Multi-Provider Service Chain Embedding With Nestor

Network function (NF) virtualization decouples NFs from the underlying middlebox hardware and promotes their deployment on virtualized network infrastructures. This essentially paves the way for the migration of NFs into clouds (i.e., NF-as-a-Service), achieving a drastic reduction of middlebox investment and operational costs for enterprises. In this context, service chains (expressing middlebox policies in the enterprise network) should be mapped onto datacenter networks, ensuring correctness, resource efficiency, as well as compliance with the provider's policy. The network service embedding (NSE) problem is further exacerbated by two challenging aspects: 1) traffic scaling caused by certain NFs (e.g., caches and WAN optimizers) and 2) NF location dependencies. Traffic scaling requires resource reservations different from the ones specified in the service chain, whereas NF location dependencies, in conjunction with the limited geographic footprint of NF providers (NFPs), raise the need for NSE across multiple NFPs. In this paper, we present a holistic solution to the multi-provider NSE problem. We decompose NSE into: 1) NF-graph partitioning performed by a centralized coordinator and 2) NF-subgraph mapping onto datacenter networks. We present linear programming formulations to derive near-optimal solutions for both problems. We address the challenging aspect of traffic scaling by introducing a new service model that supports demand transformations. We also define topology abstractions for NF-graph partitioning. Furthermore, we discuss the steps required to embed service chains across multiple NFPs, using our NSE orchestrator (Nestor). We perform an evaluation study of multi-provider NSE with emphasis on NF-graph partitioning optimizations tailored to the client and NFPs. Our evaluation results further uncover significant savings in terms of service cost and resource consumption due to the demand transformations. © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works..EU/FP7/T-NOVA/619520DFG/Collaborative Research Center/1053 (MAKI)EU/FP7/T-NOVADFG/CRC/105

Orchestration of Network Services Across Multiple Operators: The 5G Exchange Prototype

Future 5G networks will rely on the coordinated allocation of compute, storage, and networking resources in order to meet the functional requirements of 5G services as well as guaranteeing efficient usage of the network infrastructure. However, the 5G service provisioning paradigm will also require a unified infrastructure service market that integrates multiple operators and technologies. The 5G Exchange (5GEx) project, building heavily on the Software-Defined Network (SDN) and the Network Function Virtualization (NFV) functionalities, tries to overcome this market and technology fragmentation by designing, implementing, and testing a multi-domain orchestrator (MdO) prototype for fast and automated Network Service (NS) provisioning over multiple-technologies and spanning across multiple operators. This paper presents a first implementation of the 5GEx MdO prototype obtained by extending existing open source software tools at the disposal of the 5GEx partners. The main functions of the 5GEx MdO prototype are showcased by demonstrating how it is possible to create and deploy NSs in the context of a Slice as a Service (SlaaS) use-case, based on a multi-operator scenario. The 5GEx MdO prototype performance is experimentally evaluated running validation tests within the 5GEx sandbox. The overall time required for the NS deployment has been evaluated considering NSs deployed across two operators

Little Boxes: A Dynamic Optimization Approach for Enhanced Cloud Infrastructures

The increasing demand for diverse, mobile applications with various degrees of Quality of Service requirements meets the increasing elasticity of on-demand resource provisioning in virtualized cloud computing infrastructures. This paper provides a dynamic optimization approach for enhanced cloud infrastructures, based on the concept of cloudlets, which are located at hotspot areas throughout a metropolitan area. In conjunction, we consider classical remote data centers that are rigid with respect to QoS but provide nearly abundant computation resources. Given fluctuating user demands, we optimize the cloudlet placement over a finite time horizon from a cloud infrastructure provider's perspective. By the means of a custom tailed heuristic approach, we are able to reduce the computational effort compared to the exact approach by at least three orders of magnitude, while maintaining a high solution quality with a moderate cost increase of 5.8% or less

Multi-provider network service embedding

[no abstract

Disaggregated optical network control and orchestration of heterogeneous domains

Network softwarization and disaggregation are two trends that are revolutionizing the network-cloud ecosystem. This paper details possible solutions to control and monitor an infrastructure including an IoT domain, a Cloud domain and a packet-optical network domain

A multi-stage graph aided algorithm for distributed Service Function Chain provisioning across multiple domains

Network Service Providers (NSPs) envisage to support the divergent and stringent requirements of future services by instantiating these services as service chains, commonly referred to as Service Function Chains (SFCs), that are customized and configured to meet specific service requirements. However, due to the limited footprint of the Infrastructure Providers (InPs), these SFCs may have to transcend multiple InPs/domains. In this regard, determining the optimal set of InPs in which to embed the SFC request emerges as a complex problem for several reasons. First, the large number of possible combinations for selecting the InPs to embed the different sub-chains of the request makes this problem computationally complex, rendering optimal solutions only after long computations, especially in large scale networks, which is unfeasible for delay sensitive applications. Second, the unwillingness of InPs to disclose their internal information, which may be vital for making embedding decisions, usually implies the provisioning of single-domain solutions, which are unsuitable in this working scenario. In this regard, this paper first formulates the multi-domain service deployment problem under multiple request constraints, such as bandwidth or delay, among others. Then, due to the NP-hardness nature of the above problem, this paper proposes an algorithm that is aided by a multi-stage graph for computing a request embedding solution in a distributed manner, solving the problem in acceptable run-times. Results from different simulations reveal that the proposed algorithm is optimized in terms of acceptance ratio and embedding cost, with up to 60.0% and 88.7% improvements in terms of embedding cost and execution time, respectively, for some scenarios, in comparison with a benchmark state-of-the-art algorithm.Postprint (published version

