DOCSLIB.ORG

A Multi-Site Virtual Cluster System for Wide Area Networks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

A Multi-Site Virtual Cluster System for Wide Area Networks Takahiro Hirofuchi∗ Takeshi Yokoi∗ Tadashi Ebara∗† Yusuke Tanimura∗ Hirotaka Ogawa∗ Hidetomo Nakada∗ Yoshio Tanaka∗ Satoshi Sekiguchi∗ ∗National Institute of Advanced Industrial Science and Technology (AIST) †Mathematical Science Advanced Technology Laboratory Co., Ltd. Abstract cent virtualization technologies contribute to great im- provements in efficient resource usage, scalability and A virtual cluster is a promising technology for reduc- flexibility are limited by the total amount of physical ing management costs and improving capacity utiliza- resources at one site. For virtualization of high perfor- tion in datacenters and computer centers. However, re- mance computing environments, emerging virtual clus- cent cluster virtualization systems do not have the max- ter systems allow rapid deployment of customized clus- imum scalability and flexibility required, due to lim- ter systems. They basically reduce deployment costs and ited hardware resources at one site. Therefore, we are improve resource sharing efficiencies. However, exist- now developing an advanced cluster management sys- ing virtual cluster systems focus only on single-site com- tem for multi-site virtual clusters; which provides a vir- puter resources; users cannot create large-scale clusters tual cluster composed of distributed computer resources beyond single-site hardware resources and dynamically over wide area networks. This system has great advan- extend running clusters in a flexible manner, on demand. tages over other cluster management systems designed only for single-site resources; users can create a clus- We designed and implemented a multi-site virtual ter of virtual machines from local and remote physical cluster management system, which enables administra- clusters in a scalable manner, and dynamically change tors to create a virtual cluster composed of virtual ma- the number of cluster nodes on demand, seamlessly. In chines from distributed computer centers easily, and dy- our system, a multi-site cluster achieves a monolithic namically change its components for ever-changing de- system view of cluster nodes to enable existing appli- mands from users, making efficient use of surplus com- cations to be deployed quickly and managed flexibly, putational resources. just as in physical clusters. In this paper, we propose an advanced cluster virtualization mechanism composed In this paper, we propose two key mechanisms for of two key techniques. An L2 network extension of multi-site support of cluster virtualization: An L2 ex- virtual machine networks allows transparent deployment tension of virtual machine networks allows transparent over networks for distributed virtual cluster nodes, and virtual cluster deployment over WANs, and contributes a transparent package caching mechanism greatly opti- to the same usability as a single physical cluster, through mizes data transfers in virtual cluster deployment over unmodified application programs. In addition, a package network latencies. Experimental results show multi-site caching mechanism is an essential component for scal- virtual clusters have sufficient feasibility in WAN envi- able deployment of multi-site virtual clusters. It dramat- ronments and promise great scalability for a large-scale ically reduces backbone network traffic among sites and number of virtual nodes. alleviates network resource requirements to the lowest feasible levels. 1 Introduction Section 2 clarifies the concept of multi-site virtual clusters and Section 3 presents key mechanisms for Large-scale datacenters and computer centers need to multi-site support. Section 4 gives design details and maintain enough computer system resources for their Section 5 evaluates prototype implementation through customers in a cost-effective manner. However, it is experiments. Section 6 notes additional discussions, and difficult to make appropriate investments against unpre- Section 7 summarizes related work. Finally, we conclude dictable demands on processing powers. Although re- this paper in Section 8. 1 propriately hidden from the inside of the virtual cluster. Remote computer resources are integrated into a uniform computing environment over its underlying heterogene- ity, so that existing cluster applications can be applied to distributed environments with smaller efforts. A user ba- sically operates a virtual cluster in the same manner as a physical one, using unmodified programs designed for physical clusters. 3 Virtual Cluster Management System This section describes our virtual cluster management system. We recently decided to extend our single-site vir- tual cluster management system [10] for multi-site clus- ter virtualization. Its system architecture was carefully Figure 1: Multi-site virtual cluster concept designed to be composed of standard technologies, and its components were well-modularized for further exten- sion and customization. Therefore, multi-site extensions 2 Multi-Site Virtual Cluster can be seamlessly integrated with it without large modi- fications. The basic mechanism of cluster virtualization A multi-site virtual cluster is an advanced cluster virtu- is the same as that of multi-site cluster virtualization. alization concept for greater scalability and flexibility, as In our system, virtual clusters are based on three well as sufficient usability. Beyond physical hardware types of hardware virtualization; virtual machine mon- limitations at one site, it aims to integrate distributed itors (VMMs) for processor virtualization, logical vol- computational resources into a single cluster form by ex- ume manager (LVM) and iSCSI [16] for storage access, ploiting recent broad bandwidth backbone advances in and VLAN [6] for network isolation. A VMM works on WAN environments. A conceptual overview is illustrated each node of a physical cluster and hosts multiple vir- in Figure 1, and its advantages are summarized as fol- tual machines on it. Storage devices of a virtual machine lows. are attached via iSCSI from dedicated storage servers, in Scalability: A virtual cluster overlaying multiple sites which an LVM allocates storage space from large hard can be composed of a greater number of computational disks. A physical node hosts several virtual machines, nodes than can single-site hardware resources. This each of which is a member of different virtual clusters. breaks hardware resource limitations at a single site, and The private network of a virtual cluster is logically sep- integrates distributed computer resources as virtual clus- arated from the physical cluster’s networks by VLAN. ters. In recent years, broadband networks over 1Gbps Virtual clusters are completely isolated from each other, have been widely deployed between large-scale data cen- so that users can never use sniffer and tamper with net- ters and computer centers, and end-to-end reservations work packets of other clusters. of network resources are becoming possible in academic A user interface is provided through a web browser. and commercial backbone networks. These networks en- An administrator can specify the upper limit of physical able virtual clusters to be extended to other remote sites resources allocated for a virtual cluster, and users make in a scalable manner. reservations of virtual clusters with the number of virtual Flexibility: A virtual cluster can be dynamically ex- nodes, the amount of the memory and storage required, panded according to user requests, by adding more and and the start / end time. Users can also specify an operat- more virtual machines from remote sites. It is also pos- ing system and applications which are then automatically sible to shrink it by releasing virtual machines. The vir- installed in a reserved virtual cluster. tual nodes belonging to a virtual cluster can be substi- Our system is fully compatible with a widely-used tutable with other virtual machines of remote sites in cluster management framework, NPACI Rocks [14], in a fairly transparent manner; for instance, some virtual order to allow users to utilize its pre-packaged soft- nodes can be moved to other sites for hardware mainte- ware repository of various cluster applications. A self- nance or power saving of physical clusters. contained ISO image, called a Roll, includes a set of Usability: Even though a virtual cluster consists of RPM files for a cluster application, as well as its cluster- distributed virtual machines located at remote sites, it can aware configuration scripts. It should be noted that our be seen as a single system image ”cluster” for users and system is also distributed as a Roll, which means Rocks applications. Its underlying networking topology is ap- users can easily install virtual cluster management sys- 2 scalable, flexible, and usable as much as possible for available hardware resources. We consider this basic de- sign architecture is also applicable to multi-site virtual clusters. Its multi-site support should be achieved by a straightforward extension of the existing design; scala- bility, flexibility, and usability are improved in a transpar- ent manner for users, applications, and cluster manage- ment systems. Users should be able to utilize multi-site virtual clusters seamlessly by using existing programs for physical clusters. Figure 2: Virtual cluster management system for a single Second, multi-site virtual clusters should be allocated site rapidly, and their internal operating systems and appli- cations should be also installed and configured quickly, with the minimum
Recommended publications
  • Uila Supported Apps

