vulnerabilities while maintaining performance efficiency. Existing solutions typically focus on optimizing individual aspects, such as enhancing fault tolerance or reducing latency for predictable performance. Addressing all three challenges requires a fundamental re-design of network virtualization. This proposal proposes a novel resilient virtualization network framework to address these challenges in combination. Our proposal comprises two research vectors. First, Research Vector 1 (RV1) focuses on creating a resilient network device virtualization framework that unifies the current network device virtualization approaches to meet the diverse demands of the modern cloud. Importantly, the proposed framework integrates fault-tolerant designs, programmable interfaces for predictable and flexible network management, and security measures leveraging sandboxing technologies. Second, Research Vector 2 (RV2) focuses on streamlining necessary protocol processing in virtual environments for resilience and performance. Our proposal combines all processing, from network virtualization in the hypervisor through the transport layer in the guests, into one shared network stack that allocates resources dynamically between guests. Critically, we propose fine-grained resource accounting and scheduling to ensure microsecond-scale performance isolation between tenants. Finally, we emphasize efficiently supporting increasingly larger physical hosts running growing numbers of virtual machines. The primary tangible outcome of this research project is twofold. First, we present a novel fault-tolerant user-space network device virtualization framework that unifies current network device virtualization approaches to meet diverse cloud demands while ensuring predictable performance through a declarative programmable interface with a strong security guarantee by leveraging the sandbox methodology. Second, we design and implement a new, fundamentally re-organized virtualization network stack architecture that improves resilience and performance. We will make all source code and data available publicly to foster the adaptation of our approaches and further research.

DFG Programme Priority Programmes

Subproject of SPP 2378:  Resilience in Connected Worlds – Mastering Failures, Overload, Attacks, and the Unexpected