Pub Date : 2016-11-01DOI: 10.1109/NFV-SDN.2016.7919488
Brendan Tschaen, Y. Zhang, Theophilus A. Benson, S. Banerjee, Jeongkeun Lee, Joon-Myung Kang
Network middleboxes are difficult to manage and troubleshoot, due to their proprietary monolithic design. Moving towards Network Functions Virtualization (NFV), virtualized middlebox appliances can be more flexibly instantiated and dynamically chained, making troubleshooting even more difficult. To guarantee carrier-grade availability and minimize outages, operators need ways to automatically verify that the deployed network and middlebox configurations obey higher level network policies. In this paper, we first define and identify the key challenges for checking the correct forwarding behavior of Service Function Chains (SFC). We then design and develop a network diagnosis framework that aids network administrators in verifying the correctness of SFC policy enforcement. Our prototype - SFC-Checker can verify stateful service chains efficiently, by analyzing the switches' forwarding rules and the middleboxes' stateful forwarding behavior. Built on top of the network function models we proposed, we develop a diagnosis algorithm that is able to check the stateful forwarding behavior of a chain of network service functions.
{"title":"SFC-Checker: Checking the correct forwarding behavior of Service Function chaining","authors":"Brendan Tschaen, Y. Zhang, Theophilus A. Benson, S. Banerjee, Jeongkeun Lee, Joon-Myung Kang","doi":"10.1109/NFV-SDN.2016.7919488","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919488","url":null,"abstract":"Network middleboxes are difficult to manage and troubleshoot, due to their proprietary monolithic design. Moving towards Network Functions Virtualization (NFV), virtualized middlebox appliances can be more flexibly instantiated and dynamically chained, making troubleshooting even more difficult. To guarantee carrier-grade availability and minimize outages, operators need ways to automatically verify that the deployed network and middlebox configurations obey higher level network policies. In this paper, we first define and identify the key challenges for checking the correct forwarding behavior of Service Function Chains (SFC). We then design and develop a network diagnosis framework that aids network administrators in verifying the correctness of SFC policy enforcement. Our prototype - SFC-Checker can verify stateful service chains efficiently, by analyzing the switches' forwarding rules and the middleboxes' stateful forwarding behavior. Built on top of the network function models we proposed, we develop a diagnosis algorithm that is able to check the stateful forwarding behavior of a chain of network service functions.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115507861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-11-01DOI: 10.1109/NFV-SDN.2016.7919483
P. K. Dey, M. Yuksel
We propose a new hybrid software-defined networking (SDN) approach, Cloud-Assisted Routing (CAR), that utilizes high computation and memory power of cloud services by splitting both control and data plane functions between a local router and a remote cloud computing platform. Instead of a complete separation of the two planes, our approach maintains most of the control plane at the cloud and the least of it at the local router, and vice versa for the data plane. We present the architectural view of CAR and results from an initial prototype of forwarding table size reduction using CAR. We discuss possible intra- and inter-domain optimizations by highlighting the use-cases of multi-cloud design paradigm and perform a cost comparison between legacy router vs. CAR to identify the break-even points and key components that make CAR monetarily beneficial.
{"title":"CAR: Cloud-Assisted Routing","authors":"P. K. Dey, M. Yuksel","doi":"10.1109/NFV-SDN.2016.7919483","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919483","url":null,"abstract":"We propose a new hybrid software-defined networking (SDN) approach, Cloud-Assisted Routing (CAR), that utilizes high computation and memory power of cloud services by splitting both control and data plane functions between a local router and a remote cloud computing platform. Instead of a complete separation of the two planes, our approach maintains most of the control plane at the cloud and the least of it at the local router, and vice versa for the data plane. We present the architectural view of CAR and results from an initial prototype of forwarding table size reduction using CAR. We discuss possible intra- and inter-domain optimizations by highlighting the use-cases of multi-cloud design paradigm and perform a cost comparison between legacy router vs. CAR to identify the break-even points and key components that make CAR monetarily beneficial.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130575056","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-11-01DOI: 10.1109/NFV-SDN.2016.7919467
C. S. Gomes, Felipe S. Dantas Silva, Emidio P. Neto, K. Costa, João Batista da Silva
The Software-Defined Networking (SDN) paradigm has introduced a set of resources that can be employed to design new services and applications for the next generation of network technologies. Despite all the benefits provided by the SDN approach, the management of the infrastructure remains an unsolved challenge since it is necessary to provide the appropriate tools to ensure a reliable and effective network service orchestration. In view of this, we introduce the Modular Interactive Management System for SDN Infrastructure (MISSIn), a supportive tool for SDN management, designed to support network operators to deal with complex heterogeneous applications and user requirements, in a dynamic and interactive way.
