Container network functions: bringing NFV to the network edge

In order to cope with the increasing network utilization driven by new mobile clients, and to satisfy demand for new network services and performance guarantees, telecommunication service providers are exploiting virtualization over their network by implementing network services in virtual machines, decoupled from legacy hardware accelerated appliances. This effort, known as NFV, reduces OPEX and provides new business opportunities. At the same time, next generation mobile, enterprise, and IoT networks are introducing the concept of computing capabilities being pushed at the network edge, in close proximity of the users. However, the heavy footprint of today's NFV platforms prevents them from operating at the network edge. In this article, we identify the opportunities of virtualization at the network edge and present Glasgow Network Functions (GNF), a container-based NFV platform that runs and orchestrates lightweight container VNFs, saving core network utilization and providing lower latency. Finally, we demonstrate three useful examples of the platform: IoT DDoS remediation, on-demand troubleshooting for telco networks, and supporting roaming of network functions

Residential wireless interfaces virtualization: a feasibility study

This paper investigates the possibility of virtualizing and distributing the functionality that runs on top of residential wireless communications. Specifically, we propose, describe and test a solution that transports USB communications to remote locations, for scenarios in which the in-home wireless interfaces are consumed at the server side through this type of general-purpose and widely used interfaces. We frame this study in a general architecture by which Software Defined Networking (SDN) and Network Functions Virtualization (NFV) bring economies of scale, flexibility and programmability to residential Internet of Things (IoT) environments. As a result of our tests, we prove the feasibility of the remote presence of the IoT systems through the Universal Serial Bus (USB) tunnels, and we obtain approximate bandwidth measurements that serve as a hint on the type of services that can be offloaded to the cloud. For those functionalities that would need more bandwidth, we propose to embed a lightweight virtualization environment in home and to execute in it part of the virtualized components, something that is in line with the recent fog computing approaches

Improving the performance of Virtualized Network Services based on NFV and SDN

Network Functions Virtualisation (NFV) proposes to move all the traditional network appliances, which require dedicated physical machine, onto virtualised environment (e.g,. Virtual Machine). In this way, many of the current physical devices present in the infrastructure are replaced with standard high volume servers, which could be located in Datacenters, at the edge of the network and in the end user premises. This enables a reduction of the required physical resources thanks to the use of virtualization technologies, already used in cloud computing, and allows services to be more dynamic and scalable. However, differently from traditional cloud applications which are rather demanding in terms of CPU power, network applications are mostly I/O bound, hence the virtualization technologies in use (either standard VM-based or lightweight ones) need to be improved to maximize the network performance. A series of Virtual Network Functions (VNFs) can be connected to each other thanks to Software-Defined Networks (SDN) technologies (e.g., OpenFlow) to create a Network Function Forwarding Graph (NF-FG) that processes the network traffic in the configured order of the graph. Using NF-FGs it is possible to create arbitrary chains of services, and transparently configure different virtualized network services, which can be dynamically instantiated and rearranges depending on the requested service and its requirements. However, the above virtualized technologies are rather demanding in terms of hardware resources (mainly CPU and memory), which may have a non-negligible impact on the cost of providing the services according to this paradigm. This thesis will investigate this problem, proposing a set of solutions that enable the novel NFV paradigm to be efficiently used, hence being able to guarantee both flexibility and efficiency in future network services

On the security of software-defined next-generation cellular networks

In the recent years, mobile cellular networks are ndergoing fundamental changes and many established concepts are being revisited. Future 5G network architectures will be designed to employ a wide range of new and emerging technologies such as Software Defined Networking (SDN) and Network Functions Virtualization (NFV). These create new virtual network elements each affecting the logic of the network management and operation, enabling the creation of new generation services with substantially higher data rates and lower delays. However, new security challenges and threats are also introduced. Current Long-Term Evolution (LTE) networks are not able to accommodate these new trends in a secure and reliable way. At the same time, novel 5G systems have proffered invaluable opportunities of developing novel solutions for attack prevention, management, and recovery. In this paper, first we discuss the main security threats and possible attack vectors in cellular networks. Second, driven by the emerging next-generation cellular networks, we discuss the architectural and functional requirements to enable appropriate levels of security

