Online Admission Control and Embedding of Service Chains

The virtualization and softwarization of modern computer networks enables the definition and fast deployment of novel network services called service chains: sequences of virtualized network functions (e.g., firewalls, caches, traffic optimizers) through which traffic is routed between source and destination. This paper attends to the problem of admitting and embedding a maximum number of service chains, i.e., a maximum number of source-destination pairs which are routed via a sequence of to-be-allocated, capacitated network functions. We consider an Online variant of this maximum Service Chain Embedding Problem, short OSCEP, where requests arrive over time, in a worst-case manner. Our main contribution is a deterministic O(log L)-competitive online algorithm, under the assumption that capacities are at least logarithmic in L. We show that this is asymptotically optimal within the class of deterministic and randomized online algorithms. We also explore lower bounds for offline approximation algorithms, and prove that the offline problem is APX-hard for unit capacities and small L > 2, and even Poly-APX-hard in general, when there is no bound on L. These approximation lower bounds may be of independent interest, as they also extend to other problems such as Virtual Circuit Routing. Finally, we present an exact algorithm based on 0-1 programming, implying that the general offline SCEP is in NP and by the above hardness results it is NP-complete for constant L.Comment: early version of SIROCCO 2015 pape

High performance network function virtualization for user-oriented services

The Network Function Virtualization (NFV) paradigm proposes to transform those network functions today running on dedicated and often closed appliances (e.g., firewall, wan accelerator) into pure software images, called Virtual Network Functions (VNFs), which can be consolidated and executed on high-volume standard servers. In this context, this dissertation focuses on the possibility of enabling each single end user (and not only network operators) to set up network services by means of NFV, allowing him to custoimize the set of services that are active on his Internet connection. This goal mainly requires to address flexibility and performance issues. Regarding to the former, it is important: (i) to support services including both network (e.g., firewall) and cloud (e.g., storage server) applications; (ii) to allow the user to define the service with an intuitive and high-level abstraction, hiding infrastructure-layer details. Instead, with respect to performance, multiple software-based services operating on the user's traffic should not introduce penalties in the user’s Internet experience. This dissertation solves the above issues by proposing a number of improvements in the context of Network Function Virtualization, both in terms of high level models and architectures to define and instantiate network services, and in terms of mechanisms to efficiently interconnect VNFs. Experimental results demonstrate that the goal of allowing end users to deploy services operating on their own traffic is feasible without impacting the Internet experience

A proposal for secured, efficient and scalable layer 2 network virtualisation mechanism

El contenidos de los capítulos 3 y 4 está sujeto a confidencialidad. 291 p.La Internet del Futuro ha emergido como un esfuerzo investigador para superar estas limitaciones identificadas en la actual Internet. Para ello es necesario investigar en arquitecturas y soluciones novedosas (evolutivas o rompedoras), y las plataformas de experimentación surgen para proporcionar un entorno realista para validar estas nuevas propuestas a gran escala.Debido a la necesidad de compartir la misma infraestructura y recursos para testear simultáneamente diversas propuestas de red, la virtualización de red es la clave del éxito. Se propone una nueva taxonomía para poder analizar y comparar las diferentes propuestas. Se identifican tres tipos: el Nodo Virtual (vNode), la Virtualización posibilitada por SDN (SDNeV) y el overlay.Además, se presentan las plataformas experimentales más relevantes, con un foco especial en la forma en la que cada una de ellas permite la investigación en propuestas de red, las cuales no cumplen todos estos requisitos impuestos: aislamiento, seguridad, flexibilidad, escalabilidad, estabilidad, transparencia, soporte para la investigación en propuestas de red. Por lo tanto, una nueva plataforma de experimentación ortogonal a la experimentación es necesaria.Las principales contribuciones de esta tesis, sustentadas sobre tecnología SDN y NFV, son también los elementos clave para construir la plataforma de experimentación: la Virtualización de Red basada en Prefijos de Nivel 2 (Layer 2 Prefix-based Network Virtualisation, L2PNV), un Protocolo para la Configuración de Direcciones MAC (MAC Address Configuration Protocol, MACP), y un sistema de Control de Acceso a Red basado en Flujos (Flow-based Network Access Control, FlowNAC).Como resultado, se ha desplegado en la Universidad del Pais Vasco (UPV/EHU) una nueva plataforma experimental, la Plataforma Activada por OpenFlow de EHU (EHU OpenFlow Enabled Facility, EHU-OEF), para experimentar y validar estas propuestas realizadas