Pub Date : 2023-06-19DOI: 10.1109/NetSoft57336.2023.10175446
Haomian Zheng, Yunbin Xu, I. Busi, R. Vilalta, R. Casellas, R. Muñoz, Jun Zhou
abstract-An autonomous optical network operates with little or no human involvement and has the capability to configure, oversee, and sustain itself without external intervention. This paper presents the latest advances of autonomous networking (AN) proposed in TM Forum for optical networks. Each step in the procedure for the operator’s daily work is mapped into the AN framework, with detailed features specified in each level. The solution is based on a standard architecture and data models specified in IETF, known as Abstraction and Control of Traffic Engineering Networks (ACTN). Use cases are presented and conducted. This paper presents the result in three typical use cases for optical network management and maintenances: optical service provisioning, healthy assurance, and intelligent alarm processing.
{"title":"From Automation to Autonomous: Driving the Optical Network Management to Fixed Fifth-generation (F5G) Advanced","authors":"Haomian Zheng, Yunbin Xu, I. Busi, R. Vilalta, R. Casellas, R. Muñoz, Jun Zhou","doi":"10.1109/NetSoft57336.2023.10175446","DOIUrl":"https://doi.org/10.1109/NetSoft57336.2023.10175446","url":null,"abstract":"abstract-An autonomous optical network operates with little or no human involvement and has the capability to configure, oversee, and sustain itself without external intervention. This paper presents the latest advances of autonomous networking (AN) proposed in TM Forum for optical networks. Each step in the procedure for the operator’s daily work is mapped into the AN framework, with detailed features specified in each level. The solution is based on a standard architecture and data models specified in IETF, known as Abstraction and Control of Traffic Engineering Networks (ACTN). Use cases are presented and conducted. This paper presents the result in three typical use cases for optical network management and maintenances: optical service provisioning, healthy assurance, and intelligent alarm processing.","PeriodicalId":223208,"journal":{"name":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114958513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.1109/NetSoft57336.2023.10175465
Simone Magnani, R. D. Corin, D. Siracusa
Machine learning models have been extensively proposed for classifying network flows as benign or malicious, either in-network or at the endpoints of the infrastructure. Typically, the performance of such models is assessed by evaluating the trained model against a portion of the available dataset. However, in a production scenario, these models are fed by a monitoring stage that collects information from flows and provides inputs to a filtering stage that eventually blocks malicious traffic. To the best of our knowledge, no work has analysed the entire pipeline, focusing on its performance in terms of both inputs (i.e., the information collected from each flow) and outputs (i.e., the system’s ability to prevent an attack from reaching the application layer).In this paper, we propose a methodology for evaluating the effectiveness of a Network Intrusion Detection System (NIDS) by placing the model evaluation test alongside an online test that simulates the entire monitoring-detection-mitigation pipeline. We assess the system’s outputs based on different input configurations, using state-of-the-art detection models and datasets. Our results highlight the importance of inputs for the throughput of the NIDS, which can decrease by more than 50% with heavier configurations. Furthermore, our research indicates that relying solely on the performance of the detection model may not be enough to evaluate the effectiveness of the entire NIDS process. Indeed, even when achieving near-optimal False Negative Rate (FNR) values (e.g., 0.01), a substantial amount of malicious traffic (e.g., 70%) may still successfully reach its target.
