Integração contínua no 5GASP

The wide adoption of an NFV-oriented paradigm by network operators proves the importance of NFV in the future of communication networks. This paradigm allows network operators to speed up the development process of their services, decoupling hardware from the functionalities provided by these services. However, since NFV has only been recently globally adopted, several questions and difficulties arose. Network operators need to ensure the reliability and the correct behavior of their Virtualized Network Functions, which poses severe challenges. Thus, the need for developing new validation tools, which are capable of validating network functions that live in an NFV ecosystem. 5GASP is a European project which aims to shorten the idea-to-market process by creating a fully automated and selfservice 5G testbed and providing support tools for Continuous Integration in a secure and trusted environment, addressing the DevOps paradigm. Being aligned with 5GASP’s goals, this dissertation mainly addresses the development of tools to validate NetApps. To accomplish this, this document introduces two different mechanisms for validating NetApps. The first tool is responsible for statically validate the NetApps before they are deployed in 5GASP’s testbeds, being denominated by NetApp Package Validator. Regarding this tool, during this document the focus is its Descriptors Validator Module, which validates the NetApp descriptors through syntactic, semantics, and reference validation and supports NetApps developed according to different Information Models. The second tool comprises an automated validation pipeline. This pipeline validates the functionality and the behavior of the NetApps once they are deployed in a 5G-testbed. Besides, it collects several metrics to enable a better understanding of the NetApp’s behavior. Both tools are expected to be integrated with the 5GASP’s ecosystem. This document presents the requirements definition, architecture, and implementation of these tools and presents their results and outputs.The wide adoption of an NFV-oriented paradigm by network operators proves the importance of NFV in the future of communication networks. This paradigm allows network operators to speed up the development process of their services, decoupling hardware from the functionalities provided by these services. However, since NFV has only been recently globally adopted, several questions and difficulties arose. Network operators need to ensure the reliability and the correct behavior of their Virtualized Network Functions, which poses severe challenges. Thus, the need for developing new validation tools, which are capable of validating network functions that live in an NFV ecosystem. 5GASP is a European project which aims to shorten the idea-to-market process by creating a fully automated and selfservice 5G testbed and providing support tools for Continuous Integration in a secure and trusted environment, addressing the DevOps paradigm. Being aligned with 5GASP’s goals, this dissertation mainly addresses the development of tools to validate NetApps. To accomplish this, this document introduces two different mechanisms for validating NetApps. The first tool is responsible for statically validate the NetApps before they are deployed in 5GASP’s testbeds, being denominated by NetApp Package Validator. Regarding this tool, during this document the focus is its Descriptors Validator Module, which validates the NetApp descriptors through syntactic, semantics, and reference validation and supports NetApps developed according to different Information Models. The second tool comprises an automated validation pipeline. This pipeline validates the functionality and the behavior of the NetApps once they are deployed in a 5G-testbed. Besides, it collects several metrics to enable a better understanding of the NetApp’s behavior. Both tools are expected to be integrated with the 5GASP’s ecosystem. This document presents the requirements definition, architecture, and implementation of these tools and presents their results and outputs.Mestrado em Engenharia Informátic

Network Slicing Landscape: A holistic architectural approach, orchestration and management with applicability in mobile and fixed networks and clouds

Tutorial at IEEE NetSoft2018 - 29th June 2018 Montreal Abstract: A holistic architectural approach, orchestration and management with applicability in mobile and fixed networks and clouds Topics: Key Slicing concepts and history Slicing Key Characteristics & Usage scenarios & Value Chain Multi-Domain Network Function Virtualisation Review of Research projects and results in network and cloud slicing Open Source Orchestrators Standard Organization activities: NGMN, ITU-T, ONF, 3GPP, ETSI, BBF, IETF Industrial perspective on Network Slicing Review of industry Use Cases Network Slicing Challenges Concluding remarks of Network Slicing Acknowledgements & Reference

Enhancing Network Slicing Architectures with Machine Learning, Security, Sustainability and Experimental Networks Integration

