The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions

In recent years, the current Internet has experienced an unexpected paradigm shift in the usage model, which has pushed researchers towards the design of the Information-Centric Networking (ICN) paradigm as a possible replacement of the existing architecture. Even though both Academia and Industry have investigated the feasibility and effectiveness of ICN, achieving the complete replacement of the Internet Protocol (IP) is a challenging task. Some research groups have already addressed the coexistence by designing their own architectures, but none of those is the final solution to move towards the future Internet considering the unaltered state of the networking. To design such architecture, the research community needs now a comprehensive overview of the existing solutions that have so far addressed the coexistence. The purpose of this paper is to reach this goal by providing the first comprehensive survey and classification of the coexistence architectures according to their features (i.e., deployment approach, deployment scenarios, addressed coexistence requirements and architecture or technology used) and evaluation parameters (i.e., challenges emerging during the deployment and the runtime behaviour of an architecture). We believe that this paper will finally fill the gap required for moving towards the design of the final coexistence architecture.Comment: 23 pages, 16 figures, 3 table

Distributed control in virtualized networks

The increasing number of the Internet connected devices requires novel solutions to control the next generation network resources. The cooperation between the Software Defined Network (SDN) and the Network Function Virtualization (NFV) seems to be a promising technology paradigm. The bottleneck of current SDN/NFV implementations is the use of a centralized controller. In this paper, different scenarios to identify the pro and cons of a distributed control-plane were investigated. We implemented a prototypal framework to benchmark different centralized and distributed approaches. The test results have been critically analyzed and related considerations and recommendations have been reported. The outcome of our research influenced the control plane design of the following European R&D projects: PLATINO, FI-WARE and T-NOVA

Integração contínua no 5GinFIRE

With the current evolution of network connectable devices, traffic demands are becoming very high. Network operators need to ensure that they can provide new services faster but with the same quality while keeping the costs low. Given the traditional network architecture, that is not possible because the high demands require new hardware, and its substitution is costly and not flexible. By introducing the decoupling of network functions from traditional hardware, NFV is the technology that enables the step that network operators are trying to take. However, this approach also brings reliability concerns since it is mandatory to ensure that the virtual network functions (VNFs) behave as expected. 5GinFIRE is a project that aims to provide a 5G-NFV enabled experimental testbed. As this project handles multiple VNFs from the various experimenters, it is necessary to have an automated mechanism to validate VNFs. This dissertation provides a solution for the stated problem by having a system that verifies the syntax, semantics, and references of a VNF in an automated way without needing any further human interaction. As a result, a fully integrated testing platform is deployed in the 5GinFIRE infrastructure, and the results of the tests are issued in this Document.Com a evolução dos equipamentos com capacidade de se ligar à rede, as exigências de tráfego tornam-se muito altas. Os operadores precisam de garantir que oferecem os seus serviços rapidamente, com a mesma qualidade, mas mantendo os custos baixos. Dada a arquitetura tradicional de redes, isso não é possível uma vez que para alcançar essas necessidades é fundamental a aquisição de novos equipamentos, sendo que a sua substituição é cara e pouco flexível. Com a proposta de separação de funções de rede do seu hardware específico, NFV é a tecnologia que permite aos operadores alcançar o pretendido. No entanto, esta abordagem traz consigo problemas relacionados com a fiabilidade do código produzido, uma vez que é imperativo assegurar que as funções de rede implementadas (VNFs) se comportam como esperado. O 5GinFIRE é um projeto que tem como objetivo manter uma plataforma de experimentação de 5G-NFV. Como este projeto lida com múltiplas VNFs de vários colaboradores, é necessário haver um mecanismo automatizado que valida as mesmas. Esta dissertação aborda a solução referenciada tendo em si descrito um sistema que valida a sintaxe, semântica e referências de uma VNF de uma forma totalmente automatizada e sem qualquer necessidade de intervenção humana. Assim, o 5GinFIRE contém já uma plataforma de testes totalmente integrada no seu sistema e os seus resultados são analisados neste Documento.Mestrado em Engenharia de Computadores e Telemátic

