A toolset for efficient privacy-oriented virtual network embedding and its instantiation on SDN/OpenFlow-based substrates

Abstract Network virtualization has become increasingly popular in recent years. It has the potential to allow timely handling of network infrastructure requests and, after instantiated, their lifecycle. In addition, it enables improved physical resource utilization. However, the use of network virtualization in large-scale, real environments depends on the ability to adequately map virtual routers and links to physical resources, as well as to protect virtual networks against security threats. With respect to security, mechanisms supporting confidentiality and privacy have become essential in light of recent discoveries related to pervasive electronic surveillance. In this paper we propose a set of tools to efficiently embed virtual networks with privacy support and to allow their real instantiation on top of SDN/OpenFlow-based substrates. This toolset unfolds into three main contributions: (a) an exact VNE model suitable for smaller networks, which also serves the purpose of determining an optimality baseline; (b) a heuristic VNE algorithm, which features precise modeling of overhead costs of security mechanisms and handles incoming requests in an online manner; and (c) a VNE to SDN/OpenFlow translation mechanism, which takes as input the outcome of the heuristic VNE algorithm and produces a set of coherent OpenFlow rules to guide the real instantiation of the mapped virtual networks. We present a detailed performance comparison between the proposed heuristic and the optimization model. The obtained results demonstrate that the heuristic algorithm is able to find feasible mappings in the order of seconds even when dealing with large network infrastructures. Finally, we demonstrate how mappings generated by our heuristic VNE algorithm may be implemented in practice as well as assess the technical feasibility of this process.

[1]  Yonggang Wen,et al.  Toward profit-seeking virtual network embedding algorithm via global resource capacity , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[2]  Raouf Boutaba,et al.  Topology-Awareness and Reoptimization Mechanism for Virtual Network Embedding , 2010, Networking.

[3]  Valérie Issarny,et al.  Guest editorial: Special issue on the future of middleware , 2011, Journal of Internet Services and Applications.

[4]  Ibrahim Matta,et al.  A general distributed approach to slice embedding with guarantees , 2013, 2013 IFIP Networking Conference.

[5]  Gustavo Prado Alkmim,et al.  Mapping virtual networks onto substrate networks , 2013, Journal of Internet Services and Applications.

[6]  Edmundo Roberto Mauro Madeira,et al.  Virtual network security: threats, countermeasures, and challenges , 2015, Journal of Internet Services and Applications.

[7]  Raouf Boutaba,et al.  ViNEYard: Virtual Network Embedding Algorithms With Coordinated Node and Link Mapping , 2012, IEEE/ACM Transactions on Networking.

[8]  Shinji Kobayashi,et al.  DomainFlow: practical flow management method using multiple flow tables in commodity switches , 2013, CoNEXT.

[9]  Xin Jin,et al.  CoVisor: A Compositional Hypervisor for Software-Defined Networks , 2015, NSDI.

[10]  Raouf Boutaba,et al.  Survivable Virtual Network Embedding , 2010, 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[11]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[12]  Lazaros F. Merakos,et al.  A generic characterization of the overheads imposed by IPsec and associated cryptographic algorithms , 2006, Comput. Networks.

[13]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[14]  Luciana S. Buriol,et al.  Characterizing the impact of network substrate topologies on virtual network embedding , 2013, Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013).

[15]  Ying Wang,et al.  A Survivable Virtual Network Embedding scheme based on load balancing and reconfiguration , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[16]  Luciana S. Buriol,et al.  A heuristic-based algorithm for privacy-oriented virtual network embedding , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[17]  Albert,et al.  Topology of evolving networks: local events and universality , 2000, Physical review letters.

[18]  Xiang Cheng,et al.  Virtual network embedding through topology-aware node ranking , 2011, CCRV.

[19]  Minlan Yu,et al.  Rethinking virtual network embedding: substrate support for path splitting and migration , 2008, CCRV.

[20]  Daniel M Batista Mapping virtual networks onto substrate , 2013 .

[21]  Cédric Westphal,et al.  Scalable Routing Via Greedy Embedding , 2009, IEEE INFOCOM 2009.