Optimal Embedding of Aggregated Service Function Tree

Many hardware-based security middleboxes have been deployed in the networks to defend against different threats. However, these hardware middleboxes are hard to upgrade or migrate. The emergence of network functions virtualization (NFV), which realizes various security functions in the form of virtual network functions (VNFs), brings many benefits to network security. To improve the security level further, several VNFs are coordinated in a pre-defined order to form service function chains (SFCs). It is expected that the SFCs are embedded properly with low cost, including the VNF setup cost and the flow routing cost. In this paper, we find that when an SFC is required by multiple flows for the identical network security threats, the total cost could be reduced by embedding an aggregated service function tree (ASFT) instead of multiple independent SFCs. We formally characterize the integer programming model of this problem and prove that it is NP-hard. Then we propose a performance-guaranteed approximation algorithm and prove that the algorithm could find the optimal solution in a special case. Extensive experiments indicate that our method can reduce the total cost by <inline-formula><tex-math notation="LaTeX">$22.0\%$</tex-math><alternatives><mml:math><mml:mrow><mml:mn>22</mml:mn><mml:mo>.</mml:mo><mml:mn>0</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="guo-ieq1-3147870.gif"/></alternatives></inline-formula> and <inline-formula><tex-math notation="LaTeX">$24.1\%$</tex-math><alternatives><mml:math><mml:mrow><mml:mn>24</mml:mn><mml:mo>.</mml:mo><mml:mn>1</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="guo-ieq2-3147870.gif"/></alternatives></inline-formula> against two compared algorithms, respectively.

[1]  Bo Li,et al.  Latency-aware VNF Chain Deployment with Efficient Resource Reuse at Network Edge , 2020, IEEE INFOCOM 2020 - IEEE Conference on Computer Communications.

[2]  Xiaojun Cao,et al.  Towards Latency Optimization in Hybrid Service Function Chain Composition and Embedding , 2020, IEEE INFOCOM 2020 - IEEE Conference on Computer Communications.

[3]  Ying Wang,et al.  Cost-aware Placement and Chaining of Service Function Chain with VNF Instance Sharing , 2020, NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium.

[4]  Gabriel Scalosub,et al.  Reducing Service Deployment Cost Through VNF Sharing , 2019, IEEE/ACM Transactions on Networking.

[5]  Tao Huang,et al.  RABA: Resource-Aware Backup Allocation For A Chain of Virtual Network Functions , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[6]  Cataldo Basile,et al.  Adding Support for Automatic Enforcement of Security Policies in NFV Networks , 2019, IEEE/ACM Transactions on Networking.

[7]  Guoming Tang,et al.  Optimal Service Function Tree Embedding for NFV Enabled Multicast , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[8]  Dimitrios P. Pezaros,et al.  Dynamic, Latency-Optimal vNF Placement at the Network Edge , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[9]  Stéphane Pérennes,et al.  Provably Efficient Algorithms for Placement of Service Function Chains with Ordering Constraints , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[10]  Eric Wang,et al.  Service Function Chaining Use Cases for Network Security , 2017 .

[11]  Marcos A. Simplício,et al.  A Framework for Enabling Security Services Collaboration Across Multiple Domains , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[12]  Chunming Qiao,et al.  Availability-aware mapping of service function chains , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[13]  Xiaojiang Du,et al.  Provably efficient algorithms for joint placement and allocation of virtual network functions , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[14]  Mohammed Samaka,et al.  A survey on service function chaining , 2016, J. Netw. Comput. Appl..

[15]  Timothy Wood,et al.  Toward online virtual network function placement in Software Defined Networks , 2016, 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS).

[16]  Joseph Naor,et al.  Near optimal placement of virtual network functions , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[17]  Christos Gkantsidis,et al.  Enabling End-Host Network Functions , 2015, Comput. Commun. Rev..

[18]  Cataldo Basile,et al.  Virtualized security at the network edge: a user-centric approach , 2015, IEEE Communications Magazine.

[19]  Konstantinos Psounis,et al.  Will cyber-insurance improve network security? A market analysis , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[20]  Andreas Krause,et al.  Submodular Function Maximization , 2014, Tractability.

[21]  Mathieu Bouet,et al.  Cost-Based Placement of Virtualized Deep Packet Inspection Functions in SDN , 2013, MILCOM 2013 - 2013 IEEE Military Communications Conference.

[22]  Meral Shirazipour,et al.  StEERING: A software-defined networking for inline service chaining , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[23]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[24]  Michal Pióro,et al.  SNDlib 1.0—Survivable Network Design Library , 2010, Networks.

[25]  Alan M. Frieze,et al.  Random graphs , 2006, SODA '06.

[26]  Fabián A. Chudak,et al.  Improved Approximation Algorithms for the Uncapacitated Facility Location Problem , 2003, SIAM J. Comput..

[27]  M. L. Fisher,et al.  An analysis of approximations for maximizing submodular set functions—I , 1978, Math. Program..