Fatias de rede fim-a-fim : da extração de perfis de funções de rede a SLAs granulares

Orientador: Christian Rodolfo Esteve RothenbergTese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Nos últimos dez anos, processos de softwarização de redes vêm sendo continuamente diversi- ficados e gradativamente incorporados em produção, principalmente através dos paradigmas de Redes Definidas por Software (ex.: regras de fluxos de rede programáveis) e Virtualização de Funções de Rede (ex.: orquestração de funções virtualizadas de rede). Embasado neste processo o conceito de network slice surge como forma de definição de caminhos de rede fim- a-fim programáveis, possivelmente sobre infrastruturas compartilhadas, contendo requisitos estritos de desempenho e dedicado a um modelo particular de negócios. Esta tese investiga a hipótese de que a desagregação de métricas de desempenho de funções virtualizadas de rede impactam e compõe critérios de alocação de network slices (i.e., diversas opções de utiliza- ção de recursos), os quais quando realizados devem ter seu gerenciamento de ciclo de vida implementado de forma transparente em correspondência ao seu caso de negócios de comu- nicação fim-a-fim. A verificação de tal assertiva se dá em três aspectos: entender os graus de liberdade nos quais métricas de desempenho de funções virtualizadas de rede podem ser expressas; métodos de racionalização da alocação de recursos por network slices e seus re- spectivos critérios; e formas transparentes de rastrear e gerenciar recursos de rede fim-a-fim entre múltiplos domínios administrativos. Para atingir estes objetivos, diversas contribuições são realizadas por esta tese, dentre elas: a construção de uma plataforma para automatização de metodologias de testes de desempenho de funções virtualizadas de redes; a elaboração de uma metodologia para análises de alocações de recursos de network slices baseada em um algoritmo classificador de aprendizado de máquinas e outro algoritmo de análise multi- critério; e a construção de um protótipo utilizando blockchain para a realização de contratos inteligentes envolvendo acordos de serviços entre domínios administrativos de rede. Por meio de experimentos e análises sugerimos que: métricas de desempenho de funções virtualizadas de rede dependem da alocação de recursos, configurações internas e estímulo de tráfego de testes; network slices podem ter suas alocações de recursos coerentemente classificadas por diferentes critérios; e acordos entre domínios administrativos podem ser realizados de forma transparente e em variadas formas de granularidade por meio de contratos inteligentes uti- lizando blockchain. Ao final deste trabalho, com base em uma ampla discussão as perguntas de pesquisa associadas à hipótese são respondidas, de forma que a avaliação da hipótese proposta seja realizada perante uma ampla visão das contribuições e trabalhos futuros desta teseAbstract: In the last ten years, network softwarisation processes have been continuously diversified and gradually incorporated into production, mainly through the paradigms of Software Defined Networks (e.g., programmable network flow rules) and Network Functions Virtualization (e.g., orchestration of virtualized network functions). Based on this process, the concept of network slice emerges as a way of defining end-to-end network programmable paths, possibly over shared network infrastructures, requiring strict performance metrics associated to a par- ticular business case. This thesis investigate the hypothesis that the disaggregation of network function performance metrics impacts and composes a network slice footprint incurring in di- verse slicing feature options, which when realized should have their Service Level Agreement (SLA) life cycle management transparently implemented in correspondence to their fulfilling end-to-end communication business case. The validation of such assertive takes place in three aspects: the degrees of freedom by which performance of virtualized network functions can be expressed; the methods of rationalizing the footprint of network slices; and transparent ways to track and manage network assets among multiple administrative domains. In order to achieve such goals, a series of contributions were achieved by this thesis, among them: the construction of a platform for automating methodologies for performance testing of virtual- ized network functions; an elaboration of a methodology for the analysis of footprint features of network slices based on a machine learning classifier algorithm and a multi-criteria analysis algorithm; and the construction of a prototype using blockchain to carry out smart contracts involving service level agreements between administrative systems. Through experiments and analysis we suggest that: performance metrics of virtualized network functions depend on the allocation of resources, internal configurations and test traffic stimulus; network slices can have their resource allocations consistently analyzed/classified by different criteria; and agree- ments between administrative domains can be performed transparently and in various forms of granularity through blockchain smart contracts. At the end of his thesis, through a wide discussion we answer all the research questions associated to the investigated hypothesis in such way its evaluation is performed in face of wide view of the contributions and future work of this thesisDoutoradoEngenharia de ComputaçãoDoutor em Engenharia ElétricaFUNCAM

