Kai Zhu,Chunming Wu,Boyang Zhou

DOI: https://doi.org/10.1049/cje.2019.08.011

IF: 1.019

2019-01-01

Chinese Journal of Electronics

Abstract:Network function virtualization (NFV), has been widely adopted in existing networks since it brings lower capital expenditure and operating expense, as well as flexible and elastic deployment. Based on NFV, dynamic Service function chain (SFC) provides more comprehensive and thorough traffic steering over a series of middleboxes, e.g., DPI, and IDS. Nevertheless, dynamic SFC involves internal state migration in middleboxes, making it hard to allocate SFC requests. We propose a reconfigurable SFC scheduling approach with consideration on resource constraints and race of the state migration to collaborate the execution of the SFC reconfiguration, in the reasonable fashion based on a heuristic algorithm. The evaluation is conducted through discrete event simulation to validate the efficiency of our reconfigurable SFC scheduling, and the results demonstrate that the proposed method outperforms First Come First Serve scheduling and random scheduling.

Deze Zeng,Lin Gu,Yunsong Chen,Shengli Pan,Zhuzhong Qian

DOI: https://doi.org/10.1109/smartworld.2018.00235

2018-01-01

Abstract:Via the newly emerging technologies Network Function Virtualization (NFV), network service providers can acquire cloud resources to provision network services (e.g., network service chain) in a flexible and on-demand manner, thus significantly reducing both the capital and operational expense. In this case, how to deploy Virtual Network Functions (VNFs) has become a critical issue and has attracted much attention in the literature. Existing VNF placement studies usually ignore the "state" of VNFs and assume that all VNFs are stateless. However, it is well known that some VNFs are stateful and a collection of flows may share an aggregate state. How to deploy such stateful VNFs is still under-investigated. In this paper, we are motivated to investigate how to add a stateful VNF into an existing service chain in a cost-efficient manner. In particular, we intend to maintain the dynamic aggregate state on the exclusive server to avoid state synchronization by assigning the aggregate flows to the same VNF node. We first formulate the problem into an integer linear programming (ILP) form, which is then proved to be NP-hard. To address the computation complexity, we then propose a dynamical programming based heuristic algorithm, whose high efficiency is extensively proved via trace-based simulations. The performance evaluation results show that our heuristic algorithm performs close to the optimal solution and outperforms a greedy-based competitor. In addition, we also show that the state of VNF has deep impact on the VNF deployment cost.

Ibrahim Tamim,Manar Jammal,Hassan Hawilo,Abdallah Shami

DOI: https://doi.org/10.48550/arXiv.2004.11496

2020-04-24

Abstract:The shift towards a completely virtualized networking environment is triggered by the emergence of software defined networking and network function virtualization (NFV). Network service providers have unlocked immense capabilities by these technologies, which have enabled them to dynamically adapt to user needs by deploying their network services in real-time through generating Service Function Chain (SFCs). However, NFV still faces challenges that hinder its full potentials, including availability guarantees, network security, and other performance requirements. For this reason, the deployment of NFV applications remains critical as it should meet different service level agreements while insuring the security of the virtualized functions. In this paper, we tackle the challenge of securing these SFCs by introducing virtual security functions (VSFs) into the latencyaware deployment of NFV applications. This work insures the optimal placement of the SFC components including the security functions while considering the performance constraints and the VSFs' operational rules such as, functions' alliance, proximity, and anti-affinity. This paper develops a mixed integer linear programming model to optimally place all the requested SFCs while satisfying the above constraints and minimizing the latency of every SFC and the intercommunication delay between the SFC components. The simulations are evaluated against a greedy algorithm on the virtualized Evolved Packet Core use case and have shown promising results in maintaining the security rules while achieving minimum delays.

