Network Function Virtualization Service Delivery In Future Internet

This dissertation investigates the Network Function Virtualization (NFV) service delivery problems in the future Internet. With the emerging Internet of everything, 5G communication and multi-access edge computing techniques, tremendous end-user devices are connected to the Internet. The massive quantity of end-user devices facilitates various services between the end-user devices and the cloud/edge servers. To improve the service quality and agility, NFV is applied. In NFV, the customer\u27s data from these services will go through multiple Service Functions (SFs) for processing or analysis. Unlike traditional point-to-point data transmission, a particular set of SFs and customized service requirements are needed to be applied to the customer\u27s traffic flow, which makes the traditional point-to-point data transmission methods not directly used. As the traditional point-to-point data transmission methods cannot be directly applied, there should be a body of novel mechanisms that effectively deliver the NFV services with customized~requirements. As a result, this dissertation proposes a series of mechanisms for delivering NFV services with diverse requirements. First, we study how to deliver the traditional NFV service with a provable boundary in unique function networks. Secondly, considering both forward and backward traffic, we investigate how to effectively deliver the NFV service when the SFs required in forward and backward traffic is not the same. Thirdly, we investigate how to efficiently deliver the NFV service when the required SFs have specific executing order constraints. We also provide detailed analysis and discussion for proposed mechanisms and validate their performance via extensive simulations. The results demonstrate that the proposed mechanisms can efficiently and effectively deliver the NFV services under different requirements and networking conditions. At last, we also propose two future research topics for further investigation. The first topic focuses on parallelism-aware service function chaining and embedding. The second topic investigates the survivability of NFV services

Clustering algorithms for dynamic adaptation of service function chains

Network function virtualization is a pillar-stone of today’s network architectures as it offers better management and elasticity and allows also a flexible maintenance of services running on shared resources over cloud environments. Network functions traditionally hosted on dedicated hardware are now provided over software based components that might run either on virtual machines or on containers. The major advantage of this transition is that it makes the deployment of new services easier while optimizing the management and administration of network architectures. It is much easier to spin up a new virtual machine/container hosting a network function or a specific application described as a service function chain, than to deploy a new hardware based equipment and checking its compatibility with the rest of the architecture. With all the advantages that this new paradigm offers comes a set of challenges related mainly to: 1) optimizing the resource consumption on the shared infrastructure 2) making the best decision of placing the virtual functions that respects at the same time clients’ requirements and also leverages the available resources on the substrate network in terms of different metrics (e.g., CPU, memory, latency, bandwidth). This aspect of Network Function Virtualization-NFV and Service Function Chains-SFC placement have been treated in so many research works that propose approaches ensuring optimal placement and chaining of VNFs in virtualized networks, but as the adoption of these technologies gets more important in real network setups, and given the strict restrictions of today’s’ applications (e.g. latency highly-sensitive applications, or availability highly-sensitive service, etc.), it is always important to consider all the parameters impacting the network management in cloud environments. In this research project, we develop new approaches for placement and chaining of virtual network functions in cloud-based environments. The first approach allows forming on demand clusters of servers deployed in a physical infrastructure. These servers are grouped according to their similar attributes (e.g., CPU-intensive server, energy-efficient server, etc). This process is a proactive measure to ensure that SFCs are hosted in servers that meet their specific metrics requirements (CPU, memory, disk, etc.). It employs a meta-heuristic called CRO (Chemical Reaction Optimization) to decide of the best VNF placement guaranteeing optimal resource consumption in terms of CPU / memory. We employ CRO also to ensure the lowest latencies during the routing between the different VNFs. In fact, the E2E delay is an important aspect to consider, as most current applications require low latencies and shortest run times. In the second approach, the clusters are formed using algorithms based on meta-heuristics, including the CRO, allowing to improve the quality of clusters formed in terms of similarity, density and modularity