Network Slicing (NS) is an essential technique extensively used in 5G networks computing strategies, mobile edge computing, mobile cloud computing, and verticals like the Internet of Vehicles and industrial IoT, among others. NS is foreseen as one of the leading enablers for 6G futuristic and highly demanding applications since it allows the optimization and customization of scarce and disputed resources among dynamic, demanding clients with highly distinct application requirements. Various standardization organizations, like 3GPP's proposal for new generation networks and state-of-the-art 5G/6G research projects, are proposing new NS architectures. However, new NS architectures have to deal with an extensive range of requirements that inherently result in having NS architecture proposals typically fulfilling the needs of specific sets of domains with commonalities. The Slicing Future Internet Infrastructures (SFI2) architecture proposal explores the gap resulting from the diversity of NS architectures target domains by proposing a new NS reference architecture with a defined focus on integrating experimental networks and enhancing the NS architecture with Machine Learning (ML) native optimizations, energy-efficient slicing, and slicing-tailored security functionalities. The SFI2 architectural main contribution includes the utilization of the slice-as-a-service paradigm for end-to-end orchestration of resources across multi-domains and multi-technology experimental networks. In addition, the SFI2 reference architecture instantiations will enhance the multi-domain and multi-technology integrated experimental network deployment with native ML optimization, energy-efficient aware slicing, and slicing-tailored security functionalities for the practical domain.Comment: 10 pages, 11 figure

5G Network Slicing using SDN and NFV: A Survey of Taxonomy, Architectures and Future Challenges

In this paper, we provide a comprehensive review and updated solutions related to 5G network slicing using SDN and NFV. Firstly, we present 5G service quality and business requirements followed by a description of 5G network softwarization and slicing paradigms including essential concepts, history and different use cases. Secondly, we provide a tutorial of 5G network slicing technology enablers including SDN, NFV, MEC, cloud/Fog computing, network hypervisors, virtual machines & containers. Thidly, we comprehensively survey different industrial initiatives and projects that are pushing forward the adoption of SDN and NFV in accelerating 5G network slicing. A comparison of various 5G architectural approaches in terms of practical implementations, technology adoptions and deployment strategies is presented. Moreover, we provide a discussion on various open source orchestrators and proof of concepts representing industrial contribution. The work also investigates the standardization efforts in 5G networks regarding network slicing and softwarization. Additionally, the article presents the management and orchestration of network slices in a single domain followed by a comprehensive survey of management and orchestration approaches in 5G network slicing across multiple domains while supporting multiple tenants. Furthermore, we highlight the future challenges and research directions regarding network softwarization and slicing using SDN and NFV in 5G networks.Comment: 40 Pages, 22 figures, published in computer networks (Open Access

End-to-end network service orchestration in heterogeneous domains for next-generation mobile networks

