Embed Size (px)
Citation preview
State MigrationDraft-gu-opsawg-policies-migration-01
Yingjie Gu
Network Architecture Example
CE1Agg. Switch
TOR
FW1
TOR
MPLSGW
IP:192.168.1.0/16GW:192.168.0.1
L2 Network
FW2
Internet Gateway2
Virtual Gateway192.168.0.1/16
VRRP
IP:192.168.2.0/16GW:192.168.0.1
IP:192.168.1.0/16GW:192.168.0.1
VPLS-PE2VPLS-PE1
Internet Gateway1
Virtual Gateway192.168.0.1/16
TOR
CE2Agg. Switch
VM1 VM2
VM8 …
VM41 VM42VM21 VM22
VM28 …
VM1 : 192.168.1.1 VM21 : 192.168.2.21
Use Case 1: Intra-communication
TOR
TOR
MPLSGW
IP:192.168.1.0/16GW:192.168.0.1
L2 Network
Internet Gateway2
Virtual Gateway192.168.0.1/16
VRRP
IP:192.168.2.0/16GW:192.168.0.1
IP:192.168.1.0/16GW:192.168.0.1
VPLS-PE2VPLS-PE1
Internet Gateway1
Virtual Gateway192.168.0.1/16
TOR
CE2
VM1 VM41 VM42VM21
Session TableVM21->VM1 Status
(1)
CE1
Session TableNo VM21->VM1 Record
(2) VM Live Migration
(3) Routed to new location
Use Case 2: Extra-communication
CE1Agg. Switch
TOR
FW1
TOR
MPLSGW
IP:192.168.1.0/16GW:192.168.0.1
L2 Network
FW2
Internet Gateway2
Virtual Gateway192.168.0.1/16
VRRP
IP:192.168.2.0/16GW:192.168.0.1
IP:192.168.1.0/16GW:192.168.0.1
VPLS-PE2VPLS-PE1
Internet Gateway1
Virtual Gateway192.168.0.1/16
TOR
CE2Agg. Switch
VM1
…
VM41 VM42
Session TableVM21->VM1 Status
(1)
(2) VM Live Migration
Session TableNo VM21->VM1 Record
Scope• State Migration– To migrate flow-coupled state on Firewall, e.g.
Session Table, while the specific flow is still running.– Currently, we consider state migration in the
following scenarios: the source and destination Firewall are• 1) within the same DC, same administration domain,
and same/different subnets;
• 2) belong to different DCs, which is under different administration domains and same/different subnets;
Analyze the Problem
Coordinator
Notification of VM Migration event:• VM Identity (IP Address or VMID)• Source VM Location• Destination VM Location• Stage of VM Live Migration
Communication for State Migration:• Firewall Capability• Source Firewall Location• Destination Firewall Location• VM IP Address• And State Transfer
Firewall
VM migration notifier
• Gap analysis is made on MIDCOM, ForCES, and PCP• Got feeling that ForCES could provide a basic mechanism for state migration.
Coordinator
Firewall Firewall
Notification of VM Migration event
• Firewall Capability • VM IP Address• Source Firewall Location• Destination Firewall Location
Gap analysis with existing protocols
• Flow-coupled state LIVE migration•
Blue: ForCES can supportGreen: New features ForCES lacks
State Migration
ForCESWe solicit ForCES Experts to join us to figure out how much we can reuse ForCES.
Backup slide
Characteristic of Flow-coupled State Live migration
Best time to Final-copy
Firewall State
Flow-coupled state keep changing
during the moment
Time to pre-copy Firewall
state
![OTMguide Screens v3.ppt [Read-Only]...HTML Document, 790 bytes com.au Paint (RFU) in duding Con s umables Refinish GU C] N/S,F GU GU GU C] NSF GU C] N/S,F GU Paint Onh Hours Repair](https://img.pdfslide.net/doc/110x75/5e823631d11dde0c3b540dc3/otmguide-screens-v3ppt-read-only-html-document-790-bytes-comau-paint-rfu.jpg)
