本文選題：云計算　切入點：網(wǎng)絡(luò)虛擬化　出處：《國防科學(xué)技術(shù)大學(xué)》2014年碩士論文

【摘要】：作為未來計算的一個重要發(fā)展方向,云計算依賴于數(shù)據(jù)中心來為大型網(wǎng)絡(luò)服務(wù)提供海量計算與數(shù)據(jù)存儲的能力。數(shù)據(jù)中心利用先進的分布式計算技術(shù),將成千上萬的服務(wù)器互聯(lián)到一起,作為一個整體對外提供強大的云服務(wù)。因此,數(shù)據(jù)中心網(wǎng)絡(luò)在很大程度上決定了云服務(wù)的一系列技術(shù)指標(biāo),其中包括十分重要的兩個維度:安全性和可交互性。針對這兩方面性能,本文從資源分配和傳輸層協(xié)議等角度對數(shù)據(jù)中心網(wǎng)絡(luò)進行優(yōu)化。首先,針對數(shù)據(jù)中心網(wǎng)絡(luò)中虛擬機的安全問題,我們從虛擬網(wǎng)絡(luò)映射的角度給出了一個解決方案。通過在理論上分析數(shù)據(jù)中心內(nèi)部虛擬機和虛擬網(wǎng)絡(luò)所面臨的安全威脅,我們將其安全需求歸納并形式化為虛擬網(wǎng)絡(luò)映射問題的三個安全約束,并抽象定義得到面向安全的虛擬網(wǎng)絡(luò)映射問題。針對該問題,我們提出了一個基于節(jié)點排序的啟發(fā)式算法,并通過模擬實驗驗證了它的有效性和高性能。其次,在商用數(shù)據(jù)中心網(wǎng)絡(luò)中,一些延遲敏感的數(shù)據(jù)流的傳輸時間極大地影響了云服務(wù)的響應(yīng)速度和用戶體驗。為了盡可能地減少這些數(shù)據(jù)流的完成時間,學(xué)界已經(jīng)提出了許多解決方案。其中,RepFlow的基本思想為利用常見數(shù)據(jù)中心網(wǎng)絡(luò)的多路特性和路由協(xié)議ECMP的選路機制,將延遲敏感的數(shù)據(jù)流復(fù)制,經(jīng)由不同路徑發(fā)送,并在接收端選擇傳輸較快的一個流,從而大大地降低因網(wǎng)絡(luò)內(nèi)部擁塞而造成高延遲的可能性。我們通過對數(shù)據(jù)流傳輸?shù)呐抨犇Ｐ瓦M行建模,從理論上分析了RepFlow的有效性。之后,針對該模型的缺陷,我們給出了RepFlow的改進方案RepSYN,避免了可能出現(xiàn)性能下降的極端情況。最后,由于RepFlow和RepSYN機制不要求修改傳輸層協(xié)議,能夠在應(yīng)用層很容易地實現(xiàn)。我們選擇在云服務(wù)編程中廣泛采用的Apache Thrift和Node.js編程平臺,使其成為能夠被開發(fā)者直接使用的傳輸層API抽象。我們通過實驗進一步測試了這兩個機制的有效性,并根據(jù)實驗結(jié)果總結(jié)了RepFlow和RepSYN機制選擇性使用的條件。
[Abstract]:As an important direction of computing in the future, cloud computing relies on data centers to provide massive computing and data storage for large network services.The data center uses advanced distributed computing technology to connect thousands of servers together to provide powerful cloud services as a whole.Therefore, the data center network largely determines a series of technical indicators of cloud services, including two very important dimensions: security and interactivity.Aiming at these two aspects, this paper optimizes the data center network from the aspects of resource allocation and transport layer protocol.Firstly, we propose a solution to the security of virtual machines in data center network from the point of view of virtual network mapping.By theoretically analyzing the security threats faced by virtual machines and virtual networks in data centers, we generalize their security requirements and formalize them into three security constraints for virtual network mapping problems.The security oriented virtual network mapping problem is obtained by abstracting the definition.To solve this problem, we propose a heuristic algorithm based on node sorting, and verify its effectiveness and high performance by simulation experiments.Secondly, in commercial data center networks, the transmission time of some delay sensitive data streams greatly affects the response speed and user experience of cloud services.In order to minimize the completion time of these data streams, many solutions have been proposed.The basic idea of RepFlow is to make use of the multipath characteristics of the common data center network and routing protocol ECMP routing mechanism to copy the delayed sensitive data stream, send it through different paths, and select a faster stream at the receiving end.Therefore, the possibility of high delay caused by network congestion is greatly reduced.By modeling the queuing model of data stream transmission, we analyze the validity of RepFlow theoretically.Then, in view of the defects of the model, we present an improved scheme of RepFlow, RepSYN, to avoid the extreme situation of possible performance degradation.Finally, because the RepFlow and RepSYN mechanisms do not require modification of transport layer protocols, they can be easily implemented in the application layer.We choose Apache Thrift and Node.js programming platform, which are widely used in cloud service programming, and make them become transport layer API abstraction which can be used directly by developers.We further test the effectiveness of the two mechanisms through experiments and summarize the conditions for the selective use of the RepFlow and RepSYN mechanisms according to the experimental results.
【學(xué)位授予單位】：國防科學(xué)技術(shù)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08
，

本文編號：1693199