Traffic Isolation on Multi-Tenant Data Center Networks

To satisfy demanding clients and o↵er features comparable to the competition, infrastructure-as-a-service providers (IaaS) need fast, flexible and easily configurable local networks. OpenStack is one of the most well known open IaaS platforms. Although OpenStack meets most needs of a IaaS platform, its virtualized network implementation still lacks flexibility to support isolation on a multi-tenant network environment. In this work, we developed an application to provide tra c isolation on a multi-tenant data center network that works together with OpenStack, o↵ering a virtualized network environment that follows the SDN paradigm. VLANs, GRE, and MPLS require extra packet fields to encapsulate packets and provide tra c isolation. Moreover, those approaches have a limited network segment space. For instance, VLANs are subject to scalability limitations resulting from space limitations since only 4000 VLANs are allowed. Our approach does not require additional packet fields neither has small segment space. By applying the Software Defined Networks paradigm, the isolation process through packet header re-writing is utilized without requiring any changes to the virtualized network environment or any special hardware. We evaluate our application in real scenarios measuring latency, bandwidth, isolation. The results validate our application for Multi-Tenant data centers.