122 research outputs found
Performance Modeling of Softwarized Network Services Based on Queuing Theory with Experimental Validation
Network Functions Virtualization facilitates the automation of the scaling of softwarized network services (SNSs).
However, the realization of such a scenario requires a way to
determine the needed amount of resources so that the SNSs performance requisites are met for a given workload. This problem is
known as resource dimensioning, and it can be efficiently tackled
by performance modeling. In this vein, this paper describes an
analytical model based on an open queuing network of G/G/m
queues to evaluate the response time of SNSs. We validate our
model experimentally for a virtualized Mobility Management
Entity (vMME) with a three-tiered architecture running on
a testbed that resembles a typical data center virtualization
environment. We detail the description of our experimental
setup and procedures. We solve our resulting queueing network
by using the Queueing Networks Analyzer (QNA), Jackson’s
networks, and Mean Value Analysis methodologies, and compare
them in terms of estimation error. Results show that, for medium
and high workloads, the QNA method achieves less than half of
error compared to the standard techniques. For low workloads,
the three methods produce an error lower than 10%. Finally,
we show the usefulness of the model for performing the dynamic
provisioning of the vMME experimentally.This work has been partially funded by the H2020 research
and innovation project 5G-CLARITY (Grant No. 871428)National research
project 5G-City: TEC2016-76795-C6-4-RSpanish Ministry of
Education, Culture and Sport (FPU Grant 13/04833). We would also like to
thank the reviewers for their valuable feedback to enhance the quality
and contribution of this wor
Enabling Scalable and Sustainable Softwarized 5G Environments
The fifth generation of telecommunication systems (5G) is foreseen to play a fundamental
role in our socio-economic growth by supporting various and radically new vertical
applications (such as Industry 4.0, eHealth, Smart Cities/Electrical Grids, to name
a few), as a one-fits-all technology that is enabled by emerging softwarization solutions
\u2013 specifically, the Fog, Multi-access Edge Computing (MEC), Network Functions Virtualization
(NFV) and Software-Defined Networking (SDN) paradigms. Notwithstanding
the notable potential of the aforementioned technologies, a number of open issues
still need to be addressed to ensure their complete rollout. This thesis is particularly developed
towards addressing the scalability and sustainability issues in softwarized 5G
environments through contributions in three research axes: a) Infrastructure Modeling
and Analytics, b) Network Slicing and Mobility Management, and c) Network/Services Management
and Control. The main contributions include a model-based analytics approach
for real-time workload profiling and estimation of network key performance indicators
(KPIs) in NFV infrastructures (NFVIs), as well as a SDN-based multi-clustering approach
to scale geo-distributed virtual tenant networks (VTNs) and to support seamless
user/service mobility; building on these, solutions to the problems of resource consolidation,
service migration, and load balancing are also developed in the context of 5G.
All in all, this generally entails the adoption of Stochastic Models, Mathematical Programming,
Queueing Theory, Graph Theory and Team Theory principles, in the context
of Green Networking, NFV and SDN
Mecanismos dinâmicos de segurança para redes softwarizadas e virtualizadas
The relationship between attackers and defenders has traditionally been
asymmetric, with attackers having time as an upper hand to devise an exploit
that compromises the defender. The push towards the Cloudification of
the world makes matters more challenging, as it lowers the cost of an attack,
with a de facto standardization on a set of protocols. The discovery of a vulnerability
now has a broader impact on various verticals (business use cases),
while previously, some were in a segregated protocol stack requiring independent
vulnerability research. Furthermore, defining a perimeter within a cloudified
system is non-trivial, whereas before, the dedicated equipment already
created a perimeter. This proposal takes the newer technologies of network
softwarization and virtualization, both Cloud-enablers, to create new dynamic
security mechanisms that address this asymmetric relationship using novel
Moving Target Defense (MTD) approaches. The effective use of the exploration
space, combined with the reconfiguration capabilities of frameworks like
Network Function Virtualization (NFV) and Management and Orchestration
(MANO), should allow for adjusting defense levels dynamically to achieve the
required security as defined by the currently acceptable risk. The optimization
tasks and integration tasks of this thesis explore these concepts. Furthermore,
the proposed novel mechanisms were evaluated in real-world use cases, such
as 5G networks or other Network Slicing enabled infrastructures.A relação entre atacantes e defensores tem sido tradicionalmente assimétrica,
com os atacantes a terem o tempo como vantagem para conceberem
uma exploração que comprometa o defensor. O impulso para a Cloudificação
do mundo torna a situação mais desafiante, pois reduz o custo de um
ataque, com uma padronização de facto sobre um conjunto de protocolos.
