Professional Documents
Culture Documents
net/publication/319637778
CITATIONS READS
6 121
2 authors:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by A H M Jakaria on 05 August 2019.
these virtual machines is a large combinatorial problem, and Virtualized Customer Premises Equipment (vCPE)
NFVI-PoP
NFV Infrastructure Point of Presence (NFVI-PoP)
requires a solution in a timely manner in terms of various
requirements. In this work, we propose VNFSynth, an automated Fig. 1. A typical network for VNFaaS in cloud located in various locations
synthesis framework, to solve this problem. VNFSynth models the (adapted from [2]).
resource specifications, incoming packet processing requirements,
bandwidth constraints, etc., with respect to the physical network, modern computing. NFV offers less complex network archi-
existing resources, and VNF properties, and determines the tecture, reduced power usage, lower OpEx, lower CapEx, and
VM network architecture. It uses satisfiability modulo theories a low time-to-market for launching new functionalities [1]. It
(SMT) to model this synthesis problem. The evaluation results
demonstrate the scalability and usability of the solution. allows us to test new security apps easily, while there is always
Index Terms—VNFaas; NFV architecture; formal modeling; an improved flexibility in assigning virtual network functions
topology synthesis (VNFs) to hardware. The concepts of VNF hosting justified by
CapEx reductions are the NFV equivalent of infrastructure as
I. I NTRODUCTION a service (IaaS) in cloud. On the other hand, virtual network
functions as a service (VNFaaS) is the equivalent of software
Computer networks today are composed of many propri- as a service (SaaS), in a sense that consumer can use software
etary hardware appliances of per-feature nature. Upgrading or applications running in cloud infrastructure. NFV consolidates
adding new network functions typically enforces the integra- many network equipment types onto industry standard servers,
tion of more of these hardware devices which requires time switches and storage [2]. These can be located in a variety of
and imposes high costs. They cannot satisfy the automation, NFV infrastructure points of presence (NFVI-PoPs) including
scalability, and robustness of today’s network operations. The cloud data centers, network nodes and in end user premises.
traditional methods of use cases, e.g., threat detection, are Fig. 1 shows an example where a corporate customer can
limited by the restricted computation capacity and inflexibility have NFVI-PoPs located in various locations, where they
of involved network functions in dedicated hardware, such as have VNFs as virtual customer premises equipments (vCPE).
firewall and routers. Despite being high volume servers, the commodity servers
NFV is a technology where network functions are imple- have fixed amount of resources. Utilizing the available re-
mented and deployed as virtual machines (VMs) in the form of sources efficiently is a challenge. The physical properties
software that runs on the commodity hardware environments of the servers, such as memory, CPU, etc., determine the
providing cloud computing capabilities. It is a form of cloud capabilities of the VNFs running on the VMs within these
that offers an alternative way to design, deploy, and manage servers [3]. Given the network of the servers, their capabilities,
networking services. The VMs run on these general purpose and required properties of VNFs, determining the number and
hardware systems, so that NFV not only provides the benefit locations of the VMs that needs to be deployed, is a bin
of elasticity, but also reduces the cost by running on low-cost packing problem. Some works in the literature try to solve this
commodity platforms like x86- or ARM-based servers instead using heuristic algorithms, while there are few works available
of specialized and dedicated hardware. The use of NFV opens providing the formal model of such a network architecture [4].
a new opportunity for enterprises, as well as small businesses, To the best of our knowledge, most of the solutions fail to
to find low cost solutions to new requirements of complex solve this problem in a timely responsive manner. In this
work, we present a novel tool, VNFSynth, which solves this runs on commercial off-the-shelf (COTS) servers. Operators
problem using formal verification. VNFSynth is an automated or service providers can install NFV servers in the data center,
framework for synthesizing virtual network configurations and and then extend their VNFs and services to the customer using
placements of VMs, using constraint satisfaction checking. software. By utilizing the features of an NFV cloud, service
It takes a network topology, VNF properties, and physical providers can roll out new services and VNFs using software
resources as inputs, and formulates the virtual architecture rather than specialized hardware networks in a more agile and
design synthesis problem. The problem is solved by encoding flexible way. The customers can access the VNFs, which are
the model into SMT. The major contributions of the paper are: basically software applications, via some cloud software and
1) Formal model of the resources and network topology Web provisioning.
that implements NFV.