A deep reinforcement learning-based algorithm for reliability-aware multi-domain service deployment in smart ecosystems

The final publication is available at Springer via http://dx.doi.org/10.1007/s00521-020-05372-xThe transition towards full network virtualization will see services for smart ecosystems including smart metering, healthcare and transportation among others, being deployed as Service Function Chains (SFCs) comprised of an ordered set of virtual network functions. However, since such services are usually deployed in remote cloud networks, the SFCs may transcend multiple domains belonging to different Infrastructure Providers (InPs), possibly with differing policies regarding billing and Quality-of-service (QoS) guarantees. Therefore, efficiently allocating the exhaustible network resources to the different SFCs while meeting the stringent requirements of the services such as delay and QoS among others, remains a complex challenge, especially under limited information disclosure by the InPs. In this work, we formulate the SFC deployment problem across multiple domains focusing on delay constraints, and propose a framework for SFC orchestration which adheres to the privacy requirements of the InPs. Then, we propose a reinforcement learning (RL)-based algorithm for partitioning the SFC request across the different InPs while considering service reliability across the participating InPs. Such RL-based algorithms have the intelligence to infer undisclosed InP information from historical data obtained from past experiences. Simulation results, considering both online and offline scenarios, reveal that the proposed algorithm results in up to 10% improvement in terms of acceptance ratio and provisioning cost compared to the benchmark algorithms, with up to more than 90% saving in execution time for large networks. In addition, the paper proposes an enhancement to a state-of-the-art algorithm which results in up to 5% improvement in terms of provisioning cost.This work has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 777067 (NECOS project) and the national project TEC2015-71329-C2-2-R (MINECO/FEDER). This work is also supported by the " Fundamental Research Funds for the Central Universities " of China University of Petroleum (East China) under Grant 18CX02139APeer ReviewedPostprint (author's final draft

Software-defined middlebox networking

[no abstract

Context-based security function orchestration for the network edge

Over the last few years the number of interconnected devices has increased dramatically, generating zettabytes of traffic each year. In order to cater to the requirements of end-users, operators have deployed network services to enhance their infrastructure. Nowadays, telecommunications service providers are making use of virtualised, flexible, and cost-effective network-wide services, under what is known as Network Function Virtualisation (NFV). Future network and application requirements necessitate services to be delivered at the edge of the network, in close proximity to end-users, which has the potential to reduce end-to-end latency and minimise the utilisation of the core infrastructure while providing flexible allocation of resources. One class of functionality that NFV facilitates is the rapid deployment of network security services. However, the urgency for assuring connectivity to an ever increasing number of devices as well as their resource-constrained nature, has led to neglecting security principles and best practices. These low-cost devices are often exploited for malicious purposes in targeting the network infrastructure, with recent volumetric Distributed Denial of Service (DDoS) attacks often surpassing 1 terabyte per second of network traffic. The work presented in this thesis aims to identify the unique requirements of security modules implemented as Virtual Network Functions (VNFs), and the associated challenges in providing management and orchestration of complex chains consisting of multiple VNFs The work presented here focuses on deployment, placement, and lifecycle management of microservice-based security VNFs in resource-constrained environments using contextual information on device behaviour. Furthermore, the thesis presents a formulation of the latency-optimal placement of service chains at the network edge, provides an optimal solution using Integer Linear Programming, and an associated near-optimal heuristic solution that is able to solve larger-size problems in reduced time, which can be used in conjunction with context-based security paradigms. The results of this work demonstrate that lightweight security VNFs can be tailored for, and hosted on, a variety of devices, including commodity resource-constrained systems found in edge networks. Furthermore, using a context-based implementation of the management and orchestration of lightweight services enables the deployment of real-world complex security service chains tailored towards the user’s performance demands from the network. Finally, the results of this work show that on-path placement of service chains reduces the end-to-end latency and minimise the number of service-level agreement violations, therefore enabling secure use of latency-critical networks

A reinforcement learning approach for Virtual Network Function Chaining and sharing in softwarized networks

​© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Cognizant of the ease with which softwarized functions can be dynamically scaled according to real time resource requirements, and the fact that multiple services can have common VNFs in their chaining, this paper tackles the problem of cost effective deployment of online services from the perspective of sharing their VNF instances. First, we formally formulate the deployment problem under VNFs sharing. Secondly, given the NP-hard nature of the above problem, we propose a reinforcement learning (RL) algorithm capable of making intelligent placement decisions while considering multiple conflicting costs. Costs of transmission, VNF instantiation or energy consumption, among others. Thanks to the intelligence of the RL algorithm, simulation results show that the performance of the proposed algorithm is within a 14% margin and similar to an optimal solution in terms of request provisioning cost and acceptance ratio, respectively. Moreover, the algorithm results in more than a 20% and a 70% improvement in terms of request deployment cost and time compared to a state-of-the-art algorithm, and up to more than a 40% improvement in terms of cost compared to an algorithm that greedily minimizes the transmission or VNF activation costs.Postprint (author's final draft