A hybrid network combines elements of public networks and private networks together to deliver a composition of services and resources to the end user. In one form, a hybrid network may comprise a virtual private cloud (“VPC”), wherein the application services and computing resources are hosted by a service provider in a public network, but are segregated and secured for a particular customer. A virtual network is overlaid on a substrate network and managed so that the computing resources attached to the virtual network appear to be part of a customer's private network. In one configuration, a VPN or other secure channel through the public network(s) is established between the customer and the service provider. Packets from the private network are routed over the VPN to the service provider. There, the service provider translates the packets and routes them to proper host computer systems. In another example, the hybrid network may combine any number of computing resources from the private network(s) with other resources hosted in the public network to provide the combined application services and data to the customer.
Computing resources in the public, private, or hybrid network environments may be implemented using virtualization technologies. Virtualization allows a single physical server, or “host,” to host one or more instances of virtual machines that appear to operate as independent computing devices to end users. With virtualization, the single server can execute a variety of platforms and operating systems to deliver different application services and other processing resources. In addition, virtualization allows computing resources to be easily scalable through the migration of virtual machines from one host to another, or by replicating the virtual machine(s) across a number of hosts, providing increased availability and redundancy.
In some instances, it may be desired to migrate a virtual machine from one host to a different host through a process known as “live migration.” In live migration, the state of the source virtual machine is replicated from a primary host to a target virtual machine provisioned on a secondary host while the source virtual machine continues to operate on the primary host. This may be achieved using a pre-copy approach in which pages of the source virtual machine's memory are iteratively copied from the primary host to the secondary host, all without stopping the execution of the source virtual machine being migrated. Memory pages “dirtied” by the operation of the source virtual machine are copied again in rounds, until nearly all of the memory pages have been copied to the secondary host computer. At that point, the execution of the source virtual machine on the primary host is paused, and the remaining dirty memory pages are copied to the secondary host computer along with the CPU state and other state information of the source virtual machine on the primary host computer. The replicated target virtual machine may then be started on the secondary host computer in order to provide the services of the migrated source virtual machine.
In addition to the migration of the state of the virtual machine, additional resources may also be migrated before or during the live migration, including locally attached peripheral or storage devices, network connections and addresses, and the like. Migrating an entire virtual machine, along with the OS and all of its applications as one unit, may avoid many of the difficulties involved with process-level migration approaches. In addition, the downtime of the migrated virtual machine may be very small, on the order of 100 to 200 milliseconds, thus maintaining high availability of the application services provided by the migrated virtual machine.
While live migration is a powerful tool in the administration of computing resources in a network environment, the process of performing live migration of virtual machines in a hybrid network presents special challenges. For example, migrating a virtual machine from a host in the private network to a host in the public network or VPC may introduce numerous complications, including hardware incompatibility, virtualization software incompatibility, network address portability, storage device migration, secure communication channel(s) between the host in the private network and the host in the public network, and the like. It is with respect to these and other considerations that the disclosure made herein is presented.