Global state, local decisions: Decentralized NFV for ISPs via enhanced SDN

The network functions virtualization paradigm is rapidly gaining interest among Internet service providers. However, the transition to this paradigm on ISP networks comes with a unique set of challenges: legacy equipment already in place, heterogeneous traffic from multiple clients, and very large scalability requirements. In this article we thoroughly analyze such challenges and discuss NFV design guidelines that address them efficiently. Particularly, we show that a decentralization of NFV control while maintaining global state improves scalability, offers better per-flow decisions and simplifies the implementation of virtual network functions. Building on top of such principles, we propose a partially decentralized NFV architecture enabled via an enhanced software-defined networking infrastructure. We also perform a qualitative analysis of the architecture to identify advantages and challenges. Finally, we determine the bottleneck component, based on the qualitative analysis, which we implement and benchmark in order to assess the feasibility of the architecture.Peer ReviewedPostprint (author's final draft

Assessing the Performance of Virtualization Technologies for NFV: a Preliminary Benchmarking

The NFV paradigm transforms those applications executed for decades in dedicated appliances, into software images to be consolidated in standard server. Although NFV is implemented through cloud computing technologies (e.g., virtual machines, virtual switches), the network traffic that such components have to handle in NFV is different than the traffic they process when used in a cloud computing scenario. Then, this paper provides a (preliminary) benchmarking of the widespread virtualization technologies when used in NFV, which means when they are exploited to run the so called virtual network functions and to chain them in order to create complex services

Optimizing Service Chain ID Generation for Flow Rule Compression

Service Chain define the order in which a packet will go through middleboxes. Service Chaining provides opportunities for network and service providers to implement their services and policies with finer granularity of an individual user or an application. Software defined Networking (SDN) provides programmable and flexible way for implementing Service Chaining. SDN switches uses Ternary Content Addressable Memory (TCAM) for storing flow rules that decides the forwarding actions. A significant amount of research has been done on Service Chaining implementation but not satisfactory in terms of TCAM exhaustion, scalability and demand modification in middlebox software

Desarrollo de sondas de monitorización virtuales over-switch para entornos SDN

En los últimos años ha surgido con fuerza el concepto de la virtualización de funciones de red (NFV, Network Function Virtualization). La idea principal es prescindir del uso de middleboxes hardware e implementar las funciones de red virtualmente en software, de modo que se puedan instanciar dinámicamente en función de la demanda (VFNaaS). El mantenimiento y actualización se hace más simple y barato y permite la adaptación dinámica al tráfico de red. Otro concepto emergente son las redes definidas por software (SDN, Software Defined Networks), mediante la separación de los planos de control y datos permite abstraerse del hardware subyacente y aporta programabilidad de la red y una visión centralizada de la misma. SDN se complementan perfectamente con el paradigma de las funciones virtuales de red, simplificando la orquestación y el encadenamiento de las distintas funciones de red. En este trabajo, se han estudiado Mininet y Docker, como tecnologías de virtualización, junto con Open vSwitch para la integración de funciones virtuales de red para monitorización. El objetivo es instanciar fácil y dinámicamente las funciones de monitoreo. Se han desarrollado dos funciones software para la monitorización HTTP y para la detección de ataques por inundación de SYN. Se han llevado a cabo pruebas de rendimiento y funcionalidad. El troughput dentro de un contenedor se ha medido enviando a una tasa de 10Gbps, el troughput entre dos contenedores también se ha medido. Los test de funcionalidad han probado la movilidad de las NFV y verificado los datos obtenidos.In recent years, the concept of Network Function Virtualization (NFV) has grown strongly. The main idea is to dispense the use of hardware middleboxes and to implement the network functions virtually in software, so that it can be deployed dynamically and on demand (VNFaaS). Management and update process becomes simpler and cheaper, and it allows for the dynamic adaptation to network traffic. Another emerging concept is Software Defined Networks (SDN), that, by means of the separation of the control and data planes it allows abstracting from the underlying hardware. Additionally, allows for network programmability and provides a centralized view of it. SDN complements perfectly the NFV paradigm, simplifying the orquestation and the chaining of the network functions. In this project, Mininet and Docker have been studied as virtualization technologies along with Open vSwitch for the integration of software network functions for monitoring. The aim is to instantiate easily and dynamically the monitoring functions. Two software functions have been developed one for HTTP monitoring and the other for the detection of SYN-flood attacks. Performance and functionality tests have been carried out. The troughput inside de container have been measured forwarding traffic at a rate of 10Gbps, the troughput between two containers have also been measured. Functionality test have probed the NFV mobility and checked the reported data