B. Related Work
2) A quick responsive solution of the resource allocation
problem to the deployed VMs. There are several works in the literature that discuss the
3) Implementation and a thorough evaluation of the auto- NFV architecture within a cloud environment. Vilalta et al.
matic synthesis tool. present a detailed overview of the SDN/NFV services that
The rest of this paper is organized as follows: Section II are offered on top of the cloud computing platform [8].
presents the background, while Section III discusses the pro- They propose a generic architecture for SDN/NFV services
posed framework. We describe the formal model in Section IV. deployed over multi-domain transport networks and distributed
The implementation and a case study is discussed in Section V, data centers. Battula evaluates the architectural framework
while the evaluation results are presented in Section VI. approaches of scalable compute node with NFV and SDN for
Finally, we conclude the paper in Section VII. addressing various challenges on data center in the form of net-
work security function virtualization (NSFV) over Openflow
II. BACKGROUND AND R ESEARCH O BJECTIVE infrastructure [9]. In [10], Raho et al. analyze the performance
This section briefly overviews the relationship of NFV of ARM-based containers and hypervisors in NFV and cloud
technology and cloud, related works, and our objectives that computing. Some practical challenges of maximizing energy
used formal verification to solve the resource optimization efficiency for virtual content delivery networks (vCDN) work-
problems associated with NFV. loads in the context of NFV and cloud architectural framework
have been examined by Krishnaswamy et al. in [11].
A. Network Functions Virtualization (NFV) Cloud When it comes to resource management in NFV cloud,
As discussed in the work of ETSI NFV industry specifi- Fayaz et al. [4] proposed a flexible and elastic DDoS defense
cation group [5], NFV is composed of three key elements: system, Bohatei, that shows the benefits of software defined
network functions virtualization infrastructure (NFVI), vir- networking (SDN) [12] and NFV in the context of DDoS
tual network functions (VNF), and NFV management and defense. It makes the use of NFV capabilities to elastically
orchestration (NFV MANO). NFVI is composed of the COTS alter the required scale (e.g., 10 Gbps vs. 100 Gbps attacks)
hardware and the virtualization of the computing, storage, and type (e.g., SYN proxy vs. DNS reflector defense) of DDoS
and network resources. The abstraction is achieved through defense realized by defense functions running on VMs. The
a hypervisor-based virtualization layer, which decouples the work is focused on an ISP-centric deployment model, where
virtual resources from the underlying physical resources. A an ISP offers DDoS-defense-as-a-service to its customers by
VNF is a virtualized functional block within a network infras- deploying multiple data centers, and each data center has
tructure that has well-defined external interfaces and functional commodity hardware servers to run standard VNFs. The
behavior. Virtualized residential gateway, virtualized firewall, authors formulated the resource management problem as a
and virtualized load balancer are good examples of VNFs. constrained optimization via an integer linear program (ILP).
These can be realized through VMs. NFV MANO performs However, the ILP approach takes several hours to provide a
the orchestration and lifecycle management of NFVI resources solution, which is enough for an adversary to easily overwhelm
and VNFs. It is in charge of the configuration of the VNFs and the system. As a result, they use a hierarchical decomposition
the infrastructure that implements these functions. It covers of the resource optimization problem into two stages with
three functional blocks: NFV orchestrator, VNF managers, the help of two greedy algorithms. Younge et al. devised
and virtualized infrastructure manager. NFV MANO performs a power-aware VM scheduling algorithm that yields energy
interactions with the business support systems (OSS/BSS) efficient resource management for cloud computing environ-
landscape, which allows NFV to be integrated into an already ments [13]. Beloglazov et al. propose efficient heuristics for
existing network-wide management landscape. dynamic adaption of allocation of VMs in runtime by applying
NFV is essentially a form of the cloud. NFV cloud is a data live migration according to current utilization of resources
center and network built to host, deploy, and service VNFs in virtualized cloud data centers. They focus in minimizing
using a cloud network [6]. This has also gained popularity as energy consumption [14].