5G marks the beginning of a deep revolution in the mobile network ecosystem, transitioning to a network of services to satisfy the demands of new players, the vertical industries. This revolution implies a redesign of the overall mobile network architecture where complexity, heterogeneity, dynamicity, and flexibility will be the rule. Under such context, automation and programmability are essential to support this vision and overcome current rigid network operation processes. Software Defined Networking (SDN), Network Function Virtualization (NFV) and Network slicing are key enabling techniques to provide such capabilities. They are complementary, but they are still in its infancy and the synergies between them must be exploited to realise the mentioned vision. The aim of this thesis is to further contribute to its development and integration in next generation mobile networks by designing an end-to-end (E2E) network service orchestration (NSO) architecture, which aligned with some guidelines and specifications provided by main standardization bodies, goes beyond current management and orchestration (MANO) platforms to fulfil network service lifetime requirements in heterogeneous multi-technology/administrative network infrastructures shared by concurrent instances of diverse network services. Following a bottom-up approach, we start studying some SDN aspects related to the management of wireless network elements and its integration into hierarchical control architectures orchestrating networking resources in a multi-technology (wireless, optical, packet) infrastructure. Then, this work is integrated in an infrastructure manager module executing the joint resource abstraction and allocation of network and compute resources in distributed points of presence (PoPs) connected by a transport network, aspect which is not (or lightly) handled by current MANO platforms. This is the module where the integration between NFV and SDN techniques is executed. This integration is commanded by a Service Orchestrator module, in charge of automating the E2E lifecycle management of network services implementing network slices (NS) based on the vertical requirements, the available infrastructure resources, and, while fulfilling service level agreement (SLA) also during run-time operation. This architecture, focused on single administrative domain (AD) scenarios, constitutes the first group of contributions of this thesis. The second group of contributions evolves this initial architecture to deal with the orchestration and sharing of NS and its network slice subnet instances (NSSIs) involving multiple ADs. The main differential aspect with current state-of-the-art solutions is the consideration of resource orchestration aspects during the whole orchestration process. This is fundamental to achieve the interconnection of NSSIs, hence making the E2E multi-domain orchestration and network slicing a reality in practice. Additionally, this work also considers SLA management aspects by means of scaling actions during run-time operation in such complex scenarios. The third group of contributions demonstrate the validity and applicability of the resulting architectures, workflows, and interfaces by implementing and evaluating them in real experimental infrastructures featuring multiple ADs and transport technologies interconnecting distributed computing PoPs. The performed experimentation considers network service definitions close to real vertical use cases, namely automotive and eHealth, which help bridging the gap between network providers and vertical industries stakeholders. Experimental results show that network service creation and scaling times in the order of minutes can be achieved for single and multi-AD scenarios, in line with 5G network targets. Moreover, these measurements serve as a reference for benchmarking the different operations involved during the network service deployment. Such analysis are limited in current literature.5G marca el inicio de una gran revolución en las redes móviles, convirtiéndose en redes orientadas a servicios para satisfacer las demandas de nuevos actores, las industrias verticales. Esta revolución supone un rediseño total de la arquitectura de red donde la complejidad, heterogeneidad, dinamicidad y flexibilidad serán la norma. En este contexto, la automatización y programabilidad serán esenciales para superar los rígidos procesos actuales de operación de red. Las redes definidas por software (SDN), la virtualización de funciones de red (NFV) y el particionamiento de redes son técnicas clave para proporcionar dichas capacidades. Éstas son complementarias, pero aún recientes y sus sinergias se deben explotar para realizar la nueva visión. El objetivo de esta tesis es contribuir a su desarrollo e integración en la nuevas generaciones de redes móviles mediante el diseño de una arquitectura de orquestación de servicios de red (NSO) extremo a extremo (E2E), que alineada con algunas pautas y especificaciones de los principales organismos de estandarización, va más allá de los actuales sistemas de gestión y orquestación (MANO) para instanciar y garantizar los requisitos de los diversos servicios de red desplegados concurrentemente en infraestructuras heterogéneas compartidas que combinan múltiples tecnologías y dominios administrativos (AD). Siguiendo un enfoque ascendente, comenzamos a estudiar aspectos de SDN relacionados con la gestión de elementos de red inalámbricos y su integración en arquitecturas jerárquicas de orquestación de recursos de red en infraestructuras multi tecnología (inalámbrica, óptica, paquetes). Luego, este trabajo se integra en un módulo de administración de infraestructura que ejecuta de forma conjunta la abstracción y la asignación de recursos de red y computación en múltiples puntos de presencia (PoP) distribuidos conectados por una red de transporte, aspecto que no está (o ligeramente) considerado por los actuales sistemas MANO. Este módulo ejecuta la integración de las técnicas NFV y SDN. Esta integración está dirigida por el módulo Orquestador de Servicios, que automatiza la gestión E2E del ciclo de vida de los servicios de red implementando las diferentes particiones de red en base a los requisitos de los verticales, los recursos de infraestructura disponibles y mientras cumple los acuerdos de nivel de servicio (SLA) durante la operación del servicio. Esta arquitectura, centrada en escenarios con un único AD, forma el primer grupo de contribuciones de esta tesis. El segundo grupo de contribuciones evoluciona esta arquitectura abordando la orquestación y compartición de particiones de red y sus componentes (NSSIs) en escenarios con múltiples AD. La consideración detallada de aspectos de orquestación de recursos es el principal aspecto diferencial con la literatura. Esto es fundamental para la interconexión de NSSIs, haciendo realidad la orquestación E2E y el particionamiento de red en escenarios con múltiples AD. Además, se considera la gestión de SLA mediante acciones de escalado durante la operación del servicio en los escenarios mencionados. El tercer grupo de contribuciones valida las arquitecturas, procedimientos e interfaces resultantes pues se han implementado y evaluado sobre infraestructuras experimentales reales que presentan múltiples AD y tecnologías de transporte interconectando PoP distribuidos. Esta experimentación considera definiciones de servicios de red cercanos a casos de uso de verticales reales, como automoción y eHealth, ayudando a cubrir la brecha entre los proveedores de red y los verticales. Los resultados experimentales muestran que la creación y el escalado de servicios de red se pueden realizar en pocos minutos en escenarios con un único o múltiples ADs, en línea con los indicadores de red objetivos de 5G. Estas medidas, escasas en la literatura actual, sirven como referencia para caracterizar las diferentes operaciones involucradas durante el despliegue de servicios.Postprint (published version

