27 research outputs found

    Allocation d’infrastructures virtuelles en environnements clouds distribués

    No full text
    L'informatique en nuage (Cloud Computing) a émergé comme un nouveau paradigme pour offrir des ressources informatiques à la demande et pour externaliser des infrastructures logicielles et matérielles. Le Cloud Computing est rapidement et fondamentalement en train de révolutionner la façon dont les services informatiques sont mis à disposition et gérés. Ces services peuvent être demandés à partir d’un ou plusieurs fournisseurs de Cloud d’où le besoin de la mise en réseau entre les composants des services informatiques distribués dans des emplacements géographiquement répartis. Les utilisateurs du Cloud veulent aussi déployer et instancier facilement leurs ressources entre les différentes plateformes hétérogènes de Cloud Computing. Les fournisseurs de Cloud assurent la mise à disposition des ressources de calcul sous forme des machines virtuelles à leurs utilisateurs. Par contre, ces clients veulent aussi la mise en réseau entre leurs ressources virtuelles. En plus, ils veulent non seulement contrôler et gérer leurs applications, mais aussi contrôler la connectivité réseau et déployer des fonctions et des services de réseaux complexes dans leurs infrastructures virtuelles dédiées. Les besoins des utilisateurs avaient évolué au-delà d'avoir une simple machine virtuelle à l'acquisition de ressources et de services virtuels complexes, flexibles, élastiques et intelligents. L'objectif de cette thèse est de permettre le placement et l’instanciation des ressources complexes dans des infrastructures de Cloud distribués tout en permettant aux utilisateurs le contrôle et la gestion de leurs ressources. En plus, notre objectif est d'assurer la convergence entre les services de cloud et de réseau. Pour atteindre cela, nous proposons des algorithmes de mapping d’infrastructures virtuelles dans les centres de données et dans le réseau tout en respectant les exigences des utilisateurs. Avec l'apparition du Cloud Computing, les réseaux traditionnels sont étendus et renforcés avec des réseaux logiciels reposant sur la virtualisation des ressources et des fonctions réseaux. En plus, le nouveau paradigme d'architecture réseau (Software Defined Networks) est particulièrement pertinent car il vise à offrir la programmation du réseau et à découpler, dans un équipement réseau, la partie plan de données de la partie plan de contrôle. Dans ce contexte, la première partie propose des algorithmes optimaux (exacts) et heuristiques de placement pour trouver le meilleur mapping entre les demandes des utilisateurs et les infrastructures sous-jacentes, tout en respectant les exigences exprimées dans les demandes. Cela inclut des contraintes de localisation permettant de placer une partie des ressources virtuelles dans le même nœud physique. Ces contraintes assurent aussi le placement des ressources dans des nœuds distincts. Les algorithmes proposés assurent le placement simultané des nœuds et des liens virtuels sur l’infrastructure physique. Nous avons proposé aussi un algorithme heuristique afin d’accélérer le temps de résolution et de réduire la complexité du problème. L'approche proposée se base sur la technique de décomposition des graphes et la technique de couplage des graphes bipartis. Dans la troisième partie, nous proposons un cadriciel open source (framework) permettant d’assurer la mise en réseau dynamique entre des ressources Cloud distribués et l’instanciation des fonctions réseau dans l’infrastructure virtuelle de l’utilisateur. Ce cadriciel permettra de déployer et d’activer les composants réseaux afin de mettre en place les demandes des utilisateurs. Cette solution se base sur un gestionnaire des ressources réseaux "Cloud Network Gateway Manager" et des passerelles logicielles permettant d’établir la connectivité dynamique et à la demande entre des ressources cloud et réseau. Le CNG-Manager offre le contrôle de la partie réseau et prend en charge le déploiement des fonctions