Service Exposure Through Secondary Network Attachment in Kubernetes

Levin, Kai

January 2024

The telecommunications industry is rapidly advancing with the adoption of cloud-native technologies, aiming to enhance service delivery and network management. Kubernetes, an open-source platform for automating containerized applications, plays a significant role in this transformation. However, the use of Kubernetes in telecommunications presents unique challenges, particularly in effective network traffic separation. This thesis explores the feasibility and implications of exposing services on secondary network interfaces in Kubernetes to address traffic separation issues. The research investigates current trends and approaches for enabling service exposure on secondary interfaces, evaluates how these services support Kubernetes' resiliency features, and assesses the performance implications. A combination of literature review, empirical experiments, and interviews was used. Initially, a proof of concept (PoC) using Multus-service was attempted but faced setbacks due to the project's deactivation. Developer interviews revealed resistance within the Kubernetes SIG-Network group to modifying the established services API for secondary interfaces, and a lack of compelling use cases and community feedback led to the deprecation of Multus-service. Current trends indicate a shift towards more scalable, less disruptive solutions like the Gateway API. The focus then shifted to Meridio, another project claimed to have the capability of enabling service exposure through secondary interfaces. A successful PoC with Meridio in an OpenShift cluster served as the basis for further evaluations. The findings indicate that Meridio has the capability of providing service exposure through secondary network interfaces and aligns with Kubernetes' self-healing mechanisms. Performance evaluations showed that services on secondary interfaces could offer comparable overall performance to those on primary interfaces. Resource utilization metrics reveal additional CPU and memory overheads, but these are considered manageable. This research provides insights into the use of secondary network interfaces for service exposure in Kubernetes, contributing to ongoing discussions within Ericsson Cloud-RAN. The research underscores the need for further development and optimization, suggesting that with continued advancements, service exposure through secondary interfaces could enhance network management and service delivery in cloud-native environments.

Kubernetes

Multus

CNI-plugins

OpenShift

Service exposure

Secondary network in kubernetes

Performance evaluation

Telecommunications

Telekommunikation

Communication Systems

Kommunikationssystem

Computer Systems

Datorsystem

Computer Engineering

Datorteknik

Service composition in converged service environment / Composition de service dans un environnement de service convergé

Huang, Cuiting

02 May 2012

L'objectif de cette thèse est de fournir des mécanismes améliorés pour déployer des services compétitifs par des manières rapides et rentables. Nous proposons un modèle de composition de service basé sur un environnement IMS/Web convergent. Ce modèle permet aux utilisateurs non professionnels de réutiliser les services existants pour créer de nouveaux services facilement. Pour améliorer la fonctionnalité de composition automatique, trois stratégies, y compris mise à jour passive, mise à jour active et mise à jour hybride sont proposées et analysées. Nous introduisons ensuite une plateforme centralisée d'exposition de service pour une variété de services, y compris services de Télécom / Web / appareil / services générés par les utilisateurs. Cette plateforme vise à renforcer les caractéristiques de centrée-sur-utilisateur et convergence, et fournir l'accès unifié à différents services. Par la suite, deux modèles basés sur le P2P sont conçus pour compléter le modèle centralisé: i) Un modèle hiérarchique basé sur Chord pour garantir l'efficacité de la découverte de services. Il adopte le concept de publication et découverte de service abstrait pour permettre à la recherche de service ambiguë. ii) Un modèle de superposition-triplex et P2P basé, qui cible principalement des services offerts par les appareils. Dans ce modèle, nous utilisons des passerelles pour déléguer des appareils résidant en eux pour l'exposition globale de services, et utilisons une architecture basée sur une superposition triplex, qui comprend une couche P2P non structurée, une couche de réseau sémantique (SON), et une couche de dépendance de service, pour la partage de l'information de service et la découverte de services / The goal of this thesis is to provide enhanced mechanisms to deploy competitive services in a rapid and cost-effective manner. To achieve this goal, we first propose an automatic service composition model relying on an IMS/Web converged environment. This service composition model is intended to be one in which even non-professional users can easily reuse existing services to create new services. To further improve the automatic service composition feature, three strategies including passive update, active update and hybrid update are proposed and analyzed. We then propose a centralized service exposure framework for a variey of services, including Telecom / Web / Device / user-generated services. This framework aims at enhancing the user-centric and convergence features, and providing the unified access to diverse services.Subsequently, two P2P based service information sharing models are designed to complement the centralized service exposure model : i) A hierarchical P2P based model, which reuses Chord for guaranteeing the service discovery efficiency, meanwhile adopts the concept of abstract service publication and discovery for enabling the ambiguous services searching. ii) A triplex P2P overlay based model, which mainly targets the devices offered services. In this model, we use the gateways to delegate the devices residing in them for the global service exposure, and use a triplex overlay based architecture, which includes an underlying unstructured P2P layer, a Semantic Overlay Network (SON) based overlay and a service dependency overlay, for the service information sharing and discovery

