Fault Tolerant Placement of Stateful VNFs and Dynamic Fault Recovery in Cloud Networks

Traditional network functions such as firewalls are implemented in costly dedicated hardware. By decoupling network functions from physical devices, network function virtualization enables virtual network functions (VNF) to run in virtual machines (VMs). However, VNFs are vulnerable to various faults such as software and hardware failures. To enhance VNF fault tolerance, the deployment of backup VNFs in stand-by VM instances is necessary. In case of stateful VNFs, stand-by instances require constant state updates from active instances during its operation. This will guarantee a correct and seamless handover from failed instances to stand-by instances after failures. Nevertheless, such state updates to stand-by instances could consume significant network bandwidth resources and lead to potential admission failures for VNF requests. In this paper, we study the fault-tolerant VNF placement problem with the optimization objective of admitting as many requests as possible. In particular, the VNF placement of active/stand-by instances, the request routing paths to active instances, and state transfer paths to stand-by instances are jointly considered. We devise an efficient heuristic algorithm to solve this problem. For the fault tolerance problem without computing or bandwidth constraints, we also propose two bicriteria approximation algorithms with performance guarantees for a special case of the problem. Given the placement locations of VNFs, some of them may go faulty. We thus consider the dynamic fault recovery problem, for which we propose an approximation algorithm that dynamically switches traffic processing from faulty VNFs to normal ones. Simulations with realistic settings show that our algorithms can significantly improve the request admission rate compared to conventional approaches

Dependability of the NFV Orchestrator: State of the Art and Research Challenges

© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.The introduction of network function virtualisation (NFV) represents a significant change in networking technology, which may create new opportunities in terms of cost efficiency, operations, and service provisioning. Although not explicitly stated as an objective, the dependability of the services provided using this technology should be at least as good as conventional solutions. Logical centralisation, off-the-shelf computing platforms, and increased system complexity represent new dependability challenges relative to the state of the art. The core function of the network, with respect to failure and service management, is orchestration. The failure and misoperation of the NFV orchestrator (NFVO) will have huge network-wide consequences. At the same time, NFVO is vulnerable to overload and design faults. Thus, the objective of this paper is to give a tutorial on the dependability challenges of the NFVO, and to give insight into the required future research. This paper provides necessary background information, reviews the available literature, outlines the proposed solutions, and identifies some design and research problems that must be addressed.acceptedVersio

Contribution to multi-domain network slicing : resource orchestration framework and algorithms