réseau nécessaires dans l'infrastructure virtuelle des utilisateursCloud computing emerged as a new paradigm for on-demand provisioning of IT resources and for infrastructure externalization and is rapidly and fundamentally revolutionizing the way IT is delivered and managed. The resulting incremental Cloud adoption is fostering to some extent cloud providers cooperation and increasing the needs of tenants and the complexity of their demands. Tenants need to network their distributed and geographically spread cloud resources and services. They also want to easily accomplish their deployments and instantiations across heterogeneous cloud platforms. Traditional cloud providers focus on compute resources provisioning and offer mostly virtual machines to tenants and cloud services consumers who actually expect full-fledged (complete) networking of their virtual and dedicated resources. They not only want to control and manage their applications but also control connectivity to easily deploy complex network functions and services in their dedicated virtual infrastructures. The needs of users are thus growing beyond the simple provisioning of virtual machines to the acquisition of complex, flexible, elastic and intelligent virtual resources and services. The goal of this thesis is to enable the provisioning and instantiation of this type of more complex resources while empowering tenants with control and management capabilities and to enable the convergence of cloud and network services. To reach these goals, the thesis proposes mapping algorithms for optimized in-data center and in-network resources hosting according to the tenants' virtual infrastructures requests. In parallel to the apparition of cloud services, traditional networks are being extended and enhanced with software networks relying on the virtualization of network resources and functions especially through network resources and functions virtualization. Software Defined Networks are especially relevant as they decouple network control and data forwarding and provide the needed network programmability and system and network management capabilities. In such a context, the first part proposes optimal (exact) and heuristic placement algorithms to find the best mapping between the tenants' requests and the hosting infrastructures while respecting the objectives expressed in the demands. This includes localization constraints to place some of the virtual resources and services in the same host and to distribute other resources in distinct hosts. The proposed algorithms achieve simultaneous node (host) and link (connection) mappings. A heuristic algorithm is proposed to address the poor scalability and high complexity of the exact solution(s). The heuristic scales much better and is several orders of magnitude more efficient in terms of convergence time towards near optimal and optimal solutions. This is achieved by reducing complexity of the mapping process using topological patterns to map virtual graph requests to physical graphs representing respectively the tenants' requests and the providers' physical infrastructures. The proposed approach relies on graph decomposition into topology patterns and bipartite graphs matching techniques. The third part propose an open source Cloud Networking framework to achieve cloud and network resources provisioning and instantiation in order to respectively host and activate the tenants' virtual resources and services. This framework enables and facilitates dynamic networking of distributed cloud services and applications. This solution relies on a Cloud Network Gateway Manager and gateways to establish dynamic connectivity between cloud and network resources. The CNG-Manager provides the application networking control and supports the deployment of the needed underlying network functions in the tenant desired infrastructure (or slice since the physical infrastructure is shared by multiple tenants with each tenant receiving a dedicated and isolated portion/share of the physical resources

