Towards Reliable Configuration Management in Clouds: A Lightweight Consistency Validation Mechanism for Virtual Private Clouds

QIU Yuhang; ZHAO Gongming; XU Hongli; LI Long; HUANG He; HUANG Liusheng

doi:10.23919/cje.2023.00.387

Article Contents

Article Navigation > Chinese Journal of Electronics > 2025 > Uncorrected proof

Yuhang QIU, Gongming ZHAO, Hongli XU, et al., “Towards Reliable Configuration Management in Clouds: A Lightweight Consistency Validation Mechanism for Virtual Private Clouds,” Chinese Journal of Electronics, vol. 34, no. 1, pp. 1–15, 2025 doi: 10.23919/cje.2023.00.387

Citation:

Yuhang QIU, Gongming ZHAO, Hongli XU, et al., “Towards Reliable Configuration Management in Clouds: A Lightweight Consistency Validation Mechanism for Virtual Private Clouds,” Chinese Journal of Electronics, vol. 34, no. 1, pp. 1–15, 2025 doi: 10.23919/cje.2023.00.387

Citation:

PDF( 10128 KB)

Towards Reliable Configuration Management in Clouds: A Lightweight Consistency Validation Mechanism for Virtual Private Clouds

doi: 10.23919/cje.2023.00.387

QIU Yuhang^{1, 2
,},
ZHAO Gongming^{1, 2
,
,},
XU Hongli^{1, 2
,},
LI Long^{1, 2
,},
HUANG He^3
,,
HUANG Liusheng^{1, 2
,}

1.
School of Computer Science and Technology, University of Science and Technology of China, Hefei 230027, China
2.
Suzhou Institute for Advanced Research, University of Science and Technology of China, Suzhou 215123, China
3.
School of Computer Science and Technology, Soochow University, Suzhou 215123, China

More Information

Author Bio:
Yuhang QIU is currently pursuing the M.S. degree at the School of Computer Science and Technology, University of Science and Technology of China (USTC), Hefei, China. His main research interests are data center networks, software-defined networking, and distributed training. (Email: qiuyuhang@mail.ustc.edu.cn)

Gongming ZHAO received the Ph.D. degree in computer software and theory from University of Science and Technology of China (USTC), Hefei, China, in 2020. He is currently an Associate Professor with USTC. His current research interests include cloud computing, software-defined networking, data center networks, and networking for AI. (Email: gmzhao@ustc.edu.cn)

Hongli XU received the B.S. degree in computer science and the Ph.D. degree in computer software and theory from University of Science and Technology of China (USTC), Hefei, China, in 2002 and 2007, respectively. He is currently a Professor with the School of Computer Science and Technology, USTC. He has published more than 100 articles in famous journals and conferences, including IEEE/ACM Transactions on Networking, IEEE Transactions on Mobile Computing, IEEE Transactions on Parallel and Distributed Systems, International Conference on Computer Communications (INFOCOM), and International Conference on Network Protocols (ICNP). He has held more than 30 patents. His research interests include software-defined networks, edge computing, and the Internet of Things. He received the Outstanding Youth Science Foundation of NSFC in 2018. He has won the best paper award and the best paper candidate in several famous conferences. (Email: xuhongli@ustc.edu.cn)

Long LI is currently pursuing the Ph.D. degree with the School of Computer Science and Technology, University of Science and Technology of China (USTC), Hefei, China. His main research interests are data center networks and software-defined networking. (Email: dragonlee@mail.ustc.edu.cn)

He HUANG received the Ph.D. degree from University of Science and Technology of China (USTC), Hefei, China, in 2011. During 2019 to 2020, he was a Visiting Research Scholar with Florida University, Gainesville, USA. He is currently a Professor with the School of Computer Science and Technology, Soochow University, Suzhou, China. He has authored more than 100 articles in related international conference proceedings and journals. His current research interests include traffic measurement, computer networks, and algorithmic game theory. He is a member of the Association for Computing Machinery (ACM). He has served as the Technical Program Committee Member for several conferences, including IEEE INFOCOM, IEEE MASS, IEEE ICC, and IEEE Globecom. He received the Best Paper Awards from Bigcom 2016, IEEE MSN 2018, and Bigcom 2018. (Email: huangh@suda.edu.cn)

Liusheng HUANG received the M.S. degree in computer science from the University of Science and Technology of China (USTC), Hefei, China, in 1988. He is currently a Senior Professor and a Ph.D. Supervisor with the School of Computer Science and Technology, USTC. He has authored or co-authored six books and over 300 journal/conference papers. His research interests are in the areas of the Internet of Things, vehicular Ad-Hoc networks, information security, and distributed computing. (Email: lshuang@ustc.edu.cn)
Corresponding author: Email: gmzhao@ustc.edu.cn
Received Date: 2023-12-08
Accepted Date: 2024-03-20

Available Online: 2024-04-15

Abstract

Abstract

The Virtual Private Cloud service currently lacks a real-time end-to-end consistency validation mechanism, which prevents tenants from receiving immediate feedback on their requests. Existing solutions consume excessive communication and computational resources in such large-scale cloud environments, and suffer from poor timeliness. To address these issues, we propose a lightweight consistency validation mechanism that includes real-time incremental validation and periodic full-scale validation. The former leverages message layer aggregation to enable tenants to swiftly determine the success of their requests on hosts with minimal communication overhead. The latter utilizes lightweight validation checksums to compare the expected and actual states of hosts locally, while efficiently managing the checksums of various host entries using inverted indexing. This approach enables us to efficiently validate the complete local configurations within the limited memory of hosts. In summary, our proposed mechanism achieves closed-loop implementation for new requests and ensures their long-term effectiveness.
- Virtual Private Cloud,
- Cloud computing,
- Consistency validation

