Cloud Network Infrastructure as a Service: An Exercise in Multi-Domain Orchestration Jeff Chase Aydan Yumerefendi Duke University Ilia Baldine Yufeng Xin Anirban Mandal Chris Heerman Renaissance Computing Institute (RENCI) David Irwin University of Massachusetts Amherst Abstract Cloud computing is now a successful and well- understood example of the Infrastructure as a Service (IaaS) model. This paper explores how to extend IaaS clouds to other kinds of substrate resources beyond servers and storage, and to link these elements together in a coordinated, multi-provider “web” of cloud infras- tructure services. The vision is to enable cloud appli- cations to request virtual servers at multiple points in the network, together with bandwidth-provisioned net- work pipes and other network resources to interconnect them. We outline new software to orchestrate end-to-end connections over multi-layer networks, coordinated with Eucalyptus clouds and other resources at the edge. We present results from a demonstration experiment with the prototype, and discuss various architectural challenges arising in multi-domain cloud computing with dynamic circuit networks. 1 Introduction EC2 and other server clouds follow an “Infrastructure as a Service” (IaaS) model, in which the cloud customer rents virtual servers and selects or controls the software for each virtual server instance. Cloud computing is now a successful and well-understood example of IaaS. For example, clouds are gaining acceptance as a simple and powerful vehicle to scale up computing power for sci- ence [9, 19]. This paper explores how to extend the IaaS vision to enable coordinated access to diverse resources from multiple autonomous resource providers. For example, cloud users may wish to spread their usage across mul- tiple cloud providers to improve scaling or control de- pendency risk, or for geographic dispersion. We also ad- vocate extending the cloud abstraction to other kinds of substrate resources beyond servers and storage, includ- ing cloud networks. Several efforts are building support for dynamic cir- cuits on national-footprint multi-layer networks (Na- tional Lambda Rail, Internet2, ESNet), including inter- domain circuits that span more than one of these net- works. Technologies to virtualize networks continue to advance beyond the VPLS/VPN tunneling available to the early cloud network efforts [11, 18, 23, 25, 21, 1, 12]. Advanced multi-layer networks offer direct control of the network substrate to instantiate isolated virtual pipes, which may appear as VLANs, MPLS tunnels, or VPLS services at the network edge. As a first step to linking these resources to clouds, we have developed a software prototype to instantiate dy- namic circuits in tandem with virtual machine instances to interconnect cloud applications across multiple cloud sites and domains. The prototype includes extensions to Eucalyptus, a commercially supported open-source cloud infrastructure service. It uses the ORCA orchestra- tion and network control software (Open Resource Con- trol Architecture), which derives from almost a decade of research in networked clouds [7, 13, 17, 22, 6, 5, 4, 14]. It adds plug-in control modules for ORCA to interface to various substrate providers, including Eucalyptus cloud sites, NLR’s Sherpa FrameNet service, and the Break- able Experimental Network (BEN), a metro-scale optical network testbed operated by RENCI in North Carolina. Our vision is to enable cloud applications to request virtual servers at multiple points in the network, to- gether with bandwidth-provisioned network pipes and other network resources to interconnect them. The GENI initiative (Global Environment for Network Innovation, funded by the US National Science Foundation) is pur- suing a similar vision for a specific use case: link- ing testbeds for research in network science and engi- neering. The principal goal of GENI is to enable re- searchers to experiment with radically different forms of networking within private isolated “slices” of shared testbed resources offered by a federation of providers. A GENI slice gives its owner control over a set of virtu-