A Survey of Network Isolation Solutions for Multi-Tenant Data Centers

Valentin Del Piccolo 1 Ahmed Amamou 1 Kamel Haddadou 1 Guy Pujolle 2
2 Phare
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : The Infrastructure-as-a-Service (IaaS) model is one of the fastest growing opportunities for cloud-based service providers. It provides an environment that reduces operating and capital expenses while increasing agility and reliability of critical information systems. In this multitenancy environment, cloud-based service providers are challenged with providing a secure isolation service combining different vertical segments, such as financial or public services, while nevertheless meeting industry standards and legal compliance requirements within their data centers. In order to achieve this, new solutions are being designed and proposed to provide traffic isolation for a large numbers of tenants and their resulting traffic volumes. This paper highlights key challenges that cloud-based service providers might encounter while providing multi-tenant environments. It also succinctly describes some key solutions for providing simultaneous tenant and network isolation, as well as highlights their respective advantages and disadvantages. We begin with Generic Routing Encapsulation (GRE) introduced in 1994 in "RFC 1701", and will conclude with today's latest solutions. We detail fifteen of the newest architectures and then compare their complexities, the overhead they induce, their VM migration abilities, their resilience, their scalability, and their multi data center capacities. This paper is intended for, but not limited to, cloud-based service providers who want to deploy the most appropriate isolation solution for their needs, taking into consideration their existing network infrastructure. This survey provides details and comparisons of various proposals while also highlighting possible guidelines for future research on issues pertaining to the design of new network isolation archi-tectures.
Type de document :
Article dans une revue
Communications Surveys and Tutorials, IEEE Communications Society, Institute of Electrical and Electronics Engineers, 2016, 18 (4), pp.2787 - 2821. 〈10.1109/COMST.2016.2556979〉
Liste complète des métadonnées

Littérature citée [86 références]  Voir  Masquer  Télécharger

https://hal.sorbonne-universite.fr/hal-01430684
Contributeur : Gestionnaire Hal-Upmc <>
Soumis le : mardi 10 janvier 2017 - 10:45:10
Dernière modification le : jeudi 21 mars 2019 - 14:37:42
Document(s) archivé(s) le : mardi 11 avril 2017 - 14:07:06

Fichier

Del_Piccolo_2016_A_Survey_of_N...
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Valentin Del Piccolo, Ahmed Amamou, Kamel Haddadou, Guy Pujolle. A Survey of Network Isolation Solutions for Multi-Tenant Data Centers. Communications Surveys and Tutorials, IEEE Communications Society, Institute of Electrical and Electronics Engineers, 2016, 18 (4), pp.2787 - 2821. 〈10.1109/COMST.2016.2556979〉. 〈hal-01430684〉

Partager

Métriques

Consultations de la notice

459

Téléchargements de fichiers

531