Towards Virtual Networks for Virtual Machine Grid ComputingAnanth I. Sundararaj Peter A. Dinda{ais,pdinda}@cs.northwestern.eduDepartment of Computer Science, Northwestern UniversityAbstractVirtual machines can greatly simplify wide-area dis-tributed computing by lowering the level of abstraction tothe benefit of both resource providers and users. Network-ing, however, can be a challenge because remote sites areloath to provide connectivity to any machine attached to thesite network by outsiders. In response, we have developeda simple and efficient layer two virtual network tool that ineffect connects the virtual machine to the home network ofthe user, making the connectivity problem identical to thatfaced by the user when connecting any new machine to hisown network. We describe this tool and evaluate its perfor-mance in LAN and WAN environments. Next, we describeour plans to enhance it to become an adaptive virtual net-work that will dynamically modify its topology and routingrules in response to the offered traffic load of the virtualmachines it supports and to the load of the underlying net-work. We formalize the adaptation problem induced by thisscheme and take initial steps to solving it. The virtual net-work will also be able to use underlying resource reserva-tion mechanisms on behalf of virtual machines. Both adap-tation and reservation will work with existing, unmodifiedapplications and operating systems.1 IntroductionRecently, interest in using OS-level virtual machinesas the abstraction for grid computing and for distributedcomputing in general has been growing [11, 21, 13, 15].Virtual machine monitors such as VMware [37], IBM’sVM [17], and Microsoft’s Virtual Server [27], as well as vir-tual server technology such as UML [4], Ensim [9], and Vir-tuozzo [36], have the potential to greatly simplify manage-ment from the perspective of resource owners and to pro-Effort sponsored by the National Science Foundation under Grants ANI-0093221, ACI-0112891, ANI-0301108, EIA-0130869, EIA-0224449, anda gift from VMWare. Any opinions, findings and conclusions or recom-mendations expressed in this material are those of the author and do notnecessarily reflect the views of the National Science Foundation (NSF).vide great flexibility to resource users. Much grid middle-ware and application software is quite complex. Being ableto package a working virtual machine image that containsthe correct operating system, libraries, middleware, and ap-plication can make it much easier to deploy something new,using relatively simple middleware that knows only aboutvirtual machines. We have made a detailed case for gridcomputing on virtual machines in a previous paper [11].Unlike traditional units of work in distributed systems,such as jobs, processes, or RPC calls, a virtual machine has,and must have, a direct presence on the network at layer 3and below. We must be able to communicate with it. VMMsoftware recognizes this need and typically creates a virtualEthernet card for the guest operating system to use. Thisvirtual card is then emulated using the physical networkcard in the host machine in one of several ways. The mostflexible of these bridges the virtual card directly to the samenetwork as the physical card, making the virtual machinea first class citizen on the same network, indistinguishablefrom a physical machine.Within a single site, this works very well, as there areexisting mechanisms to provide new machines with access.Grid computing, however, is intrinsically about using mul-tiple sites, with different network management and securityphilosophies, often spread over the wide area [12]. Runninga virtual machine on a remote site is equivalent to visitingthe site and connecting a new machine. The nature of thenetwork presence (active Ethernet port, traffic not blocked,routable IP address, forwarding of its packets through fire-walls, etc) the machine gets, or whether it gets a presenceat all, depends completely on the policy of the site. The im-pact of this variation is further exacerbated as the numberof sites is increased, and if we permit virtual machines tomigrate from site to site.To deal with this problem in our own project, we havedeveloped VNET, a simple layer 2 virtual network tool. Us-ing VNET, virtual machines have no network presence atall on a remote site. Instead, VNET provides a mechanismto project their virtual network cards onto another network,which also moves the network management problem fromone network to another. For example, all of a user’s vir-tual machines can be made to appear to be connected tothe user’s own network, where the user can use his existingmechanisms to assure that they have appropriate networkpresence. Because the virtual network is a layer 2 one, amachine can be migrated from site to site without changingits presence—it always keeps the same IP address, routes,etc. The first part of this paper describes how VNET worksand presents performance results for local-area and wide-area use. VNET is publicly available from us.As we have developed VNET, we have come to believethat virtual networks designed specifically for virtual ma-chine grid computing can be used for much more than sim-plifying the management problem. In particular, becausethey see all of the traffic of the virtual machines, they arein an ideal position to (1) measure the traffic load and ap-plication topology of the virtual machines, (2) monitor theunderlying network, (3) adapt application as measured by(1) to the network as measured by (2) by relocating virtualmachines and modifying the virtual network topology androuting rules, and (4) take advantage of resource reservationmechanisms in the underlying network. Best of all, theseservices can be done on behalf of existing, unmodified ap-plications and operating systems running in the virtual ma-chines. The second part of this paper lays out this argument,formalizes the adaptation problem, and takes initial steps tosolving it.2 Related workOur work builds on operating-system level virtual ma-chines, of which there are essentially two kinds. Virtual ma-chine monitors, such as VMware [37], IBM’s VM [17], andMicrosoft’s Virtual Server [27] present an abstraction thatis identical to a physical machine. For example, VMWare,which we use, provides the abstraction of an Intel IA32-based PC (including one or more processors, memory, IDEor SCSI disk controllers, disks, network interface cards,video card, BIOS, etc.) On top of this