An experimental study of security for service function chaining

Abstract

In recent years, service function chaining (SFC) has been developed besides software-defined networking (SDN) and network function virtualization (NFV), which open new opportunities for flexible provisioning and composition of network services. However, the adoption of SFC requires various security considerations to protect sensitive information in context headers of the network service header (NSH). In this paper, we discuss various SFC encapsulation methods to protect the context headers of the NSH exchanged among service functions. We then implement the SFC encapsulation methods as secure solutions for the context header in NSH. Finally, we conduct an experimental study based on OpenDaylight SFC as an SFC controller and OVS as a data plane to compare the performance of the solutions in term of end-to-end latency.