{"title":"Towards a Modular Interactive Management approach for SDN Infrastructure orchestration","authors":"C. S. Gomes, Felipe S. Dantas Silva, Emidio P. Neto, K. Costa, João Batista da Silva","doi":"10.1109/NFV-SDN.2016.7919467","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919467","url":null,"abstract":"The Software-Defined Networking (SDN) paradigm has introduced a set of resources that can be employed to design new services and applications for the next generation of network technologies. Despite all the benefits provided by the SDN approach, the management of the infrastructure remains an unsolved challenge since it is necessary to provide the appropriate tools to ensure a reliable and effective network service orchestration. In view of this, we introduce the Modular Interactive Management System for SDN Infrastructure (MISSIn), a supportive tool for SDN management, designed to support network operators to deal with complex heterogeneous applications and user requirements, in a dynamic and interactive way.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121418900","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-11-01DOI: 10.1109/NFV-SDN.2016.7919501
G. Carella, Michael Pauls, L. Grebe, T. Magedanz
With the rapid migration towards Software-based Networks, Telco Operators are modifying their traditional network infrastructures in order to reduce the complexity in managing Network Services (NS). Being able to cope with on-demand traffic increase is one of the key principles taken from the Cloud Computing domain and extended to the Telco one by the ETSI Network Function Virtualization (NFV) initiative. However, due to the novelty of this paradigm in the Telco domain, the landscape of fully-interoperable frameworks is rather limited and even more complex is their extensibility for supporting new functionalities. None of the existing solutions nowadays provide mechanisms for dynamically adapt the NS topology based on their Runtime Key Performance Indicators (KPIs), supporting the requirements requested by the ETSI NFV specification. Therefore, this article presents an Autoscaling Engine (AE) capable of dynamically adapting a NS based on policies provided by the Operator and integrated in the ETSI NFV information model. Its design has been realized considering the NFV requirements, and has been integrated in the ETSI NFV Architecture as additional functional element. Its implementation is part of an existing NFV-compliant framework, Open Baton, and made available to the community as open source. An evaluation of the implemented concept shows that the proposed solution increases the reliability, stability and resource efficiency of NSs.
{"title":"An extensible Autoscaling Engine (AE) for Software-based Network Functions","authors":"G. Carella, Michael Pauls, L. Grebe, T. Magedanz","doi":"10.1109/NFV-SDN.2016.7919501","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919501","url":null,"abstract":"With the rapid migration towards Software-based Networks, Telco Operators are modifying their traditional network infrastructures in order to reduce the complexity in managing Network Services (NS). Being able to cope with on-demand traffic increase is one of the key principles taken from the Cloud Computing domain and extended to the Telco one by the ETSI Network Function Virtualization (NFV) initiative. However, due to the novelty of this paradigm in the Telco domain, the landscape of fully-interoperable frameworks is rather limited and even more complex is their extensibility for supporting new functionalities. None of the existing solutions nowadays provide mechanisms for dynamically adapt the NS topology based on their Runtime Key Performance Indicators (KPIs), supporting the requirements requested by the ETSI NFV specification. Therefore, this article presents an Autoscaling Engine (AE) capable of dynamically adapting a NS based on policies provided by the Operator and integrated in the ETSI NFV information model. Its design has been realized considering the NFV requirements, and has been integrated in the ETSI NFV Architecture as additional functional element. Its implementation is part of an existing NFV-compliant framework, Open Baton, and made available to the community as open source. An evaluation of the implemented concept shows that the proposed solution increases the reliability, stability and resource efficiency of NSs.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115588254","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-11-01DOI: 10.1109/NFV-SDN.2016.7919468
Ahmed Medhat, G. Carella, Michael Pauls, M. Monachesi, M. Corici, T. Magedanz
Service Function Chaining (SFC) defines the concept of linking ordered Service Functions (SFs) through network technologies to support specific application requirements. SFC exploits Software Defined Networking (SDN) and Network Function Virtualization (NFV) technologies to achieve the creation, modification and deletion of SFC in a cost efficient and rapid way. However, during the runtime phase, SFs are exposed to the risk of failures, which results in an end-to-end failure at the application level. For this reason, this paper introduces the concept of a resilient SFC Orchestrator capable of deploying SF Chains following the ETSI NFV architectural model, as well as controlling the runtime phase rerouting the traffic to a different path in case of appearing faults. Furthermore, the concept is exemplified as an addition to the current NFV architecture and evaluated in a NFV environment making use of the Fraunhofer FOKUS Open Baton toolkit in an OpenStack and OpenDayLight based environment. Finally, the measured results show that the Service Function Path (SFP), and therefore their provided services, can be recovered in a few seconds.
