近年来,随着网络虚拟化技术的快速发展,云服务提供商可以将一套物理网络抽象成多套相互独立的虚拟网络提供给租户。在多租户网络环境中,需要保证租户网络的安全隔离,确保租户数据不会遭到来自其他租户以及外部网络的非法访问。相比传统物理网络的边界,虚拟网络的边界定义更加模糊,需要更细粒度的网络隔离;当前以 OpenStack 为代表的主流开源云平台采用集中式部署网络边界节点的方式实现虚拟网络的隔离,虚拟机流量大多集中到单一物理节点上,存在单点故障的隐患。提出分布式实现虚拟网络隔离的方式,把原本集中的虚拟网络边界分布到各台物理服务器,从而将原本集中于同一节点的网络流量分摊到各物理服务器,降低单点故障造成损失的可能性。最后经过实验证实了分布式部署的有效性,同时能够降低虚拟机通信的网络延迟。%In recent years,with the rapid development of network virtualization technology,cloud service providers can provide virtual net-works abstracted from one set of physical network for tenants.In the multi-tenant network environment,tenants should be guaranteed that their virtual networks are isolated and won’t be accessed illegally from other tenants or outer networks.The definition of the virtual network borders is more obscure than physical network borders,so more fine-grained network isolation is required.Mainstream open source cloud platforms like OpenStack uses centralized network border to realize the isolation of virtual networks,and most traffic of VMs (virtual machines)is con-verged into single physical node,which may lead to SPOF (single point of failure).Thus,a distributed realization of virtual network isolation is proposed,which distributes the centralized border to each physical server,and the network traffic is distributed to physical servers so that the possibility of loss caused by SPOF will be reduced.Finally,experiments prove the availability of the distributed deployment and the lower network latency of VMcommunication in the distributed realization.
展开▼
