Knowledge-based Intent Modeling for Next Generation Cellular Networks

Intent-based networking (IBN) facilitates the representation of consumer expectations in a declarative and domain-independent form. However, mapping intents to service and resource models remains an open challenge. IBN requires handling existing system data in a structured yet flexible structure way. Knowledge graphs provide an efficient conceptual framework for constructing contexts and organizing known information. We utilize knowledge graphs to construct a knowledge-based for modeling of intents in the networking domain. In addition, this work also proposes a knowledge-based intent modeling and processing methodology, extending the standardized intent common model proposed by TM Forum for next-generation cellular networks and services. The proposed knowledge-based IBN approach is demonstrated for next-generation cellular services, validating its potential.Comment: Accepted at MeditCom 202

From Category Theory to Functional Programming: A Formal Representation of Intent

The possibility of managing network infrastructures through software-based programmable interfaces is becoming a cornerstone in the evolution of communication networks. The Intent-Based Networking (IBN) paradigm is a novel declarative approach towards network management proposed by a few Standards Developing Organizations. This paradigm offers a high-level interface for network management that abstracts the underlying network infrastructure and allows the specification of network directives using natural language. Since the IBN concept is based on a declarative approach to network management and programmability, we argue that the use of declarative programming to achieve IBN could uncover valuable insights for this new network paradigm. This paper proposes a formalization of this declarative paradigm obtained with concepts from category theory. Taking this approach to Intent, an initial implementation of this formalization is presented using Haskell, a well-known functional programming language

Automated optimal firewall orchestration and configuration in virtualized networks

Emerging technologies such as Software-Defined Networking and Network Functions Virtualization are making the definition and configuration of network services more dynamic, thus making automatic approaches that can replace manual and error-prone tasks more feasible. In view of these considerations, this paper proposes a novel methodology to automatically compute the optimal allocation scheme and configuration of virtual firewalls within a user-defined network service graph subject to a corresponding set of security requirements. The presented framework adopts a formal approach based on the solution of a weighted partial MaxSMT problem, which also provides good confidence about the solution correctness. A prototype implementation of the proposed approach based on the z3 solver has been used for validation, showing the feasibility of the approach for problem instances requiring tens of virtual firewalls and similar numbers of security requirements

Sustainable cloud computing for cognitive intent based networks

Intent based networks enable auto-configuration and require low latency access to cloud platforms. The use of cloud platforms incurs high operational costs. Low latency access can be realized by siting data centres close to subscribers. This paper proposes aquaria data centers with low operating costs and latency. In LTE, cloud platforms are normally accessed via the packet network gateway reachable via the serving gateway and mobility management entity. Aquaria data centers are sited close to LTE subscribers and accessed via the mobility management entity. This reduces the size of control packets in the LTE network. Simulations show that the proposed architecture reduces the size of control packets by up to 49.7% and 99.3% when header packets are uncompressed and compressed respectively. The delay associated with receiving configuration information is reduced by 50% on average. The channelcapacity is enhanced by up to 22.8% on average. Keywords: Data centers, LTE-Advanced, Peak Age of Information, Channel Capacity, Header (Control) Packe

To All Intents and Purposes:Towards Flexible Intent Expression

Intent-based networking provides an efficient mechanism to manage complexity in network management. The paradigm allows users to express their network requirements, and an autonomic framework translates them into a network configuration. Existing efforts focus primarily on modeling connectivity intents for end-users. Nonetheless, in order to deliver autonomic behavior in network management, an intent system must support a wider range of network management processes and model human-to-human interactions, essential for network operation. Furthermore, such interactions may involve nontechnical users and require the design of novel interfaces, supporting free-text and conversational intent expression. Towards this goal, we present an intent architecture that supports novel network management intents, such as network path rerouting and applying periods of ’service protection’. The paper includes details of our prototype implementation that is capable of deploying such intents in under five seconds in a large mininet topology

Intent-based network slicing for SDN vertical services with assurance: Context, design and preliminary experiments

Network slicing is announced to be one of the key features for 5G infrastructures enabling network operators to provide network services with the flexibility and dynamicity necessary for the vertical services, while relying on Network Function Virtualization (NFV) and Software-defined Networking (SDN). On the other hand, vertical industries are attracted by flexibility and customization offered by operators through network slicing, especially if slices come with in-built SDN capabilities to programmatically connect their application components and if they are relieved of dealing with detailed technicalities of the underlying (virtual) infrastructure. In this paper, we present an Intent-based deployment of a NFV orchestration stack that allows for the setup of Qos-aware and SDN-enabled network slices toward effective service chaining in the vertical domain. The main aim of the work is to simplify and automate the deployment of tenant-managed SDN-enabled network slices through a declarative approach while abstracting the underlying implementation details and unburdening verticals to deal with technology-specific low-level networking directives. In our approach, the intent-based framework we propose is based on an ETSI NFV MANO platform and is assessed through a set of experimental results demonstrating its feasibility and effectiveness

