Container-based network function virtualization for software-defined networks

Today's enterprise networks almost ubiquitously deploy middlebox services to improve in-network security and performance. Although virtualization of middleboxes attracts a significant attention, studies show that such implementations are still proprietary and deployed in a static manner at the boundaries of organisations, hindering open innovation. In this paper, we present an open framework to create, deploy and manage virtual network functions (NF)s in OpenFlow-enabled networks. We exploit container-based NFs to achieve low performance overhead, fast deployment and high reusability missing from today's NFV deployments. Through an SDN northbound API, NFs can be instantiated, traffic can be steered through the desired policy chain and applications can raise notifications. We demonstrate the systems operation through the development of exemplar NFs from common Operating System utility binaries, and we show that container-based NFV improves function instantiation time by up to 68% over existing hypervisor-based alternatives, and scales to one hundred co-located NFs while incurring sub-millisecond latency

Algorithms for advance bandwidth reservation in media production networks

Media production generally requires many geographically distributed actors (e.g., production houses, broadcasters, advertisers) to exchange huge amounts of raw video and audio data. Traditional distribution techniques, such as dedicated point-to-point optical links, are highly inefficient in terms of installation time and cost. To improve efficiency, shared media production networks that connect all involved actors over a large geographical area, are currently being deployed. The traffic in such networks is often predictable, as the timing and bandwidth requirements of data transfers are generally known hours or even days in advance. As such, the use of advance bandwidth reservation (AR) can greatly increase resource utilization and cost efficiency. In this paper, we propose an Integer Linear Programming formulation of the bandwidth scheduling problem, which takes into account the specific characteristics of media production networks, is presented. Two novel optimization algorithms based on this model are thoroughly evaluated and compared by means of in-depth simulation results

GNFC: Towards Network Function Cloudification

An increasing demand is seen from enterprises to host and dynamically manage middlebox services in public clouds in order to leverage the same benefits that network functions provide in traditional, in-house deployments. However, today's public clouds provide only a limited view and programmability for tenants that challenges flexible deployment of transparent, software-defined network functions. Moreover, current virtual network functions can't take full advantage of a virtualized cloud environment, limiting scalability and fault tolerance. In this paper we review and evaluate the current infrastructural limitations imposed by public cloud providers and present the design and implementation of GNFC, a cloud-based Network Function Virtualization (NFV) framework that gives tenants the ability to transparently attach stateless, container-based network functions to their services hosted in public clouds. We evaluate the proposed system over three public cloud providers (Amazon EC2, Microsoft Azure and Google Compute Engine) and show the effects on end-to-end latency and throughput using various instance types for NFV hosts

Can open-source projects (re-) shape the SDN/NFV-driven telecommunication market?

Telecom network operators face rapidly changing business needs. Due to their dependence on long product cycles they lack the ability to quickly respond to changing user demands. To spur innovation and stay competitive, network operators are investigating technological solutions with a proven track record in other application domains such as open source software projects. Open source software enables parties to learn, use, or contribute to technology from which they were previously excluded. OSS has reshaped many application areas including the landscape of operating systems and consumer software. The paradigmshift in telecommunication systems towards Software-Defined Networking introduces possibilities to benefit from open source projects. Implementing the control part of networks in software enables speedier adaption and innovation, and less dependencies on legacy protocols or algorithms hard-coded in the control part of network devices. The recently proposed concept of Network Function Virtualization pushes the softwarization of telecommunication functionalities even further down to the data plane. Within the NFV paradigm, functionality which was previously reserved for dedicated hardware implementations can now be implemented in software and deployed on generic Commercial Off-The Shelf (COTS) hardware. This paper provides an overview of existing open source initiatives for SDN/NFV-based network architectures, involving infrastructure to orchestration-related functionality. It situates them in a business process context and identifies the pros and cons for the market in general, as well as for individual actors

NFV and SDN-based differentiated traffic treatment for residential networks

Producción CientíficaResidential networks play a critical role in assuring that services or applications such as tele-work, tele-education, medical care, entertainment, home automation, among others, have the required resources to obtain an optimal performance. Although current residential gateways try to meet the Quality of Service (QoS) demands, the traditional networking paradigm does not have the appropriate mechanisms to address the heterogeneous and dynamic nature of the services running at home. In this context, a feasible solution consists of leveraging the flexibility and adaptability of the Software Defined Networking (SDN) and Network Functions Virtualization (NFV) paradigms to provide a differentiated traffic treatment intended to improve the QoS support of residential networks. The proposal takes advantage of the Service Function Chaining (SFC) concept intrinsic to NFV as well as the capacity of an SDN-based residential gateway to differentiate the traffic of a certain application. Thus, an association between an SFC and the differentiated traffic is stablished to apply a specific treatment. Besides, a comprehensive architecture composed of the software defined residential network (SDRN), the software defined access network (SDOAN) and the NFV-compliant ISP's edge cloud infrastructure is envisioned. This architecture would allow dramatically improving the life cycle management of the residential network from a centralized point which follows a user-centric approach.Ministerio de Ciencia, Innovación y Universidades (grants TEC2015-67834-R, TEC2017-84423-C3-1-P, RED2018-102585-T and 0677_DISRUPTIVE_2_E