{"title":"Enhancing Network Intrusion Detection: An Online Methodology for Performance Analysis","authors":"Simone Magnani, R. D. Corin, D. Siracusa","doi":"10.1109/NetSoft57336.2023.10175465","DOIUrl":"https://doi.org/10.1109/NetSoft57336.2023.10175465","url":null,"abstract":"Machine learning models have been extensively proposed for classifying network flows as benign or malicious, either in-network or at the endpoints of the infrastructure. Typically, the performance of such models is assessed by evaluating the trained model against a portion of the available dataset. However, in a production scenario, these models are fed by a monitoring stage that collects information from flows and provides inputs to a filtering stage that eventually blocks malicious traffic. To the best of our knowledge, no work has analysed the entire pipeline, focusing on its performance in terms of both inputs (i.e., the information collected from each flow) and outputs (i.e., the system’s ability to prevent an attack from reaching the application layer).In this paper, we propose a methodology for evaluating the effectiveness of a Network Intrusion Detection System (NIDS) by placing the model evaluation test alongside an online test that simulates the entire monitoring-detection-mitigation pipeline. We assess the system’s outputs based on different input configurations, using state-of-the-art detection models and datasets. Our results highlight the importance of inputs for the throughput of the NIDS, which can decrease by more than 50% with heavier configurations. Furthermore, our research indicates that relying solely on the performance of the detection model may not be enough to evaluate the effectiveness of the entire NIDS process. Indeed, even when achieving near-optimal False Negative Rate (FNR) values (e.g., 0.01), a substantial amount of malicious traffic (e.g., 70%) may still successfully reach its target.","PeriodicalId":223208,"journal":{"name":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122457942","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.1109/NetSoft57336.2023.10175423
Riccardo Fedrizzi, Arturo Bellin, C. Costa, F. Granelli
Multi-access edge computing (MEC) represents an emerging solution to improve the performance of mobile networks by bringing computing resources closer to the edge of the network. However, MEC requires the implementation of virtualization and can be deployed using different hardware platforms, including COTS devices. In this highly heterogeneous scenario, the digital twin (DT), assisted by proper AI/ML solutions, is envisioned to play a crucial role in automated network management, operating as an intermediate and collaborative layer enabling the orchestration layer to better understand network behavior before making changes to the physical network. In this paper, we aim to develop a DT model that captures the behavior of a MEC node supporting services with varying workloads. In pursuit of this objective, we adopt a data-driven methodology that effectively learn a model predicting three critical key performance indicators (KPIs): throughput, computational load, and power consumption. To demonstrate the viability and potential of such approach, a measurement campaign is conducted on MEC nodes deployed with different virtualization environments (bare metal, virtual machine, and containerized), and the results are used to build the DT of each node. Furthermore, machine learning models, including k-nearest neighbors (KNN), support vector regression (SVR), and polynomial fitting (PF), are used to understand the amount of actual measurements required to achieve a suitably low KPI prediction error. The results of this study provide a basis for further research in the field of MEC DT models and carbon footprint-aware orchestration.
{"title":"Building the Digital Twin of a MEC node: a Data Driven Approach","authors":"Riccardo Fedrizzi, Arturo Bellin, C. Costa, F. Granelli","doi":"10.1109/NetSoft57336.2023.10175423","DOIUrl":"https://doi.org/10.1109/NetSoft57336.2023.10175423","url":null,"abstract":"Multi-access edge computing (MEC) represents an emerging solution to improve the performance of mobile networks by bringing computing resources closer to the edge of the network. However, MEC requires the implementation of virtualization and can be deployed using different hardware platforms, including COTS devices. In this highly heterogeneous scenario, the digital twin (DT), assisted by proper AI/ML solutions, is envisioned to play a crucial role in automated network management, operating as an intermediate and collaborative layer enabling the orchestration layer to better understand network behavior before making changes to the physical network. In this paper, we aim to develop a DT model that captures the behavior of a MEC node supporting services with varying workloads. In pursuit of this objective, we adopt a data-driven methodology that effectively learn a model predicting three critical key performance indicators (KPIs): throughput, computational load, and power consumption. To demonstrate the viability and potential of such approach, a measurement campaign is conducted on MEC nodes deployed with different virtualization environments (bare metal, virtual machine, and containerized), and the results are used to build the DT of each node. Furthermore, machine learning models, including k-nearest neighbors (KNN), support vector regression (SVR), and polynomial fitting (PF), are used to understand the amount of actual measurements required to achieve a suitably low KPI prediction error. The results of this study provide a basis for further research in the field of MEC DT models and carbon footprint-aware orchestration.","PeriodicalId":223208,"journal":{"name":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123763999","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.1109/NetSoft57336.2023.10175494
Carlos Ruiz De Mendoza, C. Cervelló-Pastor
This paper presents a Ph.D. thesis proposal for a novel solution in optimizing the placement of Connected Autonomous Vehicles (CAVs) Virtual Network Functions (VNFs) requests in Edge Computing (EC) resources. Our Federated Deep Reinforcement Learning (FDRL) proposal will be designed to improve computation efficiency while minimizing service rejections and maximizing resource utilization, and ensuring the least costly path for CAVs. This approach will also be privacy-preserving, ensuring sensitive data remains secure and enables reliable, low-latency communication between CAVs, EC nodes, and the federated server. By utilizing distributed learning capabilities, FDRL allows multiple vehicles to learn from their local experience and make collective decisions, improving network systems performance.