SLA Management in Intent-Driven Service Management Systems: A Taxonomy and Future Directions

Traditionally, network and system administrators are responsible for designing, configuring, and resolving the Internet service requests. Human-driven system configuration and management are proving unsatisfactory due to the recent interest in time-sensitive applications with stringent quality of service (QoS). Aiming to transition from the traditional human-driven to zero-touch service management in the field of networks and computing, intent-driven service management (IDSM) has been proposed as a response to stringent quality of service requirements. In IDSM, users express their service requirements in a declarative manner as intents. IDSM, with the help of closed control-loop operations, perform configurations and deployments, autonomously to meet service request requirements. The result is a faster deployment of Internet services and reduction in configuration errors caused by manual operations, which in turn reduces the service-level agreement (SLA) violations. In the early stages of development, IDSM systems require attention from industry as well as academia. In an attempt to fill the gaps in current research, we conducted a systematic literature review of SLA management in IDSM systems. As an outcome, we have identified four IDSM intent management activities and proposed a taxonomy for each activity. Analysis of all studies and future research directions, are presented in the conclusions.Comment: Extended version of the preprint submitted at ACM Computing Surveys (CSUR

Automation for network security configuration: state of the art and research trends

The size and complexity of modern computer networks are progressively increasing, as a consequence of novel architectural paradigms such as the Internet of Things and network virtualization. Consequently, a manual orchestration and configuration of network security functions is no more feasible, in an environment where cyber attacks can dramatically exploit breaches related to any minimum configuration error. A new frontier is then the introduction of automation in network security configuration, i.e., automatically designing the architecture of security services and the configurations of network security functions, such as firewalls, VPN gateways, etc. This opportunity has been enabled by modern computer networks technologies, such as virtualization. In view of these considerations, the motivations for the introduction of automation in network security configuration are first introduced, alongside with the key automation enablers. Then, the current state of the art in this context is surveyed, focusing on both the achieved improvements and the current limitations. Finally, possible future trends in the field are illustrated

Introducing Development Features for Virtualized Network Services

Network virtualization and softwarizing network functions are trends aiming at higher network efficiency, cost reduction and agility. They are driven by the evolution in Software Defined Networking (SDN) and Network Function Virtualization (NFV). This shows that software will play an increasingly important role within telecommunication services, which were previously dominated by hardware appliances. Service providers can benefit from this, as it enables faster introduction of new telecom services, combined with an agile set of possibilities to optimize and fine-tune their operations. However, the provided telecom services can only evolve if the adequate software tools are available. In this article, we explain how the development, deployment and maintenance of such an SDN/NFV-based telecom service puts specific requirements on the platform providing it. A Software Development Kit (SDK) is introduced, allowing service providers to adequately design, test and evaluate services before they are deployed in production and also update them during their lifetime. This continuous cycle between development and operations, a concept known as DevOps, is a well known strategy in software development. To extend its context further to SDN/NFV-based services, the functionalities provided by traditional cloud platforms are not yet sufficient. By giving an overview of the currently available tools and their limitations, the gaps in DevOps for SDN/NFV services are highlighted. The benefit of such an SDK is illustrated by a secure content delivery network service (enhanced with deep packet inspection and elastic routing capabilities). With this use-case, the dynamics between developing and deploying a service are further illustrated

Intent-based network slicing for SDN vertical services with assurance: Context, design and preliminary experiments