FullText(HTML)

References(23)

References

[1]	Huawei, “Virtual private cloud,” Available at: https://support.huaweicloud.com/vpc/index.html, 2023-11-23. (in Chinese).
[2]	J. S. Jensen, T. B. Krøgh, J. S. Madsen, et al., “P-Rex: Fast verification of MPLS networks with multiple link failures,” in Proceedings of the 14th International Conference on emerging Networking Experiments and Technologies, Heraklion, Greece, pp. 217–227, 2018.
[3]	S. Prabhu, K. Y. Chou, A. Kheradmand, et al., “Plankton: Scalable network configuration verification through model checking,” in Proceedings of the 17th USENIX Conference on Networked Systems Design and Implementation, Santa Clara, CA, USA, pp. 953–967, 2020.
[4]	“Network intelligence center,” Available at: https://nice.sist. shanghaitech.edu.cn/, 2023-08-01.
[5]	P. Kazemian, M. Chang, H. Y. Zeng, et al., “Real time network policy checking using header space analysis,” in Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation, Lombard, IL, USA, pp. 99–111, 2013.
[6]	F. D. Ye, D. Yu, E. N. Zhai, et al., “Accuracy, scalability, coverage: A practical configuration verifier on a global wan,” in Proceedings of the Annual Conference of the ACM Special Interest Group on Data Communication on the Applications, Technologies, Architectures, and Protocols for Computer Communication, Virtual Event, USA, pp. 599–614, 2020.
[7]	K. Jayaraman, N. Bjørner, J. Padhye, et al., “Validating datacenters at scale,” in Proceedings of the ACM Special Interest Group on Data Communication, Beijing, China, pp. 200–213, 2019.
[8]	A. Horn, A. Kheradmand, and M. Prasad, “Delta-net: Real-time network verification using atoms,” in Proceedings of the 14th USENIX Symposium on Networked Systems Design and Implementation, Boston, MA, USA, pp. 735–749, 2017.
[9]	P. Zhang, H. Li, C. C. Hu, et al., “Mind the gap: Monitoring the control-data plane consistency in software defined networks,” in Proceedings of the 12th International on Conference on emerging Networking EXperiments and Technologies, Irvine, CA, USA, pp. 19–33, 2016.
[10]	H. Y. Zeng, S. D. Zhang, F. Ye, et al., “Libra: Divide and conquer to verify forwarding tables in huge networks,” in Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation, Seattle, WA, USA, pp. 87–99, 2014.
[11]	A. Khurshid, W. X. Zhou, M. Caesar, et al., “VeriFlow: Verifying network-wide invariants in real time,” in Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation, Lombard, IL, USA, pp. 49–54, 2012.
[12]	P. Zhang, X. Liu, H. K. Yang, et al., “APKeep: Realtime verification for real networks,” in Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation, Santa Clara, CA, USA, pp. 241–255, 2020.
[13]	A. Abhashkumar, A. Gember-Jacobson, and A. Akella, “Tiramisu: Fast multilayer network verification,” in Proceedings of the 17th USENIX Conference on Networked Systems Design and Implementation, Santa Clara, CA, USA, pp. 201–219, 2020.
[14]	P. Zhang, Y. H. Huang, A. Gember-Jacobson, et al., “Incremental network configuration verification,” in Proceedings of the 19th ACM Workshop on Hot Topics in Networks, Virtual Event, USA, pp. 81–87, 2020.
[15]	P. Zhang, A. Gember-Jacobson, Y. S. Zuo, et al., “Differential network analysis,” in Proceedings of the 19th USENIX Symposium on Networked Systems Design and Implementation, Renton, WA, USA, pp. 601–615, 2022.
[16]	R. H. Aswathy and N. Malarvizhi, “A design of lightweight ECC based cryptographic algorithm coupled with linear congruential method for resource constraint area in IoT,” Journal of Ambient Intelligence and Humanized Computing, vol. 14, no. 5, pp. 5097–5106, 2023. doi: 10.1007/s12652-020-02788-0
[17]	C. A. Corral and H. Thornquist, “Combined CRC and bit framing for enhanced error detection,” in Proceedings of the SoutheastCon 2023, Orlando, FL, USA, pp. 571–577, 2023.
[18]	T. C. Maxino and P. J. Koopman, “The effectiveness of checksums for embedded control networks,” IEEE Transactions on Dependable and Secure Computing, vol. 6, no. 1, pp. 59–72, 2009. doi: 10.1109/TDSC.2007.70216
[19]	A. M. Ali and A. K. Farhan, “A novel improvement with an effective expansion to enhance the MD5 hash function for verification of a secure E-document,” IEEE Access, vol. 8, pp. 80290–80304, 2020. doi: 10.1109/ACCESS.2020.2989050
[20]	F. E. De Guzman, B. D. Gerardo, and R. P. Medina, “Implementation of enhanced secure hash algorithm towards a secured web portal,” in Proceedings of 2019 IEEE 4th International Conference on Computer and Communication Systems, Singapore, Singapore, pp. 189–192, 2019.
[21]	G. E. Pibiri and R. Venturini, “Techniques for inverted index compression,” ACM Computing Surveys, vol. 53, no. 6, article no. 125, 2020. doi: 10.1145/3415148
[22]	A. Fogel, S. Fung, L. Pedrosa, et al., “A general approach to network configuration analysis,” in Proceedings of the 12th USENIX Conference on Networked Systems Design and Implementation, Oakland, CA, USA, pp. 469–483, 2015.
[23]	“KubeSkoop,” Available at: https://kubeskoop.io/zh/, 2023-08-01.