    Allocation d’infrastructures virtuelles en environnements clouds distribués

    No full text
    Cloud computing emerged as a new paradigm for on-demand provisioning of IT resources and for infrastructure externalization and is rapidly and fundamentally revolutionizing the way IT is delivered and managed. The resulting incremental Cloud adoption is fostering to some extent cloud providers cooperation and increasing the needs of tenants and the complexity of their demands. Tenants need to network their distributed and geographically spread cloud resources and services. They also want to easily accomplish their deployments and instantiations across heterogeneous cloud platforms. Traditional cloud providers focus on compute resources provisioning and offer mostly virtual machines to tenants and cloud services consumers who actually expect full-fledged (complete) networking of their virtual and dedicated resources. They not only want to control and manage their applications but also control connectivity to easily deploy complex network functions and services in their dedicated virtual infrastructures. The needs of users are thus growing beyond the simple provisioning of virtual machines to the acquisition of complex, flexible, elastic and intelligent virtual resources and services. The goal of this thesis is to enable the provisioning and instantiation of this type of more complex resources while empowering tenants with control and management capabilities and to enable the convergence of cloud and network services. To reach these goals, the thesis proposes mapping algorithms for optimized in-data center and in-network resources hosting according to the tenants' virtual infrastructures requests. In parallel to the apparition of cloud services, traditional networks are being extended and enhanced with software networks relying on the virtualization of network resources and functions especially through network resources and functions virtualization. Software Defined Networks are especially relevant as they decouple network control and data forwarding and provide the needed network programmability and system and network management capabilities. In such a context, the first part proposes optimal (exact) and heuristic placement algorithms to find the best mapping between the tenants' requests and the hosting infrastructures while respecting the objectives expressed in the demands. This includes localization constraints to place some of the virtual resources and services in the same host and to distribute other resources in distinct hosts. The proposed algorithms achieve simultaneous node (host) and link (connection) mappings. A heuristic algorithm is proposed to address the poor scalability and high complexity of the exact solution(s). The heuristic scales much better and is several orders of magnitude more efficient in terms of convergence time towards near optimal and optimal solutions. This is achieved by reducing complexity of the mapping process using topological patterns to map virtual graph requests to physical graphs representing respectively the tenants' requests and the providers' physical infrastructures. The proposed approach relies on graph decomposition into topology patterns and bipartite graphs matching techniques. The third part propose an open source Cloud Networking framework to achieve cloud and network resources provisioning and instantiation in order to respectively host and activate the tenants' virtual resources and services. This framework enables and facilitates dynamic networking of distributed cloud services and applications. This solution relies on a Cloud Network Gateway Manager and gateways to establish dynamic connectivity between cloud and network resources. The CNG-Manager provides the application networking control and supports the deployment of the needed underlying network functions in the tenant desired infrastructure (or slice since the physical infrastructure is shared by multiple tenants with each tenant receiving a dedicated and isolated portion/share of the physical resources)L'informatique en nuage (Cloud Computing) a émergé comme un nouveau paradigme pour offrir des ressources informatiques à la demande et pour externaliser des infrastructures logicielles et matérielles. Le Cloud Computing est rapidement et fondamentalement en train de révolutionner la façon dont les services informatiques sont mis à disposition et gérés. Ces services peuvent être demandés à partir d’un ou plusieurs fournisseurs de Cloud d’où le besoin de la mise en réseau entre les composants des services informatiques distribués dans des emplacements géographiquement répartis. Les utilisateurs du Cloud veulent aussi déployer et instancier facilement leurs ressources entre les différentes plateformes hétérogènes de Cloud Computing. Les fournisseurs de Cloud assurent la mise à disposition des ressources de calcul sous forme des machines virtuelles à leurs utilisateurs. Par contre, ces clients veulent aussi la mise en réseau entre leurs ressources virtuelles. En plus, ils veulent non seulement contrôler et gérer leurs applications, mais aussi contrôler la connectivité réseau et déployer des fonctions et des services de réseaux complexes dans leurs infrastructures virtuelles dédiées. Les besoins des utilisateurs avaient évolué au-delà d'avoir une simple machine virtuelle à l'acquisition de ressources et de services virtuels complexes, flexibles, élastiques et intelligents. L'objectif de cette thèse est de permettre le placement et l’instanciation des ressources complexes dans des infrastructures de Cloud distribués tout en permettant aux utilisateurs le contrôle et la gestion de leurs ressources. En plus, notre objectif est d'assurer la convergence entre les services de cloud et de réseau. Pour atteindre cela, nous proposons des algorithmes de mapping d’infrastructures virtuelles dans les centres de données et dans le réseau tout en respectant les exigences des utilisateurs. Avec l'apparition du Cloud Computing, les réseaux traditionnels sont étendus et renforcés avec des réseaux logiciels reposant sur la virtualisation des ressources et des fonctions réseaux. En plus, le nouveau paradigme d'architecture réseau (Software Defined Networks) est particulièrement pertinent car il vise à offrir la programmation du réseau et à découpler, dans un équipement réseau, la partie plan de données de la partie plan de contrôle. Dans ce contexte, la première partie propose des algorithmes optimaux (exacts) et heuristiques de placement pour trouver le meilleur mapping entre les demandes des utilisateurs et les infrastructures sous-jacentes, tout en respectant les exigences exprimées dans les demandes. Cela inclut des contraintes de localisation permettant de placer une partie des ressources virtuelles dans le même nœud physique. Ces contraintes assurent aussi le placement des ressources dans des nœuds distincts. Les algorithmes proposés assurent le placement simultané des nœuds et des liens virtuels sur l’infrastructure physique. Nous avons proposé aussi un algorithme heuristique afin d’accélérer le temps de résolution et de réduire la complexité du problème. L'approche proposée se base sur la technique de décomposition des graphes et la technique de couplage des graphes bipartis. Dans la troisième partie, nous proposons un cadriciel open source (framework) permettant d’assurer la mise en réseau dynamique entre des ressources Cloud distribués et l’instanciation des fonctions réseau dans l’infrastructure virtuelle de l’utilisateur. Ce cadriciel permettra de déployer et d’activer les composants réseaux afin de mettre en place les demandes des utilisateurs. Cette solution se base sur un gestionnaire des ressources réseaux "Cloud Network Gateway Manager" et des passerelles logicielles permettant d’établir la connectivité dynamique et à la demande entre des ressources cloud et réseau. Le CNG-Manager offre le contrôle de la partie réseau et prend en charge le déploiement des fonctions réseau nécessaires dans l'infrastructure virtuelle des utilisateur