    Uila Supported Apps

    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
  • N2N: a Layer Two Peer-To-Peer VPN

    N2N: a Layer Two Peer-To-Peer VPN

    N2N: A Layer Two Peer-to-Peer VPN Luca Deri1, Richard Andrews2 ntop.org, Pisa, Italy1 Symstream Technologies, Melbourne, Australia2 {deri, andrews}@ntop.org Abstract. The Internet was originally designed as a flat data network delivering a multitude of protocols and services between equal peers. Currently, after an explosive growth fostered by enormous and heterogeneous economic interests, it has become a constrained network severely enforcing client-server communication where addressing plans, packet routing, security policies and users’ reachability are almost entirely managed and limited by access providers. From the user’s perspective, the Internet is not an open transport system, but rather a telephony-like communication medium for content consumption. This paper describes the design and implementation of a new type of peer-to- peer virtual private network that can allow users to overcome some of these limitations. N2N users can create and manage their own secure and geographically distributed overlay network without the need for central administration, typical of most virtual private network systems. Keywords: Virtual private network, peer-to-peer, network overlay. 1. Motivation and Scope of Work Irony pervades many pages of history, and computing history is no exception. Once personal computing had won the market battle against mainframe-based computing, the commercial evolution of the Internet in the nineties stepped the computing world back to a substantially rigid client-server scheme. While it is true that the today’s Internet serves as a good transport system for supplying a plethora of data interchange services, virtually all of them are delivered by a client-server model, whether they are centralised or distributed, pay-per-use or virtually free [1].
  • Understanding Full Virtualization, Paravirtualization, and Hardware Assist

