IP address multiplexing for VEEs

By: 
R. Singh, T. Brecht, S. Keshav
Appears in: 
CCR April 2014

The number of publicly accessible virtual execution environments (VEEs) has been growing steadily in the past few years. To be accessible by clients, such VEEs need either a public IPv4 or a public IPv6 address. However, the pool of available public IPv4 addresses is nearly depleted and the low rate of adoption of IPv6 precludes its use. Therefore, what is needed is a way to share precious IPv4 public addresses among a large pool of VEEs. Our insight is that if an IP address is assigned at the time of a client DNS request for the VEE’s name, it is possible to share a single public IP address amongst a set of VEEs whose workloads are not network intensive, such as those hosting personal servers or performing data analytics. We investigate several approaches to multiplexing a pool of global IP addresses among a large number of VEEs, and design a system that overcomes the limitations of current approaches. We perform a qualitative and quantitative comparison of these solutions. We find that upon receiving a DNS request from a client, our solution has a latency as low as 1 ms to allocate a public IP address to a VEE, while keeping the size of the required IP address pool close to the minimum possible.

Public Review By: 
Phillipa Gill

The popularity of public viral execution environments (VEEs) such as Amazon EC2, and their need for public IP addresses, is at odds with the dwindling pool of IPv4 addresses available on the Internet today. This paper aims to address the challenge of multiplexing a small pool of IPv4 addresses across a set of VEEs. While solutions for sharing an IP address across clients (e.g., NATs) have been quite popular, these solutions generally do not work well for sharing IP addresses across server hosts.This paper surveys the design space for multiplexing IP addresses across servers in VEEs and presents implementation and evaluation of three potential schemes: application layer multiplexing on the host, pairing a DNS and DHCP server, and pairing DNS with an agent that runs within the VEE. The authors find that pairing DNS with an agent running on the VEE performs the best in terms of reducing latency, minimizing required IP addresses, and is legacy compatible. The reviewers agreed that the paper presents an interesting design point for solving the challenge of multiplexing IP addresses in VEEs and raised many interesting avenues that the authors could explore in future work. These include understanding security properties of the solution as well how to extend the solution to VEEs with varying demands on network resources (e.g., long-lived but barely active connections).