‘CloudNFV’ [7]. The main idea of NFV is to replace dedicated VNGuard [15] is a framework for effective provision and
network hardware appliances, such as routers and firewalls, management of virtual firewalls to keep virtual networks
wide area network (WAN) service, etc. with software that (VNs) safe. Leveraging the features of NFV and SDN, it
Network VM Properties and Connectivity To/From Internet
Topology Requirements
Type 2
VNF layer
VM Type and
Type 3
Placement Model VM Types Type 1
Web server
Incoming Type 2
Constraint SMT NFV Architecture
Packet Solver
Model Synthesis
Rate
VM Physical layer
Resource Model Placements
Server 2
VNFSynth
Server 1 Web server and DB
Memory CPU
Specifications Specifications Server 3
is below a certain threshold (e.g., 20%), we keep the existing # Network topology: source, destination and link bandwidths (Gbps)
1 51 500
solution. That means, the existing ‘true’ values of placement 2 51 250
(IsVmDeployed i,j ) and VM types ( VmType i,j ) are kept 3 51 500
..
unchanged. The decision variables that were ‘false’ in the 51 52 1000
previous solution, are kept open. These are assigned new ..
# Incoming traffic rate (Gbps)
values by VNFSynth, so that the conjunction of equations 1 140
through 12 are still satisfiable. In some cases, the new VMs
are installed on servers that already have some VMs running,
while in other cases, they are deployed in new servers that the network traffic being moved alongside. Some ‘loss-free’
were unused so far. In case of an unavailability of a new server and ‘order-preserving’ algorithms have been discussed in the
when needed, VNFSynth returns an UNSAT result. literature when migrating VMs. However, these algorithms
In times of traffic patterns or intensity change over the suffer from usage of high traffic buffering, which might have
threshold (e.g., 20%), we run VNFSynth from scratch and negative effects on the performance of the virtual appliance
find a completely new solution. In the case of increase, mechanisms [23]. We leave these problems for our future
some existing VMs need to be moved to other places with work, as they are out of the scope of this paper.
Number of deployed VMs w.r.t. traffic rate Memory utilization w.r.t. traffic rate Number of deployed VMs w.r.t. number of server
7 100 10
Type 1 VNF Number of Servers = 100 Traffic = 80 Gbps
Type 2 VNF 90 Number of Servers = 75 9 Traffic = 130 Gbps
6 Type 3 VNF
Number of Deployed VMs
3 50 5
40 4
2
30 3
1
20 2
0 10 1
60 80 100 120 140 60 80 100 120 140 25 50 75 100 125
Incoming Traffic Rate (Gbps) Incoming Traffic Rate (Gbps) Number of COTS Servers
C. A Case Study We gradually increase the incoming traffic rate starting from
Fig. 4(a) shows a small network for which an optimal 50 Gbps and observe the number of deployed VMs, which is
security design will be synthesized based on the given input demonstrated in Fig. 5(a) for three different types of VNFs
file as shown in Table II. We consider 50 COTS servers in having different purposes and requirements. The number of
a provider’s cloud network that are connected to each other. VMs increase slowly with increasing traffic. At certain points,
Memory and CPU of these servers are provided in GB and it is required to add more VMs. For example, for ‘type 1’ VNF,
number of cores respectively. The connectivity, the number of as the incoming rate moves beyond 110 Gbps, the number of
routers that connect these servers, and the bandwidths of all VMs for this type increases from 1 to 2; it remains the same
the links are also provided in the input file. Virtual bandwidth up to 150 Gbps. It can be observed that the number of VMs
between any two of the communicating VMs must comply is greater for ‘type 2’ VNFs. The reason is, this type of VNFs
with the physical bandwidth of the links between the host are more complex and need more resources.