    Understanding Full Virtualization, Paravirtualization, and Hardware Assist

    VMware Understanding Full Virtualization, Paravirtualization, and Hardware Assist Contents Introduction .................................................................................................................1 Overview of x86 Virtualization..................................................................................2 CPU Virtualization .......................................................................................................3 The Challenges of x86 Hardware Virtualization ...........................................................................................................3 Technique 1 - Full Virtualization using Binary Translation......................................................................................4 Technique 2 - OS Assisted Virtualization or Paravirtualization.............................................................................5 Technique 3 - Hardware Assisted Virtualization ..........................................................................................................6 Memory Virtualization................................................................................................6 Device and I/O Virtualization.....................................................................................7 Summarizing the Current State of x86 Virtualization Techniques......................8 Full Virtualization with Binary Translation is the Most Established Technology Today..........................8 Hardware Assist is the Future of Virtualization, but the Real Gains Have
  • Enabling Intel® Virtualization Technology Features and Benefits

    Enabling Intel® Virtualization Technology Features and Benefits

    WHITE PAPER Intel® Virtualization Technology Enterprise Server Enabling Intel® Virtualization Technology Features and Benefits Maximizing the benefits of virtualization with Intel’s new CPUs and chipsets EXECUTIVE SUMMARY Although virtualization has been accepted in most data centers, some users have not yet taken advantage of all the virtualization features available to them. This white paper describes the features available in Intel® Virtualization Technology (Intel® VT) that work with Intel’s new CPUs and chipsets, showing how they can benefit the end user and how to enable them. Intel® Virtualization Technology Goldberg. Thus, developers found it difficult Feature Brief and Usage Model to implement a virtual machine platform on Intel VT combines with software-based the x86 architecture without significant virtualization solutions to provide maximum overhead on the host machine. system utilization by consolidating multiple environments into a single server or PC. In 2005 and 2006, Intel and AMD, working By abstracting the software away from the independently, each resolved this by creat- underlying hardware, a world of new usage ing new processor extensions to the x86 models opens up that can reduce costs, architecture. Although the actual implemen- increase management efficiency, and tation of processor extensions differs strengthen security—all while making your between AMD and Intel, both achieve the computing infrastructure more resilient in same goal of allowing a virtual machine the event of a disaster. hypervisor to run an unmodified operating system without incurring significant emula- During the last four years, Intel has intro- tion performance penalties. duced several new features to Intel VT. Most of these features are well known, but others Intel VT is Intel’s hardware virtualization for may not be.
  • PCI DSS Virtualization Guidelines

    PCI DSS Virtualization Guidelines

    Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011 Author: Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines Information Supplement • PCI DSS Virtualization Guidelines • June 2011 Table of Contents 1 Introduction ....................................................................................................................... 3 1.1 Audience ................................................................................................................ 3 1.2 Intended Use .......................................................................................................... 4 2 Virtualization Overview .................................................................................................... 5 2.1 Virtualization Concepts and Classes ..................................................................... 5 2.2 Virtual System Components and Scoping Guidance ............................................. 7 3 Risks for Virtualized Environments .............................................................................. 10 3.1 Vulnerabilities in the Physical Environment Apply in a Virtual Environment ....... 10 3.2 Hypervisor Creates New Attack Surface ............................................................. 10 3.3 Increased Complexity of Virtualized Systems and Networks .............................. 11 3.4 More Than One Function per Physical System ................................................... 11 3.5 Mixing VMs of
  • Peer-To-Peer Protocol and Application Detection Support