Networking and Internet Architecture

Yangming Zhao,Jingyuan Fan,Huan Chen,Chunming Qiao

DOI: https://doi.org/10.1109/iwqos.2018.8624164

2018-01-01

Abstract:Combining Virtual Network Functions (VNF) and Software Defined Networking (SDN) enables fine-grained traffic steering to provide required network services to flows. However, online routing calculation and flow table enforcement incurs an non-negligible overhead. In this work, we propose to design a nonblocking network with fixed routing and VNF provisioning schemes to improve the network performance (e.g. the flow completion time). We first formulate this problem as a linear programming (LP) problem with infinite number of constraints, and leverage primal-dual technology to reformulate the problem as a polynomial size LP. The LP formulation is also extended to reconfigure the network when some components become unavailable, in order to keep the network nonblocking. Since solving the LP formulation is time consuming or even impossible in large scale networks, an efficient algorithm based on optimization decomposition and column generation is proposed to find a near optimal solution quickly. Simulation results show that nonblocking networks can speed up 60% of the flows by 2x, with a small increase in the required network capacity, compared with approaches that do not use the nonblocking networks.

Yonghui Huang,Yan Ma,Zhaowen Lin,Shuyue Wang,Bowen Xie

DOI: https://doi.org/10.1142/s0218126622500426

2021-01-01

Abstract:By endowing network with the ability of reliable scheduling of security resources, it can realize the dynamic deployment of security resources as well as the efficient configuration of protection resources, and further can quickly respond to network security threats and emergencies timely. Furthermore, due to the network is increasingly complex, it is of great importance to make it reliable by invoking appropriate security resources. However, the security mechanism and response speed of traditional network based on security domain division, network boundary protection are hard to meet the requirements of the virtual network. In this paper, we propose the SDN-empowered reliable and dynamic scheduling scheme for security resources. In the scheme, we use network security resource virtualization technology to virtualize and modularize network security software and hardware resources; at the SDN control layer, we propose meta-security function combination technology to provide on-demand customization for various security applications’ security service; by using role-based conflict detection and conflict resolution technology, we can detect and handle security rule conflicts. The experiments show that the scheme is reliable and efficient with low latency and great throughput.

Xiaojing Chen,Wei Ni,Iain B. Collings,Xin Wang,Shugong Xu

DOI: https://doi.org/10.1109/tcomm.2018.2877336

IF: 6.166

2019-02-01

IEEE Transactions on Communications

Abstract:This paper proposes a new fully decentralized approach to online placement and optimization of virtual machines (VMs) for network functions virtualization (NFV). The approach is of practical value, as network services comprising a chain of virtual network functions (VNFs) are proposed to be queued on the basis of leading unexecuted VNFs at every server, rather than on the typical basis of services, reducing queues per server and facilitating queue management and signaling. It is also non-trivial because the VNFs of network services must be executed correctly in order at different VMs, coupling the optimal decisions of VMs on processing or offloading. Exploiting Lyapunov optimization techniques, we decouple the optimal decisions by deriving and minimizing the instantaneous upper bound of the NFV cost in a distributed fashion, and achieve the asymptotically minimum time-average cost. We also reduce the queue length by allowing individual VMs to (un)install VNFs based on local knowledge, achieving stable redeployment of VNFs, adapting to the network topology and the temporal and spatial variations of services. Simulations show that the proposed approach is able to reduce the time-average cost of NFV by 71% and reduce the queue length (or delay) by 74%, as compared with existing approaches.

telecommunications,engineering, electrical & electronic

Mengjie Liu,Gang Feng,Shuang Qin,Weihua Zhuang

DOI: https://doi.org/10.1109/icc40277.2020.9149133

2020-01-01

Abstract:Driven by an explosive increase in the number of users and data usage, energy consumption becomes a significant concern for information and communication technology industry. In softwarization based networks, energy-efficient Network Function (NF) resource allocation is imperative yet challenging for service provisioning. In this paper, we investigate dynamic NF resource allocation (NFRA) problem for service function chains (SFCs) with aim to minimize the long-term energy consumption, while guaranteeing the end-to-end delay requirements for the packets traversing the SFCs. We formulate the problem as an infinite horizon Markov Decision Process (MDP) problem and obtain the global optimal solution based on the value iteration algorithm which has high computational complexity. The global optimal solution serves as a performance upper bound due to its high computational complexity. To cater for efficient on-line NFRA decisions, we further design a suboptimal distributed value iteration based dynamic NF resource allocation (DDRA) algorithm. The numerical results based on real-world data traces demonstrate the proposed DDRA algorithm achieves a close-to-optimal performance and a significant performance improvement compared with two known NF resource allocation algorithms.

