1 |
Distribution de contenus collaborative basée sur une plateforme de fonctions réseaux virtualisées en tant que service / Collaborative Content Distribution over a VNF-as-a-Service platformHerbaut, Nicolas 13 November 2017 (has links)
L’augmentation constante de la consommation de vidéos par des services par contournement(Over-The-Top) met à mal l’architecture actuelle d’Internet. Alors qu’une écrasante majorité de labande passante aujourd’hui est allouée à la livraison de contenus, les acteurs de l’Internet, tels queles fournisseurs de contenus, les réseaux de distribution de contenus et les fournisseurs d’accès sontobligés d’optimiser leurs réseaux pour supporter la qualité d’expérience attendue par l’utilisateurfinal. Ces réseaux couteux et spécialisés participent à l’ossification de l’Internet, rendant l’évolutionde son architecture plus difficile à moyen terme. En effet, un choix trop spécifique de dimensionnementdes liens et de la localisation des middle-boxes peut être un frein à une mise à jour ultérieureen vue du support de nouveaux cas d’utilisation. Heureusement, les technologies de virtualisationrécemment promues par les grands opérateurs Internet, les vendeurs de solutions et les organismesde standardisation, permettent une réelle programmabilité du réseau et une plus grande versatilitédans les usages de nouveaux équipements. En effet, l’agilité apportée par ces technologies permet ledéploiement de Fonctions Réseaux Virtuelles (VNF, Virtual Network Functions) pouvant s’exécutersur des serveurs de série à bas coût. Quant au Software-Defined Networking , il rend possible unegestion du réseau logiquement centralisée permettant la programmation des commutateurs.L’objectif de cette thèse est de montrer comment la distribution de contenu peut être amélioréecollaborativement à l’aide de la programmabilité de réseaux. Tout d’abord, nous proposons CDNaaS,une solution complète de réseau de livraison de contenu déployée sur une plateforme de "fonctionsréseaux en tant que service" adoptée et évaluée à large échelle dans le cadre du projet Européen FP7T-NOVA. Nous précisons les interfaces, l’architecture et les choix de conception fait pour développerla plateforme afin de fournir performance, auto-dimensionnement et réutilisabilité. Puis, nous proposonsdeux modèles de collaboration permettant aux acteurs de la livraison de contenu de travaillerensemble afin d’augmenter la qualité d’expérience pour l’utilisateur final, tout en promouvant unecompétition saine et une répartition équilibrée de la valeur ajoutée. Finalement, nous étudions lesdéfis liés à l’allocation de ressources virtuelles dans le cas d’un service vCDN, et proposons plusieursheuristiques et algorithmes permettant l’optimisation du coût du service.Cette thèse ouvre la voie à une distribution de contenu collaborative permettant aux utilisateursd’accéder à leurs contenus avec un haut standard de qualité, tout en contribuant à un développementsain de l’Internet. / The constant rise of Over-The-Top video consumption nowadays challenges the current Internetarchitecture. As an overwhelming majority of the bandwidth today is dedicated to the deliveryof video contents, Internet actors such as Content Providers, Content Delivery Network, InternetService Providers are forced to optimize their networks to support the Quality of Experience expectedby the End-Users . Such costly specialized networks participate to the so-called "ossification" of theInternet whichmakes the architecture harder to update, as the placement and dimensioning of linksand middleboxes may be hard to change in the future to support new use cases. Fortunately, thetrend of Virtualizating and Softwarizing the networks pushed by major Telco operators, vendors andstandardization bodies has given hopes that the computing and networking infrastructure can beeasily re-purposed. The agility promoted by technologies such as Network Function Virtualizationand Software Defined Networking makes it possible for middleboxes to be deployed as VirtualNetwork Functions that can run on "commercial off-the-shelf" hardware while having the networkmanaged by a logically centralized controller deploying network configurations on programmableforwarding devices.The goal of this thesis is to show how content distribution can be collaboratively improved thanksto Network Softwarization. First, we propose CDN-as-a-Service (CDNaaS), a complete solution tovirtualize a Content Delivery Network on top of a VNF-as-a-Service platform, adopted and evaluatedat large scale in the FP7 T-Nova European project. We elaborate on the interfaces, architecture anddesign choices made to implement the platform to support performance, automatic scaling andre-usability. Then, we propose two collaboration models allowing the content delivery actors to workjointly on improving End-User Quality of experience while fostering a healthy competition and a fairbalance of revenue. Finally, we study the challenges of NFV resource allocation for the vCDN serviceand propose several heuristics and algorithms to optimize the proposed solution in a cost-effectiveway. This thesis paves the way towards a collaborative content distribution allowing End-Users toaccess their content with the highest standards while contributing to a sound development of theInternet.
