A Requirement-Oriented Design of NFV Topology by Formal Synthesis

Computer networks today heavily depend on expensive and proprietary hardware deployed at fixed locations. Network functions virtualization (NFV), one of the fastest emerging topics in networking, reduces the limitations of these vendor-specific hardware with respect to the flexibility of network architecture and elasticity in handling varying traffic patterns. Many defense mechanisms against cyberattacks, as well as quality enhancing techniques have been proposed by leveraging the capabilities of the NFV architecture. NFV allows a flexible and dynamic implementation of virtual network functions in virtual machines running on commercial-off-the-shelf (COTS) servers. These quality enhancing network functions often work as a filter to distinguish between a legitimate packet and an attack packet and can be deployed dynamically to balance the variable attack load. However, allocating resources to these virtual machines is an NP-hard problem. In this paper, we propose a solution to this problem and determine the number and placement of the virtual machines (VMs) hosted on COTS servers. We design and implement two separate automated frameworks for defense and quality maintenance that model the resource specifications, incoming packet processing requirements, and network bandwidth constraints. It uses satisfiability modulo theories (SMT) for modeling this synthesis problem and provides a satisfiable solution.

[1]  Vyas Sekar,et al.  Bohatei: Flexible and Elastic DDoS Defense , 2015, USENIX Security Symposium.

[2]  Nen-Fu Huang,et al.  Bandwidth distribution for applications in slicing network toward SDN on vCPE framework , 2016, 2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS).

[3]  Rashedur M. Rahman,et al.  Implementation and performance analysis of various VM placement strategies in CloudSim , 2015, Journal of Cloud Computing.

[4]  Raouf Boutaba,et al.  Breaking Service Function Chains with Khaleesi , 2018, 2018 IFIP Networking Conference (IFIP Networking) and Workshops.

[5]  Joseph Naor,et al.  Near optimal placement of virtual network functions , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[6]  Giuseppe Lettieri,et al.  Speeding up packet I/O in virtual machines , 2013, Architectures for Networking and Communications Systems.

[7]  Andrei Gurtov,et al.  Leveraging LTE security with SDN and NFV , 2015, 2015 IEEE 10th International Conference on Industrial and Information Systems (ICIIS).

[8]  Holger Karl,et al.  Specifying and placing chains of virtual network functions , 2014, 2014 IEEE 3rd International Conference on Cloud Networking (CloudNet).

[9]  Aditya Akella,et al.  OpenNF: enabling innovation in network function control , 2015, SIGCOMM 2015.

[10]  Chadi Assi,et al.  A Logic-Based Benders Decomposition Approach for the VNF Assignment Problem , 2019, IEEE Transactions on Cloud Computing.

[11]  Byung-Gon Chun,et al.  Understanding the packet Processing Capabilities of Multi-core Servers , 2009 .

[12]  Otto Carlos Muniz Bandeira Duarte,et al.  Orchestrating Virtualized Network Functions , 2015, IEEE Transactions on Network and Service Management.

[13]  Seungjoon Lee,et al.  Network function virtualization: Challenges and opportunities for innovations , 2015, IEEE Communications Magazine.

[14]  Tamás Lukovszki,et al.  It's a Match!: Near-Optimal and Incremental Middlebox Deployment , 2016, CCRV.

[15]  Kate Ching-Ju Lin,et al.  Deploying chains of virtual network functions: On the relation between link and server usage , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[16]  Luciana S. Buriol,et al.  Piecing together the NFV provisioning puzzle: Efficient placement and chaining of virtual network functions , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[17]  Wei Yang,et al.  VFence: A Defense against Distributed Denial of Service Attacks Using Network Function Virtualization , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[18]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[19]  Carol J. Fung,et al.  VGuard: A distributed denial of service attack mitigation method using network function virtualization , 2015, 2015 11th International Conference on Network and Service Management (CNSM).

[20]  Mohammad Ashiqur Rahman,et al.  Automated synthesis of NFV topology: A security requirement-oriented design , 2017, 2017 13th International Conference on Network and Service Management (CNSM).

[21]  Dr. Jayashree Agarkhed,et al.  Optimizing Cloud Resources for Delivering IPTV Services through Virtualization , 2014 .

[22]  Raouf Boutaba,et al.  On orchestrating virtual network functions , 2015, 2015 11th International Conference on Network and Service Management (CNSM).

[23]  Rittwik Jana,et al.  Exploiting virtualization for delivering cloud-based IPTV services , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[24]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[25]  Nikolaj Bjørner,et al.  Satisfiability Modulo Theories: An Appetizer , 2009, SBMF.

[26]  Abdallah Shami,et al.  Orchestrating network function virtualization platform: Migration or re-instantiation? , 2017, 2017 IEEE 6th International Conference on Cloud Networking (CloudNet).

[27]  Kuang-Ching Wang,et al.  VNGuard: An NFV/SDN combination framework for provisioning and managing virtual firewalls , 2015, 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN).

[28]  Chadi Assi,et al.  A Cut-and-Solve Based Approach for the VNF Assignment Problem , 2017 .

[29]  Mohammad Masdari,et al.  An overview of virtual machine placement schemes in cloud computing , 2016, J. Netw. Comput. Appl..

[30]  Adlen Ksentini,et al.  Formally verified latency-aware VNF placement in industrial Internet of things , 2018, 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS).

[31]  Stefano Secci,et al.  Virtual network functions placement and routing optimization , 2015, 2015 IEEE 4th International Conference on Cloud Networking (CloudNet).

[32]  Xin Li,et al.  An NFV Orchestration Framework for Interference-Free Policy Enforcement , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[33]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[34]  Antonio Pastor,et al.  Access Use Cases for an Open OAM Interface to Virtualized Security Services , 2014 .

[35]  田村 芳明,et al.  Kemari: Virtual Machine Synchronization for Fault Tolerance , 2010 .

[36]  Thomas Wild,et al.  Packet Processing at 100 Gbps and Beyond - Challenges and Perspectives , 2009 .

[37]  Yacine Rebahi,et al.  Virtual security appliances: the next generation security , 2015, 2015 International Conference on Communications, Management and Telecommunications (ComManTel).

[38]  Esmeralda Hysenbelliu A Cloud based architecture for IPTV as a Service , 2015 .