Yujie Liu,Yong Li,Marco Canini,Yue Wang,Jian Yuan

DOI: https://doi.org/10.1109/infcomw.2016.7562137

2016-01-01

Abstract:Combining Network Functions Virtualization (NFV) with Software-Defined Networking (SDN) is an emerging solution to provide fine-grained control over scalable and elastic packet processing functions. Due to changes in network policy, traffic characteristics, or physical topology in Software-Defined NFV (SDNFV) systems, the controller needs to carry out network updates frequently, i.e., change the data plane configuration from one state to another. In order to adapt to a newly desired network state quickly, the network update process is expected to be completed in the shortest time possible. However, the update scheduling schemes need to address resource constraints including flow table sizes, CPU capacities of Virtualized Network Functions (VNFs) and link bandwidths, which are closely coupled. Thus, the problem is difficult to solve, especially when multiple flows are involved in the network update. In this work we investigate the multi-flow update problem in SDNFV systems, and formulate it as a mixed integer programming problem, which is NP-complete. We propose an approximation algorithm via linear relaxation. By extensive simulations, we demonstrate that our algorithm approaches the optimal solution, while requiring 10x-100x less computing time.

Yue Zeng,Baoliu Ye,Bin Tang,Sanglu Lu,Feng Xu,Song Guo,Zhihao Qu

DOI: https://doi.org/10.1109/tcomm.2023.3238396

IF: 6.166

2023-01-01

IEEE Transactions on Communications

Abstract:The software-defined network (SDN) enabled mobile edge network greatly facilitates network resource management and promotes many emerging applications. However, user mobility may cause the SDN controller to set flow rules frequently, introduce additional flow setup latency, cause delay jitter, and undermine latency-sensitive services. Proactive flow setup is an effective way to eliminate flow setup latency, but existing work fails to maximize the flow setup hit ratio, a metric for evaluating the quality of proactive flow setup decisions, which is critical for latency-sensitive services. In this paper, we study how to proactively set flow rules to maximize the flow setup hit ratio under limited available network resources to eliminate the flow setup latency as much as possible. Then, we formalize the proactive flow setup problem as two integer linear programming problems under two typical routing strategies, default routing and dynamic routing. Both problems are proved to be NP-hard. To tackle these two problems, we propose a linear programmingbased polynomial-time approximation algorithm for the default routing case and a greedy-based heuristic algorithm for the dynamic routing case. Extensive trace-driven experimental and simulation results verify that our algorithms can improve the flow setup hit ratio by up to 30.99% compared to existing solutions.

Lyu Qing,Zhou Yonghang,Fan Qilin,Lyu Yongqiang,Zheng Xi,Xu Guangquan,Li Jun

DOI: https://doi.org/10.1007/s11036-021-01868-5

2022-01-01

Mobile Networks and Applications

Abstract:With the rapid development of network function virtualization, delay-sensitive applications including auto-driving, online gaming, and multimedia conferencing can be served by virtual network function (VNF) chains with low operation expense/capital expense and high flexibility. However, as the service requests are highly dynamic and different services require distinct bandwidth occupation amount and time, how to schedule the paths of flows and place VNFs efficiently to guarantee the performances of network applications and maximize the utilization of the underlying network is a challenging problem. In this paper, we present a joint optimization approach of flow path scheduling and VNF placement, named JOSP, which explores the best utilization of bandwidth from two different aspects to reduce the network delay. We first present a delay scaling strategy that adds the penalty to the link bandwidth occupation that may cause congestion in accordance with the network placement locations. Then we consider the bandwidth occupation time and present a long-short flow differentiating strategy for the data flows with different duration. Furthermore, we present a reinforcement learning framework and use both the flow path delay and the network function-related delay to calculate the reward of placing VNFs adaptively. Performance evaluation results show that the JOSP can reduce the network delay by 40% on average compared with the existing methods.

