Algorithms for advance bandwidth reservation in media production networks

Media production generally requires many geographically distributed actors (e.g., production houses, broadcasters, advertisers) to exchange huge amounts of raw video and audio data. Traditional distribution techniques, such as dedicated point-to-point optical links, are highly inefficient in terms of installation time and cost. To improve efficiency, shared media production networks that connect all involved actors over a large geographical area, are currently being deployed. The traffic in such networks is often predictable, as the timing and bandwidth requirements of data transfers are generally known hours or even days in advance. As such, the use of advance bandwidth reservation (AR) can greatly increase resource utilization and cost efficiency. In this paper, we propose an Integer Linear Programming formulation of the bandwidth scheduling problem, which takes into account the specific characteristics of media production networks, is presented. Two novel optimization algorithms based on this model are thoroughly evaluated and compared by means of in-depth simulation results

Deployment of NFV and SFC scenarios

Aquest ítem conté el treball original, defensat públicament amb data de 24 de febrer de 2017, així com una versió millorada del mateix amb data de 28 de febrer de 2017. Els canvis introduïts a la segona versió són 1) correcció d'errades 2) procediment del darrer annex.Telecommunications services have been traditionally designed linking hardware devices and providing mechanisms so that they can interoperate. Those devices are usually specific to a single service and are based on proprietary technology. On the other hand, the current model works by defining standards and strict protocols to achieve high levels of quality and reliability which have defined the carrier-class provider environment. Provisioning new services represent challenges at different levels because inserting the required devices involve changes in the network topology. This leads to slow deployment times and increased operational costs. To overcome the current burdens network function installation and insertion processes into the current service topology needs to be streamlined to allow greater flexibility. The current service provider model has been disrupted by the over-the-top Internet content providers (Facebook, Netflix, etc.), with short product cycles and fast development pace of new services. The content provider irruption has meant a competition and stress over service providers' infrastructure and has forced telco companies to research new technologies to recover market share with flexible and revenue-generating services. Network Function Virtualization (NFV) and Service Function Chaining (SFC) are some of the initiatives led by the Communication Service Providers to regain the lost leadership. This project focuses on experimenting with some of these already available new technologies, which are expected to be the foundation of the new network paradigms (5G, IOT) and support new value-added services over cost-efficient telecommunication infrastructures. Specifically, SFC scenarios have been deployed with Open Platform for NFV (OPNFV), a Linux Foundation project. Some use cases of the NFV technology are demonstrated applied to teaching laboratories. Although the current implementation does not achieve a production degree of reliability, it provides a suitable environment for the development of new functional improvements and evaluation of the performance of virtualized network infrastructures

Self-managing cloud-native applications : design, implementation and experience

Running applications in the cloud efficiently requires much more than deploying software in virtual machines. Cloud applications have to be continuously managed: (1) to adjust their resources to the incoming load and (2) to face transient failures replicating and restarting components to provide resiliency on unreliable infrastructure. Continuous management monitors application and infrastructural metrics to provide automated and responsive reactions to failures (health management) and changing environmental conditions (auto-scaling) minimizing human intervention. In the current practice, management functionalities are provided as infrastructural or third party services. In both cases they are external to the application deployment. We claim that this approach has intrinsic limits, namely that separating management functionalities from the application prevents them from naturally scaling with the application and requires additional management code and human intervention. Moreover, using infrastructure provider services for management functionalities results in vendor lock-in effectively preventing cloud applications to adapt and run on the most effective cloud for the job. In this paper we discuss the main characteristics of cloud native applications, propose a novel architecture that enables scalable and resilient self-managing applications in the cloud, and relate on our experience in porting a legacy application to the cloud applying cloud-native principles

Semantic Techniques for Multi-Cloud Applications Portability and Interoperability

The composition of Cloud Services to satisfy customer requirements is a complex task, owing to the huge number of services that arecurrentlyavailable. TheadventofBigDataandInternetofThings(IoT),whichrelyonCloudresourcesforbetterperformances and scalability, is pushing researchers to find new solutions to the Cloud Services composition problem. In this paper a semanticbased representation of Application Patterns and Cloud Services is presented, with an example of its use in a typical distributed application, which shows how the proposed approach can be successfully employed for the discovery and composition of Cloud Services.

