Isoflat: Flat Provider Network Multiplexing and Firewalling in OpenStack Cloud
Ruipeng Zhang, Mengjun Xie, Li Yang
Code Available — Be the first to reproduce this paper.
ReproduceCode
- github.com/nexus-lab/isoflatOfficialnone★ 0
Abstract
Networking is one of the key enablers of cloud computing and its security is essential for multi-tenant clouds. As a widely used open source solution to cloud computing, OpenStack allows computing resources to connect to the physical network infrastructure through provider networks for performance and reliability considerations. However, OpenStack users are stuck with either VLAN provider networks that are complex to configure and manage or flat networks that are not isolated and have the limitation on interface multiplexing. To address this problem, in this paper, we propose a new mechanism called Isoflat, which extends OpenStack's ability for creating flat provider networks with both configuration simplicity and flexible isolation capability. Our evaluation results show that a provider network with Isoflat can achieve similar network performance as a flat or VLAN provider network. Our results also show that the Isoflat firewall has much less impact on throughput performance than security group.