Multi-tenant support is a basic demand for cloud data center networks, which requires service isolations between different tenants. One type of service isolation is address isolation which provides overlapping addresses to different tenants. In current standards, such as Internet Engineering Task Force Network Virtualization Overlays (IETF NVO3) standards, a virtual network identifier (VNID) is provided to support the separation of virtual networks of different tenants in overlay virtual networks. Addressing and host configuration can be provided through Dynamic Host Configuration Protocol (DHCP), which provides configuration parameters to hosts.
DHCP has two components, including a protocol for delivering host-specific configuration parameters from a DHCP server to a host and a mechanism for allocation of network addresses to hosts. In DHCP, the protocol only supports a configuration in a single address space. Therefore, each DHCP server can only be configured with configuration parameters of a single address space (i.e., the protocol cannot support overlapped address spaces). Thus, the client of the DHCP server can only obtain an address from this single address space.
In order to provide overlapping addresses to different tenants in cloud data center networks, separate DHCP servers must be set up for each tenant. This is usually implemented by setting up a unique DHCP server in a separate LINUX namespace (i.e., operating system level virtualization) or running multiple DHCP servers in different hosts. In these implementations, there is one DHCP server for a tenant, and the addresses provided to different tenants can be overlapped.
However, configuring multiple Linux namespaces is complex and resource/computation intensive since there is usually only one physical network interface card used to connect to the data network. Further, multiple Linux namespaces requires multiple virtual network interfaces to be created and connected to an Ethernet bridge to serve those namespaces and multiple DHCP server instances to be run in which each one of them only serves a single tenant or even a single network segment. Also, there is a lack of scalability when a number of tenants grow into the thousands. Further, many legacy operating systems (e.g., WINDOWS SERVER and legacy LINUX kernels before 2.6.32.xx) do not support LINUX namespaces.
Moreover, there is no inter-operability between overlay networks, even when using overlay encapsulation protocols for multi-tenant support, such as virtual local area network (VLAN), virtual extensible local area network (VXLAN), distributed overlay virtual Ethernet (DOVE), network virtualization using generic routing encapsulation (NVGRE), stateless transport tunneling (STT), generic network virtualization encapsulation (GENEVE), etc. Therefore, such systems do not provide the flexibility required for multi-tenant support.