Enhancing Networks via Virtualized Network Functions

University of Minnesota Ph.D. dissertation. May 2019. Major: Computer Science. Advisor: Zhi-Li Zhang. 1 computer file (PDF); xii, 116 pages.In an era of ubiquitous connectivity, various new applications, network protocols, and online services (e.g., cloud services, distributed machine learning, cryptocurrency) have been constantly creating, underpinning many of our daily activities. Emerging demands for networks have led to growing traffic volume and complexity of modern networks, which heavily rely on a wide spectrum of specialized network functions (e.g., Firewall, Load Balancer) for performance, security, etc. Although (virtual) network functions (VNFs) are widely deployed in networks, they are instantiated in an uncoordinated manner failing to meet growing demands of evolving networks. In this dissertation, we argue that networks equipped with VNFs can be designed in a fashion similar to how computer software is today programmed. By following the blueprint of joint design over VNFs, networks can be made more effective and efficient. We begin by presenting Durga, a system fusing wide area network (WAN) virtualization on gateway with local area network (LAN) virtualization technology. It seamlessly aggregates multiple WAN links into a (virtual) big pipe for better utilizing WAN links and also provides fast fail-over thus minimizing application performance degradation under WAN link failures. Without the support from LAN virtualization technology, existing solutions fail to provide high reliability and performance required by today’s enterprise applications. We then study a newly standardized protocol, Multipath TCP (MPTCP), adopted in Durga, showing the challenge of associating MPTCP subflows in network for the purpose of boosting throughput and enhancing security. Instead of designing a customized solution in every VNF to conquer this common challenge (making VNFs aware of MPTCP), we implement an online service named SAMPO to be readily integrated into VNFs. Following the same principle, we make an attempt to take consensus as a service in software-defined networks. We illustrate new network failure scenarios that are not explicitly handled by existing consensus algorithms such as Raft, thereby severely affecting their correct or efficient operations. Finally, we re-consider VNFs deployed in a network from the perspective of network administrators. A global view of deployed VNFs brings new opportunities for performance optimization over the network, and thus we explore parallelism in service function chains composing a sequence of VNFs that are typically traversed in-order by data flows

On the Orchestration and Provisioning of NFV-enabled Multicast Services

The paradigm of network function virtualization (NFV) with the support of software-defined networking has emerged as a prominent approach to foster innovation in the networking field and reduce the complexity involved in managing modern-day conventional networks. Before NFV, functions, which can manipulate the packet header and context of traffic flow, used to be implemented at fixed locations in the network substrate inside proprietary physical devices (called middlewares). With NFV, such functions are softwarized and virtualized. As such, they can be deployed in commodity servers as demanded. Hence, the provisioning of a network service becomes more agile and abstract, thereby giving rise to the next-generation service-customized networks which have the potential to meet new demands and use cases. In this thesis, we focus on three complementary research problems essential to the orchestration and provisioning of NFV-enabled multicast network services. An NFV-enabled multicast service connects a source with a set of destinations. It specifies a set of NFs that should be executed at the chosen routes from the source to the destinations, with some resources and ordering relationships that should be satisfied in wired core networks. In Problem I, we investigate a static joint traffic routing and virtual NF placement framework for accommodating multicast services over the network substrate. We develop optimal formulations and efficient heuristic algorithms that jointly handle the static embedding of one or multiple service requests over the network substrate with single-path and multipath routing. In Problem II, we study the online orchestration of NFV-enabled network services. We consider both unicast and multicast NFV-enabled services with mandatory and best-effort NF types. Mandatory NFs are strictly necessary for the correctness of a network service, whereas best-effort NFs are preferable yet not necessary. Correspondingly, we propose a primal-dual based online approximation algorithm that allocates both processing and transmission resources to maximize a profit function that is proportional to the throughput. The online algorithm resembles a joint admission mechanism and an online composition, routing, and NF placement framework. In the core network, traffic patterns exhibit time-varying characteristics that can be cumbersome to model. Therefore, in Problem III, we develop a dynamic provisioning approach to allocate processing and transmission resources based on the traffic pattern of the embedded network service using deep reinforcement learning (RL). Notably, we devise a model-assisted exploration procedure to improve the efficiency and consistency of the deep RL algorithm