    A Twofold Self-Healing Approach for MANET Survivability Reinforcement

    No full text
    International audienceDistributed systems are by nature fault-prone systems. The situation becomes more complex in the presence of intrusions that continue to grow in both number and severity, especially in open environments like MANET. In this paper, we present a twofold self-healing approach to reinforce MANET survivability. First, a fault-tolerant IDS is designed by replication of individual agents within MASID to ensure continuous supervision of the network. However, since not all intrusions are predictable, there might have some serious effects on the network before being detected and completely removed. For that, even if the implications of intrusions could be minimized by the intrusion detection system MASID, still the need for the recovery of altered or deleted data is a vital step to ensure the correct functioning of the network. For that, a recovery-oriented approach for a self-healing MANET is also presented. It is based on the ability of MASID-R to assess the damage caused by the detected intrusions and aimed at enabling the supervised network to heal itself of those faults and damages. Simulations using ns-2 have been performed to study the feasibility and prove the optimality of the proposed approach

    A green VNFs placement and chaining algorithm

    No full text
    International audienceThis paper proposes an Integer Linear Program (ILP) to address Virtualized Network Function Forwarding Graph (VNF-FG) placement and chaining with Virtualized Network Functions (VNFs) shared across tenants to optimize resource usage and increase provider revenue. The proposed algorithm selects a limited number of candidate hosts from the infrastructure to reduce the complexity of the ILP and scale with problem size. Results from extensive simulations report performance improvements in terms of rejection rate, energy consumption and scalability. Limiting the number of candidates is an efficient heuristic to ensure scalabilit

    A Scalable Algorithm for the Placement of Service Function Chains

    No full text

    On the Design of a New Intrusion Detection System for Securing MANET: An Agent-Based Approach

    No full text
    MANETs for short, are increasingly gaining popularity. However, these networks are more vulnerable to attacks than wired networks. This is, mainly, due to their special nature and to the numerous constraints they present. Although many research works have been devoted to develop security mechanisms for MANETs, but still the optimal and efficient security solution not found. In this paper, we focus on intrusion detection in the mobile ad-hoc networks. Starting by an overview of the existing work in this field, and ending up with the proposal of a new distributed and cooperative architecture for intrusion detection. In order to overcome the weaknesses and flaws of the existing MANET intrusion detection systems (IDSs), this architecture integrates an agent-based detection process. So, the main principle of the proposed architecture is based on: (a) the distribution which is achieved through the implementation of a local intrusion detection system on each network node, and (b) the cooperation that is guaranteed by mobile and stationary agents’ collaboration. In that way we were able to have an IDS with so many interesting features such as: flexibility, distribution and cooperation, autonomy, lightweight, reactivity and fault tolerance which are extremely desired for any MANET intrusion detection system. The paper also discusses various constraints and limitations related to MANETs; and shows how effectively does our IDS manage to overcome them. 1