Network slicing is announced to be one of the key features for 5G infrastructures enabling network operators to provide network services with the flexibility and dynamicity necessary for the vertical services, while relying on Network Function Virtualization (NFV) and Software-defined Networking (SDN). On the other hand, vertical industries are attracted by flexibility and customization offered by operators through network slicing, especially if slices come with in-built SDN capabilities to programmatically connect their application components and if they are relieved of dealing with detailed technicalities of the underlying (virtual) infrastructure. In this paper, we present an Intent-based deployment of a NFV orchestration stack that allows for the setup of Qos-aware and SDN-enabled network slices toward effective service chaining in the vertical domain. The main aim of the work is to simplify and automate the deployment of tenant-managed SDN-enabled network slices through a declarative approach while abstracting the underlying implementation details and unburdening verticals to deal with technology-specific low-level networking directives. In our approach, the intent-based framework we propose is based on an ETSI NFV MANO platform and is assessed through a set of experimental results demonstrating its feasibility and effectiveness

Integração contínua no 5GASP

The wide adoption of an NFV-oriented paradigm by network operators proves the importance of NFV in the future of communication networks. This paradigm allows network operators to speed up the development process of their services, decoupling hardware from the functionalities provided by these services. However, since NFV has only been recently globally adopted, several questions and difficulties arose. Network operators need to ensure the reliability and the correct behavior of their Virtualized Network Functions, which poses severe challenges. Thus, the need for developing new validation tools, which are capable of validating network functions that live in an NFV ecosystem. 5GASP is a European project which aims to shorten the idea-to-market process by creating a fully automated and selfservice 5G testbed and providing support tools for Continuous Integration in a secure and trusted environment, addressing the DevOps paradigm. Being aligned with 5GASP’s goals, this dissertation mainly addresses the development of tools to validate NetApps. To accomplish this, this document introduces two different mechanisms for validating NetApps. The first tool is responsible for statically validate the NetApps before they are deployed in 5GASP’s testbeds, being denominated by NetApp Package Validator. Regarding this tool, during this document the focus is its Descriptors Validator Module, which validates the NetApp descriptors through syntactic, semantics, and reference validation and supports NetApps developed according to different Information Models. The second tool comprises an automated validation pipeline. This pipeline validates the functionality and the behavior of the NetApps once they are deployed in a 5G-testbed. Besides, it collects several metrics to enable a better understanding of the NetApp’s behavior. Both tools are expected to be integrated with the 5GASP’s ecosystem. This document presents the requirements definition, architecture, and implementation of these tools and presents their results and outputs.The wide adoption of an NFV-oriented paradigm by network operators proves the importance of NFV in the future of communication networks. This paradigm allows network operators to speed up the development process of their services, decoupling hardware from the functionalities provided by these services. However, since NFV has only been recently globally adopted, several questions and difficulties arose. Network operators need to ensure the reliability and the correct behavior of their Virtualized Network Functions, which poses severe challenges. Thus, the need for developing new validation tools, which are capable of validating network functions that live in an NFV ecosystem. 5GASP is a European project which aims to shorten the idea-to-market process by creating a fully automated and selfservice 5G testbed and providing support tools for Continuous Integration in a secure and trusted environment, addressing the DevOps paradigm. Being aligned with 5GASP’s goals, this dissertation mainly addresses the development of tools to validate NetApps. To accomplish this, this document introduces two different mechanisms for validating NetApps. The first tool is responsible for statically validate the NetApps before they are deployed in 5GASP’s testbeds, being denominated by NetApp Package Validator. Regarding this tool, during this document the focus is its Descriptors Validator Module, which validates the NetApp descriptors through syntactic, semantics, and reference validation and supports NetApps developed according to different Information Models. The second tool comprises an automated validation pipeline. This pipeline validates the functionality and the behavior of the NetApps once they are deployed in a 5G-testbed. Besides, it collects several metrics to enable a better understanding of the NetApp’s behavior. Both tools are expected to be integrated with the 5GASP’s ecosystem. This document presents the requirements definition, architecture, and implementation of these tools and presents their results and outputs.Mestrado em Engenharia Informátic