{"title":"Zero-Touch MEC Resources for Connected Autonomous Vehicles Managed by Federated Learning","authors":"Carlos Ruiz De Mendoza, C. Cervelló-Pastor","doi":"10.1109/NetSoft57336.2023.10175494","DOIUrl":"https://doi.org/10.1109/NetSoft57336.2023.10175494","url":null,"abstract":"This paper presents a Ph.D. thesis proposal for a novel solution in optimizing the placement of Connected Autonomous Vehicles (CAVs) Virtual Network Functions (VNFs) requests in Edge Computing (EC) resources. Our Federated Deep Reinforcement Learning (FDRL) proposal will be designed to improve computation efficiency while minimizing service rejections and maximizing resource utilization, and ensuring the least costly path for CAVs. This approach will also be privacy-preserving, ensuring sensitive data remains secure and enables reliable, low-latency communication between CAVs, EC nodes, and the federated server. By utilizing distributed learning capabilities, FDRL allows multiple vehicles to learn from their local experience and make collective decisions, improving network systems performance.","PeriodicalId":223208,"journal":{"name":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124417592","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.1109/NetSoft57336.2023.10175415
P. Veitch, Adam Broadbent, Arsham Farshad
A growing number of network functions built to run on commodity compute infrastructure, are increasingly adopting cloud native principles, and therefore often run inside containers. Containerised Network Functions (CNFs) can be hosted directly on the server’s host OS- Bare Metal (BM)- or can run inside a Virtual Machine (VM). The choice of BM or VM to host containers depends on many factors linked to security, tenant isolation, available resources and performance. This paper explores this important consideration by conducting comparative tests in a specific domain, namely at the network edge where resources are tightly constrained. Using a small form-factor micro server, we demonstrate how BM can clearly out-perform the use of a VM but that this occurs when there are distinct set-up dependencies around small fixed frame sizes and very stringent packet loss constraints. The performance margin is notably shrunk however, when a more realistic traffic load is used and non-zero packet loss permitted: the VM performance reaches within 89% of the BM throughput, while also achieving an average latency 14% lower than the BM setup. These results emphasise it is not simply a clear-cut case of BM always being “better”, with many other factors requiring attention including security and tenant isolation. We use the insights gleaned from lab testing alongside qualitative criteria to better inform design decisions around using VMs or BM to host CNFs.
