Container-based network function virtualization for software-defined networks

Today's enterprise networks almost ubiquitously deploy middlebox services to improve in-network security and performance. Although virtualization of middleboxes attracts a significant attention, studies show that such implementations are still proprietary and deployed in a static manner at the boundaries of organisations, hindering open innovation. In this paper, we present an open framework to create, deploy and manage virtual network functions (NF)s in OpenFlow-enabled networks. We exploit container-based NFs to achieve low performance overhead, fast deployment and high reusability missing from today's NFV deployments. Through an SDN northbound API, NFs can be instantiated, traffic can be steered through the desired policy chain and applications can raise notifications. We demonstrate the systems operation through the development of exemplar NFs from common Operating System utility binaries, and we show that container-based NFV improves function instantiation time by up to 68% over existing hypervisor-based alternatives, and scales to one hundred co-located NFs while incurring sub-millisecond latency

ANALISIS PERFORMANSI NETWORK FUNCTION VIRTUALIZATION PADA CONTAINER DOCKER DAN LXC

ABSTRAK Beragam permasalahan yang dikenali beberapa waktu lalu oleh beberapa operator telekomunikasi di dunia pada perangkat jaringan berbasis perangkat keras membuat ETSI (sebuah organisasi non profit yang mengatur standar tentang perangkat jaringan) untuk menggalang sebuah pertemuan dengan kontributor-kontributor dari beberapa operator telekomunikasi tersebut guna mendiskusikan alternatif untuk menangani beberapa masalah yang dihadapi selama bisnis berlangsung. Network Function Virtualization (NFV) merupakan alternatif berbasis virtualisasi yang ditawarkan dimana konsep dasar NFV ini adalah menggantikan fungsi perangkat keras menjadi perangkat lunak yang dapat dikelola dengan mudah. Salah satu implementasi NFV adalah VNF (Virtualized Network Function). Tidak ada standar yang digunakan dalam pembuatan NFV ini baik dari infrastruktur atau beberapa hal yang terkait. Saat ini, NFV dapat dijalankan diatas platform hypervisor dan container. Hypervisor dan container digunakan untuk mengatur seluruh isolasi dan manajemen hardware untuk virtual environment. Pada beberapa penelitian, container dipercaya sebagai platform yang lebih ringan dibandingkan dengan hypervisor, namun NFV yang dijalankan diatas suatu container performansinya perlu diuji sebelum dilakukan implementasi. Atas dasar tersebut pada tugas akhir ini penulis menggunakan container Docker dan Linux Container (LXC) sebagai platform yang menjalankan VNF dengan objek virtual router. Hasil pengujian memiliki karakteristik performa yang ringan ditinjau dari penggunaan processor (CPU Usage), penggunaan RAM (Memory Usage) dan memiliki performansi jaringan yang baik ditinjau dari throughput dan packet loss selama pengiriman paket berlangsung. LXC menunjukkan angka stabilitas yang lebih baik daripada Docker dengan selisih performansi stabilitas 5% pada pengujian throughput maksimum. Oleh sebab itu, penulis merekomendasikan penggunaan LXC sebagai platform yang menjalankan virtual router dikarenakan LXC menunjukkan performansi yang dominan lebih baik pada pengujian ini, ditunjukkan dengan hasil yang stabil pada beberapa pengujian. Kata Kunci : virtualisasi, NFV, VNF, vitual router, container, Docker, LXC</p

SplitBox: Toward Efficient Private Network Function Virtualization

This paper presents SplitBox, an efficient system for privacy-preserving processing of network functions that are outsourced as software processes to the cloud. Specifically, cloud providers processing the network functions do not learn the network policies instructing how the functions are to be processed. First, we propose an abstract model of a generic network function based on match-action pairs. We assume that this function is processed in a distributed manner by multiple honest-but-curious cloud service providers. Then, we introduce our SplitBox system for private network function virtualization and present a proof-of-concept implementation on FastClick, an extension of the Click modular router, using a firewall as a use case. Our experimental results achieve a throughput of over 2 Gbps with 1 kB-sized packets on average, traversing up to 60 firewall rules

Analysis of basic Architectures used for Lifecycle Management and Orchestration of Network Service in Network Function Virtualization Environment

The Network Function Virtualization (NFV), Software Defined Networking are technologies, so which are in combination inorder to provide a high flexibility for network and dynamical continuum of resources for the deployment of services in the environment of high network programmability. A Network Function Virtualization Orchestration (NFVO) is an important topic played a major role in above scenario and in high availability of Virtual Network Functions (VNF), lifecycle and configuration management of network elements. However, the hardware usage is one of the obstacle towards network programmability and is generally considered as a contrast with respect to NFV concepts. In this paper shows many architectures, workflow in virtualization environment, compatibility, flexibility is discussed. These architectures involve in great enhancement of network infrastructure in virtualized environment. Each architecture is needed to gain better results in network function virtualization environment

Multicasting in Network Function Virtualization (NFV) Environment

Network Function Virtualization is a growing concept in the research field because of its ability to decouple network functions, like network address translation (NAT), domain name service (DNS), firewall, intrusion detection (IDS) etc., from proprietary hardware equipment. They can now run in software making the network more flexible and agile. This also reduces hardware and maintenance costs of the network. Nowadays many applications use multicasting as it saves a huge amount of communication bandwidth. But many packets need intermediary processing before reaching their destinations. For this processing, Virtual Network functions (VNFs) are implemented in the network where processing of packets takes place. Because of this the path through which the packets traverse changes, and delay increases. This project considers different number and placements of VNFs in four real-world topologies namely NSFNET, Cost239, Arpanet and Random12, and observes the delay for every case. As the VNFs are duplicated on different nodes in the network, the cost of deployment and maintenance of VNFs is increased, but the delay decreases up to a certain number of VNFs. After this, the delay becomes constant. This project presents this trade-off between cost and delay

An Energy-driven Network Function Virtualization for Multi-domain Software Defined Networks

Network Functions Virtualization (NFV) in Software Defined Networks (SDN) emerged as a new technology for creating virtual instances for smooth execution of multiple applications. Their amalgamation provides flexible and programmable platforms to utilize the network resources for providing Quality of Service (QoS) to various applications. In SDN-enabled NFV setups, the underlying network services can be viewed as a series of virtual network functions (VNFs) and their optimal deployment on physical/virtual nodes is considered a challenging task to perform. However, SDNs have evolved from single-domain to multi-domain setups in the recent era. Thus, the complexity of the underlying VNF deployment problem in multi-domain setups has increased manifold. Moreover, the energy utilization aspect is relatively unexplored with respect to an optimal mapping of VNFs across multiple SDN domains. Hence, in this work, the VNF deployment problem in multi-domain SDN setup has been addressed with a primary emphasis on reducing the overall energy consumption for deploying the maximum number of VNFs with guaranteed QoS. The problem in hand is initially formulated as a "Multi-objective Optimization Problem" based on Integer Linear Programming (ILP) to obtain an optimal solution. However, the formulated ILP becomes complex to solve with an increasing number of decision variables and constraints with an increase in the size of the network. Thus, we leverage the benefits of the popular evolutionary optimization algorithms to solve the problem under consideration. In order to deduce the most appropriate evolutionary optimization algorithm to solve the considered problem, it is subjected to different variants of evolutionary algorithms on the widely used MOEA framework (an open source java framework based on multi-objective evolutionary algorithms).Comment: Accepted for publication in IEEE INFOCOM 2019 Workshop on Intelligent Cloud Computing and Networking (ICCN 2019