    Peer-To-Peer Protocol and Application Detection Support

    Peer-to-Peer Protocol and Application Detection Support This appendix lists all the protocols and applications currently supported by Cisco ASR 5500 ADC. • Supported Protocols and Applications, page 1 Supported Protocols and Applications This section lists all the supported P2P protocols, sub-protocols, and the applications using these protocols. Important Please note that various client versions are supported for the protocols. The client versions listed in the table below are the latest supported version(s). Important Please note that the release version in the Supported from Release column has changed for protocols/applications that are new since the ADC plugin release in August 2015. This will now be the ADC Plugin Build number in the x.xxx.xxx format. The previous releases were versioned as 1.1 (ADC plugin release for December 2012 ), 1.2 (ADC plugin release for April 2013), and so on for consecutive releases. New in this Release This section lists the supported P2P protocols, sub-protocols and applications introduced in the ADC Plugin release for December 1, 2017. ADC Administration Guide, StarOS Release 21.6 1 Peer-to-Peer Protocol and Application Detection Support New in this Release Protocol / Client Client Version Group Classification Supported from Application Release 6play 6play (Android) 4.4.1 Streaming Streaming-video ADC Plugin 2.19.895 Unclassified 6play (iOS) 4.4.1 6play — (Windows) BFM TV BFM TV 3.0.9 Streaming Streaming-video ADC Plugin 2.19.895 (Android) Unclassified BFM TV (iOS) 5.0.7 BFM — TV(Windows) Clash Royale
  • Virtualization and Shared Infrastructure Data Storage for IT in Kosovo Institutions Gani Zogaj

    Virtualization and Shared Infrastructure Data Storage for IT in Kosovo Institutions Gani Zogaj

    Rochester Institute of Technology RIT Scholar Works Theses Thesis/Dissertation Collections 2012 Virtualization and shared Infrastructure data storage for IT in Kosovo institutions Gani Zogaj Follow this and additional works at: http://scholarworks.rit.edu/theses Recommended Citation Zogaj, Gani, "Virtualization and shared Infrastructure data storage for IT in Kosovo institutions" (2012). Thesis. Rochester Institute of Technology. Accessed from This Master's Project is brought to you for free and open access by the Thesis/Dissertation Collections at RIT Scholar Works. It has been accepted for inclusion in Theses by an authorized administrator of RIT Scholar Works. For more information, please contact [email protected]. AMERICAN UNIVERSITY IN KOSOVO MASTER OF SCIENCE IN PROFESSIONAL STUDIES Virtualization and Shared Infrastructure Data Storage for IT in Kosovo institutions “Submitted as a Capstone Project Report in partial fulfillment of a Master of Science degree in Professional Studies at American University in Kosovo” By Gani ZOGAJ November, 2012 Virtualization and Shared Infrastructure Data Storage for IT in Kosovo institutions ACKNOWLEDGEMENTS First, I would like to thank God for giving me health for completing my Master’s Degree studies. I would like to express my gratitude to my supervisor of capstone proposal, Bryan, for his support and for giving me suggestions and recommendations throughout the Capstone Project work. Finally, I would like to thank my wife, Shkendije, and my lovely daughters, Elisa and Erona, who I love so much, for their understanding while I was preparing the Capstone Project and I couldn’t spend enough time with them. 2 Virtualization and Shared Infrastructure Data Storage for IT in Kosovo institutions Table of Contents Figures and Tables………………………………………………….……………….……….……5 List of Acronyms………………………………………………………………....………….……6 Executive Summary……………………………………………………..………………...………8 Chapter 1…………………………………………………………………………...…………….11 1.
  • Oracle® Linux Virtualization Manager Getting Started Guide

    Oracle® Linux Virtualization Manager Getting Started Guide

    Oracle® Linux Virtualization Manager Getting Started Guide F25124-11 September 2021 Oracle Legal Notices Copyright © 2019, 2021 Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract.
  • Firecracker: Lightweight Virtualization for Serverless Applications

