2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)最新文献

{"title":"Network-wide virtual firewall using SDN/OpenFlow","authors":"Jarrod N. Bakker, I. Welch, Winston K.G. Seah","doi":"10.1109/NFV-SDN.2016.7919477","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919477","url":null,"abstract":"Traditional firewalls are used to enforce network security policies at boundaries within a network. However, this can leave hosts vulnerable to attacks that originate from within the network they are part of. We leverage the flexibility of Software Defined Networking to turn the network infrastructure into a virtual firewall thus improving security across an entire network. We present ACLSwitch, a network-wide virtual firewall that utilises the OpenFlow protocol to filter traffic across a network comprised of OpenFlow switches. We also define “policy domains” that allow different filtering configurations to be applied to different switches of the network. The solution allows rules to be distributed across a network without the need for a human operator to send the rules to switches separately, yet it is flexible enough to allow subsets of the switches to enforce different security policies.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130393801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Statistical-based anomaly detection for NFV services","authors":"M. Kourtis, G. Xilouris, G. Gardikis, Ioannis Koutras","doi":"10.1109/NFV-SDN.2016.7919492","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919492","url":null,"abstract":"Large-scale, carrier-grade Network Functions Virtualisation (NFV) services are expected to involve a significant number of Virtual Network Functions, deployed across multiple Points-of-Presence (PoPs) and possibly in heterogeneous infrastructures. While proper monitoring is crucial for the commercial viability of NFV services, effectively and efficiently monitoring a huge number of VNF instances, promptly detecting any malfunctions or anomalies in order to trigger corrective actions, becomes a real challenge. This paper presents the use of an open-source monitoring system especially tailored for NFV in conjunction with statistical approaches commonly used for anomaly detection, towards the timely detection of anomalies in deployed NFV services.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132988246","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Robust embedding of VNF/service chains with delay bounds","authors":"Varun S. Reddy, Andreas Baumgartner, T. Bauschert","doi":"10.1109/NFV-SDN.2016.7919482","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919482","url":null,"abstract":"The efficient and carrier-grade operation of virtualised network infrastructures (Infrastructure as a Service, IaaS) within Cloud Systems requires powerful methods for dynamic resource provisioning, virtual network functions (VNF) placement and interconnection. In the scientific literature, already several contributions related to the virtual network embedding (VNE) problem can be found, see [1] and the references therein as well as our previous contributions [2], [3]. Typically, the physical substrate infrastructure (network nodes with switching, processing and storage resources, and links with defined bandwidth) as well as the traffic demands of the virtual networks are given and the target is to minimise the embedding cost wrt. performance and QoS constraints (e.g. bandwidth guarantees, latency bounds). In this contribution, we propose a novel optimisation model based on the concept of Γ-robustness [4], [5] to deal with uncertainties in the traffic demand and as a consequence in the resource requirements of the VNFs while fulfilling individual average roundtrip delay bounds for each chain of VNFs. The Γ-robust optimisation model is formulated as a mixed-integer linear program (MILP). Moreover, in order to enhance the scalability of the model, a modified MIP-based Variable Neighbourhood Search (VNS) heuristic is proposed. The performance of the novel optimisation model and the heuristic is evaluated for different performance scenarios using a network topology example taken from SNDlib [6].","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125090596","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"EPLE: An Efficient Passive Lightweight Estimator for SDN packet loss measurement","authors":"Chunyan Fu, Wolfgang John, C. Meirosu","doi":"10.1109/NFV-SDN.2016.7919497","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919497","url":null,"abstract":"As Software Defined Networks (SDN) deployments are reaching mainstream, network performance becomes a key concern for success. Service Providers (SPs) rely on network management capabilities, such as packet loss monitoring, to observe the network status and thereby facilitate service-level agreements. On one hand, SPs seek tools providing greater visibility into the status of their networks, but on the other hand, they are keen to limit the overhead of management capabilities in their operational networks. To meet these conflicting requirements, Efficient Passive Lightweight Estimator (EPLE) takes advantage of existing network traffic and SDN signaling, without the need of extra monitoring traffic or facilities. EPLE does not introduce any data plane overhead and the signaling overhead is reduced by locally creating microflow descriptors out of aggregated flow definitions. Our proof-of-concept prototype shows that EPLE can estimate packet loss rates accurately while keeping the processing and signaling overheads small compared to existing active measurement methods.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115305669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Optimizing Service Chain ID generation for flow rule compression","authors":"Om Prakash Nirankari, Prakash Pawar, Kotaro Kataoka","doi":"10.1109/NFV-SDN.2016.7919502","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919502","url":null,"abstract":"Service Chaining provides opportunities for network and service providers to implement their services and policies with finer granularity of an individual user or an application. However, the increasing number of Service Chains and middleboxes will introduce a larger number of flow rules and more consumption of Ternary Content Addressable Memory (TCAM), whose capacity is limited due to high cost and power consumption. This paper proposes to compress the flow rules for service chaining by optimizing the generation of Service Chain IDs that are widely used in packet tagging techniques for the Service Chaining. Our solution 1) makes service chain IDs aggregatable based on Common Forwarding Actions (CFAs) among the service chains, and 2) reduces the number of flow rules at each SDN switch to execute a larger number of forwarding actions for service chaining. The evaluation results showed that the proposed algorithm can reduce up to 76% of the flow rules using the randomly generated networks and service chains. Because the generation of Service Chain ID does not interfere the other flow rule compression techniques, our algorithm can also be used as a plug-in to the other Service Chaining mechanisms to optimize their ID generation.