隨著雲端運算的迅速發展，許多嶄新的服務及技術在雲端之上成形。不僅提供了便利的生活方式，更改變了大眾的習慣和既有的概念。雲端運算之環境部署方式可分為三種：私有雲、公有雲及混合雲。單一使用者可能將個人資訊存儲在不同的雲端設施上，因此跨雲端的運算及服務，必須能夠讓使用者及雲端供應商得以將不同雲端上的資訊進行存取使用。然而，伴隨而來的則是資訊洩露等更多的考驗。
近年來隨著網路技術快速發展，現有網路設備已不足以全面應付各個不同類型的使用者需求。因此美國史丹佛大學開發的可程式化網卡NetFPGA的模組化設計也成為高速網路下研究重點項目之一。透過NetFPGA可程式化的特性發展符合需求的功能，並利用OpenFlow架構出跨雲端運算的環境，探討並加以解決跨雲端運算所可能面臨的問題。
本論文所設計之系統藉由OpenFlow Switch來進行網路虛擬化，使不同雲端運算環境如同運作於同一個私有網路之上。並透過布隆過濾器的使用，將轉送路徑資訊儲存於跨雲端銜接的路徑過濾器中。使封包在進行跨雲端轉送時，得以隱蔽雲端內部資訊，避免資訊外洩。同時，可利用跨雲端路徑過濾器易於達成群播之特性，對不同雲端之管理程序可同時進行搬遷之詢問。並且可快速對跨雲端路徑過濾器完成更新，在虛擬機跨雲端遷移後，可繼續其原有之通訊而不受嚴重影響。

With the rapid growth of cloud computing, there are many new services and technologies forming in the clouds. Cloud computing not only provides a convenient way of daily life, but also changed the habits of the public and existing concepts. The deployment of cloud computing environment can be divided into three types: private cloud, public cloud and hybrid cloud. User’s personal information may be stored in different cloud environment. Therefore, intercloud computing and its services must allow users and cloud providers able to access information on the different cloud. However, the accompanying issues are information disclosure and other challenge.
In recent years, the existing network devices are not sufficient to fully meet the various different types of user needs, which are arise with the innovation of network technology. Stanford University developed the NetFPGA platform which is based on a programmable NIC. And it has become one of the important products to experiment high-speed network environment. By the characteristic of programmable logic design on NetFPGA, researcher can implement the functions which are suitable on their demand. Building the intercloud computing environment with OpenFlow to explore and resolve problems that may occur on interoperate among different clouds.
We use OpenFlow Switch to implement network virtualization. Let different clouds interoperate like they are in the same private network. And we are also using Bloom Filter to store forwarding path in Intercloud Filter, which can reach information hidden when packet was traveling on Internet. It can also be used on intercloud migration request’s multicast. On the other hand, through the up-to-date Intercloud Filter, VM can continue the original communication with no influence after the intercloud migration.

[1] P. Mell, and T. Grance, “The NIST Definition of Cloud Computing”, National Institute of Standards and Technology. September 2011.
[2] D. Bernstein, E. Ludvigson, K. Sankar, S. Diamond, and M. Morrow, “Blueprint for the Intercloud – Protocols and Formats for Cloud Computing Interoperability”, In Proceedings of the Fourth International Conference on Internet and Web Applications and Services, pp. 328-336, May 2009.
[3] S. Chen, S. Nepal, and R. Liu, “Secure Connectivity for Intra-Cloud and Inter-Cloud Communication”, International Conference on Parallel Processing Workshops, 2011.
[4] G. Gibb, J. W. Lockwood, J. Naous, P. Hartke, and N. McKeown, “NetFPGA─An Open Platform for Teaching How to Build Gigabit-Rate Network Switches and Routers”, IEEE Trans. Education, Vol 51, pp. 364-369, August 2008.
[5] NetFPGA：NetFPGA Technical Specifications。http://www.netfpga.org/php/specs.php。
[6] Stanford University Course：CS344: Building an Internet Router。http://yuba.stanford.edu/cs344/。
[7] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, “OpenFlow: Enabling Innovation in Campus Networks”, ACM SIGCOMM Computer Communication Review, Vol 38, pp. 69-74, April 2008.
[8] OpenFlow：OpenFlow Switch Specification。http://www.openflow.org/documents/openflow-spec-v1.1.0.pdf。
[9] NOX。http://www.noxrepo.org/。
[10] NOX：NOX API notes。https://github.com/noxrepo/nox-classic/wiki/NOX-API-notes。
[11] NOX：NOX GUI。https://github.com/noxrepo/nox-classic/wiki/NOX-GUI。
[12] B. Bloom, “Space/time trade-offs in hash coding with allowable errors”, Communications of the ACM, Vol 13, pp. 422-426, July 1970.
[13] P. Jokela, A. Zahemszky, C. E. Rothenberg. S. Afianfar, and P. Nikander, “LIPSIN: Line Speed Publish/Subscribe Inter-Networking”, ACM SIGCOMM Computer Communication Review, Vol 39, pp. 195-206, October 2009.
[14] IEEE：IEEE Standards for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks。http://standards.ieee.org/getieee802/download/802.1Q-1998.pdf。
[15] IETF：RFC 4301: Security Architecture for the Internet Protocol。http://tools.ietf.org/html/rfc4301。
[16] IETF：RFC 6101: The Secure Socket Layer (SSL) Protocol Version 3.0。http://tools.ietf.org/html/rfc6101。
[17] IETF：RFC 6347: Datagram Transport Layer Security Version 1.2。http://tools.ietf.org/html/rfc6347
[18] N. Modadugu, and E. Rescorla, “The Design and Implementation of Datagram TLS”, In Proceedings of ISOC NDSS, 2004.
[19] IETF：RFC3078: Microsoft Point-To-Point Encryption (MPPE) Protocol。http://tools.ietf.org/html/rfc3078。
[20] Microsoft MSDN：Secure Socket Tunneling Protocol (SSTP) Specification。http://msdn.microsoft.com/en-us/library/cc247338%28v=prot.10%29.aspx。
[21] IETF：RFC 4251: The Secure Shell (SSH) Protocol Architecture。http://tools.ietf.org/html/rfc4251。
[22] C. E. Rothenberg, P. Jokela, P. Nikander. “Self-routing Denial-of-Service Resistant Capabilities using In-packet Bloom Filters”, In proceeding of 2009 European Conference on Computer Network Defense, pp. 46-51, November 2009.
[23] Iperf。http://iperf.sourceforge.net/。
[24] Wireshark。http://www.wireshark.org/。
[25] Colasoft Packet Builder。http://www.colasoft.com/packet_builder/。
[26] VideoLan。http://www.videolan.org/。
[27] Xen。http://xen.org/。
[28] vsftpd。https://security.appspot.com/vsftpd.html/