5G/6G services and applications, in the context of the eMBB, mMTC and uRLLC network slicing framework, whose network infrastructure requirements may span beyond the coverage area of a single Infrastructure Provider (InP), are envisaged to be supported by leasing resources from multiple InPs. A challenging aspect for a Service Provider (SP) is how to obtain an optimal set of InPs on which to provision the requests and the particular substrate nodes and links within each InP on which to map the different VNFs and virtual links of the service requests, respectively, for a seamless, reliable and cost-effective orchestration of service requests. Existing works in this area either perform service mapping in uncoordinated manner, do not incorporate service reliability or do so from the perspective of stateless VNFs. Also they assume full information disclosure, or are based on exact approaches, which considerations are not well suited for future network scenarios characterized by delay sensitive mission critical applications and resource constrained networks. This thesis contributes to the above challenge by breaking the multi-domain service orchestration problem into two interlinked sub-problems that are solved in a coordinated manner: (1) Request splitting/partitioning (sub-problem 1), involving obtaining a subset of InPs and the corresponding inter-domain links on which to provision the different VNFs and virtual links of the service request; (2) Intra-domain VNF orchestration (sub-problem 2), involving obtaining the intra-domain nodes and links to provision the VNFs and virtual links of the sub-SFC associated with each InP. In this way, the thesis sets out four key targets that are necessary to align with the mission critical and delay sensitive use-cases envisaged in 5G and future networks in terms of service deployment cost and QoS: (1) coordinated mapping of service requests, with a view of realizing better utilization of the substrate resources; (2) survivability and fault-tolerant orchestration of service requests, to tame both QoS violations and the penalties from such violations; (3) limited disclosure of InP internal information, in order adhere to the privacy requirements InPs, and (4) achieving all the above targets in polynomial time. In order to realize the above targets, the thesis sought for solution techniques that are: (1) able to incorporate information learned in the previous solutions search space and historical mapping decisions, hence, resulting in acceptable performance even in scenarios of limited information exposure and fuzzy environments; (2) robust and less problem specific, hence, can be tailored to different optimization objectives, network topologies and service request constraints, thus enabling to deal with requests with either chained topologies or with bifurcated paths; (3) capable of dealing with an optimization problem that is jointly affected by multiple attributes, since in practice, the service deployment cost is jointly affected by multiple conflicting costs; (4) able to realize near-optimal solutions in practical run-times, thus rendering well suited approaches for delay sensitive and resource constrained scenarios. Three different algorithms namely, an RL, Genetic Algorithm (GA) and a fully distributed multi-stage graph-based algorithms are proposed for sub-problem 1. In addition, five different algorithms based on GA, Harmony search, RL, and multi-stage graph approach are proposed for sub-problem 2. Finally, in order to guide the implementation and adherence of the thesis proposals to the four main targets of the thesis, an architectural framework is proposed, aligned with the ETSI NFV-MANO architectural framework. Overall, the simulations results proved that the thesis proposals are optimized in terms of request acceptance ratios, mapping cost and execution time, hence, rendering such proposals well suited for 5G and future scenarios.Els