Automated service provisioning in programmable network infrastructures

Modern networks are undergoing a fast and drastic evolution, with software taking a more predominant role. Virtualization and cloud-like approaches are replacing physical network appliances, reducing the management burden of the operators. Furthermore, networks now expose programmable interfaces for fast and dynamic control over traffic forwarding. This evolution is backed by standard organizations such as ETSI, 3GPP, and IETF. This thesis will describe which are the main trends in this evolution. Then, it will present solutions developed during the three years of Ph.D. to exploit the capabilities these new technologies offer and to study their possible limitations to push further the state-of-the-art. Namely, it will deal with programmable network infrastructure, introducing the concept of Service Function Chaining (SFC) and presenting two possible solutions, one with Openstack and OpenFlow and the other using Segment Routing and IPv6. Then, it will continue with network service provisioning, presenting concepts from Network Function Virtualization (NFV) and Multi-access Edge Computing (MEC). These concepts will be applied to network slicing for mission-critical communications and Industrial IoT (IIoT). Finally, it will deal with network abstraction, with a focus on Intent Based Networking (IBN). To summarize, the thesis will include solutions for data plane programming with evaluation on well-known platforms, performance metrics on virtual resource allocations, novel practical application of network slicing on mission-critical communications, an architectural proposal and its implementation for edge technologies in Industrial IoT scenarios, and a formal definition of intent using a category theory approach

AUTOMATED NETWORK SECURITY WITH EXCEPTIONS USING SDN

Campus networks have recently experienced a proliferation of devices ranging from personal use devices (e.g. smartphones, laptops, tablets), to special-purpose network equipment (e.g. firewalls, network address translation boxes, network caches, load balancers, virtual private network servers, and authentication servers), as well as special-purpose systems (badge readers, IP phones, cameras, location trackers, etc.). To establish directives and regulations regarding the ways in which these heterogeneous systems are allowed to interact with each other and the network infrastructure, organizations typically appoint policy writing committees (PWCs) to create acceptable use policy (AUP) documents describing the rules and behavioral guidelines that all campus network interactions must abide by. While users are the audience for AUP documents produced by an organization\u27s PWC, network administrators are the responsible party enforcing the contents of such policies using low-level CLI instructions and configuration files that are typically difficult to understand and are almost impossible to show that they do, in fact, enforce the AUPs. In other words, mapping the contents of imprecise unstructured sentences into technical configurations is a challenging task that relies on the interpretation and expertise of the network operator carrying out the policy enforcement. Moreover, there are multiple places where policy enforcement can take place. For example, policies governing servers (e.g., web, mail, and file servers) are often encoded into the server\u27s configuration files. However, from a security perspective, conflating policy enforcement with server configuration is a dangerous practice because minor server misconfigurations could open up avenues for security exploits. On the other hand, policies that are enforced in the network tend to rarely change over time and are often based on one-size-fits-all policies that can severely limit the fast-paced dynamics of emerging research workflows found in campus networks. This dissertation addresses the above problems by leveraging recent advances in Software-Defined Networking (SDN) to support systems that enable novel in-network approaches developed to support an organization\u27s network security policies. Namely, we introduce PoLanCO, a human-readable yet technically-precise policy language that serves as a middle-ground between the imprecise statements found in AUPs and the technical low-level mechanisms used to implement them. Real-world examples show that PoLanCO is capable of implementing a wide range of policies found in campus networks. In addition, we also present the concept of Network Security Caps, an enforcement layer that separates server/device functionality from policy enforcement. A Network Security Cap intercepts packets coming from, and going to, servers and ensures policy compliance before allowing network devices to process packets using the traditional forwarding mechanisms. Lastly, we propose the on-demand security exceptions model to cope with the dynamics of emerging research workflows that are not suited for a one-size-fits-all security approach. In the proposed model, network users and providers establish trust relationships that can be used to temporarily bypass the policy compliance checks applied to general-purpose traffic -- typically by network appliances that perform Deep Packet Inspection, thereby creating network bottlenecks. We describe the components of a prototype exception system as well as experiments showing that through short-lived exceptions researchers can realize significant improvements for their special-purpose traffic