Composition de service

IMS

SOA

Architecture orientée service

Service composition

Service exposure

Service discovery

Service publication

IMS

NGN

Convergence

Trust Management for A Decentralized Service Exposure Marketplace

Beder, Ahmed Aly

January 2020

Enabling trust between entities to collaborate, without the necessity of a third-partymediator is a challenging problem. This problem is highlighted when the collaborationinvolves a complicated process, spans multiple systems, and encompasses a largenumber of entities. This is the case in a decentralized service exposure marketplace.In this work, we design and implement a Proof-Of-Concept (PoC) suite of servicesto enable a blockchain to become the anchor of trust for a decentralized serviceexposure marketplace. We first formalize the necessary requirements to enable trustbetween a consortium of entities hosting the marketplace. We then follow with athreat model against the identified requirement, highlighting misbehaviour from thedifferent entities. Finally, we propose a model, Trust Engine, which facilitates thetrust management process and mitigates the identified threats. We showcase a proofof-concept of our model, utilizing a combination of smart contracts (hyperledgerfabric), blockchain, and service mesh technology (Istio). The Trust Engine successfullyidentifies the misbehaviour, documents it in the blockchain, and enforces policesto remediate the misbehaviour. Furthermore, we examined each component in oursuggested system to identify the performance bottleneck. Lastly, we discuss thelimitations of our suggested model with regards to other service mesh deploymentmodels as well as potential future work and improvements. / Det är ett utmanande problem att möjliggöra förtroende mellan enheter för attsamarbeta, utan nödvändighet av en tredjepartsförmedlare. Detta problem belysesnär samarbetet innebär en komplicerad process, spänner över flera system ochomfattar ett stort antal enheter. Detta är fallet i en decentraliserad marknadsplatsför exponering av tjänster. I detta arbete designar och implementerar vi en PoCkollektionav tjänster för att möjliggöra en blockchain till att bli en förankring fören decentraliserad marknadsplats för serviceexponering. Vi formaliserar först denödvändiga kraven för att möjliggöra förtroende mellan ett konsortium av enhetersom är värd för marknadplatsen. Vi följer sedan med en hotmodell mot detidentifierade kravet, och belyser feluppförande från de olika enheterna. Slutligenföreslår vi en modell, Trust Engine, som underlättar förtroendeshanteringsprocessenoch mildrar de identifierade hoten. Vi presenterar ett konceptvalidering av vårmodell med en kombination av smarta kontrakt (hyperledger fabric), blockchain ochservicenätsteknologi (Istio). Trust Engine identifierar feluppförandet, dokumenterardet i blockkedjan och verkställer riktlinjer för att fixa feluppförandet. Vidareundersökte vi varje komponent i vårt föreslagna system för att identifiera flaskhalsenför prestanda. Slutligen diskuterar vi begränsningarna i vår föreslagna modell medavseende på andra modeller för distribution av servicenät samt potentiellt framtidaarbete och förbättringar.

Trust Management

Service Exposure

Blockchain

Service Mesh

Decentralized Marketplace

Elektroteknik och elektronik

Service composition in converged service environment

HUANG, Cuiting

02 May 2012

The goal of this thesis is to provide enhanced mechanisms to deploy competitive services in a rapid and cost-effective manner. To achieve this goal, we first propose an automatic service composition model relying on an IMS/Web converged environment. This service composition model is intended to be one in which even non-professional users can easily reuse existing services to create new services. To further improve the automatic service composition feature, three strategies including passive update, active update and hybrid update are proposed and analyzed. We then propose a centralized service exposure framework for a variey of services, including Telecom / Web / Device / user-generated services. This framework aims at enhancing the user-centric and convergence features, and providing the unified access to diverse services.Subsequently, two P2P based service information sharing models are designed to complement the centralized service exposure model : i) A hierarchical P2P based model, which reuses Chord for guaranteeing the service discovery efficiency, meanwhile adopts the concept of abstract service publication and discovery for enabling the ambiguous services searching. ii) A triplex P2P overlay based model, which mainly targets the devices offered services. In this model, we use the gateways to delegate the devices residing in them for the global service exposure, and use a triplex overlay based architecture, which includes an underlying unstructured P2P layer, a Semantic Overlay Network (SON) based overlay and a service dependency overlay, for the service information sharing and discovery

[INFO:INFO_OH] Computer Science/Other

Service composition

Service exposure

Service discovery

Service publication

IMS

NGN

Convergence