    A Twofold Self-Healing Approach for MANET Survivability Reinforcement

    No full text
    International audienceDistributed systems are by nature fault-prone systems. The situation becomes more complex in the presence of intrusions that continue to grow in both number and severity, especially in open environments like MANET. In this paper, we present a twofold self-healing approach to reinforce MANET survivability. First, a fault-tolerant IDS is designed by replication of individual agents within MASID to ensure continuous supervision of the network. However, since not all intrusions are predictable, there might have some serious effects on the network before being detected and completely removed. For that, even if the implications of intrusions could be minimized by the intrusion detection system MASID, still the need for the recovery of altered or deleted data is a vital step to ensure the correct functioning of the network. For that, a recovery-oriented approach for a self-healing MANET is also presented. It is based on the ability of MASID-R to assess the damage caused by the detected intrusions and aimed at enabling the supervised network to heal itself of those faults and damages. Simulations using ns-2 have been performed to study the feasibility and prove the optimality of the proposed approach

    Agile service manager for 5G

    No full text
    International audienceThis paper presents an underlying framework to support and accelerate the production of applications and services in the context of programmable networks (SDN and NFV, clouds). The proposed framework addresses moreover the 5G KPI of "reducing the average service creation time from 90 hours to 90 minutes" as declared by 5G-PPP association in the early of 2015 among other KPIs. The proposed framework relies on SDN, NFV and Cloud principles and technologies and proposes extensions towards the end to end abstraction that is required for automation of service production. A Service Manager Architecture fulfilling the agility, acceleration and automation requirements is presented along with its relationships and interfaces with the applications and network levels. An application requiring network services, expressed in a network service descriptor, is used to illustrate the architecture usage and benefits and highlights the remaining future research needs and trail

    Online and batch algorithms for VNFs placement and chaining

    No full text
    International audienceThis paper proposes an Integer Linear Program (ILP) to address the Virtualized Network Function Forwarding Graph (VNF-FG) placement and chaining problem when VNFs are shared across tenants to optimize resource usage and increase provider revenue. Since ILP based approaches do not scale well with problem size, the proposed algorithm (R-ILP for reduced exploration) selects a limited number of candidate hosts from the infrastructure to control complexity. Since the online R-ILP treats the requests sequentially, a batch strategy that operates on a set of requests is also proposed to improve performance. The online algorithm processes the VNF-FG requests on a sequential basis as they arrive while the batch mode treats several requests jointly over a batch window. This work focuses on energy consumption optimization as a general objective. The proposed solutions are shown to outperform competitor algorithms from the state of the art that rely also on VNFs sharing. Results from extensive simulations, based on realistic and large scale topologies, report the performance in terms of rejection of service requests, energy consumption, scalability and achieved revenues. The performance benefits of operating our R-ILP in batch mode are highlighted

    Cloud service delivery across multiple cloud platforms

    No full text
    International audienceThe paper presents work-in-progress on the cloud service provisioning across multiple cloud providers. The work assumes the emergence of Cloud Brokers between customers and cloud providers. The brokers split user requests and ensure provisioning from multiple providers. An exact splitting algorithm is developed to efficiently split the cloud requests among the multiple cloud platforms with the aim of decreasing the cost for customers. This splitting is formulated as a Mixed Integer Program and this is combined with Open Flow and NOX technologies that achieve flow based inter-cloud networking. A new controller module is developed and integrated in NOX to configure the Open Flow switches for inter-cloud path establishment
    corecore