serveis que es poden presentar en el marc de la tecnologia de “slicing” de xarxa de 5G/6G, com ara eMBB, mMTC o uRLLC, es possible que no els pugui oferir un sol proveïdor d’infraestructura (InP) degut a les limitacions que pot tenir la seva xarxa, i per tant que faci necessària la cooperació de múltiples InPs. En aquest cas, el primer repte que afronta el Proveïdor de Servei (SP) que rep la sol·licitud de desplegament es determinar el conjunt òptim de InPs que hi han d’intervenir i en concret els nodes i enllaços de cada un d’ells que s’han d’utilitzar per al mapatge de les diferents VNFs i enllaços virtuals de la sol·licitud. Els treballs que existeixen en aquesta àrea duen a terme el mapatge del servei be sigui de manera no coordinada, o no incorporen la fiabilitat, o ho fan des de la perspectiva de VNFs sense estat. També, pressuposen la divulgació total de la informació, o estan basats en metodologies exactes que fa que no siguin idonis per a escenaris de xarxes del futur, caracteritzats per aplicacions de missió critica, sensibles al retard i sobre xarxes amb recursos limitats. Aquesta tesi contribueix a afrontar aquests reptes dividint el problema d’orquestració de serveis multi domini en dos subproblemes relacionats, que es resolen de manera coordinada. (1) Divisió / partició de la sol·licitud de servei (sub-problema 1), que implica l'obtenció d'un subconjunt d'InPs i els enllaços interdomini corresponents sobre els quals proporcionar les diferents VNF i enllaços virtuals de la sol·licitud de servei; (2) Orquestració VNF intradomini (sub-problema 2), que implica l'obtenció dels nodes i enllaços intradomini per aprovisionar les VNF i enllaços virtuals dels sub-SFC associats a cada InP. D'aquesta manera, la tesi estableix quatre objectius clau que són necessaris per alinear-se amb els casos d'ús de missió crítica i sensibles al retard previstos en 5G i xarxes futures en termes de cost de desplegament del servei i QoS: (1) mapatge coordinat de les sol·licituds de servei, amb l'objectiu de realitzar una millor utilització dels recursos del substrat; (2) orquestració de les sol·licituds de servei contemplant la supervivència del servei en situacions de fallides, minimitzant les violacions de la QoS i les sancions derivades d'aquestes violacions; (3) divulgació limitada de la informació interna de l’InP, per tal d'adherir-se als requisits de privadesa dels InPs, i (4) aconseguir tots els objectius anteriors en temps polinòmic. Per tal de realitzar els objectius anteriors, la tesi busca solucions que siguin: (1) capaces d'incorporar informació apresa en les solucions anteriors de l'espai de cerca i decisions de mapatge històric, donant lloc a un rendiment acceptable fins i tot en escenaris d'exposició limitada a la informació i entorns difusos; (2) robustes i menys dependents dels problemes específics, i per tant, que es poden adaptar a diferents objectius d'optimització, topologies de xarxa i restriccions de sol·licitud de servei, permetent així fer front a sol·licituds amb cadenes de funcions de topologies molt diverses; (3) capaces de fer front a un problema d'optimització de múltiples atributs, ja que a la pràctica, el cost de desplegament del servei depèn de múltiples costos; (4) capaces de trobar solucions gairebé òptimes en temps suficientment breus, resultant així adequades a escenaris sensibles al retard i amb limitació de recursos. La tesi proposa tres algorismes diferents per al sub-problema 1: un algorisme de RL, un algorisme genètic (GA) i un algorisme multi etapa basat en grafs i completament distribuït. A més, es proposen cinc algorismes diferents basats en l'enfocament de grafs, un algorisme GA, un algorisme de cerca d’harmonia, un algorisme de RL i un algorisme multi-etapa per al sub-problema 2. Finalment, per tal de guiar la implementació i l'adhesió de les propostes als quatre objectius principals de la tesi, es proposa...Postprint (published version