|
2 |
Intrusion Detection System as a Service : Providing intrusion detection system on a subscription basis for cloud deploymentGade, Vaibhav January 2015 (has links)
No description available.
|
3 |
Diseño y trial test de un sistema de monitoreo sobre el Evolved Packet Core virtualizadoLoza Valenzuela, Pablo Ignacio January 2019 (has links)
Memoria para optar al título de Ingeniero Civil Eléctrico / En la era de la Información, las Tecnologías de Información y Comunicaciones avanzan vertiginosamente. Cada vez los servicios son más personalizados y variados, además con mayores exigencia de calidad, y por ello, las compañías proveedoras de servicios de comunicaciones deben adaptarse de manera rápida y a costos razonables. Es por esto que la tecnología NFV destaca para entregar dinamismo a la Red Móvil, aplicando eficiencia en sus recursos.
En los nuevos estándares en los que trabaja la 3GPP para el 5G, se plantea pasar del paradigma de Funciones de Red ligadas al Hardware por las Funcionciones virtualizadas que están construidas en Software, y así tener sistemas de conexión que puedan escalar de una forma más flexible y ágil, cambiando el enfoque general de cómo se implementan los servicios.
Considerando lo anterior, este trabajo consiste en una guía para la implementación de un Virtual Evolved Packet Core en un ambiente NFV, utilizando solo herramientas Open Source, como OpenStack para la administración del ambiente NFV, y OpenAirInterface para la implementación de un vEPC y vRAN, además se agregará un Dashboard con Grafana para monitorear las principales KPI del vEPC.
Como resultado queda una guía didáctica para interiorizarse en el mundo de la Virtualización, aplicado a las Redes Móviles. Queda desarrollado como poder hacer pruebas sobre el ambiente NFV para así probar características como la agilidad y escalabilidad del Software. Se concluye en este trabajo, la importancia de las nuevas habilidades que deben adquirir los Proveedores de Comunicaciones en el ámbito de la Virtualización, aunque siendo compatibles sus conocimientos sobre Redes Móviles tradicionales, deben agregar este nuevo paradigma de cambio del Hardware hacia el Software.
Por tanto queda esta guía práctica para introducirse en el mundo de las NFV, desde el punto de vista de la Telefonía móvil, con los pasos a seguir para la construcción y monitoreo de un Virtual Evolved Packet Core.
|
4 |
An Automated VNF Manager based on Parameterized-Action MDP and Reinforcement LearningLi, Xinrui 15 April 2021 (has links)
Managing and orchestrating the behaviour of virtualized Network Functions (VNFs) remains a major challenge due to their heterogeneity and the ever increasing resource demands of the served flows. In this thesis, we propose a novel VNF manager (VNFM) that employs a parameterized actions-based reinforcement learning mechanism to simultaneously decide on the optimal VNF management action (e.g., migration, scaling, termination or rebooting) and the action's corresponding configuration parameters (e.g., migration location or amount of resources needed for scaling ). More precisely, we first propose a novel parameterized-action Markov decision process (PAMDP) model to accurately describe each VNF, instances of its components and their communication as well as the set of permissible management actions by the VNFM and the rewards of realizing these actions. The use of parameterized actions allows us to rigorously represent the functionalities of the VNFM in order perform various Lifecycle management (LCM) operations on the VNFs. Next, we propose a two-stage reinforcement learning (RL) scheme that alternates between learning an action-value function for the discrete LCM actions and updating the actions parameters selection policy. In contrast to existing machine learning schemes, the proposed work uniquely provides a holistic management platform the unifies individual efforts targeting individual LCM functions such as VNF placement and scaling. Performance evaluation results demonstrate the efficiency of the proposed VNFM in maintaining the required performance level of the VNF while optimizing its resource configurations.
