Performance Modeling of Softwarized Network Services Based on Queuing Theory with Experimental Validation

Network Functions Virtualization facilitates the automation of the scaling of softwarized network services (SNSs). However, the realization of such a scenario requires a way to determine the needed amount of resources so that the SNSs performance requisites are met for a given workload. This problem is known as resource dimensioning, and it can be efficiently tackled by performance modeling. In this vein, this paper describes an analytical model based on an open queuing network of G/G/m queues to evaluate the response time of SNSs. We validate our model experimentally for a virtualized Mobility Management Entity (vMME) with a three-tiered architecture running on a testbed that resembles a typical data center virtualization environment. We detail the description of our experimental setup and procedures. We solve our resulting queueing network by using the Queueing Networks Analyzer (QNA), Jackson’s networks, and Mean Value Analysis methodologies, and compare them in terms of estimation error. Results show that, for medium and high workloads, the QNA method achieves less than half of error compared to the standard techniques. For low workloads, the three methods produce an error lower than 10%. Finally, we show the usefulness of the model for performing the dynamic provisioning of the vMME experimentally.This work has been partially funded by the H2020 research and innovation project 5G-CLARITY (Grant No. 871428)National research project 5G-City: TEC2016-76795-C6-4-RSpanish Ministry of Education, Culture and Sport (FPU Grant 13/04833). We would also like to thank the reviewers for their valuable feedback to enhance the quality and contribution of this wor

Enabling Scalable and Sustainable Softwarized 5G Environments

The fifth generation of telecommunication systems (5G) is foreseen to play a fundamental role in our socio-economic growth by supporting various and radically new vertical applications (such as Industry 4.0, eHealth, Smart Cities/Electrical Grids, to name a few), as a one-fits-all technology that is enabled by emerging softwarization solutions \u2013 specifically, the Fog, Multi-access Edge Computing (MEC), Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) paradigms. Notwithstanding the notable potential of the aforementioned technologies, a number of open issues still need to be addressed to ensure their complete rollout. This thesis is particularly developed towards addressing the scalability and sustainability issues in softwarized 5G environments through contributions in three research axes: a) Infrastructure Modeling and Analytics, b) Network Slicing and Mobility Management, and c) Network/Services Management and Control. The main contributions include a model-based analytics approach for real-time workload profiling and estimation of network key performance indicators (KPIs) in NFV infrastructures (NFVIs), as well as a SDN-based multi-clustering approach to scale geo-distributed virtual tenant networks (VTNs) and to support seamless user/service mobility; building on these, solutions to the problems of resource consolidation, service migration, and load balancing are also developed in the context of 5G. All in all, this generally entails the adoption of Stochastic Models, Mathematical Programming, Queueing Theory, Graph Theory and Team Theory principles, in the context of Green Networking, NFV and SDN

Mecanismos dinâmicos de segurança para redes softwarizadas e virtualizadas

The relationship between attackers and defenders has traditionally been asymmetric, with attackers having time as an upper hand to devise an exploit that compromises the defender. The push towards the Cloudification of the world makes matters more challenging, as it lowers the cost of an attack, with a de facto standardization on a set of protocols. The discovery of a vulnerability now has a broader impact on various verticals (business use cases), while previously, some were in a segregated protocol stack requiring independent vulnerability research. Furthermore, defining a perimeter within a cloudified system is non-trivial, whereas before, the dedicated equipment already created a perimeter. This proposal takes the newer technologies of network softwarization and virtualization, both Cloud-enablers, to create new dynamic security mechanisms that address this asymmetric relationship using novel Moving Target Defense (MTD) approaches. The effective use of the exploration space, combined with the reconfiguration capabilities of frameworks like Network Function Virtualization (NFV) and Management and Orchestration (MANO), should allow for adjusting defense levels dynamically to achieve the required security as defined by the currently acceptable risk. The optimization tasks and integration tasks of this thesis explore these concepts. Furthermore, the proposed novel mechanisms were evaluated in real-world use cases, such as 5G networks or other Network Slicing enabled infrastructures.A relação entre atacantes e defensores tem sido tradicionalmente assimétrica, com os atacantes a terem o tempo como vantagem para conceberem uma exploração que comprometa o defensor. O impulso para a Cloudificação do mundo torna a situação mais desafiante, pois reduz o custo de um ataque, com uma padronização de facto sobre um conjunto de protocolos. A descoberta de uma vulnerabilidade tem agora um impacto mais amplo em várias verticais (casos de uso empresarial), enquanto anteriormente, alguns estavam numa pilha de protocolos segregados que exigiam uma investigação independente das suas vulnerabilidades. Além disso, a definição de um perímetro dentro de um sistema Cloud não é trivial, enquanto antes, o equipamento dedicado já criava um perímetro. Esta proposta toma as mais recentes tecnologias de softwarização e virtualização da rede, ambas facilitadoras da Cloud, para criar novos mecanismos dinâmicos de segurança que incidem sobre esta relação assimétrica utilizando novas abordagens de Moving Target Defense (MTD). A utilização eficaz do espaço de exploração, combinada com as capacidades de reconfiguração de frameworks como Network Function Virtualization (NFV) e Management and Orchestration (MANO), deverá permitir ajustar dinamicamente os níveis de defesa para alcançar a segurança necessária, tal como definida pelo risco actualmente aceitável. As tarefas de optimização e de integração desta tese exploram estes conceitos. Além disso, os novos mecanismos propostos foram avaliados em casos de utilização no mundo real, tais como redes 5G ou outras infraestruturas de Network Slicing.Programa Doutoral em Engenharia Informátic

