Skip to Main content Skip to Navigation
Journal articles

A Survey of Network Isolation Solutions for Multi-Tenant Data Centers

Valentin del Piccolo 1, 2 Ahmed Amamou 1 Kamel Haddadou 1 Guy Pujolle 2 
2 Phare
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : The Infrastructure-as-a-Service (IaaS) model is one of the fastest growing opportunities for cloud-based service providers. It provides an environment that reduces operating and capital expenses while increasing agility and reliability of critical information systems. In this multitenancy environment, cloud-based service providers are challenged with providing a secure isolation service combining different vertical segments, such as financial or public services, while nevertheless meeting industry standards and legal compliance requirements within their data centers. In order to achieve this, new solutions are being designed and proposed to provide traffic isolation for a large numbers of tenants and their resulting traffic volumes. This paper highlights key challenges that cloud-based service providers might encounter while providing multi-tenant environments. It also succinctly describes some key solutions for providing simultaneous tenant and network isolation, as well as highlights their respective advantages and disadvantages. We begin with Generic Routing Encapsulation (GRE) introduced in 1994 in "RFC 1701", and will conclude with today's latest solutions. We detail fifteen of the newest architectures and then compare their complexities, the overhead they induce, their VM migration abilities, their resilience, their scalability, and their multi data center capacities. This paper is intended for, but not limited to, cloud-based service providers who want to deploy the most appropriate isolation solution for their needs, taking into consideration their existing network infrastructure. This survey provides details and comparisons of various proposals while also highlighting possible guidelines for future research on issues pertaining to the design of new network isolation archi-tectures.
Document type :
Journal articles
Complete list of metadata

Cited literature [86 references]  Display  Hide  Download
Contributor : Gestionnaire HAL-UPMC Connect in order to contact the contributor
Submitted on : Tuesday, January 10, 2017 - 10:45:10 AM
Last modification on : Wednesday, September 21, 2022 - 11:07:51 AM
Long-term archiving on: : Tuesday, April 11, 2017 - 2:07:06 PM


Files produced by the author(s)



Valentin del Piccolo, Ahmed Amamou, Kamel Haddadou, Guy Pujolle. A Survey of Network Isolation Solutions for Multi-Tenant Data Centers. Communications Surveys and Tutorials, IEEE Communications Society, Institute of Electrical and Electronics Engineers, 2016, 18 (4), pp.2787 - 2821. ⟨10.1109/COMST.2016.2556979⟩. ⟨hal-01430684⟩



Record views


Files downloads