|
5 |
LEVERAGING SDN AND NFV FOR DNS AMPLIFICATION OR REFLECTION ATTACK DETECTION AND MITIGATIONNesary, Mohammad Mashud 01 August 2023 (has links) (PDF)
Domain Name System (DNS) is virtually the distributed directory of the Internet for obtaining the Internet Protocol (IP) addresses to access web resources. DNS has always been one of the prime targets for cyber attackers either to inundate different types of DNS servers with attack traffic and false records or to exploit the DNS protocol to perform targeted attacks to user machines. DNS amplification or reflection attacks are some of the most fundamental types of DNS specific Denial-of-Service (DoS) attacks. In this type of attack, users are denied service as the server needs to process spoofed DNS query from the attackers and victim machines receive unsolicited DNS response. Software Defined Networking (SDN) and Network Function Virtualization (NFV) are the technological breakthroughs which have brought transformational change in operating and maintaining network services. These have also opened new avenues to deal with those cyber-attacks along with introducing a whole new set of security threats or vulnerabilities that need to be taken care of. In this paper, we propose detection and mitigation strategies to combat DNS amplification or reflection attacks leveraging the functionalities of both SDN and NFV. We reviewed the existing literature of related approaches, incorporated Moving Target Defense (MTD) techniques into the security solutions, discussed the deployment options of vDNS (Virtual DNS) servers, and elaborated on the security issues involved with SDN and NFV. This work could potentially augment the security of the DNS infrastructure while improving the scalability and agility and provide future direction in research and practice.
|
6 |
Eficiência e auto-escalabilidade na virtualização do serviço de tradução de endereçosBarea, Emerson Rogério Alves 22 February 2016 (has links)
Submitted by Luciana Sebin (lusebin@ufscar.br) on 2016-10-07T18:12:52Z
No. of bitstreams: 1
DissERAB.pdf: 2425846 bytes, checksum: 4f23e91fd2bdddcaf67d6efb2354814e (MD5) / Approved for entry into archive by Marina Freitas (marinapf@ufscar.br) on 2016-10-13T19:50:06Z (GMT) No. of bitstreams: 1
DissERAB.pdf: 2425846 bytes, checksum: 4f23e91fd2bdddcaf67d6efb2354814e (MD5) / Approved for entry into archive by Marina Freitas (marinapf@ufscar.br) on 2016-10-13T19:50:15Z (GMT) No. of bitstreams: 1
DissERAB.pdf: 2425846 bytes, checksum: 4f23e91fd2bdddcaf67d6efb2354814e (MD5) / Made available in DSpace on 2016-10-13T19:50:25Z (GMT). No. of bitstreams: 1
DissERAB.pdf: 2425846 bytes, checksum: 4f23e91fd2bdddcaf67d6efb2354814e (MD5)
Previous issue date: 2016-02-22 / Não recebi financiamento / This work presents a novel architecture for the address translation service (NAT) with efficient scalability through the use of Network Functions Virtualization (NFV) in low cost computing environments. To this end, a virtualized network function (VNF) of NAT is instantiated in a minimal OS (ClickOS) and uses a feedback control system to smooth the rate control. Our results indicate that the proposed architecture meets several relevant NFV requirements, including high efficiency, obtaining up to 900% higher throughput gains compared to Linux NAT. In addition, the Proportional Integral control system (PI) yields 85% accuracy in estimating the exact rate using only 3 samples. / Este trabalho apresenta uma proposta de arquitetura de serviço de tradução de endereços (NAT) com escalabilidade eficiente através do uso de Virtualização de Funções de Rede (NFV) em ambientes computacionais de baixo custo. Para isso, uma função de rede virtualizada (VNF) do tipo NAT foi instanciada em sistema minimalista ClickOS e com um sistema de controle retroalimentável realizando o controle da vazão de maneira suave. Nossos resultados indicam que a arquitetura proposta, implementada e testada atende vários requisitos considerados importantes em NFV, como alta eficiencia, obtendo ganhos de 900% na vazão em alta escala contrastado com NAT do Linux. Além disso, resultados do sistema de controle do tipo Proporcional Integral (PI) demonstram 85% de acurácia na vazão prevista em apenas 3 amostras.