Machine Learning for Multi-Layer Open and Disaggregated Optical Networks

L'abstract è presente nell'allegato / the abstract is in the attachmen

A Latency-driven Availability Assessment for Multi-Tenant Service Chains

Nowadays, most telecommunication services adhere to the Service Function Chain (SFC) paradigm, where network functions are implemented via software. In particular, container virtualization is becoming a popular approach to deploy network functions and to enable resource slicing among several tenants. The resulting infrastructure is a complex system composed by a huge amount of containers implementing different SFC functionalities, along with different tenants sharing the same chain. The complexity of such a scenario lead us to evaluate two critical metrics: the steady-state availability (the probability that a system is functioning in long runs) and the latency (the time between a service request and the pertinent response). Consequently, we propose a latency-driven availability assessment for multi-tenant service chains implemented via Containerized Network Functions (CNFs). We adopt a multi-state system to model single CNFs and the queueing formalism to characterize the service latency. To efficiently compute the availability, we develop a modified version of the Multidimensional Universal Generating Function (MUGF) technique. Finally, we solve an optimization problem to minimize the SFC cost under an availability constraint. As a relevant example of SFC, we consider a containerized version of IP Multimedia Subsystem, whose parameters have been estimated through fault injection techniques and load tests

Profile-based Resource Allocation for Virtualized Network Functions

Accepted in IEEE TNSM Journalhttps://ieeexplore.ieee.org/document/8848599International audienceThe virtualization of compute and network resources enables an unseen flexibility for deploying network services. A wide spectrum of emerging technologies allows an ever-growing range of orchestration possibilities in cloud-based environments. But in this context it remains challenging to rhyme dynamic cloud configurations with deterministic performance. The service operator must somehow map the performance specification in the Service Level Agreement (SLA) to an adequate resource allocation in the virtualized infrastructure. We propose the use of a VNF profile to alleviate this process. This is illustrated by profiling the performance of four example network functions (a virtual router, switch, firewall and cache server) under varying workloads and resource configurations. We then compare several methods to derive a model from the profiled datasets. We select the most accurate method to further train a model which predicts the services' performance, in function of incoming workload and allocated resources. Our presented method can offer the service operator a recommended resource allocation for the targeted service, in function of the targeted performance and maximum workload specified in the SLA. This helps to deploy the softwarized service with an optimal amount of resources to meet the SLA requirements, thereby avoiding unnecessary scaling steps

NeutRAN: An Open RAN Neutral Host Architecture for Zero-Touch RAN and Spectrum Sharing

Obtaining access to exclusive spectrum, cell sites, Radio Access Network (RAN) equipment, and edge infrastructure imposes major capital expenses to mobile network operators. A neutral host infrastructure, by which a third-party company provides RAN services to mobile operators through network virtualization and slicing techniques, is seen as a promising solution to decrease these costs. Currently, however, neutral host providers lack automated and virtualized pipelines for onboarding new tenants and to provide elastic and on-demand allocation of resources matching operators' requirements. To address this gap, this paper presents NeutRAN, a zero-touch framework based on the O-RAN architecture to support applications on neutral hosts and automatic operator onboarding. NeutRAN builds upon two key components: (i) an optimization engine to guarantee coverage and to meet quality of service requirements while accounting for the limited amount of shared spectrum and RAN nodes, and (ii) a fully virtualized and automated infrastructure that converts the output of the optimization engine into deployable micro-services to be executed at RAN nodes and cell sites. NeutRAN was prototyped on an OpenShift cluster and on a programmable testbed with 4 base stations and 10 users from 3 different tenants. We evaluate its benefits, comparing it to a traditional license-based RAN where each tenant has dedicated physical and spectrum resources. We show that NeutRAN can deploy a fully operational neutral host-based cellular network in around 10 seconds. Experimental results show that it increases the cumulative network throughput by 2.18x and the per-user average throughput by 1.73x in networks with shared spectrum blocks of 30 MHz. NeutRAN provides a 1.77x cumulative throughput gain even when it can only operate on a shared spectrum block of 10 MHz (one third of the spectrum used in license-based RANs).Comment: 13 pages, 11 figures, 1 table. IEEE Transactions on Mobile Computing, August 202

FlowDT: A Flow-aware Digital Twin for computer networks

Network modeling is an essential tool for network planning and management. It allows network administrators to explore the performance of new protocols, mechanisms, or optimal configurations without the need for testing them in real production networks. Recently, Graph Neural Networks (GNNs) have emerged as a practical solution to produce network models that can learn and extract complex patterns from real data without making any assumptions. However, state-of-the-art GNN-based network models only work with traffic matrices, this is a very coarse and simplified representation of network traffic. Although this assumption has shown to work well in certain use-cases, it is a limiting factor because, in practice, networks operate with flows. In this paper, we present FlowDT a new DL-based solution designed to model computer networks at the fine-grained flow level. In our evaluation, we show how FlowDT can accurately predict relevant per-flow performance metrics with an error of 3.5%, FlowDT’s performance is also benchmarked against vanilla DL models as well as with Queuing Theory.This work has been supported by the Spanish Government through project TRAINER-A (PID2020-118011GB-C21) with FEDER contribution and the Catalan Institution for Research and Advanced Studies (ICREA).Peer ReviewedPostprint (author's final draft