Self-managing virtual networks for wide-area distributed computing

Sharing of computing and storage resources among different institutions and individuals connected over the Internet is seen as a solution to meet the ever-increasing computation and storage demands of modern applications. Several factors curtail the ability of existing applications to run seamlessly on Wide-area Networks (WANs): heterogeneous resource configurations, obscured access to resources due to Network Address Translators (NATs) and firewalls, inability to express sharing policies and lack of isolation provided by operating systems.;This work addresses the problem of providing bi-directional network connectivity among wide-area resources behind NATs and firewalls. At the core of the presented approach is a self-managing networking infrastructure (IPOP) that aggregates wide-area hosts into a private network with decoupled address space management, and is functionally equivalent to a Local-area network (LAN) environment where a wealth of existing, unmodified IP-based applications can be deployed. The IPOP virtual network tunnels the traffic generated by applications over a P2P-based overlay network, which handles NAT/Firewall traversal (through hole-punching techniques) and dynamically adapts its topology (through establishment of direct connections between communicating nodes) in a self-organized, decentralized manner. Together with classic virtual machine technology for software dissemination, IPOP facilitates deployment of large-scale distributed computing environments on wide-area hosts owned by different organization and individuals. A real deployment of the system has been up and running for more than one year, providing access to computational resources for several users.;This dissertation makes the following contributions in the area of virtualization applied to wide-area networks: a novel self-organizing IP-over-P2P system with decentralized NAT traversal; decentralized self-optimization techniques to create overlay links between nodes based on traffic inspection; creation of isolated address spaces and decentralized allocation of IP addresses within each such address space using Distributed Hash Tables (DHTs); tunneling of overlay links for maintaining the overlay structure even in presence of NATs and routing outages; and techniques for proxy discovery for tunnel nodes using network coordinates.;I describe the IPOP virtual network architecture and present an evaluation of a prototype implementation using well-known network performance benchmarks and a set of distributed applications. To further facilitate deployment of IPOP, I describe techniques that allow new users to easily create and manage isolated address spaces and decentralized allocation of IP addresses within each such address space. I present generally applicable techniques that facilitate consistent routing in structured P2P systems even in presence of overlay faults, thereby benefiting different applications of these systems. In the context of the IPOP system, these techniques provide improved virtual IP connectivity. I also describe and evaluate decentralized techniques for discovering suitable proxy nodes to establish a 2-hop overlay path between virtual IP nodes, when direct communication is not possible.