SFC (Service Function chains)定义了通过网络技术将有序的服务功能链接起来,以支持特定的应用需求的概念。SFC利用软件定义网络(SDN)和网络功能虚拟化(NFV)技术,以低成本、快速的方式实现SFC的创建、修改和删除。然而,在运行时阶段,sf面临失败的风险,这会导致应用程序级别的端到端失败。出于这个原因,本文介绍了弹性SFC编排器的概念,它能够按照ETSI NFV架构模型部署SF链,并在出现故障时控制运行阶段将流量重新路由到不同的路径。此外,该概念作为当前NFV架构的补充,并在基于OpenStack和OpenDayLight的环境中使用Fraunhofer FOKUS Open Baton工具包在NFV环境中进行了评估。最后,测量结果表明,业务功能路径(SFP)及其提供的业务可以在几秒钟内恢复。
{"title":"Resilient orchestration of Service Functions Chains in a NFV environment","authors":"Ahmed Medhat, G. Carella, Michael Pauls, M. Monachesi, M. Corici, T. Magedanz","doi":"10.1109/NFV-SDN.2016.7919468","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919468","url":null,"abstract":"Service Function Chaining (SFC) defines the concept of linking ordered Service Functions (SFs) through network technologies to support specific application requirements. SFC exploits Software Defined Networking (SDN) and Network Function Virtualization (NFV) technologies to achieve the creation, modification and deletion of SFC in a cost efficient and rapid way. However, during the runtime phase, SFs are exposed to the risk of failures, which results in an end-to-end failure at the application level. For this reason, this paper introduces the concept of a resilient SFC Orchestrator capable of deploying SF Chains following the ETSI NFV architectural model, as well as controlling the runtime phase rerouting the traffic to a different path in case of appearing faults. Furthermore, the concept is exemplified as an addition to the current NFV architecture and evaluated in a NFV environment making use of the Fraunhofer FOKUS Open Baton toolkit in an OpenStack and OpenDayLight based environment. Finally, the measured results show that the Service Function Path (SFP), and therefore their provided services, can be recovered in a few seconds.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123035643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-11-01DOI: 10.1109/NFV-SDN.2016.7919485
Alan Bairley, G. Xie
SDN orchestration, the problem of integrating and deploying multiple network control functions (NCFs) while minimizing suboptimal network states that can result from competing NCF objectives, is a challenging open problem. In this work, we formulate SDN orchestration as a multiobjective optimization problem, and present an evolutionary approach designed to explore the NCF tradeoff space comprehensively and avoid local optima. For an instance of the VM allocation problem subject to three independent NCFs optimizing network survivability, bandwidth efficiency, and power consumption, respectively, we demonstrate that our approach can enumerate a wider range of, and potentially better solutions than current orchestrators, for data centers with 100s of switches, 1,000s of servers, and 10,000s of VM slots.
{"title":"Orchestrating network control functions via comprehensive trade-off exploration","authors":"Alan Bairley, G. Xie","doi":"10.1109/NFV-SDN.2016.7919485","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919485","url":null,"abstract":"SDN orchestration, the problem of integrating and deploying multiple network control functions (NCFs) while minimizing suboptimal network states that can result from competing NCF objectives, is a challenging open problem. In this work, we formulate SDN orchestration as a multiobjective optimization problem, and present an evolutionary approach designed to explore the NCF tradeoff space comprehensively and avoid local optima. For an instance of the VM allocation problem subject to three independent NCFs optimizing network survivability, bandwidth efficiency, and power consumption, respectively, we demonstrate that our approach can enumerate a wider range of, and potentially better solutions than current orchestrators, for data centers with 100s of switches, 1,000s of servers, and 10,000s of VM slots.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121794528","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-11-01DOI: 10.1109/NFV-SDN.2016.7919491
Priyanka Naik, Dilip Kumar Shaw, Mythili Vutukuru
Network Function Virtualization (NFV) is a new trend in networking, where network functions are moving from custom hardware appliances to software implementations running on virtual machines (VMs) hosted on commodity hardware. While the benefits of NFV such as cost reduction and increased agility are well understood, doubts still exist on whether a software implementation can match up to the high performance that hardware appliances deliver. In this context, network operators would benefit from frameworks that monitor performance and identify bottlenecks in Virtual Network Function (VNF) implementations obtained from vendors. While several techniques already exist to identify performance issues in cloud-based applications, most of them either use hardware resource utilizations to identify hot-spots (making them incapable of detecting non-hardware performance bottlenecks) or rely on application specific measurements (which may not be exposed by VNFs to vendors always). This paper describes NFVPerf, a performance monitoring and bottleneck detection tool for NFV. NFVPerf works as part of a cloud that hosts a NFV deployment, and takes a configuration file specifying the basic architecture of the VNF as input. It sniffs packets on all VM-to-VM communication paths, computes per-hop throughputs and delays, and uses these “black-box” measurements alone to identify performance bottlenecks (including software bottlenecks) in real time, without requiring any instrumentation of the VNF. Further, NFVPerf can be customized to any VNF implementations with just configuration changes. Our evaluation of NFVPerf shows that it can monitor performance and identify bottlenecks in an NFV deployment, with high accuracy and minimal overhead. We believe that a system like NFVPerf would form a great addition to cloud management systems in the era of NFV.
