Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

MTS: Bringing Multi-Tenancy to Virtual Networking

Kashyap Thimmaraju, Saad Hermak, Gábor Rétvári, Stefan Schmid

TL;DR

This paper presents, implements, and evaluates a virtual switch architecture, MTS, which brings secure design best-practice to the context of multi-tenant virtual networking: compartmentalization of virtual switches, least-privilege execution, complete mediation of all network communication, and reducing the trusted computing base shared between tenants.

Abstract

Multi-tenant cloud computing provides great benefits in terms of resource sharing, elastic pricing, and scalability, however, it also changes the security landscape and introduces the need for strong isolation between the tenants, also inside the network. This paper is motivated by the observation that while multi-tenancy is widely used in cloud computing, the virtual switch designs currently used for network virtualization lack sufficient support for tenant isolation. Hence, we present, implement, and evaluate a virtual switch architecture, MTS, which brings secure design best-practice to the context of multi-tenant virtual networking: compartmentalization of virtual switches, least-privilege execution, complete mediation of all network communication, and reducing the trusted computing base shared between tenants. We build MTS from commodity components, providing an incrementally deployable and inexpensive upgrade path to cloud operators. Our extensive experiments, extending to both micro-benchmarks and cloud applications, show that, depending on the way it is deployed, MTS may produce 1.5-2x the throughput compared to state-of-the-art, with similar or better latency and modest resource overhead (1 extra CPU). MTS is available as open source software.

MTS: Bringing Multi-Tenancy to Virtual Networking

TL;DR

This paper presents, implements, and evaluates a virtual switch architecture, MTS, which brings secure design best-practice to the context of multi-tenant virtual networking: compartmentalization of virtual switches, least-privilege execution, complete mediation of all network communication, and reducing the trusted computing base shared between tenants.

Abstract

Multi-tenant cloud computing provides great benefits in terms of resource sharing, elastic pricing, and scalability, however, it also changes the security landscape and introduces the need for strong isolation between the tenants, also inside the network. This paper is motivated by the observation that while multi-tenancy is widely used in cloud computing, the virtual switch designs currently used for network virtualization lack sufficient support for tenant isolation. Hence, we present, implement, and evaluate a virtual switch architecture, MTS, which brings secure design best-practice to the context of multi-tenant virtual networking: compartmentalization of virtual switches, least-privilege execution, complete mediation of all network communication, and reducing the trusted computing base shared between tenants. We build MTS from commodity components, providing an incrementally deployable and inexpensive upgrade path to cloud operators. Our extensive experiments, extending to both micro-benchmarks and cloud applications, show that, depending on the way it is deployed, MTS may produce 1.5-2x the throughput compared to state-of-the-art, with similar or better latency and modest resource overhead (1 extra CPU). MTS is available as open source software.
Paper Structure (18 sections, 6 figures, 1 table)

This paper contains 18 sections, 6 figures, 1 table.

Table of Contents

  1. Introduction
  2. Securing Virtual Switches
  3. State-of-the-Art
  4. Threat Model
  5. Design Principles and Security Levels
  6. The MTS Architecture
  7. Overview
  8. Detailed Architecture
  9. Evaluating Tradeoffs
  10. Throughput
  11. Latency
  12. Resources
  13. Workload-based Evaluation
  14. Workloads and Results
  15. Discussion
  16. ...and 3 more sections

Figures (6)

  • Figure 1: A high-level view of the tradeoffs between security, performance and resources for the state-of-the-art and MTS
  • Figure 2: High-level overview of MTS in security Level-2. The Red and Blue vswitch compartments (VMs) are allocated dedicated virtual functions (VFs) to communicate with external networks using the In/ Out VF, their respective tenants using the Gw VF and T VF. Communication between the vswitches, tenants and the Host physical function (PF) are mediated via the SR-IOV NIC switch.
  • Figure 3: A step-by-step illustration of how packets enter and leave the Red tenant from Figure \ref{['fig:system']} in MTS. shows how ingress packets reach Tenant$_{Red}$. shows how Tenant$_{Red}$ packets reach an external system Tenant$_{Ext}$.
  • Figure 4: Traffic scenarios evaluated.
  • Figure 5: The security, throughput, latency and resource tradeoff comparison of MTS. The rows indicate the resource mode. The columns are ordered as throughput, latency and resources. The security levels used are shown in the legend. Note the bottom row is for security Level-3 in the isolated resource mode combined with other security levels.
  • ...and 1 more figures