|
7 |
Moving towards software-defined security in the era of NFV and SDN / Vers une programmabilité de la sécurité dans les environnements réseaux logiciels et virtualisés (NFV et SDN)Pattaranantakul, Montida 20 June 2019 (has links)
Ce travail de thèse, vise à explorer les problèmes de sécurité et les solutions, dans les environnements réseaux logiciels et virtualisés, avec les deux hypothèses suivantes:(1) Les changements de paradigmes introduits par les réseaux SDN et NFV permettent de développer de nouvelles approches en matière de gestion de la sécurité; (2) L’ensemble des menaces et vulnérabilités dans les environnements NFV/SDN doivent être intégralement pris en compte. Donc, dans une première partie, nous proposons une étude détaillée et complète, du point de vue de la sécurité, des architectures et protocoles SDN/NFV, mais aussi de la gestion et de l’orchestration des fonctions réseaux dans ces environnements (architecture MANO). Plusieurs cas d’usage sont spécifiés et proposés, en guise d’illustrations. Cette première étude a conduit à deux contributions majeures: (1) une architecture complète pour la gestion et l’orchestration de la sécurité (appelé SecMANO) basé sur NFV MANO. SecMANO permet de gérer un ensemble de fonctions service, de mécanismes de sécurité (contrôle d’accès, IDS/IPS, isolation, protection) basées sur un ensemble de règles; (2) une analyse complète des menaces et vulnérabilités dans le contexte NFV, à partir de cinq cas d'usage spécifiques, et des contre-mesures associées. Cette analyse a permis de proposer, une classification (taxonomie) complète et détaillée, des différents types de menace spécifique, associés à un ensemble de recommandations, pour une meilleure sécurité des services NFV. Nous estimons que ces deux premières contributions ouvrent des perspectives de recherche intéressantes, dans le domaine de la sécurité des réseaux NFV/SDN.Cette première étude, nous a amenés à proposer en guise de troisième contribution, une nouvelle architecture pour l’orchestration de fonctions de sécurité dans les environnements virtualisés. Cet orchestrateur de sécurité a été spécifié et développé comme un module d’extension pour les orchestrateurs existants. L’objectif est d’assurer un déploiement dynamique, flexible, à la demande, ainsi qu’une orchestration efficace des différents services de sécurité de base. Plus précisément, un mécanisme de contrôle d’accès, défini et appliqué à partir d’un langage de haut niveau, basé sur les piles "Tacker" (un service OpenStack pour orchestrateur NFV utilisant le modèle de donnés TOSCA), a été prototypé, implanté et testé. Ce prototype, permet de personnaliser et d’adapter dynamiquement, le modèle et la stratégie de contrôle d’accès, pour différents domaines utilisateurs concurrents. Ces domaines de sécurité indépendants, restent potentiellement protégés et isolés, dans les environnements à grande échelle, multi-opérateurs et multi-clouds. Le prototype et les expérimentations menées dans des conditions pratiques, montrent la faisabilité et l'efficacité de l’approche proposé.L’étude proposées dans la première partie, à partir d’une approche "cross-layer", mettent en évidence de nouveaux types de menaces et vulnérabilités et démontrent que dans ces environnements logiciels, virtualisés, la sécurité est l’élément critique. La quatrième contribution (SecSFC) vise à sécuriser et à fiabiliser, la composition et le chaînage de fonctions service (Service Function Chaining, SFC) dans les environnements NFV/SDN. SecSFC s’appuie sur un mécanisme de type "identity-based ordered multisignature" pour garantir les propriétés suivantes: (1) L’authentification de chaque fonction service, associée à une chaîne de fonctions service particulière; (2) La cohérence et le séquencement de l’ensemble des fonctions service associées à une composition ou à un chaînage particulier de fonctions service ("VNF forwarding graph"). L’analyse théorique du modèle proposé "SecSFC" et les résultats expérimentaux, montrent le caractère résilient de l’approche, en particulier face à un certain nombre d’attaques spécifiques (ex. modification des règles ou de la topologie) avec un temps de traitement et une latence, limités / This thesis is intended to explore security issues in the virtualized and software-defined world, and starts with two important hypotheses: (1) SDN and NFV offer plenty of opportunities for us to rethink