In the Direction of Service Guarantees for Virtualized Network Functions

The trend of consolidating network functions from specialized hardware to software running on virtualization servers brings significant advantages for reducing costs and simplifying service deployment. However, virtualization techniques have significant limitations when it comes to networking as there is no support for guaranteeing that network functions meet their service requirements. In this paper, we present a design for providing service guarantees to virtualized network functions based on rate control. The design is a combination of rate regulation through token bucket filters and the regular scheduling mechanisms in operating systems. It has the attractive property that traffic profiles are maintained throughout a series of network functions, which makes it well suited for service function chaining. We discuss implementation alternatives for the design and demonstrate how it can be implemented on two virtualization platforms: LXC containers and the KVM hypervisor. To evaluate the design, we conduct experiments where we measure throughput and latency using IP forwarders (routers) as examples of virtual network functions. Two significant factors for performance are investigated: the design of token buckets and the packet clustering effect that comes from scheduling. Finally, we demonstrate how performance guarantees are achieved for rate-controlled virtual routers under different scenarios.publishedVersio

Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction

A revolution in network technology has been ushered in by software defined networking (SDN), which makes it possible to control the network from a central location and provides an overview of the network’s security. Despite this, SDN has a single point of failure that increases the risk of potential threats. Network intrusion detection systems (NIDS) prevent intrusions into a network and preserve the network’s integrity, availability, and confidentiality. Much work has been done on NIDS but there are still improvements needed in reducing false alarms and increasing threat detection accuracy. Recently advanced approaches such as deep learning (DL) and machine learning (ML) have been implemented in SDN-based NIDS to overcome the security issues within a network. In the first part of this survey paper, we offer an introduction to the NIDS theory, as well as recent research that has been conducted on the topic. After that, we conduct a thorough analysis of the most recent ML- and DL-based NIDS approaches to ensure reliable identification of potential security risks. Finally, we focus on the opportunities and difficulties that lie ahead for future research on SDN-based ML and DL for NIDS.publishedVersio

Performance, Isolation and Service Guarantees in Virtualized Network Functions

A network is generally a collection of different hardware-based network devices carrying out various network functions, (NF). These NF implementations are special purpose and expensive. Network function virtualization (NFV) is an alternative which uses software-based implementation of NFs in inexpensive commodity servers. However, it is challenging to achieve high networking performance due to bottlenecks in software, particularly in a virtualized environment where NFs are implemented inside the virtual machines (VM). The performance isolation is yet another challenge, which means that the load on one VM should not affect the performance of other VMs. However, it is difficult to provide performance isolation due to resource contention in a commodity server. Furthermore, different NFs may require different service guarantees which are difficult to ensure due to the non-deterministic performance behavior of a commodity server. In this thesis we investigate how the challenges of performance, isolation and service guarantees can be addressed for virtual routers (VR), as an example of a virtualized NF. It is argued that the forwarding path of a VR can be modified in an efficient manner in order to improve the forwarding performance. When it comes to performance isolation, poor isolation is observed due to shared network queues and CPU sharing among VRs. We propose a design with SR-IOV, which allows reserving a network queue and CPU core for each VR. As a result, the resource contention is reduced and strong performance isolation is achieved. Finally, it is investigated how average throughput and bounded packet delay can be guaranteed to VRs. We argue that a classic rate-controlled service discipline can be adapted in a virtual environment to achieve service guarantees. We demonstrate that firm service guarantees can be achieved with little overhead of adding token bucket regulator in the forwarding path of a VR.QC 20170511</p

An approach towards resource efficient virtual network embedding

Network virtualization is at the heart of efforts to end Internet ossification, and utilize network infrastructure efficiently. The key concept is to share the infrastructure resources among many users at the same time and in such a way to enable them to deploy the required architectures. This leads to virtual networks (VNs), demanding different resources that have to be embedded on the underlying shared infrastructure network. The requirements of a VN can be based on factors such as, the type of traffic it needs to carry. Some portion of the same resources (substrate resources) needs to be assigned to every VN and the substrate resources are also finite. Thus, a mechanism needs to be devised in order to schedule the resources. This embedding process with resource constraints on virtual nodes and links to be applied on the substrate, which also has limited resources, is challenging and corresponds to the category of NP-hard problems. In this paper, we propose an approach to solve this problem by mapping the vertices of the VN as closely as possible in the substrate network and then assigning virtual edges to the shortest paths which satisfy their demands. This could enable the substrate to accommodate more VNs in the same resource database and hence optimize the substrate's bandwidth utilization. To the best of our knowledge closest node mapping proposed in this solution is a novel approach and is evaluated and compared to the existing approach of greedy node mapping in different scenarios. The sensitivity analysis by varying the different parameters and their effect on mapping VNs is also presented.© 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works

