APMEC: An Automated Provisioning Framework for Multi-access Edge Computing

Novel use cases and verticals such as connected cars and human-robot cooperation in the areas of 5G and Tactile Internet can significantly benefit from the flexibility and reduced latency provided by Network Function Virtualization (NFV) and Multi-Access Edge Computing (MEC). Existing frameworks managing and orchestrating MEC and NFV are either tightly coupled or completely separated. The former design is inflexible and increases the complexity of one framework. Whereas, the latter leads to inefficient use of computation resources because information are not shared. We introduce APMEC, a dedicated framework for MEC while enabling the collaboration with the management and orchestration (MANO) frameworks for NFV. The new design allows to reuse allocated network services, thus maximizing resource utilization. Measurement results have shown that APMEC can allocate up to 60% more number of network services. Being developed on top of OpenStack, APMEC is an open source project, available for collaboration and facilitating further research activities

Towards an Efficient Management and Orchestration Framework for Virtual Network Security Functions

The recent years have witnessed a growth in the number of users connected to computer networks, due mainly to megatrends such as Internet of Things (IoT), Industry 4.0, and Smart Grids. Simultaneously, service providers started offering vertical services related to a specific business case (e.g., automotive, banking, and e-health) requiring more and more scalability and flexibility for the infrastructures and their management. NFV and SDN technologies are a clear way forward to address these challenges even though they are still in their early stages. Security plays a central role in this scenario, mainly because it must follow the rapid evolution of computer networks and the growing number of devices. The main issue is to protect the end-user from the increasing threats, and for this reason, we propose in this paper a security framework compliant to the Security-as-a-Service paradigm. In order to implement this framework, we leverage NFV and SDN technologies, using a user-centered approach. This allows to customize the security service starting from user preferences. Another goal of our work is to highlight the main relevant challenges encountered in the design and implementation of our solution. In particular, we demonstrate how significant is to choose an efficient way to configure the Virtual Network Security Functions in terms of performance. Furthermore, we also address the nontrivial problem of Service Function Chaining in an NFV MANO platform and we show what are the main challenges with respect to this problem

ETSI MANO network orchestration

In the modern era there is a big change in the way computer networks are conceived and the old version defined by hardware implementation is leaving space for a new one based upon software functions. This innovation is the Network Function Virtualization and indeed aims at easing the management of networks and reducing the costs of their maintenance by deploying Virtual Network Functions in standard general purpose servers. The transition to this solution involved the necessity to improve the performance of virtualization techniques and with the development of new solutions now it is possible to run multiple different functions in the same physical machine. This means that also the cloud computing benefits from this technology, having computing, storaging and networking resources all easily manageable and accessible due to their separation from the hardware underneath. Therefore it is important that while building this architecture the components are properly working and interacting together and that the virtualization techniques do not produce too much overhead compared to the performance of the hardware implementation. In this essay will be discussed the Network Function Virtualization and the Open Source MANO project, focusing on its descriptors architecture and functioning. To better demonstrate how to create network topologies through these files, some examples are created and analyzed

Using OSM for real-time redeployment of VNFs based on network status

Στην παρούσα διπλωματική εργασία θα εξετάσουμε την Εικονικοποίηση δικτυακών λειτουργιών (Network Functions Virtualisation - NFV) ως την κατάλληλη αρχιτεκτονική για την υλοποίηση ενός δικτύου κατάλληλου για το Διαδίκτυο των Πραγμάτων (Internet of Things - IoT), το οποίο πρέπει να είναι ευέλικτο και επεκτάσιμο. Πιο συγκεκριμένα, θα επικεντρωθούμε στην αποτελεσματική αξιοποίηση του Open Source MANO (OSM) στην υλοποίηση μιας εφαρμογής που παρακολουθεί την κατάσταση του δικτύου των Εικονικοποιημένων δικτυακών λειτουργιών (Virtual Network Functions – VNFs) και σε περίπτωση κακής κατάστασης του δικτύου (π.χ. συμφόρηση του δικτύου) αναλαμβάνει τη μετακίνηση των επηρεαζόμενων VNFs σε κάποιον άλλο Διαχειριστή Εικονικής Υποδομής (Virtual Infrastructure Manager – VIM), για να αποτραπεί η πτώση στην απόδοση των ενεργών υπηρεσιών.In this thesis we will be examining the Network Functions Virtualisation (NFV) framework as a suitable framework for implementing a network appropriate for Internet of Things (IoT), which needs to be flexible and scalable. More precisely, we will be focusing on how Open Source MANO (OSM) can be efficiently utilized in a solution that monitors the network status of Virtual Network Functions (VNFs) and in case of bad network status (e.g. network congestion) triggers the redeployment of affected VNFs to some other Virtual Infrastructure Manager (VIM) to prevent the underperformance of running services

A service platform architecture enabling programmable edge-to-cloud virtualization for the 5G Media industry

Media applications are amongst the most demanding services in terms of resources, requiring huge network capacity for high bandwidth audio-visual and other mobile sensory streams. The 5G-MEDIA project aims at innovating media-related applications by investigating how these applications and the underlying 5G network should be coupled and interwork to the benefit of both. The 5G-MEDIA approach aims at delivering an integrated programmable service platform for the development, design and operations of media applications in 5G networks by providing mechanisms to flexibly adapt service operations to dynamic conditions and react upon events (e.g. to transparently accommodate auto-scaling of resources, VNF replacement, etc.). In this paper we present the 5G-MEDIA service platform architecture, which has been specifically designed to enable the development and operation of services for the nascent 5G media industry. Our approach delivers an integrated programmable service platform for the development, design and operations of media applications in 5G networks

5G energy efficiency for Internet of Things

The Internet of Things (IoT) consists of devices capable of measuring the environment and executing tasks without human intervention. Due to its size, these devices have restrictions in processing, memory, and battery. These devices can reach a trillion nodes and, therefore, requires network connections that are capable of both handle a large number of nodes connected and low energy transmission. The fifth generation of telecommunications technology (5G) is a key concept to address those requirements as new applications and business models require new criteria such as security trustworthy, ultra-low latency, ultra-reliability, and energy efficiency. Although the next generation of connections is at its early stage, progress has been made to achieve 5G enabled IoT technologies. This paper describes a review of the main technologies such as Cloud, Software Defined Network, device-to-device communication, Evolved Package Core and Network Virtual Function Orchestration that are planned to be applied for both fields of 5G and IoT

A State-Based Proactive Approach To Network Isolation Verification In Clouds

The multi-tenancy nature of public clouds usually leads to cloud tenants' concerns over network isolation around their virtual resources. Verifying network isolation in clouds faces unique challenges. The sheer size of virtual infrastructures paired with the self-serviced nature of clouds means the verification will likely have a high complexity and yet its results may become obsolete in seconds. Moreover, the _ne-grained and distributed network access control (e.g., per-VM security group rules) typical to virtual cloud infrastructures means the verification must examine not only the events but also the current state of the infrastructures. In this thesis, we propose VMGuard, a state-based proactive approach for efficiently verifying large-scale virtual infrastructures against network isolation policies. Informally, our key idea is to proactively trigger the verification based on predicted events and their simulated impact upon the current state, such that we can have the best of both worlds, i.e., the efficiency of a proactive approach and the effectiveness of state-based verification. We implement and evaluate VMGuard based on OpenStack, and our experiments with both real and synthetic data demonstrate the performance and efficiency