security management in the new networking paradigms; (2) both legacy and new security threats and vulnerabilities in NFV/SDN enabled environments need to be sufficiently addressed in order to pave the way for their further development and deployment. To validate the hypotheses, we carry out an in-depth study on NFV/SDN from security perspective, including its architecture, management and orchestration (MANO) framework, and use cases, leading to two major contributions, (1) a security management and orchestration framework (called SecMANO) based on NFV MANO, which has the potential to manage a set of policy-driven security mechanisms, such as access control, IDS/IPS, network isolation, data protection; (2) a comprehensive threat analysis on five NFV use cases and the state-of-the-art security countermeasures, resulting in a NFV layer-specific threat taxonomy and a set of security recommendations on securing NFV based services.We believe that both of the two contributions lay down a foundation for security research in NFV/SDN domain. In particular, based on the two contributions, we further develop a security orchestrator as an extension of available NFV orchestrator, with an objective to enabling the basic security functions to be effectively orchestrated and provided as on-demand services to the customers, meanwhile allowing high-level security policies to be specified and enforced in a dynamic and flexible way. Specifically, a software-defined access control paradigm is implemented and prototyped with OpenStack and Tacker (a NFV orchestrator using TOSCA model), which allows the security administrators to dynamically customize the access control models and policies for different tenant domains, eventually achieving flexible and scalable protection across different layers and multiple cloud data centers. Both prototype of concept and real-life experiments on testbed have been carried out, clearly demonstrating the feasibility and effectiveness of our security orchestrator.In addition, as our NFV cross-layer threat taxonomy indicates, a large set of novel threats will be introduced, among which VNF (Virtualized Network Function) is a unique and important asset that deserves careful protection. The fourth contribution of this thesis is therefore devoted to achieving secure and dependable SFC (Service Function Chaining) in NFV and SDN environment. Specifically, an identity-based ordered multisignature scheme called SecSFC is designed and applied to ensure that, (1) each service function involved in a particular service chain is authenticated and legitimate; (2) all the service functions are chained in a consistent, optimal, and reliable way, meeting with the pre-defined high-level specifications like VNF Forwarding Graph. Both theoretical security analysis and experimental results demonstrate that our scheme can effectively defend against a large set of destructive attacks like rule modification and topology tempering, moving an important step towards secure and dependable SFC. Importantly, the signature construction and validation process is lightweight, generating compact and constant-size keys and signatures, thereby only incurring minimal computational overhead and latency
|
8 |
A Data Model Driven Approach to Managing Network Functions Virtualization : Aiding Network Operators in Provisioning and Configuring Network FunctionsSällberg, Kristian January 2015 (has links)
This master’s thesis explains why certain network services are difficult to provision and configure using IT automation and cloud orchestration software. An improvement is proposed and motivated. This proposed improvement enables network operators to define a set of data models describing how to provision and interconnect a set of Virtual Network Functions (VNFs) (and possibly existing physical network functions) to form networks. Moreover, the proposed solution enables network operators to change the configuration at runtime. The work can be seen as a step towards self managing and auto scaling networks. The proposed approach is compared to a well known cloud management system (OpenStack) in order to evaluate if the proposed approach decreases the amount of time needed for network operators to design network topologies and services containing VNFs. Data is collected through observations of network operators, interviews, and experiment. Analysis of this data shows that the