Fatias de rede fim-a-fim : da extração de perfis de funções de rede a SLAs granulares

Orientador: Christian Rodolfo Esteve RothenbergTese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Nos últimos dez anos, processos de softwarização de redes vêm sendo continuamente diversi- ficados e gradativamente incorporados em produção, principalmente através dos paradigmas de Redes Definidas por Software (ex.: regras de fluxos de rede programáveis) e Virtualização de Funções de Rede (ex.: orquestração de funções virtualizadas de rede). Embasado neste processo o conceito de network slice surge como forma de definição de caminhos de rede fim- a-fim programáveis, possivelmente sobre infrastruturas compartilhadas, contendo requisitos estritos de desempenho e dedicado a um modelo particular de negócios. Esta tese investiga a hipótese de que a desagregação de métricas de desempenho de funções virtualizadas de rede impactam e compõe critérios de alocação de network slices (i.e., diversas opções de utiliza- ção de recursos), os quais quando realizados devem ter seu gerenciamento de ciclo de vida implementado de forma transparente em correspondência ao seu caso de negócios de comu- nicação fim-a-fim. A verificação de tal assertiva se dá em três aspectos: entender os graus de liberdade nos quais métricas de desempenho de funções virtualizadas de rede podem ser expressas; métodos de racionalização da alocação de recursos por network slices e seus re- spectivos critérios; e formas transparentes de rastrear e gerenciar recursos de rede fim-a-fim entre múltiplos domínios administrativos. Para atingir estes objetivos, diversas contribuições são realizadas por esta tese, dentre elas: a construção de uma plataforma para automatização de metodologias de testes de desempenho de funções virtualizadas de redes; a elaboração de uma metodologia para análises de alocações de recursos de network slices baseada em um algoritmo classificador de aprendizado de máquinas e outro algoritmo de análise multi- critério; e a construção de um protótipo utilizando blockchain para a realização de contratos inteligentes envolvendo acordos de serviços entre domínios administrativos de rede. Por meio de experimentos e análises sugerimos que: métricas de desempenho de funções virtualizadas de rede dependem da alocação de recursos, configurações internas e estímulo de tráfego de testes; network slices podem ter suas alocações de recursos coerentemente classificadas por diferentes critérios; e acordos entre domínios administrativos podem ser realizados de forma transparente e em variadas formas de granularidade por meio de contratos inteligentes uti- lizando blockchain. Ao final deste trabalho, com base em uma ampla discussão as perguntas de pesquisa associadas à hipótese são respondidas, de forma que a avaliação da hipótese proposta seja realizada perante uma ampla visão das contribuições e trabalhos futuros desta teseAbstract: In the last ten years, network softwarisation processes have been continuously diversified and gradually incorporated into production, mainly through the paradigms of Software Defined Networks (e.g., programmable network flow rules) and Network Functions Virtualization (e.g., orchestration of virtualized network functions). Based on this process, the concept of network slice emerges as a way of defining end-to-end network programmable paths, possibly over shared network infrastructures, requiring strict performance metrics associated to a par- ticular business case. This thesis investigate the hypothesis that the disaggregation of network function performance metrics impacts and composes a network slice footprint incurring in di- verse slicing feature options, which when realized should have their Service Level Agreement (SLA) life cycle management transparently implemented in correspondence to their fulfilling end-to-end communication business case. The validation of such assertive takes place in three aspects: the degrees of freedom by which performance of virtualized network functions can be expressed; the methods of rationalizing the footprint of network slices; and transparent ways to track and manage network assets among multiple administrative domains. In order to achieve such goals, a series of contributions were achieved by this thesis, among them: the construction of a platform for automating methodologies for performance testing of virtual- ized network functions; an elaboration of a methodology for the analysis of footprint features of network slices based on a machine learning classifier algorithm and a multi-criteria analysis algorithm; and the construction of a prototype using blockchain to carry out smart contracts involving service level agreements between administrative systems. Through experiments and analysis we suggest that: performance metrics of virtualized network functions depend on the allocation of resources, internal configurations and test traffic stimulus; network slices can have their resource allocations consistently analyzed/classified by different criteria; and agree- ments between administrative domains can be performed transparently and in various forms of granularity through blockchain smart contracts. At the end of his thesis, through a wide discussion we answer all the research questions associated to the investigated hypothesis in such way its evaluation is performed in face of wide view of the contributions and future work of this thesisDoutoradoEngenharia de ComputaçãoDoutor em Engenharia ElétricaFUNCAM