In Situ Visualization of Performance Data in Parallel CFD Applications

This thesis summarizes the work of the author on visualization of performance data in parallel Computational Fluid Dynamics (CFD) simulations. Current performance analysis tools are unable to show their data on top of complex simulation geometries (e.g. an aircraft engine). But in CFD simulations, performance is expected to be affected by the computations being carried out, which in turn are tightly related to the underlying computational grid. Therefore it is imperative that performance data is visualized on top of the same computational geometry which they originate from. However, performance tools have no native knowledge of the underlying mesh of the simulation. This scientific gap can be filled by merging the branches of HPC performance analysis and in situ visualization of CFD simulations data, which shall be done by integrating existing, well established state-of-the-art tools from each field. In this threshold, an extension for the open-source performance tool Score-P was designed and developed, which intercepts an arbitrary number of manually selected code regions (mostly functions) and send their respective measurements – amount of executions and cumulative time spent – to the visualization software ParaView – through its in situ library, Catalyst –, as if they were any other flow-related variable. Subsequently the tool was extended with the capacity to also show communication data (messages sent between MPI ranks) on top of the CFD mesh. Testing and evaluation are done with two industry-grade codes: Rolls-Royce’s CFD code, Hydra, and Onera, DLR and Airbus’ CFD code, CODA. On the other hand, it has been also noticed that the current performance tools have limited capacity of displaying their data on top of three-dimensional, framed (i.e. time-stepped) representations of the cluster’s topology. Parallel to that, in order for the approach not to be limited to codes which already have the in situ adapter, it was extended to take the performance data and display it – also in codes without in situ – on a three-dimensional, framed representation of the hardware resources being used by the simulation. Testing is done with the Multi-Grid and Block Tri-diagonal NAS Parallel Benchmarks (NPB), as well as with Hydra and CODA again. The benchmarks are used to explain how the new visualizations work, while real performance analyses are done with the industry-grade CFD codes. The proposed solution is able to provide concrete performance insights, which would not have been reached with the current performance tools and which motivated beneficial changes in the respective source code in real life. Finally, its overhead is discussed and proven to be suitable for usage with CFD codes. The dissertation provides a valuable addition to the state of the art of highly parallel CFD performance analysis and serves as basis for further suggested research directions

A monitoring and threat detection system using stream processing as a virtual function for big data

The late detection of security threats causes a significant increase in the risk of irreparable damages, disabling any defense attempt. As a consequence, fast realtime threat detection is mandatory for security guarantees. In addition, Network Function Virtualization (NFV) provides new opportunities for efficient and low-cost security solutions. We propose a fast and efficient threat detection system based on stream processing and machine learning algorithms. The main contributions of this work are i) a novel monitoring threat detection system based on stream processing; ii) two datasets, first a dataset of synthetic security data containing both legitimate and malicious traffic, and the second, a week of real traffic of a telecommunications operator in Rio de Janeiro, Brazil; iii) a data pre-processing algorithm, a normalizing algorithm and an algorithm for fast feature selection based on the correlation between variables; iv) a virtualized network function in an open-source platform for providing a real-time threat detection service; v) near-optimal placement of sensors through a proposed heuristic for strategically positioning sensors in the network infrastructure, with a minimum number of sensors; and, finally, vi) a greedy algorithm that allocates on demand a sequence of virtual network functions.A detecção tardia de ameaças de segurança causa um significante aumento no risco de danos irreparáveis, impossibilitando qualquer tentativa de defesa. Como consequência, a detecção rápida de ameaças em tempo real é essencial para a administração de segurança. Além disso, A tecnologia de virtualização de funções de rede (Network Function Virtualization - NFV) oferece novas oportunidades para soluções de segurança eficazes e de baixo custo. Propomos um sistema de detecção de ameaças rápido e eficiente, baseado em algoritmos de processamento de fluxo e de aprendizado de máquina. As principais contribuições deste trabalho são: i) um novo sistema de monitoramento e detecção de ameaças baseado no processamento de fluxo; ii) dois conjuntos de dados, o primeiro ´e um conjunto de dados sintético de segurança contendo tráfego suspeito e malicioso, e o segundo corresponde a uma semana de tráfego real de um operador de telecomunicações no Rio de Janeiro, Brasil; iii) um algoritmo de pré-processamento de dados composto por um algoritmo de normalização e um algoritmo para seleção rápida de características com base na correlação entre variáveis; iv) uma função de rede virtualizada em uma plataforma de código aberto para fornecer um serviço de detecção de ameaças em tempo real; v) posicionamento quase perfeito de sensores através de uma heurística proposta para posicionamento estratégico de sensores na infraestrutura de rede, com um número mínimo de sensores; e, finalmente, vi) um algoritmo guloso que aloca sob demanda uma sequencia de funções de rede virtual

Towards 6G Through SDN and NFV-Based Solutions for Terrestrial and Non-Terrestrial Networks