proposed approach can decrease the amount of time required for network operators to design network topologies and services. This applies if the network operators are already acquainted with the data modeling language YANG. The amount of time required to provision VNFs so that they respond to connections can also be decreased using the proposed approach. The proposed approach does not offer as much functionality as OpenStack, as it is limited to VNF scenarios. / Denna masteruppsats förklarar varför vissa nätverkstjänster är svåra att skapa och konfigurera med IT-automationsverktyg och mjukvara för molnorkestrering. En förbättring föreslås och motiveras. Den föreslagna förbättringen tillåter nätverksoperatörer att definiera en mängd datamodeller, för att beskriva hur Virtuella Nätverksfunktioner (VNF:er) skall instantieras och kopplas ihop till nätverkstjänster. Dessutom tillåter lösningen nätverksoperatörer att ändra konfiguration under tiden nätverken hanterar trafik. Arbetet kan ses som ett steg mot självhanterande och automatiskt skalande nätverk. Den föreslagna lösningen jämförs med ett välkänt molnorkestreringsverktyg (OpenStack) för att utvärdera om den föreslagna lösningen sänker mängden tid som nätverksoperatörer behöver för att designa nätverkstopologier och tjänster som innehåller VNF:er. Data samlas in genom observationer av nätverksoperatörer, intervjuer, och experiment. Analys av datan visar att den föreslagna lösningen kan minska tiden som behövs för att designa nätverkstopologier och tjänster. Fallen där detta är applicerbart, är när VNF:er närvarar i nätverk. Dessa är enklare att skapa, konfigurera, och ändra under tiden de exekverar, med den föreslagna metoden. Detta kräver också att nätverksoperatören är bekant med datamodelleringsspråket YANG. Tiden det tar att provisionera VNF:er, tills dess att de svarar till anslutningar, kan sänkas med hjälp av den föreslagna metoden. Den förslagna metoden erbjuder väsentligt begränsad funktionalitet jämfört med OpenStack, den fokuserar på att hantera VNF:er.
|
9 |
SDN Benefits in a Legacy WorldChatzis, Vasileios January 2016 (has links)
This dissertation aims to explore how one could leverage Software Defined Network (SDN) and Network Function Virtualization (NFV) principles in order to realize Service Function Chaining (SFC) in a network. SDN is a new networking paradigm, which makes a network programmable through the use of a software entity called SDN controller. NFV is intended to enable deployment of virtualized network functions, therefore replacing existing hardware solutions. SFC provides the ability to route user traffic to one or more network functions in an orderly manner. SFC will potentially enable many use cases such as data providers being able to dynamically steer user traffic through a set of network functions such as rewall and loadbalancer. This study is based on a set of goals. These goals evolve around the implementation of a prototype that will enable a SDN controller to steer user traffic through a series of virtualized network functions (VNFs). An important part of the prototype setup is a Network Management Software (NMS) named BECS, which is developed by Packetfront Software AB. BECS is acting as an orchestrator on the network and has complete awareness of all the network devices present on the network it manages. One of the main requirements of the prototype is to enable BECS to communicate with a SDN controller. Once that has been achieved, BECS could provide the necessary information that the controller needs in order to create and install a set of forwarding rules in the SDN enabled switches of the network. All those steps are necessary in order to achieve SFC. In this prototype, SFC is realized by demonstrating the user specific traffic steering through a set of VNFs in a specific order, based on control messages originated from BECS. Until now, network architecture has been limited to the capabilities of the actual hardware equipment. SDN and NFV help us to overcome this limitation. Information needs to be available anywhere and at any time, in a reliable and secure way. To ensure that, we propose a new scheme of network architecture through our prototype solution. This solution intends to give the ability to network managers to re-shape their networks based on their needs by the use of SFC. / Denna avhandling syftar till att undersöka hur man kan utnyttja