A Joint Orchestration of Security and Functionality Services at Network Edge

Yudong Qin,Deke Guo,Lailong Luo,Ming Xu
DOI: https://doi.org/10.1016/j.comnet.2022.108951
IF: 5.493
2022-01-01
Computer Networks
Abstract:Edge computing emerges as a new paradigm to provide low-latency network services in close proximity to end users. Based on the network function virtualization (NFV) technology, network services can be flexibly and scalably provisioned as virtual network function (VNF) chains deployed at edge servers. With such advantages, both the industry and research communities have done extensive studies on deploying VNF chains at network edge. The existing works mainly take an ideal assumption that the network is totally safe and there are no malicious users. Therefore, they leverage all available resources to serve their users. However, such an assumption is impractical in real networks. Security services, such as firewall, deep packet detection, intrusion detection, are always required for production networks. The existing service deployment methods fail to consider the co-existence of security services and functionality services. In this paper, we present the topic of joint deployment of both security and functionality services, wherein the security services are responsible to check the data flows before being processed by the functionality services. To solve this problem, we propose the Secure Deployment Pattern, which aims to simultaneously satisfy the security protection and QoS requirements at network edge. It divides the services into two kinds, i.e., the user-oriented functionality services, and the service provider-oriented security services. In this case, it is very challenging to jointly deploy the security services and functional services with respect to the resource and latency constraints. We formulate this problem as an integer programming model, and propose the heuristic algorithms to solve it. As far as we know, this paper is the first step, which targets at a proper orchestration of security and functionality services in edge computing. Extensive evaluations show that the proposed algorithms are effective and efficient, in terms of the execution time and the average number of served requests.
What problem does this paper attempt to address?