Distributed services across the network from edge to core

The current internet architecture is evolving from a simple carrier of bits to a platform able to provide multiple complex services running across the entire Network Service Provider (NSP) infrastructure. This calls for increased flexibility in resource management and allocation to provide dedicated, on-demand network services, leveraging a distributed infrastructure consisting of heterogeneous devices. More specifically, NSPs rely on a plethora of low-cost Customer Premise Equipment (CPE), as well as more powerful appliances at the edge of the network and in dedicated data-centers. Currently a great research effort is spent to provide this flexibility through Fog computing, Network Functions Virtualization (NFV), and data plane programmability. Fog computing or Edge computing extends the compute and storage capabilities to the edge of the network, closer to the rapidly growing number of connected devices and applications that consume cloud services and generate massive amounts of data. A complementary technology is NFV, a network architecture concept targeting the execution of software Network Functions (NFs) in isolated Virtual Machines (VMs), potentially sharing a pool of general-purpose hosts, rather than running on dedicated hardware (i.e., appliances). Such a solution enables virtual network appliances (i.e., VMs executing network functions) to be provisioned, allocated a different amount of resources, and possibly moved across data centers in little time, which is key in ensuring that the network can keep up with the flexibility in the provisioning and deployment of virtual hosts in today’s virtualized data centers. Moreover, recent advances in networking hardware have introduced new programmable network devices that can efficiently execute complex operations at line rate. As a result, NFs can be (partially or entirely) folded into the network, speeding up the execution of distributed services. The work described in this Ph.D. thesis aims at showing how various network services can be deployed throughout the NSP infrastructure, accommodating to the different hardware capabilities of various appliances, by applying and extending the above-mentioned solutions. First, we consider a data center environment and the deployment of (virtualized) NFs. In this scenario, we introduce a novel methodology for the modelization of different NFs aimed at estimating their performance on different execution platforms. Moreover, we propose to extend the traditional NFV deployment outside of the data center to leverage the entire NSP infrastructure. This can be achieved by integrating native NFs, commonly available in low-cost CPEs, with an existing NFV framework. This facilitates the provision of services that require NFs close to the end user (e.g., IPsec terminator). On the other hand, resource-hungry virtualized NFs are run in the NSP data center, where they can take advantage of the superior computing and storage capabilities. As an application, we also present a novel technique to deploy a distributed service, specifically a web filter, to leverage both the low latency of a CPE and the computational power of a data center. We then show that also the core network, today dedicated solely to packet routing, can be exploited to provide useful services. In particular, we propose a novel method to provide distributed network services in core network devices by means of task distribution and a seamless coordination among the peers involved. The aim is to transform existing network nodes (e.g., routers, switches, access points) into a highly distributed data acquisition and processing platform, which will significantly reduce the storage requirements at the Network Operations Center and the packet duplication overhead. Finally, we propose to use new programmable network devices in data center networks to provide much needed services to distributed applications. By offloading part of the computation directly to the networking hardware, we show that it is possible to reduce both the network traffic and the overall job completion time