A reinforcement learning approach for Virtual Network Function Chaining and sharing in softwarized networks

​© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Cognizant of the ease with which softwarized functions can be dynamically scaled according to real time resource requirements, and the fact that multiple services can have common VNFs in their chaining, this paper tackles the problem of cost effective deployment of online services from the perspective of sharing their VNF instances. First, we formally formulate the deployment problem under VNFs sharing. Secondly, given the NP-hard nature of the above problem, we propose a reinforcement learning (RL) algorithm capable of making intelligent placement decisions while considering multiple conflicting costs. Costs of transmission, VNF instantiation or energy consumption, among others. Thanks to the intelligence of the RL algorithm, simulation results show that the performance of the proposed algorithm is within a 14% margin and similar to an optimal solution in terms of request provisioning cost and acceptance ratio, respectively. Moreover, the algorithm results in more than a 20% and a 70% improvement in terms of request deployment cost and time compared to a state-of-the-art algorithm, and up to more than a 40% improvement in terms of cost compared to an algorithm that greedily minimizes the transmission or VNF activation costs.Postprint (author's final draft

Uma arquitetura de alta disponibilidade para funções e serviços virtualizados de rede

Orientador: Elias P. Duarte Jr.Tese (doutorado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Informática. Defesa : Curitiba, 10/02/2023Inclui referênciasÁrea de concentração: Ciência da ComputaçãoResumo: A virtualizacao vem revolucionando a forma como as redes sao construidas e gerenciadas, permitindo a sua evolucao para multiplas direcoes. A Virtualizacao de Funcoes de Rede (Network Function Virtualization - NFV) pode gerar mudancas significativas na rede, uma vez que funcoes de rede tradicionalmente implementadas em hardware dedicado podem ser substituidas por software, denominadas de Funcoes Virtualizadas de Rede (Virtualized Network Functions - VNFs). Apesar das vantagens, alguns desafios ainda devem ser explorados para permitir a sua ampla adocao. As contribuicoes propostas nesta Tese de Doutorado sao divididas em tres partes. A primeira parte explora o fato de que servicos virtualizados possuem maior susceptibilidade a falhas do que as suas alternativas em hardware dedicado. Tendo em vista que as redes se tornaram extremamente necessarias, e essencial garantir a execucao correta e continua dos servicos. A primeira contribuicao propoe uma arquitetura NFV de alta disponibilidade para servicos de rede. A arquitetura realiza o gerenciamento de falhas, oferecendo multiplas estrategias de recuperacao, alem de preservar o estado das VNFs atraves de tecnicas de Checkpoint/Restore. Um prototipo da arquitetura foi implementado e resultados experimentais mostram que e possivel atingir niveis de disponibilidade similares aos de sistemas comerciais de telecomunicacoes. A segunda parte desta Tese analisa a susceptibilidade a falhas de servicos sob outra perspectiva. Considerando que tais servicos sao geralmente executados sobre uma arquitetura subjacente, a falha em algum componente desta arquitetura pode afetar toda a infraestrutura, impedindo o acesso ou possibilitando o uso nao autorizado do sistema. A segunda contribuicao propoe a FIT-SFC (Fault- & Intrusion- Tolerant SFC): uma arquitetura para suportar servicos virtuais seguros e altamente disponiveis. A FIT-SFC e baseada em tecnicas de replicacao para tolerar falhas por parada, por omissao ou intrusao em qualquer de seus componentes. Um prototipo da arquitetura foi implementado e resultados sao apresentados para os custos para tolerar as falhas. Por fim, a terceira parte desta Tese investiga a possibilidade de utilizar NFV para permitir a execucao de servicos virtualizados dentro da propria rede. No conceito chamado COIN (COmputing In the Network), aplicacoes normalmente executadas pelos proprios usuarios finais passam a ser inteiramente executados nativamente dentro da rede. A terceira contribuicao explora a sinergia entre NFV e COIN, denominada de NFV-COIN. Uma arquitetura e proposta para permitir a oferta e gerenciamento de servicos NFV-COIN, alem de oferecer uma interface alto nivel que permite a manipulacao padronizada dos servicos de rede. Experimentos executados em um prototipo implementado da arquitetura demonstram a possibilidade de oferecer e executar servicos NFV-COIN sem introduzir perdas significativas de desempenho.Abstract: Virtualization has represented a true revolution in the way networks are built and managed, allowing them to evolve along multiple directions. In particular, Network Function Virtualization (NFV) has been causing deep changes, since network functions traditionally implemented as specialized hardware can be replaced by software, called Virtualized Network Functions (VNFs). Despite their many advantages, some challenges still need to be addressed in order to allow its wide adoption. The contributions proposed in this Doctoral Thesis are divided into three parts. The first part explores the fact that virtualized services are more prone to failures than traditional alternatives available as specialized hardware. As networks have become extremely necessary, it is essential to ensure the correct and continuous operation of services. The first contribution proposes a high availability architecture for NFV-based services. The architecture performs fault management, offers multiple recovery strategies, while also preserving the state of VNFs through Checkpoint/Restore techniques. A prototype was implemented and experimental results show that it is possible to reach carrier-grade availability. The second part of this Thesis analyzes the susceptibility of service failures from another perspective. Considering that virtualized services usually run on an underlying architecture, the failure of any component of this architecture could affect the entire infrastructure, restraining access or allowing unauthorized use of the system. Therefore, the second contribution proposes the FIT-SFC (Fault- & Intrusion- Tolerant SFC): an architecture to support secure and highly available virtual services. The FIT-SFC architecture is based on replication techniques to tolerate crash, omission, or intrusion failures in any of its components. A prototype was implemented and results are presented for the costs to tolerate failures. Finally, the third part of this Thesis investigates the possibility of using NFV to allow the execution of virtualized services within the network. In the context of COIN (COmputing In the Network), applications that are usually executed by the end users themselves, can now be entirely executed natively within the network. The third contribution explores the synergy between NFV and COIN, called NFV-COIN. An architecture is proposed to allow the deployment and management of NFV-COIN services, while also offering a high-level interface that allows standardized operation of network services. Experiments were executed on an implemented prototype and results demonstrate the possibility of deploying and executing NFV-COIN services without introducing significant performance losses

