A Dynamic Composition Mechanism of Security Service Chaining Oriented to SDN/NFV-Enabled Networks

With the large-scale commercial application of data center networks, the security problem of data center network is attracting more and more attention. However, security functions are usually placed on proprietary hardware, which makes the delivery of security service inflexible and of high cost. The emerging software-defined networking and network function virtualization in a joint manner are promising technology that can solve these outlined problems through a process named security service chaining (SSC) composition. Determining the composition of SSC that optimizes the resource allocation is a challenging problem, particularly without violating security and resource requirements. This problem is called the dynamic SSC composition problem, and an integer linear programming formulation with implementation in GLPK is provided. A novel heuristic solution is provided based on the breadth first search algorithm. The obtained experimental results show that the proposed algorithm can perform better than the compared ones, and the advantage of the proposed mechanism is also demonstrated via NetFPGA-10G prototype.

[1]  Matthias Rost,et al.  Service Chain and Virtual Network Embeddings: Approximations using Randomized Rounding , 2016, ArXiv.

[2]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[3]  Hongxin Hu,et al.  Dynamic Defense Provision via Network Functions Virtualization , 2017, SDN-NFV@CODASPY.

[4]  Michal Pioro,et al.  SNDlib 1.0—Survivable Network Design Library , 2010 .

[5]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[6]  Pierre Hansen,et al.  Improving heuristics for network modularity maximization using an exact algorithm , 2011, Discret. Appl. Math..

[7]  Mohammed Samaka,et al.  A survey on service function chaining , 2016, J. Netw. Comput. Appl..

[8]  Joan Serrat,et al.  Management and orchestration challenges in network functions virtualization , 2016, IEEE Communications Magazine.

[9]  Hasan Pirkul,et al.  A multi-commodity, multi-plant, capacitated facility location problem: formulation and efficient heuristic solution , 1998, Comput. Oper. Res..

[10]  Filip De Turck,et al.  VNF-P: A model for efficient placement of virtualized network functions , 2014, 10th International Conference on Network and Service Management (CNSM) and Workshop.

[11]  Ao Tang,et al.  Scalable Routing in SDN-enabled Networks with Consolidated Middleboxes , 2015, HotMiddlebox@SIGCOMM.

[12]  Yi Liu,et al.  A New Approach for Delivering Customized Security Everywhere: Security Service Chain , 2017, Secur. Commun. Networks.

[13]  Roberto Bifulco,et al.  ClickOS and the Art of Network Function Virtualization , 2014, NSDI.

[14]  Chuang-Chun Chiou,et al.  Transshipment Problems in Supply ChainSystems: Review and Extensions , 2008 .

[15]  Hyun-Jin Lee,et al.  Optimizing resource allocation for elastic security VNFs in the SDNFV-enabled cloud computing , 2017, 2017 International Conference on Information Networking (ICOIN).

[16]  Filip De Turck,et al.  Design and evaluation of algorithms for mapping and scheduling of virtual network functions , 2015, Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft).

[17]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[18]  Tamás Lukovszki,et al.  Online Admission Control and Embedding of Service Chains , 2015, SIROCCO.

[19]  Marouen Mechtri,et al.  A Scalable Algorithm for the Placement of Service Function Chains , 2016, IEEE Transactions on Network and Service Management.

[20]  Woosik Lee,et al.  Security Policy Scheme for an Efficient Security Architecture in Software-Defined Networking , 2017, Inf..

[21]  Jan Medved,et al.  OpenDaylight: Towards a Model-Driven SDN Controller architecture , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.