Collaborative Research: Elements: EdgeVPN: Seamless Secure Virtual Networking for Edge and Fog Computing

协作研究：要素：EdgeVPN：用于边缘和雾计算的无缝安全虚拟网络

• 批准号: 2004441
• 负责人: Renato Figueiredo
• 金额: $ 51.96万
• 依托单位: University of Florida
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-06-01 至 2024-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2004441&HistoricalAwards=false
• 关键词: Collaborative; Research; Elements; EdgeVPN; Seamless

Edge computing encompasses a variety of technologies that are poised to enable new applications across the Internet that support data capture, storage, processing and communication near the edge of the Internet. Edge computing environments pose new challenges, as devices are heterogeneous, widely distributed geographically, and physically closer to end users, such as mobile and Internet-of-Things (IoT) devices. This project develops EdgeVPN, a software element that addresses a fundamental challenge of networking for edge computing applications: establishing Virtual Private Networks (VPNs) to logically interconnect edge devices, while preserving privacy and integrity of data as it flows through Internet links. More specifically, the EdgeVPN software developed in this project addresses technical challenges in creating virtual networks that self-organize into scalable, resilient systems that can significantly lower the barrier to entry to deploying a private communication fabric in support of existing and future edge applications. There are a wide range of applications that are poised to benefit from EdgeVPN; in particular, this project is motivated by use cases in ecological monitoring and forecasting for freshwater lakes and reservoirs, situational awareness and command-and-control in defense applications, and smart and connected cities. Because EdgeVPN is open-source and freely available to the public, the software will promote progress of science and benefit society at large by contributing to the set of tools available to researchers, developers and practitioners to catalyze innovation and future applications in edge computing.Edge computing applications need to be deployed across multiple network providers, and harness low-latency, high-throughput processing of streams of data from large numbers of distributed IoT devices. Achieving this goal will demand not only advances in the underlying physical network, but also require a trustworthy communication fabric that is easy to use, and operates atop the existing Internet without requiring changes to the infrastructure. The EdgeVPN open-source software developed in this project is an overlay virtual network that allows seamless private networking among groups of edge computing resources, as well as cloud resources. EdgeVPN is novel in how it integrates: 1) a flexible group management and messaging service to create and manage peer-to-peer VPN tunnels grouping devices distributed across the Internet, 2) a scalable structured overlay network topology supporting primitives for unicast, multicast and broadcast, 3) software-defined networking (SDN) as the control plane to support message routing through the peer-to-peer data path, and 4) network virtualization and integration with virtualized compute/storage endpoints with Docker containers to allow existing Internet applications to work unmodified. EdgeVPN self-organizes an overlay topology of tunnels that enables encrypted, authenticated communication among edge devices connected across disparate providers in the Internet, possibly subject to mobility and constraints imposed by firewalls and Network Address Translation, NATs. It builds upon standard SDN interfaces to implement packet manipulation primitives for virtualization supporting the ubiquitous Ethernet and IP-layer protocols.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Edge计算涵盖了各种技术，这些技术有望在互联网上启用新的应用程序，以支持互联网边缘附近的数据捕获，存储，处理和通信。边缘计算环境提出了新的挑战，因为设备是异质的，在地理位置上广泛分布，并且在物理上更接近最终用户，例如移动和互联网设备（IOT）设备。该项目开发EdgeVPN，这是一个软件元素，该软件元素可以解决边缘计算应用程序网络的基本挑战：建立虚拟专用网络（VPN）以在逻辑上互连边缘设备，同时在流入Internet链接时保留数据的隐私和完整性。更具体地说，在本项目中开发的EdgeVPN软件解决了创建虚拟网络的技术挑战，这些虚拟网络会自组织为可扩展的弹性系统，这些系统可以大大降低进入私人通信结构以支持现有和未来边缘应用程序的障碍。有很多应用程序可以从EdgeVPN中受益；特别是，该项目是由生态监测和预测淡水湖泊和水库，情境意识以及国防应用中的指挥与控制以及智能和互联城市的用例所激发的。由于EdgeVPN是开源的，并且可以向公众免费提供，因此该软件将通过为研究人员，开发人员和实践者提供的一组工具来促进科学的进步，并在整个社会中受益，以促进Edge计算中的创新和未来应用。实现这一目标不仅需要在基础物理网络中进步，而且还需要易于使用的可信赖的通信结构，并且在现有的Internet上运行，而无需更改基础架构。在此项目中开发的EdgeVPN开源软件是一个覆盖虚拟网络，它允许在边缘计算资源组和云资源组之间进行无缝的专用网络。 EdgeVPN is novel in how it integrates: 1) a flexible group management and messaging service to create and manage peer-to-peer VPN tunnels grouping devices distributed across the Internet, 2) a scalable structured overlay network topology supporting primitives for unicast, multicast and broadcast, 3) software-defined networking (SDN) as the control plane to support message routing through the peer-to-peer data path, and 4) network virtualization and与虚拟化的计算/存储端点与Docker容器集成，以允许现有的Internet应用程序未修改。 EdgeVPN自行组织了隧道的覆盖拓扑，该拓扑可以在Internet中跨不同提供商连接的边缘设备之间进行加密的经过认证的通信，这可能会受到防火墙和网络地址翻译施加的移动性和约束。它建立在标准SDN接口的基础上，以实现数据包操作原始功能，以虚拟化支持无处不在的以太网和IP层协议。该奖项反映了NSF的法定任务，并被认为是通过基金会的知识分子优点和更广泛的审查标准通过评估来通过评估来支持的。

项目成果

Demo: Software-defined Virtual Networking Across Multiple Edge and Cloud Providers with EdgeVPN.io

演示：使用 EdgeVPN.io 跨多个边缘和云提供商的软件定义虚拟网络

• DOI: 10.1109/icdcs51616.2021.00107
• 发表时间: 2021
• 期刊: 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS
• 作者: Figueiredo, Renato;Subratie, Kensworth
• 通讯作者: Subratie, Kensworth

Edge-to-cloud Virtualized Cyberinfrastructure for Near Real-time Water Quality Forecasting in Lakes and Reservoirs

用于湖泊和水库近实时水质预测的边缘到云虚拟化网络基础设施

• DOI: 10.1109/escience51609.2021.00024
• 发表时间: 2021
• 期刊: 2021 IEEE 17th International Conference on eScience (eScience
• 作者: Daneshmand, Vahid;Breef-Pilz, Adrienne;Carey, Cayelan C.;Jin, Yuqi;Ku, Yun-Jung;Subratie, Kensworth C.;Thomas, R. Quinn;Figueiredo, Renato J.
• 通讯作者: Figueiredo, Renato J.

EdgeVPN: Self-organizing layer-2 virtual edge networks

EdgeVPN：自组织二层虚拟边缘网络

• DOI: 10.1016/j.future.2022.10.007
• 发表时间: 2023
• 期刊: Future Generation Computer Systems
• 作者: Subratie, Kensworth;Aditya, Saumitra;Figueiredo, Renato J.
• 通讯作者: Figueiredo, Renato J.

Demo: EdgeVPN.io: Open-source Virtual Private Network for Seamless Edge Computing with Kubernetes

演示：EdgeVPN.io：使用 Kubernetes 实现无缝边缘计算的开源虚拟专用网络

• DOI: 10.1109/sec50012.2020.00032
• 发表时间: 2020
• 期刊: 2020 IEEE/ACM Symposium on Edge Computing (SEC
• 作者: Figueiredo, Renato;Subratie, Kensworth
• 通讯作者: Subratie, Kensworth