BASTION: Beyond automated service and security orchestration for next-generation networks

Abstract

The adoption of 5G technology and beyond introduces advanced capabilities, such as dynamic resource coordination and allocation tailored to specific service and security requirements. To achieve efficient security and network management, service automation and orchestration are essential. This paper presents BASTION, a ZSM-aligned framework for enhanced service and security (meta) orchestration. By leveraging an intent-based, policy-driven approach, it enables the orchestration and enforcement of service and security policies across B5G infrastructures, dynamically adapting to real-time infrastructure conditions. While meta-orchestration capabilities focus on selecting the most suitable orchestration algorithm based on the system’s current status and the received requirements, orchestration capabilities primarily determine what, where, when, and how to enforce services and security policies. Additionally, the modular design and implementation allow for the seamless integration of new security capabilities through plugins, drivers, and managers. This advancement represents a significant step towards building resilient, adaptable, and secure B5G networks capable of meeting the complex demands of modern network environments. The implementation details showcase the full range of capabilities offered by the BASTION framework, highlighting its effectiveness through successful European and national projects. Furthermore, the performance evaluation section provides a comprehensive analysis of orchestration efficiency, breaking down execution times across different phases. In particular, BASTION demonstrates exceptional performance, achieving decision times as low as 1.3 ms and deploying services and security policies, including fully operational dynamic VNFs in less than 30 s, underscoring its ability to deliver fast, scalable, and efficient orchestration in complex environments.