{"title":"NFVPerf: Online performance monitoring and bottleneck detection for NFV","authors":"Priyanka Naik, Dilip Kumar Shaw, Mythili Vutukuru","doi":"10.1109/NFV-SDN.2016.7919491","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919491","url":null,"abstract":"Network Function Virtualization (NFV) is a new trend in networking, where network functions are moving from custom hardware appliances to software implementations running on virtual machines (VMs) hosted on commodity hardware. While the benefits of NFV such as cost reduction and increased agility are well understood, doubts still exist on whether a software implementation can match up to the high performance that hardware appliances deliver. In this context, network operators would benefit from frameworks that monitor performance and identify bottlenecks in Virtual Network Function (VNF) implementations obtained from vendors. While several techniques already exist to identify performance issues in cloud-based applications, most of them either use hardware resource utilizations to identify hot-spots (making them incapable of detecting non-hardware performance bottlenecks) or rely on application specific measurements (which may not be exposed by VNFs to vendors always). This paper describes NFVPerf, a performance monitoring and bottleneck detection tool for NFV. NFVPerf works as part of a cloud that hosts a NFV deployment, and takes a configuration file specifying the basic architecture of the VNF as input. It sniffs packets on all VM-to-VM communication paths, computes per-hop throughputs and delays, and uses these “black-box” measurements alone to identify performance bottlenecks (including software bottlenecks) in real time, without requiring any instrumentation of the VNF. Further, NFVPerf can be customized to any VNF implementations with just configuration changes. Our evaluation of NFVPerf shows that it can monitor performance and identify bottlenecks in an NFV deployment, with high accuracy and minimal overhead. We believe that a system like NFVPerf would form a great addition to cloud management systems in the era of NFV.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"391 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125148797","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-11-01DOI: 10.1109/NFV-SDN.2016.7919470
Balázs Németh, Balázs Sonkoly, Matthias Rost, S. Schmid
Future network services and applications, such as coordinated remote driving or remote surgery, pose serious challenges on the underlying networks. In order to fulfill the extremely low latency requirement in combination with ultrahigh availability and reliability, we need novel approaches, for example to dynamically move network “capabilities” close to the users. This requires more flexibility, automation and adaptability to be added to the networks at different levels and operation planes. The key enabler of the novel features is network softwarization provided by NFV and SDN techniques. In this paper, we focus on a central component of the orchestration plane which is responsible for mapping the building blocks of services to available resources. Our main contribution is twofold. First, we propose a novel service graph embedding algorithm which is able to jointly control and optimize the usage of compute and network resources efficiently based on greedy heuristics. Besides, the algorithm can be configured extensively to obtain different optimization goals and trade-off running time with the search space. Second, we report on our implementation and integration with our proof-of-concept orchestration framework ESCAPE. Several experiments confirmed its practical applicability.
