Arquitetura e Mapeamento de Serviços Virtualizados de Rede Tolerantes a Falhas e Intrusão
Abstract
The IETF architecture for virtual network services defines Service Function Chains (SFCs) as compositions of multiple Virtualized Network Functions (VNFs). SFCs are also based on components for forwarding traffic, mainly Service Classifiers (SCs) and Service Function Forwarders (SFFs). This work presents a new strategy to replicate, map and tolerate crash and intrusion faults considering all components of the IETF SFC architecture; previous works consider only crash faults of VNFs. A federated environment with multiple candidate domains to host VNF, SC and SFF instances is assumed. The forwarding components are replicated and then mapped onto the federated environment using optimization based on connectivity criteria. A genetic heuristic is proposed, in addition to an exact solution based on Integer Linear Programming. Results show the efficiency of the heuristic and that it returns near-optimal results. In addition, a prototype of the proposed strategy was implemented and experimets show the ability to keep virtual services available under both crash faults and intrusion resulting from a man-in-the-middle attack.
References
Deb, K. et al. (2002). A fast and elitist multiobjective genetic algorithm: Nsga-ii. IEEE Transactions on Evolutionary Computation, 6(2):182-197.
Duarte Jr, E. P., Santini, R., and Cohen, J. (2004). Delivering packets during the routing convergence latency interval through highly connected detours. In International Conference on Dependable Systems and Networks, 2004, pages 495-504. IEEE.
Fulber-Garcia, V., Huff, A., dos Santos, C. R. P., and Duarte Jr, E. P. (2020). Network service topology: Formalization, taxonomy and the custom specification model. Computer Networks, 178:107337.
Fulber-Garcia, V., Marcuzzo, L. d. C., et al. (2019). On the design of a flexible architecture for virtualized network function platforms. In IEEE Global Communications Conference, pages 1-6. IEEE.
Ghaznavi, M., Jalalpour, E., Wong, B., et al. (2020). Fault tolerant service function chaining. In Annual conference of the ACM Special Interest Group on Data Communication on the Applications, Technologies, Architectures, and Protocols for Computer Communication, pages 198-210.
Halpern, J. and Pignataro, C. (2015). Service Function Chaining (SFC) Architecture. RFC 7665, IETF.
Kong, J., Kim, I., Wang, X., Zhang, Q., Cankaya, H. C., Xie, W., Ikeuchi, T., and Jue, J. P. (2017). Guaranteed-availability network function virtualization with network protection and vnf replication. In Global Communications Conference, pages 1-6. IEEE.
Lamport, L., Shostak, R., and Pease, M. (2019). The byzantine generals problem. In Concurrency: the Works of Leslie Lamport, pages 203-226.
Nassu, B. T., Duarte Jr, E. P., and Ramirez Pozo, A. T. (2005). A comparison of evolutionary algorithms for system-level diagnosis. In Annual Conference on Genetic and Evolutionary Computation, pages 2053-2060.
Qu, L., Assi, C., Shaban, K., and Khabbaz, M. (2016). Reliability-aware service provisioning in nfv-enabled enterprise datacenter networks. In International Conference on Network and Service Management, pages 153-159. IEEE.
Quinn, P. et al. (2015). Problem Statement for Service Function Chaining RFC 7498. Technical report, Internet Engineering Task Force.
Quinn, P. et al. (2018). Network Service Header (NSH) RFC 8300. Technical report, Internet Engineering Task Force.
R., M. et al. (2016). Network function virtualization: State-of-the-art and research challenges. IEEE Communications Surveys Tutorials, 18(1).
Santos, A. L., Duarte, E. P., and Keeni, G. M. (2004). Reliable distributed network management by replication. Journal of Network and Systems Management, 12(2):191-213.
Tavares, T. N. et al. (2018). Niep: Nfv infrastructure emulation platform. In International Conference on Advanced Information Networking and Applications, pages 173-180.
Venâncio, G. et al. (2021). Uma arquitetura de alta disponibilidade para serviços virtualizados de rede. In Workshop de Testes e Tolerância a Falhas, pages 85-98.
Wang, L., Mao, W., Zhao, J., and Xu, Y. (2021). Ddqp: A double deep q-learning approach to online fault-tolerant sfc placement. IEEE Transactions on Network and Service Management, 18(1):118-132.
Ziwich, R. P., Duarte, E., et al. (2005). Distributed integrity checking for systems with replicated data. In International Conference on Parallel and Distributed Systems, volume 1, pages 363-369. IEEE.