Deployment of TOSCA cloud services archives using Kubernetes

In recent years container virtualization and container management emerged in the context of Cloud computing as a new paradigm in IT enterprises. It introduces new approaches that enable the IT industry to manage their application and services more effectively in the Cloud. With the rapid increase of usage of Cloud computing, IT companies introduce new tools to manage their applications in Cloud environments. However, each tool has its own kind of definitions and specifications on describing the applications in their platforms which creates vendor lock-in for its users and also hampers the portability features of Cloud applications. To solve this issue, TOSCA has been introduced to the industry by OASIS. The Topology and Orchestration Specification for Cloud Applications (TOSCA) provides a standardization approach enabling portability of Cloud services between different Cloud Computing providers. The main goal of TOSCA is to model enterprise applications in a standardized and technology-independent way regardless of a specific Cloud provider or environment. To model and deploy applications using TOSCA properly, all required artifacts are packaged and bundled as TOSCA Cloud Service Archives (CSARs). Such CSARs are then used by Cloud orchestration engines to deploy the application to Cloud platforms. At the technology level, several deployment and cluster management approaches and tools are rapidly emerging such as Docker Compose, Docker Swarm, Kubernetes, Nomad, and Apache Mesos. Most of them are centered around containerization of middleware and application components. The focus of this thesis is to provide mapping concepts of TOSCA application topologies to a container-based deployment and management approach. Since Kubernetes and Docker are the most prominent open-source solutions in this field, we specifically consider Kubernetes and Docker as part of the prototype implementation. To assess feasibility of the proposed approach and usability of the system, we also provide case studies based on a motivating scenario

Unified Management of Applications on Heterogeneous Clouds

La diversidad con la que los proveedores cloud ofrecen sus servicios, definiendo sus propias interfaces y acuerdos de calidad y de uso, dificulta la portabilidad y la interoperabilidad entre proveedores, lo que incurre en el problema conocido como el bloqueo del vendedor. Dada la heterogeneidad que existe entre los distintos niveles de abstracción del cloud, como IaaS y PaaS, hace que desarrollar aplicaciones agnósticas que sean independientes de los proveedores y los servicios en los que se van a desplegar sea aún un desafío. Esto también limita la posibilidad de migrar los componentes de aplicaciones cloud en ejecución a nuevos proveedores. Esta falta de homogeneidad también dificulta el desarrollo de procesos para operar las aplicaciones que sean robustos ante los errores que pueden ocurrir en los distintos proveedores y niveles de abstracción. Como resultado, las aplicaciones pueden quedar ligadas a los proveedores para las que fueron diseñadas, limitando la capacidad de los desarrolladores para reaccionar ante cambios en los proveedores o en las propias aplicaciones. En esta tesis se define trans-cloud como una nueva dimensión que unifica la gestión de distintos proveedores y niveles de servicios, IaaS y PaaS, bajo una misma API y hace uso del estándar TOSCA para describir aplicaciones agnósticas y portables, teniendo procesos automatizados, por ejemplo para el despliegue. Por otro lado, haciendo uso de las topologías estructuradas de TOSCA, trans-cloud propone un algoritmo genérico para la migración de componentes de aplicaciones en ejecución. Además, trans-cloud unifica la gestión de los errores, permitiendo tener procesos robustos y agnósticos para gestionar el ciclo de vida de las aplicaciones, independientemente de los proveedores y niveles de servicio donde se estén ejecutando. Por último, se presentan los casos de uso y los resultados de los experimentos usados para validar cada una de estas propuestas

Caught-in-Translation (CiT): Detecting Cross-level Inconsistency Attacks in Network Functions Virtualization