Accelerating orchestration with in-network offloading

The demand for low-latency Internet applications has pushed functionality that was originally placed in commodity hardware into the network. Either in the form of binaries for the programmable data plane or virtualised network functions, services are implemented within the network fabric with the aim of improving their performance and placing them close to the end user. Training of machine learning algorithms, aggregation of networking traffic, virtualised radio access components, are just some of the functions that have been deployed within the network. Therefore, as the network fabric becomes the accelerator for various applications, it is imperative that the orchestration of their components is also adapted to the constraints and capabilities of the deployment environment. This work identifies performance limitations of in-network compute use cases for both cloud and edge environments and makes suitable adaptations. Within cloud infrastructure, this thesis proposes a platform that relies on programmable switches to accelerate the performance of data replication. It then proceeds to discuss design adaptations of an orchestrator that will allow in-network data offloading and enable accelerated service deployment. At the edge, the topic of inefficient orchestration of virtualised network functions is explored, mainly with respect to energy usage and resource contention. An orchestrator is adapted to schedule requests by taking into account edge constraints in order to minimise resource contention and accelerate service processing times. With data transfers consuming valuable resources at the edge, an efficient data representation mechanism is implemented to provide statistical insight on the provenance of data at the edge and enable smart query allocation to nodes with relevant data. Taking into account the previous state of the art, the proposed data plane replication method appears to be the most computationally efficient and scalable in-network data replication platform available, with significant improvements in throughput and up to an order of magnitude decrease in latency. The orchestrator of virtual network functions at the edge was shown to reduce event rejections, total processing time, and energy consumption imbalances over the default orchestrator, thus proving more efficient use of the infrastructure. Lastly, computational cost at the edge was further reduced with the use of the proposed query allocation mechanism which minimised redundant engagement of nodes

Elastic Highly Available Cloud Computing

High availability and elasticity are two the cloud computing services technical features. Elasticity is a key feature of cloud computing where provisioning of resources is closely tied to the runtime demand. High availability assure that cloud applications are resilient to failures. Existing cloud solutions focus on providing both features at the level of the virtual resource through virtual machines by managing their restart, addition, and removal as needed. These existing solutions map applications to a specific design, which is not suitable for many applications especially virtualized telecommunication applications that are required to meet carrier grade standards. Carrier grade applications typically rely on the underlying platform to manage their availability by monitoring heartbeats, executing recoveries, and attempting repairs to bring the system back to normal. Migrating such applications to the cloud can be particularly challenging, especially if the elasticity policies target the application only, without considering the underlying platform contributing to its high availability (HA). In this thesis, a Network Function Virtualization (NFV) framework is introduced; the challenges and requirements of its use in mobile networks are discussed. In particular, an architecture for NFV framework entities in the virtual environment is proposed. In order to reduce signaling traffic congestion and achieve better performance, a criterion to bundle multiple functions of virtualized evolved packet-core in a single physical device or a group of adjacent devices is proposed. The analysis shows that the proposed grouping can reduce the network control traffic by 70 percent. Moreover, a comprehensive framework for the elasticity of highly available applications that considers the elastic deployment of the platform and the HA placement of the application’s components is proposed. The approach is applied to an internet protocol multimedia subsystem (IMS) application and demonstrate how, within a matter of seconds, the IMS application can be scaled up while maintaining its HA status

5G Multi-access Edge Computing: Security, Dependability, and Performance

The main innovation of the Fifth Generation (5G) of mobile networks is the ability to provide novel services with new and stricter requirements. One of the technologies that enable the new 5G services is the Multi-access Edge Computing (MEC). MEC is a system composed of multiple devices with computing and storage capabilities that are deployed at the edge of the network, i.e., close to the end users. MEC reduces latency and enables contextual information and real-time awareness of the local environment. MEC also allows cloud offloading and the reduction of traffic congestion. Performance is not the only requirement that the new 5G services have. New mission-critical applications also require high security and dependability. These three aspects (security, dependability, and performance) are rarely addressed together. This survey fills this gap and presents 5G MEC by addressing all these three aspects. First, we overview the background knowledge on MEC by referring to the current standardization efforts. Second, we individually present each aspect by introducing the related taxonomy (important for the not expert on the aspect), the state of the art, and the challenges on 5G MEC. Finally, we discuss the challenges of jointly addressing the three aspects.Comment: 33 pages, 11 figures, 15 tables. This paper is under review at IEEE Communications Surveys & Tutorials. Copyright IEEE 202