{"title":"Comparison of Virtual Machines and Bare Metal for CNFs at Resource-Constrained Network Edge","authors":"P. Veitch, Adam Broadbent, Arsham Farshad","doi":"10.1109/NetSoft57336.2023.10175415","DOIUrl":"https://doi.org/10.1109/NetSoft57336.2023.10175415","url":null,"abstract":"A growing number of network functions built to run on commodity compute infrastructure, are increasingly adopting cloud native principles, and therefore often run inside containers. Containerised Network Functions (CNFs) can be hosted directly on the server’s host OS- Bare Metal (BM)- or can run inside a Virtual Machine (VM). The choice of BM or VM to host containers depends on many factors linked to security, tenant isolation, available resources and performance. This paper explores this important consideration by conducting comparative tests in a specific domain, namely at the network edge where resources are tightly constrained. Using a small form-factor micro server, we demonstrate how BM can clearly out-perform the use of a VM but that this occurs when there are distinct set-up dependencies around small fixed frame sizes and very stringent packet loss constraints. The performance margin is notably shrunk however, when a more realistic traffic load is used and non-zero packet loss permitted: the VM performance reaches within 89% of the BM throughput, while also achieving an average latency 14% lower than the BM setup. These results emphasise it is not simply a clear-cut case of BM always being “better”, with many other factors requiring attention including security and tenant isolation. We use the insights gleaned from lab testing alongside qualitative criteria to better inform design decisions around using VMs or BM to host CNFs.","PeriodicalId":223208,"journal":{"name":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126010749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.1109/NetSoft57336.2023.10175444
Syed Mohsan Raza, R. Minerva, N. Crespi, M. Karech
The telecommunications sector is devoting an initial interest in the representation of complex networks as Digital Twins. The concept of a Digital Twin Network (DTN) is a research topic, but it promises to be an important step for harmonizing different models of the Edge-Cloud Continuum. The DTN software framework aims at helping network operations by providing updated and complete views on the network or parts of it, and it also introduces the possibility to simulate the network behavior or to learn from network events history (Machine Learning) without jeopardizing the actual operations of resources. In addition, thanks to the representation capabilities of the DT, its usage in the network promises to support different stakeholders’ views on their virtualized and physical infrastructure. This work tries to consolidate a DTN data model representing the elements of the Edge-Cloud Continuum by providing a layered (horizontal) and segmented (vertical) view of the infrastructure to all the involved stakeholders. The DTN model is an ontology where the linked classes represent properties and relations of networked components. This work aims to design a flexible and extensible ontology that describes the Edge-Cloud continuum usable in the telecommunications as well in the Cloud (IT and web) industries creating a bridge between the two.
{"title":"Definition Of Digital Twin Network Data Model in The Context of Edge-Cloud Continuum","authors":"Syed Mohsan Raza, R. Minerva, N. Crespi, M. Karech","doi":"10.1109/NetSoft57336.2023.10175444","DOIUrl":"https://doi.org/10.1109/NetSoft57336.2023.10175444","url":null,"abstract":"The telecommunications sector is devoting an initial interest in the representation of complex networks as Digital Twins. The concept of a Digital Twin Network (DTN) is a research topic, but it promises to be an important step for harmonizing different models of the Edge-Cloud Continuum. The DTN software framework aims at helping network operations by providing updated and complete views on the network or parts of it, and it also introduces the possibility to simulate the network behavior or to learn from network events history (Machine Learning) without jeopardizing the actual operations of resources. In addition, thanks to the representation capabilities of the DT, its usage in the network promises to support different stakeholders’ views on their virtualized and physical infrastructure. This work tries to consolidate a DTN data model representing the elements of the Edge-Cloud Continuum by providing a layered (horizontal) and segmented (vertical) view of the infrastructure to all the involved stakeholders. The DTN model is an ontology where the linked classes represent properties and relations of networked components. This work aims to design a flexible and extensible ontology that describes the Edge-Cloud continuum usable in the telecommunications as well in the Cloud (IT and web) industries creating a bridge between the two.","PeriodicalId":223208,"journal":{"name":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125153415","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.1109/NetSoft57336.2023.10175440
L. M. M. Zorello, Kazem Eradatmand, Sebastian Troia, A. Pattavina, Yingqian Zhang, G. Maier
Network slicing is an important characteristic of 5G/6G networks that increases flexibility and enables different applications over a single infrastructure. The physical resources are partitioned to create virtualized networks, each dedicated to services with specific requirements. Several entities participate in network slicing, including Mobile Network Operators (MNOs), Mobile Virtual Network Operators (MVNOs), and users. An MNO owns the physical network infrastructure and the resources. MVNOs lease resources from the MNO and operate as service providers towards their subscribers. The goal of this work is to optimize the end-to-end network slicing process to provide services to users with a fair sharing of resources. We model this problem as a hierarchical combinatorial auction with a modified Vickrey-Clarke-Groves pricing mechanism. In the upper-level auction, an MNO is the seller supplying Network Slice to several MVNOs, who act as the bidders. In the lower-level auction, each MVNO holds an auction as a seller delivering services to their subscribed end-users, who play the role of bidders. We formulate and solve the Winner Determination Problem using mathematical programming and heuristic algorithms. The simulations show that the model can achieve fair sharing of resources, and it enables improving the MNO and MVNO revenue.