A descoberta de uma vulnerabilidade tem agora um impacto mais amplo em
várias verticais (casos de uso empresarial), enquanto anteriormente, alguns
estavam numa pilha de protocolos segregados que exigiam uma investigação
independente das suas vulnerabilidades. Além disso, a definição de um
perímetro dentro de um sistema Cloud não é trivial, enquanto antes, o equipamento
dedicado já criava um perímetro. Esta proposta toma as mais recentes
tecnologias de softwarização e virtualização da rede, ambas facilitadoras da
Cloud, para criar novos mecanismos dinâmicos de segurança que incidem sobre
esta relação assimétrica utilizando novas abordagens de Moving Target
Defense (MTD). A utilização eficaz do espaço de exploração, combinada com
as capacidades de reconfiguração de frameworks como Network Function
Virtualization (NFV) e Management and Orchestration (MANO), deverá permitir
ajustar dinamicamente os níveis de defesa para alcançar a segurança
necessária, tal como definida pelo risco actualmente aceitável. As tarefas de
optimização e de integração desta tese exploram estes conceitos. Além disso,
os novos mecanismos propostos foram avaliados em casos de utilização no
mundo real, tais como redes 5G ou outras infraestruturas de Network Slicing.Programa Doutoral em Engenharia Informátic
Machine Learning for Multi-Layer Open and Disaggregated Optical Networks
L'abstract è presente nell'allegato / the abstract is in the attachmen
A Latency-driven Availability Assessment for Multi-Tenant Service Chains
Nowadays, most telecommunication services adhere to the Service Function Chain (SFC) paradigm, where network functions are implemented via software. In particular, container virtualization is becoming a popular approach to deploy network functions and to enable resource slicing among several tenants. The resulting infrastructure is a complex system composed by a huge amount of containers implementing different SFC functionalities, along with different tenants sharing the same chain. The complexity of such a scenario lead us to evaluate two critical metrics: the steady-state availability (the probability that a system is functioning in long runs) and the latency (the time between a service request and the pertinent response). Consequently, we propose a latency-driven availability assessment for multi-tenant service chains implemented via Containerized Network Functions (CNFs). We adopt a multi-state system to model single CNFs and the queueing formalism to characterize the service latency. To efficiently compute the availability, we develop a modified version of the Multidimensional Universal Generating Function (MUGF) technique. Finally, we solve an optimization problem to minimize the SFC cost under an availability constraint. As a relevant example of SFC, we consider a containerized version of IP Multimedia Subsystem, whose parameters have been estimated through fault injection techniques and load tests
Profile-based Resource Allocation for Virtualized Network Functions
Accepted in IEEE TNSM Journalhttps://ieeexplore.ieee.org/document/8848599International audienceThe virtualization of compute and network resources enables an unseen flexibility for deploying network services. A wide spectrum of emerging technologies allows an ever-growing range of orchestration possibilities in cloud-based environments. But in this context it remains challenging to rhyme dynamic cloud configurations with deterministic performance. The service operator must somehow map the performance specification in the Service Level Agreement (SLA) to an adequate resource allocation in the virtualized infrastructure. We propose the use of a VNF profile to alleviate this process. This is illustrated by profiling the performance of four example network functions (a virtual router, switch, firewall and cache server) under varying workloads and resource configurations. We then compare several methods to derive a model from the profiled datasets. We select the most accurate method to further train a model which predicts the services' performance, in function of incoming workload and allocated resources. Our presented method can offer the service operator a recommended resource allocation for the targeted service, in function of the targeted performance and maximum workload specified in the SLA. This helps to deploy the softwarized service with an optimal amount of resources to meet the SLA requirements, thereby avoiding unnecessary scaling steps
NeutRAN: An Open RAN Neutral Host Architecture for Zero-Touch RAN and Spectrum Sharing
Obtaining access to exclusive spectrum, cell sites, Radio Access Network
(RAN) equipment, and edge infrastructure imposes major capital expenses to
mobile network operators. A neutral host infrastructure, by which a third-party
company provides RAN services to mobile operators through network
virtualization and slicing techniques, is seen as a promising solution to
decrease these costs. Currently, however, neutral host providers lack automated
and virtualized pipelines for onboarding new tenants and to provide elastic and
on-demand allocation of resources matching operators' requirements. To address
this gap, this paper presents NeutRAN, a zero-touch framework based on the
O-RAN architecture to support applications on neutral hosts and automatic
operator onboarding. NeutRAN builds upon two key components: (i) an
optimization engine to guarantee coverage and to meet quality of service
requirements while accounting for the limited amount of shared spectrum and RAN
nodes, and (ii) a fully virtualized and automated infrastructure that converts
the output of the optimization engine into deployable micro-services to be
executed at RAN nodes and cell sites. NeutRAN was prototyped on an OpenShift
cluster and on a programmable testbed with 4 base stations and 10 users from 3
different tenants. We evaluate its benefits, comparing it to a traditional
license-based RAN where each tenant has dedicated physical and spectrum
resources. We show that NeutRAN can deploy a fully operational neutral
host-based cellular network in around 10 seconds. Experimental results show
that it increases the cumulative network throughput by 2.18x and the per-user
average throughput by 1.73x in networks with shared spectrum blocks of 30 MHz.
NeutRAN provides a 1.77x cumulative throughput gain even when it can only
operate on a shared spectrum block of 10 MHz (one third of the spectrum used in
license-based RANs).Comment: 13 pages, 11 figures, 1 table. IEEE Transactions on Mobile Computing,
August 202
FlowDT: A Flow-aware Digital Twin for computer networks
Network modeling is an essential tool for network planning and management. It allows network administrators to explore the performance of new protocols, mechanisms, or optimal configurations without the need for testing them in real production networks. Recently, Graph Neural Networks (GNNs) have emerged as a practical solution to produce network models that can learn and extract complex patterns from real data without making any assumptions. However, state-of-the-art GNN-based network models only work with traffic matrices, this is a very coarse and simplified representation of network traffic. Although this assumption has shown to work well in certain use-cases, it is a limiting factor because, in practice, networks operate with flows. In this paper, we present FlowDT a new DL-based solution designed to model computer networks at the fine-grained flow level. In our evaluation, we show how FlowDT can accurately predict relevant per-flow performance metrics with an error of 3.5%, FlowDT’s performance is also benchmarked against vanilla DL models as well as with Queuing Theory.This work has been supported by the Spanish Government through project TRAINER-A (PID2020-118011GB-C21) with FEDER contribution and the Catalan Institution for Research and Advanced Studies (ICREA).Peer ReviewedPostprint (author's final draft
- …