By providing network functions through software running on standard hardware, Network Functions Virtualization (NFV) brings many benefits, such as increased agility and flexibility with reduced costs, as well as additional security concerns. Although existing works have examined various security issues of NFV, such as vulnerabilities in VNF software and DoS, there has been little effort on a security issue that is intrinsic to NFV, i.e., as an NFV environment typically involves multiple abstraction levels, the inconsistency that may arise between different levels can potentially be exploited for security attacks. Existing solutions mostly focus on verification, which is after the fact and cannot prevent irreversible damages. Further adding to the complexity, the different abstraction levels can be managed by multiple service providers, which may render the data required for verification inaccessible. Moreover, many existing solutions are limited to a single abstraction level and disregard the multi-level nature of NFV. In this work, we propose the first NFV deployment model to capture the deployment aspects of NFV at different abstraction levels, which is essential for an in-depth study of the inconsistencies between such levels. We then present concrete attack scenarios in which the inconsistencies are exploited to attack the network functions in a stealthy manner. Based on the deployment model, we study the feasibility of detecting the inconsistencies through verification. Furthermore, by drawing an analogy between multi-level NFV events and natural languages, we propose a Neural Machine Translation (NMT)-based detection approach, namely, Caught-in-Translation (CiT), to detect cross-level inconsistency attacks in NFV. Specifically, we first extract event sequences from different abstraction levels of an NFV stack. We then leverage the Long Short-Term Memory (LSTM) to translate the event sequences from one level to another. Finally, we apply both similarity metric and Siamese neural network to compare the translated event sequences with the actual sequences to detect attacks. We integrate CiT into OpenStack/Tacker, and evaluate its performance using both real and synthetic data. Experimental results show that CiT outperforms traditional anomaly detection and provides an accurate, efficient, and robust solution for detecting inconsistency attacks in NFV

An Automated SMT-based Security Framework for Supporting Migrations in Cloud Composite Services

International audienceThe growing maturity of orchestration languages is contributing to the elaboration of cloud composite services, whose resources may be deployed over different distributed infrastructures. These composite services are subject to changes over time, that are typically required to support cloud properties, such as scalability and rapid elasticity. In particular, the migration of their elementary resources may be triggered by performance constraints. However, changes induced by this migration may introduce vulnerabilities that may compromise the resources, or even the whole cloud service. In that context, we propose an automated SMT 1-based security framework for supporting the migration of resources in cloud composite services, and preventing the occurrence of new configuration vulnerabilities. We formalize the underlying security automation based on SMT solving, in order to assess the migrated resources and select adequate countermeasures , considering both endogenous and exogenous security mechanisms. We then evaluate its benefits and limits through large series of experiments based on a proof-ofconcept prototype implemented over the CVC4 commonly-used open-source solver. These experiments show a minimal overhead with regular operating systems deployed in cloud environments

5G Network Slicing using SDN and NFV: A Survey of Taxonomy, Architectures and Future Challenges

In this paper, we provide a comprehensive review and updated solutions related to 5G network slicing using SDN and NFV. Firstly, we present 5G service quality and business requirements followed by a description of 5G network softwarization and slicing paradigms including essential concepts, history and different use cases. Secondly, we provide a tutorial of 5G network slicing technology enablers including SDN, NFV, MEC, cloud/Fog computing, network hypervisors, virtual machines & containers. Thidly, we comprehensively survey different industrial initiatives and projects that are pushing forward the adoption of SDN and NFV in accelerating 5G network slicing. A comparison of various 5G architectural approaches in terms of practical implementations, technology adoptions and deployment strategies is presented. Moreover, we provide a discussion on various open source orchestrators and proof of concepts representing industrial contribution. The work also investigates the standardization efforts in 5G networks regarding network slicing and softwarization. Additionally, the article presents the management and orchestration of network slices in a single domain followed by a comprehensive survey of management and orchestration approaches in 5G network slicing across multiple domains while supporting multiple tenants. Furthermore, we highlight the future challenges and research directions regarding network softwarization and slicing using SDN and NFV in 5G networks.Comment: 40 Pages, 22 figures, published in computer networks (Open Access