Experimental design for a next generation residential gateway

Puolella eurooppalaisista kotitalouksista on laajakaistaliittymä. Yleensä käyttäjä kytkeytyy ulkoiseen verkkoon kotireitittimen avulla (residential gateway). Internet-yhteyden ja IP-perustaisten palveluiden kuten VoIP- ja IPTV-palveluiden lisäksi kotireititin muodostaa kotiverkon ytimen kodin verkkolaitteiden liittyessä siihen. Kotiverkkojen lukumäärän ja koon kasvun seurauksena kotiverkoissa voidaan tunnistaa kolme ongelmaa. Ensinnäkin kotiverkkojen hallinta on haastavaa kotiverkossa tuettavien verkkotekniikoiden ja laitteiden määrän kasvaessa. Toiseksi sisällönhallinta. on monimutkaistunut käyttäjien luodessa ja kuluttaessa yhä enemmän sisältöä. Kolmanneksi uudet verkkoperustaiset tekniikat kuten sähköisen terveydenhuollon ratkaisut (e-health) integroituvat usein heikosti olemassa olevien kotiverkkolaitteiden kanssa. Tässä diplomityössä edellä mainittuihin ongelmiin pyritään löytämään yhtenäinen ratkaisu kotireititintä apuna käyttäen. Työssä analysoidaan uudentyyppisen kotireitittimen vaatimuksia käyttämällä hyväksi joukkoa käyttötapauksia. Vaativuusanalyysin perusteella luodaan malli, joka sisältää seuraavat pääkomponentit. (i) Virtuaalisointitekniikkaan pohjautuva kotireititinarkkitehtuuri. (ii) Kotireititinperustainen mekanismi yhteisöverkostoiden pystyttämiseen kotiverkkojen välillä. (iii) Hajautettu tiedostojärjestelmä yhteisöverkkojen pystyttämiseksi ja parannetun sisällönhallinnan ja sisällön jakamisen mahdollistamiseksi. (iv) Mekanismeja joiden avulla vierailevat käyttäjät voivat hyödyntää muiden käyttäjien kotireitittimien resursseja. Työssä. toteutetaan em. ydintoimintoja laaditun mallin perusteella ja toteutuksen toimivuus verifioidaan käyttötapauksiin perustuvalla testauksellaToday over half of the European homes have a broadband Internet connection. Typically, this connection is enabled through a residential gateway device at the users' premises. In addition to facilitating triple play services, this gateway also forms the core of users' home networks by connecting their network-enabled devices. While the number and the size of such home networks keep on increasing, three major problems can be identified in current systems. First, home network management is getting increasingly complex, and a growing number of networking technologies and connected devices must be supported and managed. Second, content management has become difficult. Users are generating an increasing amount of content and this content is stored (and sometimes shared) in an almost anarchical manner across different home network devices as well as online. Third, new network-enabled services, such as e-health systems, are emerging, but are typically poorly integrated into existing home networks. There is a clear need for home networking solutions that address these problems. In this thesis, we adopt a gateway-centric approach to address these problems in a unified manner. We concretise the requirements for a next generation residential gateway by analysing a set of future home networking use cases. These requirements serve as input to our gateway system design. In summary, our design includes the following main components. (i) A residential gateway architecture based on virtualization. This enables new features and new ways to implement the other components of our design. (ii) A gateway-based mechanism to set up community networks between different home networks. (iii) A distributed file system to establish community networks and to enable improved content management and sharing. (iv) Mechanisms for visiting gateway users to utilize other users' gateway resources. We implement these core functionalities and develop a proof-of concept prototype. We successfully validate our prototype through use case driven testbed experiments. Finally, we believe that the insights gained from this study and the prototype implementations are important overall contributions that can be used in the future research to further explore the limitations and opportunities of this gateway-centric approach

Stimulating green FTTH networks using home router virtualization

Telecom networks consume a considerable amount of electrical energy and according to the environmental guidelines, just as other businesses, telecom should aim at continuously lowering this consumption. Still in a telecom network a lot of the energy consumption is hidden under the radar, as a large part of the energy consumption is caused by the customer premises equipment (CPE), often installed by the network operator. As this equipment is consuming energy from the customer's side, the telecom operator is not confronted with the energy consumption of this equipment. This also means that the operator gains by any reduction in the cost of the CPE, regardless of whether this involves the installation of less energy efficient equipment. In this paper we investigate the use of a bridged CPE solution and a home router virtualization network solution, in which part of the functionality of a CPE is moved into the network operator equipment and as such reduce the energy consumption by equipment aggregation and specialization. In this paper, we show that this will at the same time reduce costs and as such could be a positive action for the operator, simultaneously reducing the power consumption of the CPE. On top of this bridged CPE, the incentives required to stimulate operators to introduce more energy efficient CPE equipment faster in the network are estimated. Finally, by means of game theory, we propose a method to investigate how the incentives should be placed in order to stimulate green FTTH massive deployments