{"title":"Auction-based network slicing for 5G RAN","authors":"L. M. M. Zorello, Kazem Eradatmand, Sebastian Troia, A. Pattavina, Yingqian Zhang, G. Maier","doi":"10.1109/NetSoft57336.2023.10175440","DOIUrl":"https://doi.org/10.1109/NetSoft57336.2023.10175440","url":null,"abstract":"Network slicing is an important characteristic of 5G/6G networks that increases flexibility and enables different applications over a single infrastructure. The physical resources are partitioned to create virtualized networks, each dedicated to services with specific requirements. Several entities participate in network slicing, including Mobile Network Operators (MNOs), Mobile Virtual Network Operators (MVNOs), and users. An MNO owns the physical network infrastructure and the resources. MVNOs lease resources from the MNO and operate as service providers towards their subscribers. The goal of this work is to optimize the end-to-end network slicing process to provide services to users with a fair sharing of resources. We model this problem as a hierarchical combinatorial auction with a modified Vickrey-Clarke-Groves pricing mechanism. In the upper-level auction, an MNO is the seller supplying Network Slice to several MVNOs, who act as the bidders. In the lower-level auction, each MVNO holds an auction as a seller delivering services to their subscribed end-users, who play the role of bidders. We formulate and solve the Winner Determination Problem using mathematical programming and heuristic algorithms. The simulations show that the model can achieve fair sharing of resources, and it enables improving the MNO and MVNO revenue.","PeriodicalId":223208,"journal":{"name":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127218335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.1109/NetSoft57336.2023.10175398
Nicola Di Cicco, Gaetano Francesco Pittalà, G. Davoli, D. Borsatti, W. Cerroni, C. Raffaelli, M. Tornatore
We consider the problem of designing and training a neural network-based orchestrator for fog computing service deployment. Our goal is to train an orchestrator able to optimize diversified and competing QoS requirements, such as blocking probability and service delay, while potentially supporting thousands of fog nodes. To cope with said challenges, we implement our neural orchestrator as a Deep Set (DS) network operating on sets of fog nodes, and we leverage Deep Reinforcement Learning (DRL) with invalid action masking to find an optimal trade-off between competing objectives. Illustrative numerical results show that our Deep Set-based policy generalizes well to problem sizes (i.e., in terms of numbers of fog nodes) up to two orders of magnitude larger than the ones seen during the training phase, outperforming both greedy heuristics and traditional Multi-Layer Perceptron (MLP)-based DRL. In addition, inference times of our DS-based policy are up to an order of magnitude faster than an MLP, allowing for excellent scalability and near real-time online decision-making.