{"title":"Efficient service graph embedding: A practical approach","authors":"Balázs Németh, Balázs Sonkoly, Matthias Rost, S. Schmid","doi":"10.1109/NFV-SDN.2016.7919470","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919470","url":null,"abstract":"Future network services and applications, such as coordinated remote driving or remote surgery, pose serious challenges on the underlying networks. In order to fulfill the extremely low latency requirement in combination with ultrahigh availability and reliability, we need novel approaches, for example to dynamically move network “capabilities” close to the users. This requires more flexibility, automation and adaptability to be added to the networks at different levels and operation planes. The key enabler of the novel features is network softwarization provided by NFV and SDN techniques. In this paper, we focus on a central component of the orchestration plane which is responsible for mapping the building blocks of services to available resources. Our main contribution is twofold. First, we propose a novel service graph embedding algorithm which is able to jointly control and optimize the usage of compute and network resources efficiently based on greedy heuristics. Besides, the algorithm can be configured extensively to obtain different optimization goals and trade-off running time with the search space. Second, we report on our implementation and integration with our proof-of-concept orchestration framework ESCAPE. Several experiments confirmed its practical applicability.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"165 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126735267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-11-01DOI: 10.1109/NFV-SDN.2016.7919474
M. S. Siddiqui, E. Escalona, Eleni Trouva, M. Kourtis, D. Kritharidis, K. Katsaros, S. Spirou, C. Canales, M. Lorenzo
The challenging traits of 5G networks to support novel and diverse business requirements of vertical sectors have rendered current network security approaches impotent. To address various security requirements of 5G networks and services, a holistic and robust security architecture mindful of 5G technical and business features becomes vital. This paper describes a holistic security architecture for a multi-tenant NFV/SDN enabled 5G access network based on policy-based security management and monitoring & smart analytics.
{"title":"Policy based virtualised security architecture for SDN/NFV enabled 5G access networks","authors":"M. S. Siddiqui, E. Escalona, Eleni Trouva, M. Kourtis, D. Kritharidis, K. Katsaros, S. Spirou, C. Canales, M. Lorenzo","doi":"10.1109/NFV-SDN.2016.7919474","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919474","url":null,"abstract":"The challenging traits of 5G networks to support novel and diverse business requirements of vertical sectors have rendered current network security approaches impotent. To address various security requirements of 5G networks and services, a holistic and robust security architecture mindful of 5G technical and business features becomes vital. This paper describes a holistic security architecture for a multi-tenant NFV/SDN enabled 5G access network based on policy-based security management and monitoring & smart analytics.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"116 10","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132289179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-11-01DOI: 10.1109/NFV-SDN.2016.7919493
Saurav Nanda, Faheem Zafari, C. DeCusatis, Eric Wedaa, B. Yang
An experimental setup of 32 honeypots reported 17M login attempts originating from 112 different countries and over 6000 distinct source IP addresses. Due to decoupled control and data plane, Software Defined Networks (SDN) can handle these increasing number of attacks by blocking those network connections at the switch level. However, the challenge lies in defining the set of rules on the SDN controller to block malicious network connections. Historical network attack data can be used to automatically identify and block the malicious connections. There are a few existing open-source software tools to monitor and limit the number of login attempts per source IP address one-by-one. However, these solutions cannot efficiently act against a chain of attacks that comprises multiple IP addresses used by each attacker. In this paper, we propose using machine learning algorithms, trained on historical network attack data, to identify the potential malicious connections and potential attack destinations. We use four widely-known machine learning algorithms: C4.5, Bayesian Network (BayesNet), Decision Table (DT), and Naive-Bayes to predict the host that will be attacked based on the historical data. Experimental results show that average prediction accuracy of 91.68% is attained using Bayesian Networks.
{"title":"Predicting network attack patterns in SDN using machine learning approach","authors":"Saurav Nanda, Faheem Zafari, C. DeCusatis, Eric Wedaa, B. Yang","doi":"10.1109/NFV-SDN.2016.7919493","DOIUrl":"https://doi.org/10.1109/NFV-SDN.2016.7919493","url":null,"abstract":"An experimental setup of 32 honeypots reported 17M login attempts originating from 112 different countries and over 6000 distinct source IP addresses. Due to decoupled control and data plane, Software Defined Networks (SDN) can handle these increasing number of attacks by blocking those network connections at the switch level. However, the challenge lies in defining the set of rules on the SDN controller to block malicious network connections. Historical network attack data can be used to automatically identify and block the malicious connections. There are a few existing open-source software tools to monitor and limit the number of login attempts per source IP address one-by-one. However, these solutions cannot efficiently act against a chain of attacks that comprises multiple IP addresses used by each attacker. In this paper, we propose using machine learning algorithms, trained on historical network attack data, to identify the potential malicious connections and potential attack destinations. We use four widely-known machine learning algorithms: C4.5, Bayesian Network (BayesNet), Decision Table (DT), and Naive-Bayes to predict the host that will be attacked based on the historical data. Experimental results show that average prediction accuracy of 91.68% is attained using Bayesian Networks.","PeriodicalId":448203,"journal":{"name":"2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127989862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: