An Efficient Data Exchange Algorithm for Chained Network Functions

In-network function chaining often involves the deployment of multiple applications into a single, possibly multi-tenant, middlebox. This approach has gained much interest since new network paradigms, such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), have been proposed to virtualize resources as well as network functions. In this scenario, it is very common to move data (e.g., packets) from an application to another by means of a switching module that is in charge of chaining network functions in the correct order, also ensuring an adequate level of isolation between any two virtualized components. With this purpose in mind, this paper proposes an efficient algorithm to handle the communication between the internal soft-switch and the heterogeneous network functions that are executed on the same server. Our proposal is designed with the aim of dealing with high speed packet processing, hence an extensive performance evaluation is also provided to prove the goodness of our solution in this context

Impact of Processing Costs on Service Chain Placement in Network Functions Virtualization

The Network Functions Virtualization (NFV) paradigm is the most promising technique to help network providers in the reduction of capital and energy costs. The deployment of virtual network functions (VNFs) running on generic x86 hardware allows higher flexibility than the classical middleboxes approach. NFV also reduces the complexity in the deployment of network services through the concept of service chaining, which defines how multiple VNFs can be chained together to provide a specific service. As a drawback, hosting multiple VNFs in the same hardware can lead to scalability issues, especially in the processing-resource sharing. In this paper, we evaluate the impact of two different types of costs that must be taken into account when multiple chained VNFs share the same processing resources: the upscaling costs and the context switching costs. Upscaling costs are incurred by VNFs multi-core implementations, since they suffer a penalty due to the needs of load balancing among cores. Context switching costs arise when multiple VNFs share the same CPU and thus require the loading/saving of their context. We model through an ILP problem the evaluation of such costs and we show their impact in a VNFs consolidation scenario, when the x86 hardware deployed in the network is minimized

Impact of Processing-Resource Sharing on the Placement of Chained Virtual Network Functions

Network Function Virtualization (NFV) provides higher flexibility for network operators and reduces the complexity in network service deployment. Using NFV, Virtual Network Functions (VNF) can be located in various network nodes and chained together in a Service Function Chain (SFC) to provide a specific service. Consolidating multiple VNFs in a smaller number of locations would allow decreasing capital expenditures. However, excessive consolidation of VNFs might cause additional latency penalties due to processing-resource sharing, and this is undesirable, as SFCs are bounded by service-specific latency requirements. In this paper, we identify two different types of penalties (referred as "costs") related to the processingresource sharing among multiple VNFs: the context switching costs and the upscaling costs. Context switching costs arise when multiple CPU processes (e.g., supporting different VNFs) share the same CPU and thus repeated loading/saving of their context is required. Upscaling costs are incurred by VNFs requiring multi-core implementations, since they suffer a penalty due to the load-balancing needs among CPU cores. These costs affect how the chained VNFs are placed in the network to meet the performance requirement of the SFCs. We evaluate their impact while considering SFCs with different bandwidth and latency requirements in a scenario of VNF consolidation.Comment: Accepted for publication in IEEE Transactions on Cloud Computin

An efficient data exchange mechanism for chained network functions

Thanks to the increasing success of virtualization technologies and processing capabilities of computing devices, the deployment of virtual network functions is evolving towards a unified approach aiming at concentrating a huge amount of such functions within a limited number of commodity servers. To keep pace with this trend, a key issue to address is the definition of a secure and efficient way to move data between the different virtualized environments hosting the functions and a centralized component that builds the function chains within a single server. This paper proposes an efficient algorithm that realizes this vision and that, by exploiting the peculiarities of this application domain, is more efficient than classical solutions. The algorithm that manages the data exchanges is validated by performing a formal verification of its main safety and security properties, and an extensive functional and performance evaluation is presented

Study and analysis of innovative network protocols and architectures

In the last years, some new paradigms are emerging in the networking area as inspiring models for the definition of future communications networks. A key example is certainly the Content Centric Networking (CCN) protocol suite, namely a novel network architecture that aims to supersede the current TCP/IP stack in favor of a name based routing algorithm, also introducing in-network caching capabilities. On the other hand, much interest has been placed on Software Defined Networking (SDN), namely the set of protocols and architectures designed to make network devices more dynamic and programmable. Given this complex arena, the thesis focuses on the analysis of these innovative network protocols, with the aim of exploring possible design flaws and hence guaranteeing their proper operation when actually deployed in the network. Particular emphasis is given to the security of these protocols, for its essential role in every wide scale application. Some work has been done in this direction, but all these solutions are far to be considered fully investigated. In the CCN case, a closer investigation on problems related to possible DDoS attacks due to the stateful nature of the protocol, is presented along with a full-fledged proposal to support scalable PUSH application on top of CCN. Concerning SDN, instead, we present a tool for the verification of network policies in complex graphs containing dynamic network functions. In order to obtain significant results, we leverage different tools and methodologies: on the one hand, we assess simulation software as very useful tools for representing the most common use cases for the various technologies. On the other hand, we exploit more sophisticated formal methods to ensure a higher level of confidence for the obtained results

High performance network function virtualization for user-oriented services

The Network Function Virtualization (NFV) paradigm proposes to transform those network functions today running on dedicated and often closed appliances (e.g., firewall, wan accelerator) into pure software images, called Virtual Network Functions (VNFs), which can be consolidated and executed on high-volume standard servers. In this context, this dissertation focuses on the possibility of enabling each single end user (and not only network operators) to set up network services by means of NFV, allowing him to custoimize the set of services that are active on his Internet connection. This goal mainly requires to address flexibility and performance issues. Regarding to the former, it is important: (i) to support services including both network (e.g., firewall) and cloud (e.g., storage server) applications; (ii) to allow the user to define the service with an intuitive and high-level abstraction, hiding infrastructure-layer details. Instead, with respect to performance, multiple software-based services operating on the user's traffic should not introduce penalties in the user’s Internet experience. This dissertation solves the above issues by proposing a number of improvements in the context of Network Function Virtualization, both in terms of high level models and architectures to define and instantiate network services, and in terms of mechanisms to efficiently interconnect VNFs. Experimental results demonstrate that the goal of allowing end users to deploy services operating on their own traffic is feasible without impacting the Internet experience