servers. In this example, we consider 140 Gbps of traffic Fig. 5(b) shows the relationship between the incoming
arriving at the ingress point. It is worth mentioning that the traffic rate and the memory utilization of all the utilized
number of ingress points may be more than one. servers. Utilization is the ratio of the total memory of all
For this example, VNFSynth gives a SAT result, which deployed VMs and the total memory of the servers they reside.
provides the deployed VM types along with their placements As the traffic rate increases, the memory utilization remains
in the servers. Fig. 4(b) shows the placements of the network almost constant. As long as there are servers available, the
functions. This example shows that total 10 VMs are deployed, full amount of memory of a server is not put to use. This
which are of 2 different types. There are installed in server 1, 3, helps to keep the servers less loaded, and also helps reduce
15 and so on. It is worth mentioning that VNFSynth provides single point of failures, as discussed in Section IV. Memory
not only the number of VMs, but also the memory, CPU and utilization for 100 servers is slightly higher than 75 servers
the packet processing rate of each VM. for a certain traffic rate.
If we increase the incoming traffic to 150 Gbps which is less We also observe the number of deployed VMs with respect
than our threshold value (20%), we observe that the existing to the total number of available servers for a certain amount
placements of the VMs remain the same except one new VM of incoming traffic (80 and 130 Gbps) in Fig. 5(c). As the
of ‘type 2’ is deployed on a new server (server 5), although the number of servers increases, the number of VMs remains
existing servers had more resources available to accommodate almost the same. But at certain points, e.g., for 100 servers
the new VM. This is because of the bandwidth constraints and 80 Gbps of traffic, the number of VMs increases. This
associated with the already used servers. We may recall that is due to the bandwidth constraints. VNFSynth tries to find a
the physical bandwidth of the links must be greater than or solution utilizing all the prospective VMs. As there are more
equal to the virtual bandwidth between VMs. servers, there are more candidates for deployed VMs. It is
better not to use up the whole bandwidth of a server, which
VI. E VALUATION helps to avoid possible bottlenecks. For the same number of
We ran our experiments on different synthetic network servers, 130 Gbps traffic requires more VMs than 80 Gbps.
topologies with different arbitrary connectivity and configu-
ration of 25−125 COTS servers. The memory and CPU cores B. Performance Analysis
of the servers were taken randomly in the ranges of 16−48 GB The scalability of our proposed model is evaluated by the
and 2−7 cores, respectively. VNFSynth was run on a machine required time analysis for synthesizing the configurations by
running Windows 10 OS. The machine is equipped with an varying the problem size. The synthesis time includes the
Intel Core i5 Processor and a 12 GB memory. model generation time and the constraint verification time.
However, the model generation time is negligible compared to
A. Analysis of the Relationships Among Incoming Traffic, the verification time. The synthesis time of the NFV topology
Deployed VMs, and Resource Constraints requires to be low enough to reconfigure the system for a
In this analysis, we ran a number of experiments on similar network administrator when there is a change in traffic rate.
network topologies and configurations of a cloud data center. To the best of our knowledge, no other work deals with the
Time w.r.t. traffic rate Time w.r.t. number of server Time w.r.t. VNF variety
1600 1600
Number of Servers = 100 Traffic = 80 Gbps Traffic = 80 Gbps
1400 Number of Servers = 75 Traffic = 130 Gbps Traffic = 130 Gbps
1400 1500
1200 1400
1200
1000 1300
Time (s)
Time (s)
Time (s)
1000
1200
800
800
1100
600 600
1000
400 400 900