Policies and dynamic information migration in DC
draft-gu-opsa-policies-migration-00

Abstract

Virtualization and Virtual Machine (VM) migration provide Data Center with feasibility and improves the utilization of limited physical resource, e.g. switches/routers, servers and links. Meanwhile, a variety of policies (e.g. ACL, firewalls, load balancers, IPS and QoS) are deployed in Data Center to improve system security and gurantee SLA. Those polices are executed by rules configured or generated on network devices. E.g. packet filtering policies are executed by Access Control List on switches or firewalls. Another example is Load balancer (LB) who extablishes TCP/HTTP connections with external clients and balances connections among server farm. During this process, TCP connection tables are dynamically generated on LB. When VM migrates, the network devices that processing and forward VM's packets may change. In order to keep VM's running serives and guanrantee security on new place, VM-relevant policies, including static policies as well as the dynamically generated information, need to migrate with VM. This draft describes some examples of the policies that need to migrate with VM, the problems that need to consider when migrate polices in Data Center. The goal is to justify that it is necessary for IETF to make new effort on management of virtualized Data Center.

Authors

Fan Yongbing
Gu Yingjie

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)