5,926 research outputs found
Online VNF Scaling in Datacenters
Network Function Virtualization (NFV) is a promising technology that promises
to significantly reduce the operational costs of network services by deploying
virtualized network functions (VNFs) to commodity servers in place of dedicated
hardware middleboxes. The VNFs are typically running on virtual machine
instances in a cloud infrastructure, where the virtualization technology
enables dynamic provisioning of VNF instances, to process the fluctuating
traffic that needs to go through the network functions in a network service. In
this paper, we target dynamic provisioning of enterprise network services -
expressed as one or multiple service chains - in cloud datacenters, and design
efficient online algorithms without requiring any information on future traffic
rates. The key is to decide the number of instances of each VNF type to
provision at each time, taking into consideration the server resource
capacities and traffic rates between adjacent VNFs in a service chain. In the
case of a single service chain, we discover an elegant structure of the problem
and design an efficient randomized algorithm achieving a e/(e-1) competitive
ratio. For multiple concurrent service chains, an online heuristic algorithm is
proposed, which is O(1)-competitive. We demonstrate the effectiveness of our
algorithms using solid theoretical analysis and trace-driven simulations.Comment: 9 pages, 4 figure
Packet flow analysis in IP networks via abstract interpretation
Static analysis (aka offline analysis) of a model of an IP network is useful
for understanding, debugging, and verifying packet flow properties of the
network. There have been static analysis approaches proposed in the literature
for networks based on model checking as well as graph reachability. Abstract
interpretation is a method that has typically been applied to static analysis
of programs. We propose a new, abstract-interpretation based approach for
analysis of networks. We formalize our approach, mention its correctness
guarantee, and demonstrate its flexibility in addressing multiple
network-analysis problems that have been previously solved via tailor-made
approaches. Finally, we investigate an application of our analysis to a novel
problem -- inferring a high-level policy for the network -- which has been
addressed in the past only in the restricted single-router setting.Comment: 8 page
Defending Against Denial of Service
Civil Society currently faces significant cyber threats. At the top of the list of those threats are Denial of Service (DoS) attacks. The websites of many organizations and individuals have already come under such attacks, and the frequency of those attacks are on the rise. Civil Society frequently does not have the kinds of resources or technical know-how that is available to commercial enterprise and government websites, and often have to exist in adverse political environments where every avenue available, both legal and illegal, is used against them. Therefore, the threat of DoS attacks is unlikely to go away any time soon.A Denial of Service (DoS) attack is any attack that overwhelms a website, causing the content normally provided by that website to no longer be available to regular visitors of the website. Distributed Denial of Service (DDoS) attacks are traffic volumebased attacks originating from a large number of computers, which are usually compromised workstations. These workstations, known as 'zombies', form a widely distributed attack network called a 'botnet'. While many modern Denial of Service attacks are Distributed Denial of Service attacks, this is certainly not true for all denials of service experienced by websites. Therefore, when users first start experiencing difficulty in getting to the website content, it should not be assumed that the site is under a DDoS attack. Many forms of DoS are far easier to implement than DDoS, and so these attacks are still used by parties with malicious intent. Many such DoS attacks are easier to defend against once the mechanism used to cause the denial of service is known. Therefore, it is paramount to do proper analysis of attack traffic when a site becomes unable to perform its normal function. There are two parts to this guide. The first part outlines preparatory steps that can be taken by Civil Society organizations to improve their website's resilience, should it come under attack. However, we do understand that most Civil Society organizations' first introduction to DoS attacks comes when they suddenly find themselves the victim of an attack. The second part of this guide provides a step-by-step process to assist the staff of NGOs to efficiently deal with that stressful situation
Online Load Balancing for Network Functions Virtualization
Network Functions Virtualization (NFV) aims to support service providers to
deploy various services in a more agile and cost-effective way. However, the
softwarization and cloudification of network functions can result in severe
congestion and low network performance. In this paper, we propose a solution to
address this issue. We analyze and solve the online load balancing problem
using multipath routing in NFV to optimize network performance in response to
the dynamic changes of user demands. In particular, we first formulate the
optimization problem of load balancing as a mixed integer linear program for
achieving the optimal solution. We then develop the ORBIT algorithm that solves
the online load balancing problem. The performance guarantee of ORBIT is
analytically proved in comparison with the optimal offline solution. The
experiment results on real-world datasets show that ORBIT performs very well
for distributing traffic of each service demand across multipaths without
knowledge of future demands, especially under high-load conditions
- …