Collaborative Research: Elements: EdgeVPN: Seamless Secure Virtual Networking for Edge and Fog Computing

协作研究：要素：EdgeVPN：用于边缘和雾计算的无缝安全虚拟网络

• 批准号: 2004441
• 负责人: Renato Figueiredo
• 金额: $ 51.96万
• 依托单位: University of Florida
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-06-01 至 2024-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2004441&HistoricalAwards=false
• 关键词: Collaborative; Research; Elements; EdgeVPN; Seamless

Edge computing encompasses a variety of technologies that are poised to enable new applications across the Internet that support data capture, storage, processing and communication near the edge of the Internet. Edge computing environments pose new challenges, as devices are heterogeneous, widely distributed geographically, and physically closer to end users, such as mobile and Internet-of-Things (IoT) devices. This project develops EdgeVPN, a software element that addresses a fundamental challenge of networking for edge computing applications: establishing Virtual Private Networks (VPNs) to logically interconnect edge devices, while preserving privacy and integrity of data as it flows through Internet links. More specifically, the EdgeVPN software developed in this project addresses technical challenges in creating virtual networks that self-organize into scalable, resilient systems that can significantly lower the barrier to entry to deploying a private communication fabric in support of existing and future edge applications. There are a wide range of applications that are poised to benefit from EdgeVPN; in particular, this project is motivated by use cases in ecological monitoring and forecasting for freshwater lakes and reservoirs, situational awareness and command-and-control in defense applications, and smart and connected cities. Because EdgeVPN is open-source and freely available to the public, the software will promote progress of science and benefit society at large by contributing to the set of tools available to researchers, developers and practitioners to catalyze innovation and future applications in edge computing.Edge computing applications need to be deployed across multiple network providers, and harness low-latency, high-throughput processing of streams of data from large numbers of distributed IoT devices. Achieving this goal will demand not only advances in the underlying physical network, but also require a trustworthy communication fabric that is easy to use, and operates atop the existing Internet without requiring changes to the infrastructure. The EdgeVPN open-source software developed in this project is an overlay virtual network that allows seamless private networking among groups of edge computing resources, as well as cloud resources. EdgeVPN is novel in how it integrates: 1) a flexible group management and messaging service to create and manage peer-to-peer VPN tunnels grouping devices distributed across the Internet, 2) a scalable structured overlay network topology supporting primitives for unicast, multicast and broadcast, 3) software-defined networking (SDN) as the control plane to support message routing through the peer-to-peer data path, and 4) network virtualization and integration with virtualized compute/storage endpoints with Docker containers to allow existing Internet applications to work unmodified. EdgeVPN self-organizes an overlay topology of tunnels that enables encrypted, authenticated communication among edge devices connected across disparate providers in the Internet, possibly subject to mobility and constraints imposed by firewalls and Network Address Translation, NATs. It builds upon standard SDN interfaces to implement packet manipulation primitives for virtualization supporting the ubiquitous Ethernet and IP-layer protocols.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

边缘计算包含多种技术，这些技术有望在互联网上启用新的应用程序，支持互联网边缘附近的数据捕获、存储、处理和通信。边缘计算环境带来了新的挑战，因为设备是异构的、地理分布广泛且在物理上更接近最终用户，例如移动和物联网 (IoT) 设备。该项目开发了 EdgeVPN，这是一个软件元素，可解决边缘计算应用程序网络的基本挑战：建立虚拟专用网络 (VPN) 以在逻辑上互连边缘设备，同时在数据流经互联网链接时保护数据的隐私和完整性。更具体地说，该项目中开发的 EdgeVPN 软件解决了创建虚拟网络的技术挑战，这些虚拟网络可自组织成可扩展、有弹性的系统，可以显着降低部署专用通信结构以支持现有和未来边缘应用的准入门槛。有多种应用程序有望从 EdgeVPN 中受益；特别是，该项目的动机是淡水湖泊和水库的生态监测和预测、国防应用中的态势感知和指挥控制以及智能和互联城市。由于 EdgeVPN 是开源的并且免费向公众开放，因此该软件将通过为研究人员、开发人员和从业人员提供一套工具来促进科学进步并造福整个社会，以促进边缘计算的创新和未来应用。计算应用程序需要跨多个网络提供商部署，并利用低延迟、高吞吐量处理来自大量分布式物联网设备的数据流。实现这一目标不仅需要底层物理网络的进步，还需要一个易于使用、在现有互联网之上运行且无需更改基础设施的值得信赖的通信结构。该项目中开发的 EdgeVPN 开源软件是一个覆盖虚拟网络，允许边缘计算资源组以及云资源之间实现无缝专用网络。 EdgeVPN 的创新之处在于它的集成方式：1) 灵活的组管理和消息服务，用于创建和管理对分布在 Internet 上的点对点 VPN 隧道分组设备，2) 可扩展的结构化覆盖网络拓扑，支持单播、组播和广播，3) 软件定义网络 (SDN) 作为控制平面，支持通过点对点数据路径进行消息路由，4) 网络虚拟化以及通过 Docker 容器与虚拟化计算/存储端点集成，以允许现有互联网应用程序不加修改地工作。 EdgeVPN 自组织隧道覆盖拓扑，支持跨互联网不同提供商连接的边缘设备之间进行加密、经过身份验证的通信，可能会受到防火墙和网络地址转换 (NAT) 施加的移动性和限制。它以标准 SDN 接口为基础，实现虚拟化数据包操作原语，支持无处不在的以太网和 IP 层协议。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Demo: EdgeVPN.io: Open-source Virtual Private Network for Seamless Edge Computing with Kubernetes

演示：EdgeVPN.io：使用 Kubernetes 实现无缝边缘计算的开源虚拟专用网络

• DOI: 10.1109/sec50012.2020.00032
• 发表时间: 2020-11
• 期刊: 2020 IEEE/ACM Symposium on Edge Computing (SEC
• 作者: Figueiredo, Renato;Subratie, Kensworth
• 通讯作者: Subratie, Kensworth

Demo: Software-defined Virtual Networking Across Multiple Edge and Cloud Providers with EdgeVPN.io

演示：使用 EdgeVPN.io 跨多个边缘和云提供商的软件定义虚拟网络

• DOI: 10.1109/icdcs51616.2021.00107
• 发表时间: 2021-07
• 期刊: 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS
• 作者: Figueiredo, Renato;Subratie, Kensworth
• 通讯作者: Subratie, Kensworth

Edge-to-cloud Virtualized Cyberinfrastructure for Near Real-time Water Quality Forecasting in Lakes and Reservoirs

用于湖泊和水库近实时水质预测的边缘到云虚拟化网络基础设施

• DOI: 10.1109/escience51609.2021.00024
• 发表时间: 2021-09
• 期刊: 2021 IEEE 17th International Conference on eScience (eScience
• 作者: Daneshmand, Vahid;Breef;Carey, Cayelan C.;Jin, Yuqi;Ku, Yun;Subratie, Kensworth C.;Thomas, R. Quinn;Figueiredo, Renato J.
• 通讯作者: Figueiredo, Renato J.

EdgeVPN: Self-organizing layer-2 virtual edge networks

EdgeVPN：自组织二层虚拟边缘网络

• DOI: 10.1016/j.future.2022.10.007
• 发表时间: 2023-03
• 期刊: Future Generation Computer Systems
• 作者: Subratie, Kensworth;Aditya, Saumitra;Figueiredo, Renato J.
• 通讯作者: Figueiredo, Renato J.