    Firecracker: Lightweight Virtualization for Serverless Applications

    Firecracker: Lightweight Virtualization for Serverless Applications Alexandru Agache, Marc Brooker, Andreea Florescu, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa, Amazon Web Services https://www.usenix.org/conference/nsdi20/presentation/agache This paper is included in the Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’20) February 25–27, 2020 • Santa Clara, CA, USA 978-1-939133-13-7 Open access to the Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’20) is sponsored by Firecracker: Lightweight Virtualization for Serverless Applications Alexandru Agache Marc Brooker Andreea Florescu Amazon Web Services Amazon Web Services Amazon Web Services Alexandra Iordache Anthony Liguori Rolf Neugebauer Amazon Web Services Amazon Web Services Amazon Web Services Phil Piwonka Diana-Maria Popa Amazon Web Services Amazon Web Services Abstract vantage over traditional server provisioning processes: mul- titenancy allows servers to be shared across a large num- Serverless containers and functions are widely used for de- ber of workloads, and the ability to provision new func- ploying and managing software in the cloud. Their popularity tions and containers in milliseconds allows capacity to be is due to reduced cost of operations, improved utilization of switched between workloads quickly as demand changes. hardware, and faster scaling than traditional deployment meth- Serverless is also attracting the attention of the research com- ods. The economics and scale of serverless applications de- munity [21,26,27,44,47], including work on scaling out video mand that workloads from multiple customers run on the same encoding [13], linear algebra [20, 53] and parallel compila- hardware with minimal overhead, while preserving strong se- tion [12].
  • Reference Architecture: Lenovo Client Virtualization (LCV) with Thinksystem Servers

    Reference Architecture: Lenovo Client Virtualization (LCV) with Thinksystem Servers

    Reference Architecture: Lenovo Client Virtualization (LCV) with ThinkSystem Servers Last update: 10 June 2019 Version 1.3 Base Reference Architecture Describes Lenovo clients, document for all LCV servers, storage, and networking solutions hardware used in LCV solutions LCV covers both virtual Contains system performance desktops and hosted considerations and performance desktops testing methodology and tools Mike Perks Pawan Sharma Table of Contents 1 Introduction ............................................................................................... 1 2 Business problem and business value ................................................... 2 3 Requirements ............................................................................................ 3 4 Architectural overview ............................................................................. 6 5 Component model .................................................................................... 7 5.1 Management services ............................................................................................ 10 5.2 Support services .................................................................................................... 11 5.2.1 Lenovo Thin Client Manager ...................................................................................................... 11 5.2.2 Chromebook management console ........................................................................................... 12 5.3 Storage .................................................................................................................
  • Paravirtualization (PV)

    Paravirtualization (PV)

    Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels of privilege known as Ring 0, 1, 2 and 3 to operating systems and applications to manage access to the computer hardware. While user level applications typically run in Ring 3, the operating system needs to have direct access to the memory and hardware and must execute its privileged instructions in Ring 0. x86 privilege level architecture without virtualization Technique 1: Full Virtualization using Binary Translation This approach relies on binary translation to trap (into the VMM) and to virtualize certain sensitive and non-virtualizable instructions with new sequences of instructions that have the intended effect on the virtual hardware. Meanwhile, user level code is directly executed on the processor for high performance virtualization. Binary translation approach to x86 virtualization Full Virtualization using Binary Translation This combination of binary translation and direct execution provides Full Virtualization as the guest OS is completely decoupled from the underlying hardware by the virtualization layer. The guest OS is not aware it is being virtualized and requires no modification. The hypervisor translates all operating system instructions at run-time on the fly and caches the results for future use, while user level instructions run unmodified at native speed. VMware’s virtualization products such as VMWare ESXi and Microsoft Virtual Server are examples of full virtualization. Full Virtualization using Binary Translation The performance of full virtualization may not be ideal because it involves binary translation at run-time which is time consuming and can incur a large performance overhead.
  • Virtual Private Networ Ks

    Virtual Private Networ Ks

    5 Virtual Private Networ ks 5.1 Introduction In Part 2, we discuss virtual private networks (VPNs). Chapter 4 had some examples of VPNs, but we were interested mainly in their tunneling aspects and didn’t dwell on their security and authentication features. In this chapter, we define VPN and briefly revisit the VPNs from Chapter 4. In the rest of Part 2, we study several types of VPNs, see how they are used, and take note of their strengths and weaknesses. As we shall see, these VPNs can operate at any layer in the TCP/IP stack. As usual, we will be less concerned with the administrative details of configuring the VPNs than with developing an appreciation for the protocols them- selves and the manifestation of those protocols on the wire. Before beginning our discussion of VPNs, we should agree on a definition for them. We already have an implicit definition from our study of MPLS VPNs in Chapter 4. We might say that according to that definition, a VPN is a method of using tunneling to build a private overlay network on top of a public network in such a way that the secu- rity of the private network is equivalent to that provided by leased lines. But this defi- nition suffers from a lack of precision as to the meaning of ‘‘security equivalent to that provided by leased lines’’ and is a bit too general for our purposes. Instead, let us say that a virtual private network is an overlay network built with tunnels in which the tunnel payloads are encrypted and authenticated.