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131873591","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Performance evaluation and tuning of Virtual Infrastructure Managers for (Micro) Virtual Network Functions","authors":"Pier Luigi Ventre, Claudio Pisa, S. Salsano, G. Siracusano, Florian Schmidt, Paolo Lungaroni, N. Blefari-Melazzi","doi":"10.1109/NFV-SDN.2016.7919489","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919489","url":null,"abstract":"Virtualized Network Functions (VNFs) are emerging as the keystone of 5G network architectures: flexibility, agility, fast instantiation times, consolidation, Commercial Off The Shelf (COTS) hardware support and significant cost savings are fundamental for meeting the requirements of the new generation of mobile networks. In this paper we deal with the management of the virtual computing resources for the execution of Micro VNFs. This functionality is performed by the Virtual Infrastructure Manager (VIM) in the NFV MANagement and Orchestration (MANO) reference architecture.We discuss the VIM instantiation process and propose a generic reference model, starting from the analysis of two Open Source VIMs, namely OpenStack Nova and Nomad. We implemented a tuned version of the VIMs with the specific goal of reducing the duration of the instantiation process. We realized a performance comparison of the two VIMs, both considering the plain and the tuned versions. The tuned VIMs and the performance evaluation tools that we have employed are provided openly and can be downloaded from our repository.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116436145","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The role of inter-controller traffic in SDN controllers placement","authors":"Tianzhu Zhang, A. Bianco, P. Giaccone","doi":"10.1109/NFV-SDN.2016.7919481","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919481","url":null,"abstract":"We consider a distributed Software Defined Networking (SDN) architecture adopting a cluster of multiple controllers to improve network performance and reliability. Differently from previous work, we focus on the control traffic exchanged among the controllers, in addition to the Openflow control traffic exchanged between controllers and switches. We develop an analytical model to estimate the reaction time perceived at the switches due to the inter-controller communications, based on the data-ownership model adopted in the cluster. We advocate a careful placement of the controllers, taking into account the two above kinds of control traffic. We evaluate, for some real ISP network topologies, the possible delay tradeoffs for the controllers placement problem.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124671225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An empirical case for container-driven fine-grained VNF resource flexing","authors":"Amit Sheoran, Xiangyu Bu, Lianjie Cao, P. Sharma, S. Fahmy","doi":"10.1109/NFV-SDN.2016.7919486","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919486","url":null,"abstract":"In this paper, we make a case for using lightweight containers for fine-grained resource flexing for Virtualized Network Functions (VNFs) to meet the demands of varying workloads. We quantitatively compare the VNF performance and infrastructure resource usage of three instantiations (bare metal, virtual machine, and container) of three selected VNFs. The three VNFs we experiment with are the Mobility Management Entity (MME) of the Evolved packet core (EPC) architecture for cellular networks, the Suricata multi-threaded Intrusion Detection System (IDS), and the Snort single-threaded IDS. Our results show that container-based instantiations not only incur lower resource usage but also have shorter boot time. This makes containers an attractive choice for fine-grained VNF resource flexing. The lessons learned from our empirical case studies with EPC and IDS provide important guidelines for building an elastic micro-service architecture for NFV deployments.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133013397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"BotD: A scalable anomaly-based Bot Detection Architecture for securing web services","authors":"Krishna Teja Yadavalli, Shatrunjay Rawat","doi":"10.1109/NFV-SDN.2016.7919478","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919478","url":null,"abstract":"The significance of anomaly detection is increasing as a result of the rapid increase in unknown attacks. With the increase in deployment of scalable web services, there is a need for developing a scalable anomaly detection mechanisms. In this paper, we propose a scalable anomaly-based Bot Detection Architecture (BotD) in which different anomaly-based bot detection algorithms can be implemented. Our architecture leverages NF scalability provided by Network Function Virtualization (NFV), and network programmability provided by Software Defined Networking (SDN). We have also proposed a loss-free state transfer technique across NFs. We have simulated our architecture using Mininet and Ryu controller, and tested the functioning of the architecture.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132703157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A comparison of SDN and NFV for re-designing the LTE Packet Core","authors":"Aman Jain, S. SadagopanN., S. Lohani, Mythili Vutukuru","doi":"10.1109/NFV-SDN.2016.7919479","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919479","url":null,"abstract":"With an increase in the number of mobile users and traffic, mobile network operators are finding it difficult to scale their radio and core networks. Further, hardware network appliances are expensive to procure and upgrade, and are difficult to adapt and program for new services. These trends have recently spurred several efforts to redesign various components of mobile networks, including the LTE Evolved Packet Core (EPC). Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two popular emerging networking paradigms that aim to increase network flexibility and scalability, while reducing the overall cost. With SDN, the control and data planes of the packet core can be separated, enabling cheaper packet gateways in the data plane, and an intelligent core network controller to handle the signaling and management functions. With NFV, the various hardware components that comprise the packet core can be virtualized and run as software on a cloud, enabling benefits such as elastic scaling and quick innovation. While several proposals exist to use SDN and NFV to redesign the EPC, there is no common framework to compare the new designs on various performance metrics. This paper presents the design and evaluation of two open-source implementations of the LTE EPC, one based on SDN principles and the other based on NFV, and presents a performance comparison of the two approaches. Experiments with our prototype show that an NFV-based implementation is better suited for networks with high signaling traffic, because handling the communication with the SDN controller quickly becomes the bottleneck at the switches in the SDN-based EPC. On the other hand, an SDN-based design of the EPC is better suited for networks with high data plane traffic, because SDN switches are often more optimized for packet forwarding than virtualized software appliances. We believe that our framework can be used to develop and compare several such design alternatives, and can serve as a guide for future redesigns of mobile data packet core networks.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121274142","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}