Fujitsu Develops Innovative Technology for Fast, Automated Setup of Virtual Networks for Linux Containers
Aug 5, 2015
Kawasaki, Japan, August 05, 2015
Fujitsu Laboratories Ltd. today announced development of the world's first technology for fast and automatic setup of client-segregated virtual networks that are built over multiple Linux containers. These containers offer virtualization for high-speed launches and running.
To use containers, which launch in roughly 0.2 seconds, in the cloud like virtual machines, quick setup of client-segregated virtual networks is required. Previously, including the time required to configure physical switches, it took several seconds to set up a network built over multiple containers, which made it impractical for clients to use an environment consisting of multiple containers.
Now, by distributing network information in advance to the physical switches, and automatically creating a network upon the detection of container activation, Fujitsu Laboratories has developed technology that enables client-segregated networks built over multiple containers to be set up within one second. This enables a system on the scale of several hundred containers to be used immediately following their launch. As a result, systems can immediately be scaled out, supporting, for example, web services that temporarily experience sudden spikes in traffic, such as during special events or marketing campaigns.
This technology will be announced at Asia-Pacific Network Operations and Management Symposium (APNOMS) 2015, opening August 19 in Pusan, South Korea.
With special events and online campaigns, in the span of hours, web services can see sudden spikes in traffic. Because highly variable traffic can affect quality of service, cloud-computing technologies that can dynamically allocate resources have come into widespread use in recent years. As a result, the time needed to scale out infrastructure has been slashed from a few days or weeks to just a few minutes.
There are, however, many situations where even a delay of a few minutes is too slow, such as when a new item for a game is being made available for only a limited time or when many commuters are simultaneously searching for an alternative route due to a train delay. There has, therefore, been a need for technology that can instantaneously mitigate spiking server loads. Containers have attracted attention as a virtualization technology that is well suited to such situations. In contrast to virtual machines, which virtualize the entire server, containers are virtualization technology that separates application-execution environments on the host operating system. As there is no need to launch an operating system for each virtual machine, the virtualization overhead is smaller, making for lighter launching and running. By taking advantage of this feature, containers enable infrastructure as a service (IaaS) environments that can respond to load fluctuations instantaneously and with high efficiency.
Figure 1: Comparison of virtual machine (VM) and container architectures
From a security standpoint, using containers for IaaS environments requires that network resources be segregated by client, especially so that communications data from one network does not reach another client. Although containers can be launched in roughly 0.2 seconds, compared with several minutes to launch a virtual machine, network setup required several seconds because device settings were configured from the operations-management system via the controller. As such, even with a fast-launching container, network setup lagged considerably behind. For this reason, the challenge has been to set up client-segregated networks spanning multiple containers as quickly as the containers can be launched.
About the Technology
Typically, virtualization-technology infrastructure is built over multiple physical servers, and the containers that get used depend on the status of the physical servers launched. To accommodate this, Fujitsu Laboratories developed a technology that distributes and pools each client's network information, in the form of the interface address (MAC addresses) and the virtual-network (Virtual LAN, or VLAN) information, from the controller to the physical switch beforehand (Figure 2).
Using this technology, the network settings that took time to pass through the controller are already configured before the container launches (Figure 2, step 1). Additionally, by integrating with the newly developed functions described below, it becomes possible to rapidly set up networks (Figure 3) following the launch of additional containers (scaling out; Figure 2, step 2).
- Based on the previously distributed network information, the physical switch is automatically set immediately after container launch (Figure 2, step 3)(1) .
- Coinciding with container launch, VLAN configured for the virtual switch in the server (Figure 2, step 4).
- Container teardowns are continuously monitored, and network resources are automatically released when a container is torn down (scaling in; Figure 2, step 5).
Figure 2: Overview of the technology Larger View (126 KB)
Figure 3: Overall sequence of processes Larger View (100 KB)
This technology makes it possible for single-client virtual networks that combine virtual switches and physical switches to be set up in roughly 0.2 seconds. Together with container launch time, a system is ready for use in less than one second. This technology delivers a flexible application execution environment on such systems where multiple clients reside, providing services with the agility to adapt to spikes in access that occur with events, campaigns or other activities by swiftly scaling out, thereby avoiding opportunity losses.
Fujitsu Laboratories is looking at ways to integrate this technology as a plug-in into OpenStack, the open-source software for cloud platforms, with the goal of a practical implementation during fiscal 2016.