Gamal Sallam,Gagan R. Gupta,Bin Li,Bo Ji

DOI: https://doi.org/10.48550/arXiv.1801.05795

2018-01-18

Abstract:With the advent of Network Function Virtualization (NFV), Physical Network Functions (PNFs) are gradually being replaced by Virtual Network Functions (VNFs) that are hosted on general purpose servers. Depending on the call flows for specific services, the packets need to pass through an ordered set of network functions (physical or virtual) called Service Function Chains (SFC) before reaching the destination. Conceivably for the next few years during this transition, these networks would have a mix of PNFs and VNFs, which brings an interesting mix of network problems that are studied in this paper: (1) How to find an SFC-constrained shortest path between any pair of nodes? (2) What is the achievable SFC-constrained maximum flow? (3) How to place the VNFs such that the cost (the number of nodes to be virtualized) is minimized, while the maximum flow of the original network can still be achieved even under the SFC constraint? In this work, we will try to address such emerging questions. First, for the SFC-constrained shortest path problem, we propose a transformation of the network graph to minimize the computational complexity of subsequent applications of any shortest path algorithm. Second, we formulate the SFC-constrained maximum flow problem as a fractional multicommodity flow problem, and develop a combinatorial algorithm for a special case of practical interest. Third, we prove that the VNFs placement problem is NP-hard and present an alternative Integer Linear Programming (ILP) formulation. Finally, we conduct simulations to elucidate our theoretical results.

Networking and Internet Architecture

Chao Qi,Jiangxing Wu,Hongchao Hu,Guozhen Cheng

DOI: https://doi.org/10.1049/el.2016.2670

2016-01-01

Electronics Letters

Abstract:Modifying flow rule attack posts a huge threat to controllers in network operating system (NOS) for software defined network (SDN) due to its concealment. Based on the previously proposed NOS architecture with multiple controllers which introduce heterogeneity and dynamic to defend above attack effectively, its dynamic segment about dynamically scheduling controllers is explicitly presented. A dynamic-scheduling method is put forward to maximise security gain of NOS during each switch. This algorithm is able to improve NOS security through altering its framework's diversity to maximum degree while considering switching cost and latency simultaneously. Theory analysis and simulation results prove validity and availability of the devised mechanism and its more effective security performance over traditional architectures.

Hao Wu,Peilong Liu,Kai Liu,Jian Yan,Linling Kuang

DOI: https://doi.org/10.1109/iccc56324.2022.10065692

2022-01-01

Abstract:Based on software-defined networking (SDN), many online service providers deploy novel online traffic engineering (TE) schemes in their data center networks. The online TE epoch usually ranges from several hundred milliseconds to a few minutes, which is shorter than the duration of some flows. These flows may suffer inconsistent quality-of-service (QoS) between TE epochs, which leads to degradation in flow utility functions and the total network utility. Although effective in packet-level QoS improvement, conventional TCP variants and queueing designs cannot address the QoS inconsistency since flow-level information, including flow service history and flow utility function, is not considered. This paper proposes a flow-level traffic scheduling (FLTS) method to improve flow QoS consistency and network utility. We propose a flow measurement mechanism that factors the service history and residual demand into the flow priorities. For background flows, we establish a G/G/1 queueing model in traffic sources and propose a traffic rate control mechanism to minimize the queueing time. Simulation results demonstrate that FLTS outperforms two typical conventional approaches with an 18% to 29% improvement in network utility under heavy traffic loads.

Sudha Dubba,Balaprakasa Rao Killi

DOI: https://doi.org/10.1007/s10922-024-09880-2

2024-11-23

Journal of Network and Systems Management

Abstract:The idea of network function virtualization has emerged recently as a means of accelerating the deployment of middleboxes and network operations while also lowering deployment costs. Service function chaining provides network connectivity and steers traffic between the deployed VNF instances to provide a network service. However, integrating NFV within SFC scheduling introduces complexities, particularly in efficiently allocating resources to VNFs amidst dynamic network traffic and service demands. Optimization of VNF placement and scheduling is essential to minimize execution costs while meeting stringent Service Level Agreements (SLAs) and ensuring quality-guaranteed services. Moreover, the convergence of NFV and SFC scheduling brings for security challenges, including unauthorized access, data interception, and service disruption. Balancing optimization objectives with stringent security requirements poses a non-trivial task, emphasizing the need for prioritizing security in resource allocation and scheduling decisions. Meeting SFC deadlines is challenging due to dynamic network conditions, service demands, and resource allocation complexity. Failure to meet deadlines can lead to service quality degradation, SLA violations, and financial penalties. To address these challenges, the security and cost-aware SFC scheduling problem is formulated as an optimization problem. Moreover, a three-level security model is designed for both the VNFs and the physical machines in the NFV-enabled networks. Since the problem is NP-hard, we propose two heuristics named Particle Swarm Optimization-Based SFC Scheduling approach and Group Learning Particle Swarm Optimization-Based SFC Scheduling model that focus on optimizing the execution cost of SFC while meeting security and deadline requirements. The proposed models are compared with the existing SFC scheduling models. The effectiveness of the proposed scheduling approaches is evaluated through extensive simulations and it is shown that proposed scheduling approaches outperform the existing models in terms of average execution cost, security violation ratio, deadline violation ratio, service level agreement violation ratio, and average delay.

