eprintid: 1497044
rev_number: 31
eprint_status: archive
userid: 608
dir: disk0/01/49/70/44
datestamp: 2017-05-26 15:54:05
lastmod: 2020-02-12 17:10:10
status_changed: 2017-07-04 08:53:34
type: proceedings_section
metadata_visibility: show
creators_name: Jeuk, S
creators_name: Salgueiro, G
creators_name: Baker, F
creators_name: Zhou, S
title: Network Segmentation in the Cloud A Novel Architecture Based on UCC and IID
ispublished: pub
divisions: UCL
divisions: A01
divisions: B04
divisions: C05
divisions: F48
keywords: Science & technology, technology, computer science, hardware & architecture, computer science, information systems, computer science.
abstract: Cloud Computing is known for its scalability, flexibility and on-demand workload creation. Today, cloud-enabled data centers utilize VLAN, VxLAN or GRE segmentations but these techniques, despite being widely deployed, have a variety of inherent technical and architectural limitations. In this paper
we introduce a novel architecture leveraging UCC and IID for segmentation, rather than those traditionally used today (e.g., VLAN, VxLAN, etc.). The proposed architecture is entirely based on IPv6 and, for illustrative purposes only, is demonstrated using
OpenStack as the cloud framework. This proposed reference
architecture is based entirely on UCC and IID, two OpenStackindependent concepts, could easily be realized in outer cloud frameworks as well. UCC introduces cloud-specific traffic isolation within IPv6 extension headers. IIDs can be incorporated as a unique identifier within an IPV6 address to identify endpoints.
The combination of both allows network devices to segregate traffic according to cloud service, cloud tenants and endpoint affiliation. Here, we highlight current shortcomings of existing segmentation techniques as well as define design considerations for the cloud framework in question (i.e. in this case OpenStack) to circumvent such limitations. The proposed architecture is depicted and explained in the context of a traffic flow example.
date: 2015-10-07
date_type: published
publisher: IEEE
official_url: http://dx.doi.org/10.1109/CloudNet.2015.7335280
oa_status: green
language: eng
primo: open
primo_central: open_green
verified: verified_manual
elements_id: 1120794
doi: 10.1109/CloudNet.2015.7335280
isbn_13: 9781467395007
lyricists_name: Zhou, Shi
lyricists_id: SZHOU15
actors_name: Zhou, Shi
actors_id: SZHOU15
actors_role: owner
full_text_status: public
series: IEEE International Conference on Cloud Networking
publication: 2015 IEEE 4TH INTERNATIONAL CONFERENCE ON CLOUD NETWORKING (CLOUDNET)
volume: 4
place_of_pub: Niagara Falls, ON, Canada
pagerange: 58-63
pages: 6
event_title: 4th IEEE International Conference on Cloud Networking (CloudNet)
event_location: Niagara Falls, CANADA
event_dates: 05 October 2015 - 07 October 2015
issn: 2374-3239
book_title: Proceedings of 4th International Conference on Cloud Networking (CloudNet), IEEE 2015
editors_name: Boutaba, R
editors_name: Limam, N
editors_name: Kantarci, B
editors_name: Badonnel, R
citation:        Jeuk, S;    Salgueiro, G;    Baker, F;    Zhou, S;      (2015)    Network Segmentation in the Cloud A Novel Architecture Based on UCC and IID.                     In: Boutaba, R and Limam, N and Kantarci, B and Badonnel, R, (eds.) Proceedings of 4th International Conference on Cloud Networking (CloudNet), IEEE 2015.  (pp. pp. 58-63).  IEEE: Niagara Falls, ON, Canada.       Green open access   
 
document_url: https://discovery.ucl.ac.uk/id/eprint/1497044/1/Zhou_Network%20Segmentation_Open.pdf