Virtual Network Embedding with Formal Reachability Assurance

Networks are becoming increasingly software-defined and automated. In this context, SDN and NFV allow service providers to use the network infrastructure more efficiently with reduced cost and to develop secure services. This procedure of efficient mapping of virtual networks on the substrate network is delegated to an orchestrator component of NFV that automatically manages its constituent virtualized network functions (VNFs). However, incomplete or inconsistent configuration of VNFs and service graphs may be vulnerable to potential security threats and could cause breakdown of services and of the supporting infrastructure. The main purpose of this paper is to provide an approach for allocation and formal verification that can ensure at the same time that policies such as reachability or isolation are never violated and that optimization is achieved. This ability to orchestrate and automate service validation makes assurance of reliable service delivery possible and simplifies security management tasks for network administrators.

[1]  Antonio Manzalini,et al.  Formal Verification of Virtual Network Function Graphs in an SP-DevOps Context , 2015, ESOCC.

[2]  Dan Li,et al.  PACE: Policy-Aware Application Cloud Embedding , 2013, 2013 Proceedings IEEE INFOCOM.

[3]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[4]  George Varghese,et al.  Checking Beliefs in Dynamic Networks , 2015, NSDI.

[5]  Michal Pióro,et al.  SNDlib 1.0—Survivable Network Design Library , 2010, Networks.

[6]  Costin Raiciu,et al.  SymNet: Scalable symbolic execution for modern networks , 2016, SIGCOMM.

[7]  Adlen Ksentini,et al.  Formally verified latency-aware VNF placement in industrial Internet of things , 2018, 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS).

[8]  E. Hadjiconstantinou,et al.  Transformation of propositional calculus statements into integer and mixed integer programs: An approach towards automatic reformulation , 1990 .

[9]  Tianlong Yu,et al.  BUZZ: Testing Context-Dependent Policies in Stateful Networks , 2016, NSDI.

[10]  Luciana S. Buriol,et al.  Security-aware optimal resource allocation for virtual network embedding , 2012, 2012 8th international conference on network and service management (cnsm) and 2012 workshop on systems virtualiztion management (svm).

[11]  Xin Li,et al.  An NFV Orchestration Framework for Interference-Free Policy Enforcement , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[12]  Ming Xu,et al.  Towards security-aware virtual network embedding , 2015, Comput. Networks.

[13]  Byoungmoon Chin,et al.  Automated Test Generation from Specifications Based on Formal Description Techniques , 1997 .

[14]  Vasilis Friderikos,et al.  Low latency virtual network embedding for mobile networks , 2016, 2016 IEEE International Conference on Communications (ICC).

[15]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[16]  Xiang Cheng,et al.  Virtual network embedding through topology awareness and optimization , 2012, Comput. Networks.

[17]  Minlan Yu,et al.  Rethinking virtual network embedding: substrate support for path splitting and migration , 2008, CCRV.

[18]  Nikolaj Bjørner,et al.  νZ - An Optimizing SMT Solver , 2015, TACAS.

[19]  David A. Maltz,et al.  Network traffic characteristics of data centers in the wild , 2010, IMC '10.

[20]  Ratul Mahajan,et al.  Measuring ISP topologies with Rocketfuel , 2004, IEEE/ACM Transactions on Networking.