The present invention relates to virtual networking, and more particularly, this invention relates to implementing Quality of Service (QoS) for packets in a multi-tenant-aware overlay virtual network.
Overlay Virtual Networks (OVNs) use protocol headers that are encapsulated in packets on top of the original network packet to create location transparency. Most OVNs, such as an OVN which uses Virtual eXtensible Local Area Network (VXLAN), Network Virtualization using Generic Routing Encapsulation (NVGRE), or others, adheres to this encapsulation scheme. Due to the additional encapsulation protocol headers, it is not possible for existing or legacy Inter-Networking Elements (INEs), such as physical infrastructure routers and switches, among others, to determine information from within the original packet, such as QoS information. This is because the original packet inside of the overlay protocol headers is encapsulated as a traditional data payload to the legacy INEs. Furthermore, this lack of visibility of the original packet prevents INEs from implementing sophisticated network security and services.
Protocols like VXLAN use User Datagram Protocol/Internet Protocol (UDP/IP) to encapsulate the original Ethernet packet for transmission over physical networks. The original Ethernet packets are tunneled through the network from an originator to a nearest VXLAN gateway. VXLAN gateways connect virtual networks to non-virtual networks (legacy networks having physical components). Since VXLAN gateways understand (are capable of processing) VXLAN protocol and tunnels, they have the capability to identify the encapsulated packets. However, currently, these gateways are not capable of applying services or security to traffic flowing therethrough.
Furthermore, OVNs allow creation of independent virtual networks on a pertenant basis. These virtual networks utilize and share the same physical networking hardware which may or may not be aware of network virtualization. Typically, such physical networking devices inspect a network packet's Ethernet header and Internet Protocol (IP) header in order to make QoS decisions. At a server level, traffic generated by Virtual Machines (VMs), regardless of the virtual network it is attached to or correlated with, is encapsulated by an overlay-capable device, such as a virtual switch in a hypervisor using a tunneling specific protocol, such as VXLAN, NVGRE, etc., used to implement the OVN fabric. Since packets from each VM are treated as payload inside outer tunnel-specific packets, QoS attributes provided by VM packets are not visible to the underlay physical network shared by the OVNs. Therefore, existing pure encapsulation methods for OVN traffic lack an efficient mechanism to honor committed Service Level Agreements (SLAs) for a given overlay virtual network associated with a specific tenant.
Therefore, an efficient and reliable method to provide QoS on a per-tenant basis in a multi-tenant-aware OVN would be very beneficial.