A Policy-Based Architecture for Container Migration in Software Defined Infrastructures

Software-Defined Networking (SDN) is a paradigm that enables easier network programmability based on separation between network control plane and data plane. Network Function Virtualization (NFV) is another recent technology that has enabled design, deploy, and management of softwarized networking services. The vast majority of SDN and NFV based architectures, whether they use Virtual machines (VMs) or Lightweight Virtual Machines (LVMs), are designed to program forwarding, probably the most fundamental among all network mechanisms. In this paper instead we demonstrated that there are other (as important) networking mechanisms that need programmability. In particular, we designed, implemented and extensively tested an architecture that enables policy-programmability of (live) migration of LVMs. Migration is used for maintenance, load balancing, or as a security mechanism in what is called Moving Target Defence (a virtual host migrates to hide from an attacker). Our architecture is based on Docker and it is implemented within a Software-Defined Infrastructure. Migration mechanism can be set easily by means of configuration file, to make a novel policy-based architecture. We evaluated the performance of our system in several scenarios, over a local Mininet-based testbed. We analyzed the tradeoff between several Load Balancing policies as well as several Moving Target Defense solutions inspired by network coding.

[1]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[2]  Emmanouel A. Varvarigos,et al.  Survey , 2016, ACM Comput. Surv..

[3]  Inderjit Singh Dhanoa,et al.  Energy-Efficient Virtual Machine Live Migration in Cloud Data Centers , 2014 .

[4]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[5]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[6]  Yulong Wang,et al.  U-TRI: Unlinkability Through Random Identifier for SDN Network , 2017, MTD@CCS.

[7]  Rajkumar Buyya,et al.  Cost of Virtual Machine Live Migration in Clouds: A Performance Evaluation , 2009, CloudCom.

[8]  Yi Wang,et al.  VROOM: Virtual ROuters On the Move , 2007, HotNets.

[9]  Mala Kalra,et al.  Comparative Study of Live Virtual Machine Migration Techniques in Cloud , 2013 .

[10]  Roberto Palmieri,et al.  Adaptive Live Migration to Improve Load Balancing in Virtual Machine Environment , 2013, Euro-Par Workshops.

[11]  E. S. Pilli,et al.  Live virtual machine migration techniques: Survey and research challenges , 2013, 2013 3rd IEEE International Advance Computing Conference (IACC).

[12]  Jafar Haadi Jafarian,et al.  WebMTD: Defeating Web Code Injection Attacks using Web Element Attribute Mutation , 2017, MTD@CCS.

[13]  Ali Tizghadam,et al.  Fast Network Flow Resumption for Live Virtual Machine Migration on SDN , 2015, 2015 IEEE 23rd International Conference on Network Protocols (ICNP).

[14]  Carlos E. Rubio-Medrano,et al.  Mutated Policies: Towards Proactive Attribute-based Defenses for Access Control , 2017, MTD@CCS.