Data Plane Optimization in Open Virtual Routers

A major challenge in network virtualization is to virtualize the components constituting the network, in particular the routers. In the work presented here, we focus on how to use open source Linux software in combination with commodity hardware to build open virtual routers. A general approach in open router virtualization is to run multiple virtual instances in parallel on the same PC hardware. This means that virtual components are combined in the router’s data plane, which can result in performance penalty. In this paper, we investigate the impact of the design of virtual network devices on router performance in Linux namespace environment. We identify performance bottlenecks along the packet data path. We suggest design changes to improve performance. In particular, we investigate modifications of the ―macvlan‖ device, and analyze the performance improvements in terms of packet forwarding. We also investigate how the number of virtual routers and virtual devices within a physical machine influence performance.QC 20120109Proceedings ISBN: 978-3-642-20756-3</p

Site-to-Site VPN Technologies : A Survey

Virtual Private Network (VPN) is a popular way to build private networks using shared network infrastructure. A variety of VPN technologies exist today operating on different layers of OSI model. This paper presents a detailed survey and provides a classification of various types of VPNs. Layer 1 VPN is also included which is an emerging technology. Services offered by each VPN with implementation methods are described. Protocols, tunneling mechanisms and hardware components used for the deployment are also explored.Qc 2012020

In the Direction of Service Guarantees for Virtualized Network Functions

The trend of consolidating network functions from specialized hardware to software running on virtualization servers brings significant advantages for reducing costs and simplifying service deployment. However, virtualization techniques have significant limitations when it comes to networking as there is no support for guaranteeing that network functions meet their service requirements. In this paper, we present a design for providing service guarantees to virtualized network functions based on rate control. The design is a combination of rate regulation through token bucket filters and the regular scheduling mechanisms in operating systems. It has the attractive property that traffic profiles are maintained throughout a series of network functions, which makes it well suited for service function chaining. We discuss implementation alternatives for the design and demonstrate how it can be implemented on two virtualization platforms: LXC containers and the KVM hypervisor. To evaluate the design, we conduct experiments where we measure throughput and latency using IP forwarders (routers) as examples of virtual network functions. Two significant factors for performance are investigated: the design of token buckets and the packet clustering effect that comes from scheduling. Finally, we demonstrate how performance guarantees are achieved for rate-controlled virtual routers under different scenarios

A prospective randomized trial to compare the effectiveness of zero calorie carbonated drink and water as a solvent in sodium phosphate for colonoscopy

Abstract Objective: To compare the effectiveness of zero-calorie soft drink and plain water as a solvent for sodium phosphate in terms of good palatability and better patient tolerance. Methods: The randomised controlled trial was conducted from May to December 2019 at the Dowites Operation Theatre Endoscopy Suite, Surgical Unit 3, Civil Hospital Karachi, and comprised patients aged >18 years of either gender undergoing colonoscopy for screening and non-emergency/non-urgent colorectal diseases. The patients were randomised into group A, which was assigned to take sodium phosphate in water, and group B, which was assigned to take sodium phosphate in zero-calorie soft drink. Bowel preparation was assessed by the consultant during endoscopy. Outcome variables, such as bowel cleanliness, palatability, tolerance of solution, adverse effects, and willingness to repeat the preparation, were evaluated in both groups. Data was analysed using SPSS 21. Results: Of the 162 patients, there were 81(50%) in each of the two groups. There were 124(76.5%) males and the overall mean age was 43±8.66 years. The palatability score was significant (p=0.01) for group B compared to group A. Due to better palatability and tolerance, 64(79%) patients in group B took the preparation in <6 hours. Conclusion: Use of zero-calorie soft drink was found to be a better option for colonoscopic preparation compared to plain water. Key Words: Zero calorie coke, Sodium phosphate

Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction

A revolution in network technology has been ushered in by software defined networking (SDN), which makes it possible to control the network from a central location and provides an overview of the network’s security. Despite this, SDN has a single point of failure that increases the risk of potential threats. Network intrusion detection systems (NIDS) prevent intrusions into a network and preserve the network’s integrity, availability, and confidentiality. Much work has been done on NIDS but there are still improvements needed in reducing false alarms and increasing threat detection accuracy. Recently advanced approaches such as deep learning (DL) and machine learning (ML) have been implemented in SDN-based NIDS to overcome the security issues within a network. In the first part of this survey paper, we offer an introduction to the NIDS theory, as well as recent research that has been conducted on the topic. After that, we conduct a thorough analysis of the most recent ML- and DL-based NIDS approaches to ensure reliable identification of potential security risks. Finally, we focus on the opportunities and difficulties that lie ahead for future research on SDN-based ML and DL for NIDS