principer för Software Defined Network (SDN) och Network Function Virtualization (NFV) för att förverkliga Service Function Chaining (SFC) i ett nätverk. SDN är en ny typ av nätverksparadigm som gör ett nätverk programmerbart genom användning av en programvaruenhet som kallas SDN controller. NFV syftar till att möjliggöra utbyggnaden av virtualiserade nätverksfunktioner och på så sätt ersätta befintliga hårdvarulösningar. SFC bidrar till en förmåga att dirigera trafiken till en eller flera nätverksfunktioner på ett ordnat sätt. SFC kommer potentiellt att möjliggöra många användningsområden, t.ex. uppgiftslämnare som dynamiskt kommer kunna styra användartrafik genom en uppsättning av nätverksfunktioner såsom firewall och loadbalancer. Studien är baserad på en uppsättning av mål. Dessa mål kretsar kring genomförandet av en prototyp som gör det möjligt för en SDN-styrenhet att styra användartrafik genom en serie av virtualiserade nätverksfunktioner (VNFs). En viktig del av prototypinstallationen ar en Network Management Software (NMS) som heter BECS, vilken är utvecklad av Packetfront Software AB. BECS agerar som en Orchestrator på nätet och har fullständig kännedom om alla nätverksenheter som finns i nätverket som den förvaltar. Ett av de viktigaste kraven for prototypen är att göra det möjligt for BECS att kommunicera med en SDN controller. När detta uppnåtts kunde BECS lämna nödvändiga uppgifter som styrenheten behöver for att kunna skapa och installera en uppsattning vidarebefordrade regler iSDN-aktiverade switchar pa natet. Alla dessa åtgarder är nödvändiga for att uppnå SFC. I denna prototyp realiseras SFC genom att påvisa den användarspecifika trafikstyrningen genom en uppsättning VNFs i en viss ordning, vilket baseras på styrmeddelanden som härstammar fran BECS. Fram till nu har nätverksarkitektur varit begränsad till förmågan hos den faktiska hårdvaruutrustningen. SDN och NFV hjalper oss att undvika denna begränsning. Information måste finnas tillgänglig överallt och när som helst på ett tillförlitligt och säkert sätt. For att säkerställa detta föreslår vi med hjälp av vår prototyplösning ett nytt system for nätverksarkitektur. Denna lösning har för avsikt att ge network managers en förmåga att omforma sina nät baserat på deras behov av SFC-anvandning.
|
10 |
Performance, Isolation and Service Guarantees in Virtualized Network FunctionsRathore, Muhammad Siraj January 2017 (has links)
A network is generally a collection of different hardware-based network devices carrying out various network functions, (NF). These NF implementations are special purpose and expensive. Network function virtualization (NFV) is an alternative which uses software-based implementation of NFs in inexpensive commodity servers. However, it is challenging to achieve high networking performance due to bottlenecks in software, particularly in a virtualized environment where NFs are implemented inside the virtual machines (VM). The performance isolation is yet another challenge, which means that the load on one VM should not affect the performance of other VMs. However, it is difficult to provide performance isolation due to resource contention in a commodity server. Furthermore, different NFs may require different service guarantees which are difficult to ensure due to the non-deterministic performance behavior of a commodity server. In this thesis we investigate how the challenges of performance, isolation and service guarantees can be addressed for virtual routers (VR), as an example of a virtualized NF. It is argued that the forwarding path of a VR can be modified in an efficient manner in order to improve the forwarding performance. When it comes to performance isolation, poor isolation is observed due to shared network queues and CPU sharing among VRs. We propose a design with SR-IOV, which allows reserving a network queue and CPU core for each VR. As a result, the resource contention is reduced and strong performance isolation is achieved. Finally, it is investigated how average throughput and bounded packet delay can be guaranteed to VRs. We argue that a classic rate-controlled service discipline can be adapted in a virtual environment to achieve service guarantees. We demonstrate that firm service guarantees can be achieved with little overhead of adding token bucket regulator in the forwarding path of a VR. / <p>QC 20170511</p>
|
Page generated in 0.1345 seconds