As societal needs continue to evolve, there has been a marked rise in a wide variety of emerging use cases that cannot be served adequately by existing networks. For example, increasing industrial automation has not only resulted in a massive rise in the number of connected devices, but has also brought forth the need for remote monitoring and reconnaissance at scale, often in remote locations characterized by a lack of connectivity options. Going beyond 5G, which has largely focused on enhancing the quality-of-experience for end devices, the next generation of wireless communications is expected to be centered around the idea of "wireless ubiquity". The concept of wireless ubiquity mandates that the quality of connectivity is not only determined by classical metrics such as throughput, reliability, and latency, but also by the level of coverage offered by the network. In other words, the upcoming sixth generation of wireless communications should be characterized by networks that exhibit high throughput and reliability with low latency, while also providing robust connectivity to a multitude of devices spread across the surface of the Earth, without any geographical constraints. The objective of this PhD thesis is to design novel architectural solutions for the upcoming sixth generation of cellular and space communications systems with a view to enabling wireless ubiquity with software-defined networking and network function virtualization at its core. Towards this goal, this thesis introduces a novel end-to-end system architecture for cellular communications characterized by innovations such as the AirHYPE wireless hypervisor. Furthermore, within the cellular systems domain, solutions for radio access network design with software-defined mobility management, and containerized core network design optimization have also been presented. On the other hand, within the space systems domain, this thesis introduces the concept of the Internet of Space Things (IoST). IoST is a novel cyber-physical system centered on nanosatellites and is capable of delivering ubiquitous connectivity for a wide variety of use cases, ranging from monitoring and reconnaissance to in-space backhauling. In this direction, contributions relating to constellation design, routing, and automatic network slicing form a key aspect of this thesis.Ph.D

Reconfigurable Antenna Systems: Platform implementation and low-power matters

Antennas are a necessary and often critical component of all wireless systems, of which they share the ever-increasing complexity and the challenges of present and emerging trends. 5G, massive low-orbit satellite architectures (e.g. OneWeb), industry 4.0, Internet of Things (IoT), satcom on-the-move, Advanced Driver Assistance Systems (ADAS) and Autonomous Vehicles, all call for highly flexible systems, and antenna reconfigurability is an enabling part of these advances. The terminal segment is particularly crucial in this sense, encompassing both very compact antennas or low-profile antennas, all with various adaptability/reconfigurability requirements. This thesis work has dealt with hardware implementation issues of Radio Frequency (RF) antenna reconfigurability, and in particular with low-power General Purpose Platforms (GPP); the work has encompassed Software Defined Radio (SDR) implementation, as well as embedded low-power platforms (in particular on STM32 Nucleo family of micro-controller). The hardware-software platform work has been complemented with design and fabrication of reconfigurable antennas in standard technology, and the resulting systems tested. The selected antenna technology was antenna array with continuously steerable beam, controlled by voltage-driven phase shifting circuits. Applications included notably Wireless Sensor Network (WSN) deployed in the Italian scientific mission in Antarctica, in a traffic-monitoring case study (EU H2020 project), and into an innovative Global Navigation Satellite Systems (GNSS) antenna concept (patent application submitted). The SDR implementation focused on a low-cost and low-power Software-defined radio open-source platform with IEEE 802.11 a/g/p wireless communication capability. In a second embodiment, the flexibility of the SDR paradigm has been traded off to avoid the power consumption associated to the relevant operating system. Application field of reconfigurable antenna is, however, not limited to a better management of the energy consumption. The analysis has also been extended to satellites positioning application. A novel beamforming method has presented demonstrating improvements in the quality of signals received from satellites. Regarding those who deal with positioning algorithms, this advancement help improving precision on the estimated position

Multi-Core Parallel Routing

The recent increase in the amount of data (i.e., big data) led to higher data volumes to be transferred and processed over the network. Also, over the last years, the deployment of multi-core routers has grown rapidly. However, such big data transfers are not leveraging the powerful multi-core routers to the extent possible, particularly in the key function of routing. Our main goal is to find a way so we can use these cores more effectively and efficiently in routing the big data transfers. In this dissertation, we propose a novel approach to parallelize data transfers by leveraging the multi-core CPUs in the routers. Legacy routing protocols, e.g. OSPF for intra-domain routing, send data from source to destination on a shortest single path. We describe an end-to-end method to distribute data optimally on flows by using multiple paths. We generate new virtual topology substrates from the underlying router topology and perform shortest path routing on each substrate. With this framework, even though calculating shortest paths could be done with well-known techniques such as OSPF's Dijkstra implementation, finding optimal substrates so as to maximize the aggregate throughput over multiple end-to-end paths is still an NP-hard problem. We focus our efforts on solving the problem and design heuristics for substrate generation from a given router topology. Our heuristics' interim goal is to generate substrates in such a way that the shortest path between a source-destination pair on each substrate minimally overlaps with each other. Once these substrates are determined, we assign each substrate to a core in routers and employ a multi-path transport protocol, like MPTCP, to perform end-to-end parallel transfers