computer science, information systems,telecommunications

Jiaqiang Liu,Yong Li,Huandong Wang,Depeng Jin,Li Su,Lieguang Zeng,Thanos Vasilakos

DOI: https://doi.org/10.1016/j.ins.2015.08.019

IF: 8.1

2015-01-01

Information Sciences

Abstract:Network operators employ a variety of security policies for protecting the data and services. However, deploying these policies in traditional network is complicated and security vulnerable due to the distributed network control and lack of standard control protocol. Software-defined network provides an ideal paradigm to address these challenges by separating control plane and data plane, and exploiting the logically centralized control. In this paper, we focus on taking the advantage of software-defined networking for security policies enforcement. We propose a two layer OpenFlow switch topology designed to implement security policies, which considers the limitation of flow table size in a single switch, the complexity of configuring security policies to these switches, and load balance among these switches. Furthermore, we introduce a safe way to update the configuration of these switches one by one for better load balance when traffic distribution changes. Specifically, we model the update process as a path in a graph, in which each node represents a security policy satisfied configuration, and each edge represents a single step of safely update. Based on this model, we design a heuristic algorithm to find an optimal update path in real time. Simulations of the update scheme show that our proposed algorithm is effective and robust under an extensive range of conditions.

Dan Liao,Yulong Wu,Ziyang Wu,Zeyuan Zhu,Wanting Zhang,Gang Sun,Victor Chang

DOI: https://doi.org/10.1007/s10586-018-2124-0

2018-01-01

Cluster Computing

Abstract:AI-based network function virtualization (NFV) is an emerging technique that separates network control functionality from dedicated hardware middleboxes and is virtualized to reduce capital and operational costs. With the advances of NFV and AI-based software-defined networks, dynamic network service demands can be flexibly and effectively accomplished by connecting multiple virtual network functions (VNFs) running on virtual machines. However, such promising technology also introduces several new research challenges. Due to resource constraints, service providers may have to deploy different service function chains (SFCs) to share the same physical resources. Such sharing inevitably forces the scheduling of the SFCs and resources, which consumes computational time and introduces problems associated with reducing the response delay. In this paper, we address this challenge by developing two dynamic priority methods for queuing AI-based VNFs/services to improve the user experience. We account for both transmission and processing delays in our proposed algorithms and achieve a new processing order (scheduler) for VNFs to minimize the overall scheduling delay. The simulation results indicate that the proposed scheme can promote the performance of AI-based VNFs/services to meet strict latency requirements.

Nan Geng,Yuan Yang,Mingwei Xu

DOI: https://doi.org/10.1016/j.comnet.2020.107671

IF: 5.493

2020-01-01

Computer Networks

Abstract:Existing solutions of flow-level traffic engineering (TE) usually depend on the deployment of SDN or MPLS. In this paper, we design a flow-level and efficient TE scheme based on the conventional hop-by-hop routing protocol, i.e., OSPF. Motivated by the analysis and modeling on the real Internet traffic, we propose to detect and schedule a few large flows in real-time. The rerouting paths for large flows are computed in a centralized server and are distributed through extended OSPF. A few ACL entries are used for flow-level forwarding. We formalize the link weight assignment-based large flow scheduling problem and prove the problem is NP-hard. We propose to precompute several candidate paths to reduce decision computation overhead and path stretch. We develop an algorithm with performance bounds to allocate large flows to paths, and two algorithms to reduce extra LSA number for different system designs. Experiment results show our scheme can reroute large flows within 0.5 s. Simulation results show our scheme gets congestion metric values (i.e., performance ratios) 10% worse than the optimal for source and destination addresses-based flows. Our optimization mechanisms reduce the extra LSA number and computation time by 87% and 83% respectively for our scheme with pre-computed paths.

