Hi Sanjing, I found this NIST document and it seems to have a lot of relevent points for your draft. http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf Thanks, Vishwas On Thu, Jan 6, 2011 at 7:33 AM, Sangjin Jeong <sjjeong at etri.re.kr> wrote: > Hello Vishwas, > > Thanks for your comments and editorial suggestion. > I generally agree with you. > Please see inline. > >> Hi, >> >> I had a brief look at the document. I had a few comments on the same: >> >> 1. Introduction - We have talked about advantages of virtualization. >> One of the big benefits of virtualization are the economy of scale. As >> the CPU/ Memory is costs are decreasing, so using a system with higher >> CPU and Memory is better then using 10 systems with 1/10 the memory. >> >> 1.1 Another advantage WRT physical infrastructure, I can see is that >> we can partition resources into chunks that was not possible earlier. >> So we can have links which are like 1.7 Mbps, which allows a higher >> level of compartmentalization. >> >> 2. Introduction - From the way you are talking about network >> virtualization, there is an overhead of resources required for the >> physical topology connectivity, over which the virtual topology >> resides. >> >> 2.2 A disadvantage I can see is that physical topology change will >> cause effect to the virtual links, though the effects may not be >> visible to the virtual topology itself. > > One of the ways to support virtualization is to adopt additional layer > such as virtualization layer in resources. But, this approach can cause > performance degradation due to the additional layer, as you pointed out. > Also, the virtual networks will be affected by the change of physical > network infrastructure, so how to provide dynamic reconfiguration of > virtual networks without interruption of the operation is an important > challenge. > >> >> 3. A lot of routers have virtual router functionality, which allows >> for sharing of resources, between various different instances, in a >> non-interfering fashion, over the same OS instance though. We cannot >> impose any virtual topology on the physical topology, but can be a >> subset of the same. Another example of the same is Multitopology >> extensions. You can talk about these things in the Motivation section >> you mention. >> >> 4. I think one important aspect of isolation is to allow for >> paritioning of resources so that one misbehaving resource does not >> affect the other. > > Agree. Misbehavior of resource or virtual network such as security problem, > overconsumption of physical resource, etc. should not be spread over other > resources or networks. > >> >> 5. From the management perspective, we need different layers of >> management. One which partitions the physical resource to a virtual >> resource, then each virtual resource needs an isolated manager. > > Managers (or management functions) for creating and managing the virtual > networks are one of key components for supporting virtual networks. This > management function can be included in virtualization layer or separate > layer. > >> >> 6. I think one of the important security issue is physical security >> will no longer work. By adding a new layer virtualization increases >> overload, as well as a new vector for security. > > Right. Introducing additional layer or management function can cause > new security problems, for example, compromised management function may > affect all the virtual resources over the physical resource. > > Also, I will incorporate editorial suggestions into the next version of > the document. > > Regards, > Sangjin > >> >> Typo: >> >> 1. Abstract - This document presents the definition and effectiveness >> of virtual networks and discusses the key components and challenges of >> supporting virtual networks on "physical network infrastructure". >> >> Added the words in "...". >> >> 2. >> s/ The virtual networks over physical infrastructure are completely >> isolated each other, / The virtual networks over physical >> infrastructure are completely isolated from each other, / >> >> 3. s/ Virtualization resource is typically realized by adopting >> virtualization layer in the physical resources,/ Virtualization of a >> resource is typically realized by adopting virtualization layer in the >> physical resources,/ >> >> 4. s/efficient control of the virtual resources../ efficient control >> of the virtual resources./ >> >> Thanks, >> Vishwas >> >> ============================================= >> Dear VNRG folks, >> >> As a follow-up of last Beijing meeting, we have developed a document that >> investigates the definition, key components and challenges, and acid tests >> for >> virtual networks. >> >> Please find the document from link below. >> Any comments are appreciated. >> >> Regards, >> Sangjin >> >> ---------- Forwarded message ---------- >> From: <Internet-Drafts at ietf.org> >> Date: Fri, Dec 24, 2010 at 5:00 PM >> Subject: I-D Action:draft-jeong-vnrg-virtual-networks-ps-00.txt >> To: i-d-announce at ietf.org >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> >> Title : Virtual Networks Problem Statement >> Author(s) : S. Jeong, D. Colle >> Filename : draft-jeong-vnrg-virtual-networks-ps-00.txt >> Pages : 9 >> Date : 2010-12-23 >> >> This document presents the definition and effectiveness of virtual >> networks and discusses the key components and challenges of >> supporting virtual networks in the networks. ?It also describes acid >> tests for virtual networks. >> >> A URL for this Internet-Draft is: >> http://www.ietf.org/internet-drafts/draft-jeong-vnrg-virtual-networks-ps-00.tx >> t >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ > >
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.