Scalable and responsive SDN monitoring and remediation for the Cloud-to-Fog continuum

Since the inception of the digital era the sharing of information has been revolutionary to the way we live, inspiring the continuous evolution of computer networks. Year by year, humankind becomes increasingly dependent on the use of connected services as new technologies evolve and become more widely accessible. As the widespread deployment of the Internet of Things, 5G, and connected cars rapidly approaches, with tens of billions of new devices connect- ing to the Internet, there will be a plethora of new faults and attacks that will require the need to be tracked and managed. This enormous increase on Internet reliance which is stretching the limits of current solutions to network monitoring introduces security concerns, as well as challenges of scale in operation and management. Todays conventional network monitoring and management lacks the flexibility, visibility, and intelligence required to effectively operate the next generation of the Internet. The advent of network softwarisation provides new methods for network management and operation, opening new solutions to net- work monitoring and remediation. In parallel, the increase in maturity of Edge computing lends itself to new solutions for scaling network softwarisation, by deploying services throughout the network. In this thesis, two proof-of-concept systems are presented which together harness the use of Software Defined Networking, Network Functions Virtualisation, and Cloud-to-Fog computing to address challenges of scale and network security: Siren is an open platform which manages the resources within the Internet, bridging network and infrastructure management and orchestration. Tennison is a network monitoring and remediation framework which tackles monitoring scalability through adapting to network context and providing a suitable architecture to the network topology, including the use of centralised, distributed, and hierarchical deployments

Improving the performance of Virtualized Network Services based on NFV and SDN

Network Functions Virtualisation (NFV) proposes to move all the traditional network appliances, which require dedicated physical machine, onto virtualised environment (e.g,. Virtual Machine). In this way, many of the current physical devices present in the infrastructure are replaced with standard high volume servers, which could be located in Datacenters, at the edge of the network and in the end user premises. This enables a reduction of the required physical resources thanks to the use of virtualization technologies, already used in cloud computing, and allows services to be more dynamic and scalable. However, differently from traditional cloud applications which are rather demanding in terms of CPU power, network applications are mostly I/O bound, hence the virtualization technologies in use (either standard VM-based or lightweight ones) need to be improved to maximize the network performance. A series of Virtual Network Functions (VNFs) can be connected to each other thanks to Software-Defined Networks (SDN) technologies (e.g., OpenFlow) to create a Network Function Forwarding Graph (NF-FG) that processes the network traffic in the configured order of the graph. Using NF-FGs it is possible to create arbitrary chains of services, and transparently configure different virtualized network services, which can be dynamically instantiated and rearranges depending on the requested service and its requirements. However, the above virtualized technologies are rather demanding in terms of hardware resources (mainly CPU and memory), which may have a non-negligible impact on the cost of providing the services according to this paradigm. This thesis will investigate this problem, proposing a set of solutions that enable the novel NFV paradigm to be efficiently used, hence being able to guarantee both flexibility and efficiency in future network services