Serviços Virtualizados de Rede Confiáveis: Uma Arquitetura para SFCs Tolerantes a Falhas e Intrusão

  • Giovanni Venâncio UFPR
  • Vinicius Fulber-Garcia UFPR
  • Eduardo A. P. Alchieri UnB
  • Elias P. Duarte Jr. UFPR

Resumo


Serviços virtualizados de rede podem ser construídos através da combinação de múltiplas VNFs (Virtualized Network Functions) conectadas em uma ordem predefinida, denominada de SFC (Service Function Chain). A IETF define uma arquitetura padronizada para SFCs, baseada em elementos de classificação e de encaminhamento. Considerando que diversos serviços de rede implementam funcionalidades críticas para o funcionamento correto da rede, falhas em qualquer componente da SFC podem comprometer toda a infraestrutura, levando a prejuízos monetários ou até mesmo ao uso não autorizado do sistema. Neste contexto, este trabalho propõe a FIT-SFC (Fault- & Intrusion Tolerant SFC): uma arquitetura para suportar serviços virtuais seguros e altamente disponíveis. Enquanto grande parte dos trabalhos anteriores consideram somente falhas por parada, a FIT-SFC utiliza estratégias de replicação para tolerar falhas bizantinas de qualquer componente da arquitetura SFC, sendo ainda totalmente compatível com a arquitetura de referência da IETF. Um protótipo da arquitetura foi implementado como prova de conceito e resultados experimentais avaliam os custos para tolerar as falhas.

Referências

Castro, M. and Liskov, B. (2002). Practical byzantine fault tolerance and proactive recovery. ACM Transactions on Computer Systems (TOCS), 20(4):398–461.

Chiosi, M., Clarke, D., Willis, P., Reid, A., Feger, J., Bugenhagen, M., Khan, W., Fargano, M., Cui, C., Deng, H., et al. (2012). Network functions virtualisation: An introduction, benefits, enablers, challenges and call for action. In SDN and OpenFlow World Congress, pages 22–24.

Cotroneo, D., De Simone, L., Liguori, P., Natella, R., and Bidokhti, N. (2019). How bad can a bug get? an empirical analysis of software failures in the openstack cloud computing platform. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 200–211.

Esposito, F., Mushtaq, M., Berno, M., Davoli, G., Borsatti, D., Cerroni, W., and Rossi, M. (2020). Necklace: An architecture for distributed and robust service function chains with guarantees. IEEE Transactions on Network and Service Management, 18(1):152–166.

Fulber-Garcia, V., Huff, A., dos Santos, C. R. P., and Duarte Jr, E. P. (2020). Network service topology: Formalization, taxonomy and the custom specification model. Computer Networks, 178:107337.

Ghaznavi, M. et al. (2020). Fault tolerant service function chaining. In ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication, pages 198–210.

Gill, P., Jain, N., and Nagappan, N. (2011). Understanding network failures in data centers: measurement, analysis, and implications. In Proceedings of the ACM SIGCOMM 2011 Conference, pages 350–361.

Gunawi, H. S., Hao, M., Suminto, R. O., Laksono, A., Satria, A. D., Adityatama, J., and Eliazar, K. J. (2016). Why does the cloud stop computing? lessons from hundreds of service outages. In Proceedings of the Seventh ACM Symposium on Cloud Computing, pages 1–16.

Halpern, J. and Pignataro, C. (2015). Service Function Chaining (SFC) Architecture. RFC 7665, IETF.

Han, B., Gopalakrishnan, V., Ji, L., and Lee, S. (2015). Network function virtualization: Challenges and opportunities for innovations. IEEE Communications Magazine, 53(2):90–97.

Han, B., Gopalakrishnan, V., Kathirvel, G., and Shaikh, A. (2017). On the resiliency of virtual network functions. IEEE Communications Magazine, 55(7):152–157.

Huff, A. et al. (2018). A holistic approach to define service chains using click-on-osv on different nfv platforms. In 2018 IEEE Global Communications Conference (GLOBECOM), pages 1–6. IEEE.

Khalid, J. and Akella, A. (2019). Correctness and performance for stateful chained network functions. In The 16th NSDI, pages 501–516, Boston. USENIX Association.

Kong, J. et al. (2017). Guaranteed-availability network function virtualization with network protection and vnf replication. In Global Communications Conference, pages 1–6.

Kulkarni, S. G. et al. (2018). Reinforce: Achieving efficient failure resiliency for network function virtualization based services. In Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies, pages 41–53, Heraklion. ACM.

Lamport, L., Shostak, R., and Pease, M. (2019). The byzantine generals problem. In Concurrency: the works of leslie lamport, pages 203–226. ACM.

Mijumbi, R., Serrat, J., Gorricho, J.-L., Bouten, N., De Turck, F., and Boutaba, R. (2015). Network function virtualization: State-of-the-art and research challenges. IEEE Communications surveys & tutorials, 18(1):236–262.

Mockapetris, P. V. (1987). Rfc1035: Domain names-implementation and specification.

Pattaranantakul, M., He, R., Song, Q., Zhang, Z., and Meddahi, A. (2018). Nfv security survey: From use case driven threat analysis to state-of-the-art countermeasures. IEEE Communications Surveys & Tutorials, 20(4):3330–3368.

Quinn, P. et al. (2015). Problem Statement for Service Function Chaining RFC 7498. Technical report, Internet Engineering Task Force.

Quinn, P. et al. (2018). Network Service Header (NSH) RFC 8300. Technical report, Internet Engineering Task Force.

Sharma, S., Engelmann, A., Jukan, A., and Gumaste, A. (2020). Vnf availability and sfc sizing model for service provider networks. IEEE Access, 8:119768–119784.

Tavares, T. N. et al. (2018). Niep: Nfv infrastructure emulation platform. In International Conference on Advanced Information Networking and Applications, pages 173–180.

Venâncio, G. and Duarte Jr, E. P. (2022). NHAM: An nfv high availability architecture for building fault-tolerant stateful virtual functions and services. In 11th Latin-American Symposium on Dependable Computing (LADC). IEEE.

Wang, L. et al. (2021). Ddqp: A double deep q-learning approach to online fault-tolerant sfc placement. IEEE Transactions on Network and Service Management, 18(1):118–132.
Publicado
26/05/2023
VENÂNCIO, Giovanni; FULBER-GARCIA, Vinicius; ALCHIERI, Eduardo A. P.; DUARTE JR., Elias P.. Serviços Virtualizados de Rede Confiáveis: Uma Arquitetura para SFCs Tolerantes a Falhas e Intrusão. In: WORKSHOP DE TESTES E TOLERÂNCIA A FALHAS (WTF), 24. , 2023, Brasília/DF. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2023 . p. 1-14. ISSN 2595-2684. DOI: https://doi.org/10.5753/wtf.2023.716.