VPN Extension Requirements for Private Clouds

1
VPN Extension Requirements for Private Clouds

• draft-so-vepc-00.txt

2
Description of Todays Cloud Infrastructure

• Three components that make up the Cloud
  infrastructure
• Data center, network (LAN/MAN/WAN), and the end
  user
• Multiple Cloud-based products and services are
  being offered across multiple data centers
  globally
• Data centers are multi-tenant in nature, can be
  single Cloud Service Provider or independent 3rd
  party operated
• The application (VM) can be mobile
• The networks can be layer 2 and layer 3 IP/MPLS
  (VPN and non-VPN) networks, and layer 1 private
  line/OTN/MPLS-TP based networks
• The selection of the network of choice is
  possible
• The users can be wireline and wireless with
  various access technologies
• Users are mobile, and exchange of
  wireless/wireline is possible

3
Problem Areas

• The problem areas that this situation can cause
  Cloud Service Providers, especially for the
  existing VPN customers
• Private Cloud Customer End to End Separation
• Private Cloud Resource Virtualization
• Private Cloud Services Restoration
• Other Non-VPN Specific Areas
• Cloud Traffic Load-Balancing and Congestion
  Avoidance
• QoS Synchronization
• Cross Layer Optimization
• Automation end to end Configuration
• End-to-End Quality of Experience
• OAM Considerations
• Cloud Security

4
Private Cloud Customer End to End Separation

• Today data center segregates the customer traffic
  at layer 7 (application), and there is no
  standard on extending the VPN into data center.
• The success of VPN services in the enterprise and
  the government world is largely due to its
  ability to virtually segregate the customer
  traffic at layer 2 and layer 3
• The lower layer the segregation can be
  maintained, the safer it is for the customers
  from security and privacy perspectives
• Cloud-Application (or the virtualization
  function) should have the ability to get access
  to VPN (including Layer 2/3 VPN), to segregate
  different Cloud-Services traffic trough the
  network.
• Very high level example solutions are provided to
  illustrate solution specific requirements

5
Private Cloud Resource Virtualization

• Today data center virtualization is totally
  handled by data center servers and hypervisors.
• Application server and VM allocation and
  assignment
• disk and memory space allocation
• traffic loading and balancing
• QoS assignments, and etc.
• The entire process is invisible to the
  underlying networks and the users

6
Private Cloud Resource Virtualization

• There shall be a way that the network can
  influence some virtualization functions that are
  important to the concept and spirit of the VPN.
• The Private Cloud provisioning and management
  system SHALL have the ability to dedicate a
  specific block of disk space per services per
  VPN.
• Each VPN SHALL have the exclusive access to the
  dedicated block of disk space.
• Each VPN SHALL have the ability to indicate the
  mechanism used to prevent the unwanted data
  retrieval for the block of disk space after it is
  no longer used by the VPN, before it can be
  re-used by other parties
• Each VPN SHALL have the ability to request a
  dedicated VM with certainly CPU capability,
  amount of memory and disk space. 
• Each VPN SHALL have the ability to request
  dedicated L2/3 network resources within the data
  center such as bandwidth, priorities, and so on
• Each VPN SHALL have the ability to hold the
  requested resources without sharing with any
  other parties
• Each VPN SHALL have the ability to limit the
  stored data mobility to a certain geographic
  region confinement (country/state).

7
Private Cloud Resource Virtualization

• There shall be a way that the network can
  influence some virtualization functions that are
  important to the concept and spirit of the VPN.
• The Private Cloud provisioning and management
  system SHALL have the ability to dedicate a
  specific block of disk space per services per
  VPN.
• Each VPN SHALL have the exclusive access to the
  dedicated block of disk space.
• Each VPN SHALL have the ability to indicate the
  mechanism used to prevent the unwanted data
  retrieval for the block of disk space after it is
  no longer used by the VPN, before it can be
  re-used by other parties
• Each VPN SHALL have the ability to request a
  dedicated VM with certainly CPU capability,
  amount of memory and disk space. 
• Each VPN SHALL have the ability to request
  dedicated L2/3 network resources within the data
  center such as bandwidth, priorities, and so on
• Each VPN SHALL have the ability to hold the
  requested resources without sharing with any
  other parties
• Each VPN SHALL have the ability to limit the
  stored data mobility to a certain geographic
  region confinement (country/state).
• TCP/IP stack SHOULD support multiple routing
  instances. Each virtualization function SHOULD
  connect to the network through it own virtual
  routing instance.

8
Private Cloud Services Restoration

• Today the data center restoration and diversity
  design are not linked to the network restoration
  and diversity design.
• May cause redundant diversity design
• May cause traffic oscillation and
  service/performance degradation
• Highly performance sensitive VPN traffic is most
  at risk
• The solution SHOULD be able to indicate how the
  restoration is handled across layers
• Allows end-to-end diversity design and
  optimization
• The restoration capability awareness needs to be
  scalable
• Problems occur in one area of the Cloud SHALL not
  affect all other areas of the Cloud
• Each component of the Cloud can scale
  independently

9
Next Step

• Which WG does this draft belong?
• Should the draft be split into Requirements and
  Framework draft, and Solution draft?