Jian Yang,Kunjie Zhu,Yongyi Ran,Weizhe Cai,Enzhong Yang

DOI: https://doi.org/10.1109/tmm.2016.2629280

IF: 7.3

2017-01-01

IEEE Transactions on Multimedia

Abstract:This paper considers the optimization problem of joint admission control and routing for the video streaming service in wired software-defined networking (SDN). With the aid of the network operating system, SDN is able to support the dynamic nature of future network functions and intelligent applications. Against this changing network landscape, we rely on FlowVisor-based virtualization in the context of OpenFlow-based wired SDN to design an open optimization architecture for the joint admission control and routing, which supports flexible and agile deployment of advanced joint admission control and routing strategies. Following this architecture, we interpret the joint admission control and routing problem into the Markov decision process for maximizing the overall “revenue.” In order to solve the issue of the curses of dimensionality, we invoke the function approximation technique in the context of approximate dynamic programming to conceive an online learning framework. By applying kernel-based autonomous feature extraction into the function approximation, we develop an approximate dynamic programming-based joint admission control and routing for video streaming service, which is apt to be implemented in the proposed open architecture. An emulation platform based on FlowVisor, POX, and Mininet is constructed for demonstrating the success of the proposed solution. The experimental results are presented to show the performance improvement of the proposed scheme by comparing it with the Q-learning algorithm and open shortest path first-based benchmark scheme.

Nan Geng,Yuan Yang,Mingwei Xu

DOI: https://doi.org/10.1109/iwqos.2018.8624179

2018-01-01

Abstract:A fine-grained traffic engineering (TE) that enables per-flow control is considered to be necessary in future Internet. In this paper, we study to realize flow-level TE in conventional networks, where hop-by-hop routing is available, and advanced technologies such as SDN and MPLS are not deployed. Based on analysis and modelling on real Internet traffic, we propose to detect and schedule a few large flows in real time, which dominate the traffic amount. The proposed scheme leverages advanced algorithms for detection, computes the rerouting paths in a centralized server, uses extended OSPF to distribute the routing, and uses a few ACL entries for flow-level forwarding. We formalize the link weight assignment-based large flow scheduling problem and prove that the problem is NP-hard. We develop algorithms to compute the routing and reduce extra LSA number required. We present a set of theoretical results on the TE performance bounds when the number of large flows varies. Experiment and simulation results show that our scheme can reroute large flows within 0.5 second, and the maximum link utilization is within 102% of the optimal solution for source and destination addresses-based flows, while the extra LSA number is small.

Jingyu Xiao,Xudong Zuo,Qing Li,Dan Zhao,Hanyu Zhao,Yong Jiang,Jiyong Sun,Bin Chen,Yong Liang,Jie Li

DOI: https://doi.org/10.1109/tnet.2023.3334237

2024-01-01

Abstract:Programmable Data Plane (PDP) has been leveraged to offload Network Functions (NFs). Due to its high processing capability, the PDP improves the performance of NFs by more than one order of magnitude. However, the coarse-grained NF orchestration on the PDP makes it hard to fulfill the dynamic service chain demands and unreasonable network function deployment causes long end-to-end delays. In this paper, we propose the Flexible Network Function (FlexNF) deployment on the PDP. First, we design an NF Selection Framework, leveraging the service selection label and re-entering operations for flexible NF orchestration. Second, to support runtime NF reconfiguration to meet the dynamic flow demands, we propose the Per-Flow On-Demand servicing mechanism, where one Match-Action Table with multiple mixed NFs works as different NFs for different flows. Third, to ensure the QoS of flows, on the one hand, we design an SP-aware NF Placement Algorithm to find a near-optimal placement solution that accommodates peak traffic volume while minimizing the overall routing path lengths of all the requests, on the other hand, we design a Two-Stage Service Path Construction Algorithm to provide on-path service while considering load balancing. We implement 15 types of network functions on the P4 switch, based on which we construct the comprehensive experiments. FlexNF reduces the traffic delay by 42.6% while increasing the service chain acceptance rate by five times compared with current solutions. Besides, when switching functions, the FlexNF improves the throughput by 2.04Gbps and reduces the packet loss by 8.269% compared with current solutions.