{"title":"DRL-FORCH: A Scalable Deep Reinforcement Learning-based Fog Computing Orchestrator","authors":"Nicola Di Cicco, Gaetano Francesco Pittalà, G. Davoli, D. Borsatti, W. Cerroni, C. Raffaelli, M. Tornatore","doi":"10.1109/NetSoft57336.2023.10175398","DOIUrl":"https://doi.org/10.1109/NetSoft57336.2023.10175398","url":null,"abstract":"We consider the problem of designing and training a neural network-based orchestrator for fog computing service deployment. Our goal is to train an orchestrator able to optimize diversified and competing QoS requirements, such as blocking probability and service delay, while potentially supporting thousands of fog nodes. To cope with said challenges, we implement our neural orchestrator as a Deep Set (DS) network operating on sets of fog nodes, and we leverage Deep Reinforcement Learning (DRL) with invalid action masking to find an optimal trade-off between competing objectives. Illustrative numerical results show that our Deep Set-based policy generalizes well to problem sizes (i.e., in terms of numbers of fog nodes) up to two orders of magnitude larger than the ones seen during the training phase, outperforming both greedy heuristics and traditional Multi-Layer Perceptron (MLP)-based DRL. In addition, inference times of our DS-based policy are up to an order of magnitude faster than an MLP, allowing for excellent scalability and near real-time online decision-making.","PeriodicalId":223208,"journal":{"name":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133615561","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.1109/NetSoft57336.2023.10175442
Daniele Bringhenti, R. Sisto, Fulvio Valenza
Nowadays, security automation exploits the agility characterizing network virtualization to replace the traditional error-prone human operations. This dynamism allows user-specified high-level intents to be rapidly refined into the concrete configuration rules which should be deployed on virtual security functions. In this revolutionary context, this paper proposes the demonstration of a novel security framework based on an optimized approach for the automatic orchestration of virtual distributed firewalls. The framework provides formal guarantees for the firewall configuration correctness and minimizes the size of the firewall allocation scheme and rule set. The framework produces rules that can be deployed on multiple types of real virtual function implementations, such as iptables, eBPF firewalls and Open vSwitch.
{"title":"A demonstration of VEREFOO: an automated framework for virtual firewall configuration","authors":"Daniele Bringhenti, R. Sisto, Fulvio Valenza","doi":"10.1109/NetSoft57336.2023.10175442","DOIUrl":"https://doi.org/10.1109/NetSoft57336.2023.10175442","url":null,"abstract":"Nowadays, security automation exploits the agility characterizing network virtualization to replace the traditional error-prone human operations. This dynamism allows user-specified high-level intents to be rapidly refined into the concrete configuration rules which should be deployed on virtual security functions. In this revolutionary context, this paper proposes the demonstration of a novel security framework based on an optimized approach for the automatic orchestration of virtual distributed firewalls. The framework provides formal guarantees for the firewall configuration correctness and minimizes the size of the firewall allocation scheme and rule set. The framework produces rules that can be deployed on multiple types of real virtual function implementations, such as iptables, eBPF firewalls and Open vSwitch.","PeriodicalId":223208,"journal":{"name":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131469194","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.1109/NetSoft57336.2023.10175469
Daniel Gomes, Rafael Direito, Diogo Gomes, Rui L. Aguiar
NFV has risen to be a solution to abstract Network Functions from the hardware, providing numerous advantages to Network Operators. However, many challenges have appeared with the evolution of NFV. An example are the inter-domain scenarios where services are spanned across multiple independent domains. Using VPNs to interconnect all domains can attenuate the difficulties imposed by such scenarios. In this paper, we present a NFV-based solution for deploying full-mesh VPNs to interconnect different administrative domains, without manual intervention.
{"title":"A Zero-Touch and NFV-Based Full-Mesh VPNaaS Solution - Demo","authors":"Daniel Gomes, Rafael Direito, Diogo Gomes, Rui L. Aguiar","doi":"10.1109/NetSoft57336.2023.10175469","DOIUrl":"https://doi.org/10.1109/NetSoft57336.2023.10175469","url":null,"abstract":"NFV has risen to be a solution to abstract Network Functions from the hardware, providing numerous advantages to Network Operators. However, many challenges have appeared with the evolution of NFV. An example are the inter-domain scenarios where services are spanned across multiple independent domains. Using VPNs to interconnect all domains can attenuate the difficulties imposed by such scenarios. In this paper, we present a NFV-based solution for deploying full-mesh VPNs to interconnect different administrative domains, without manual intervention.","PeriodicalId":223208,"journal":{"name":"2023 IEEE 9th International Conference on Network Softwarization (NetSoft)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132484248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: