XNetMon: A Network Monitor for Securing Virtual Networks
Isolation and performance are critical issues for virtual networking. In this paper, the authors consider the use of Xen virtualization platform for building software-based virtual routers. They propose a network monitor for Xen to increase the isolation and the performance on packet forwarding. The network monitor controls the use of shared resources and punishes misbehaving virtual routers, guaranteeing an isolated operation of the virtual networks. In order to secure the shared data plane, they propose a secure communication protocol that provides mutual authentication, protection against replay attacks, and privacy between the virtual routers and the administrative domain.