SDN Access Control for the Masses

The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework

Deployment of NFV and SFC scenarios

Aquest ítem conté el treball original, defensat públicament amb data de 24 de febrer de 2017, així com una versió millorada del mateix amb data de 28 de febrer de 2017. Els canvis introduïts a la segona versió són 1) correcció d'errades 2) procediment del darrer annex.Telecommunications services have been traditionally designed linking hardware devices and providing mechanisms so that they can interoperate. Those devices are usually specific to a single service and are based on proprietary technology. On the other hand, the current model works by defining standards and strict protocols to achieve high levels of quality and reliability which have defined the carrier-class provider environment. Provisioning new services represent challenges at different levels because inserting the required devices involve changes in the network topology. This leads to slow deployment times and increased operational costs. To overcome the current burdens network function installation and insertion processes into the current service topology needs to be streamlined to allow greater flexibility. The current service provider model has been disrupted by the over-the-top Internet content providers (Facebook, Netflix, etc.), with short product cycles and fast development pace of new services. The content provider irruption has meant a competition and stress over service providers' infrastructure and has forced telco companies to research new technologies to recover market share with flexible and revenue-generating services. Network Function Virtualization (NFV) and Service Function Chaining (SFC) are some of the initiatives led by the Communication Service Providers to regain the lost leadership. This project focuses on experimenting with some of these already available new technologies, which are expected to be the foundation of the new network paradigms (5G, IOT) and support new value-added services over cost-efficient telecommunication infrastructures. Specifically, SFC scenarios have been deployed with Open Platform for NFV (OPNFV), a Linux Foundation project. Some use cases of the NFV technology are demonstrated applied to teaching laboratories. Although the current implementation does not achieve a production degree of reliability, it provides a suitable environment for the development of new functional improvements and evaluation of the performance of virtualized network infrastructures

A software-defined network solution for managing fog computing resources in sensor networks

The fast growth of Internet-connected embedded devices raises new challenges for the traditional network design, such as scalability, diversity, and complexity. To endorse these challenges, this thesis suggests the aggregation of several emerging technologies: software-defined networking (SDN), fog computing, containerization and sensor virtualization. This thesis proposes, designs, implements and evaluates a new solution based on the emergent paradigm of SDN to efficiently manage virtualized resources located at the network edge in scenarios involving embedded sensor devices. The sensor virtualization through the containers provides agility, flexibility and abstraction for the data processing, being possible to summarize the huge amount of data produced by sensor devices. The proposed architecture uses a software-defined system, managed by a Ryu SDN controller, and a websocket broker written from scratch that analyses the messages sent to the controller and activates containers when required. Performance and functional tests were performed to assess the time required from activating the sensor containers to being able to communicate with them. The results were obtained by sending four ICMP packets. The best time response results were obtained by the proactive controller behavior mode, when compared to the hybrid and reactive modes. This thesis contributed to fill the gaps in the area of IoT or sensor networks, concerning the design and implementation of an architecture that performed on-demand activation of offline IoT fog computing resources by using an SDN controller and sensor virtualization through containers.O rápido crescimento de dispositivos embebidos conectados à Internet gera novos desafios para a arquitetura de rede tradicional, tais como escalabilidade, diversidade e complexidade. Para resolver estes desafios, esta tese sugere a agregação de diversas tecnologias emergentes: rede definida por software (SDN), contentores, computação na periferia e virtualização de sensores. Esta tese propõe, projeta, implementa e avalia uma nova solução baseada no paradigma emergente do SDN para gerir, de forma eficiente, recursos virtualizados que se localizam na periferia da rede, em cenários com sensores embebidos. A virtualização de sensores, através do uso de contentores, fornece agilidade, flexibilidade e abstração para processamento de dados, sendo possível a sumarização do grande volume de dados produzido pelos sensores. A arquitetura proposta usa um sistema definido por software, gerido por um controlador SDN Ryu, e um websocket broker escrito desde o zero, que analisa as mensagens enviadas ao controlador e ativa contentores quando necessário. Foram realizados testes funcionais e de desempenho de forma a ser possível avaliar o tempo necessário desde a ativação de um contentor de sensores até ser possível a comunicação com este. Os resultados foram obtidos através do envio de quatro pacotes ICMP. O melhor resultado foi obtido pelo modo de comportamento proativo do controlador, quando comparado aos modos híbrido e reativo. Esta tese contribuiu para preencher as lacunas na área de IoT ou redes de sensores, no que diz respeito ao desenho e implementação de uma arquitetura que executa a ativação sob pedido de recursos computacionais e periféricos de IoT quando estes se encontram desligados, através do uso de um controlador SDN e virtualização de sensores através de contentores