Low-latency Optimal Orchestration of Containerized Security Service Function Chain

doi:10.3969/j.issn.1671-1122.2020.07.002

Abstract

Abstract:

The development of cloud computing brings the need for security services virtualization. Building SFC (service function chain) based on NFV/SDN technology is an important way to meet the need of virtualized security services in data centers. Containerization has become the latest development trend of security SFC orchestration. Traditional security SFC orchestration algorithms are usually on the virtual machine architectures, which can not meet requirements in lightweight, latency, flexibility, etc., and have not fully utilized the performance advantages of containerized NFV platform. This paper constructs a containerized NFV platform orchestration model, analyzes the network latency optimization goal of security SFC, and studies the approximate local optimization property under flat network topology. This paper proposes a latency optimal placement (LOP) algorithm, which uses multi-stage decision to handle each security SFC request, and in each stage, a physical host that can hold the maximum number of consecutive VNFs is selected to minimize the cross host latency of each security SFC. Simulation experiments and comparative analysis show that, compared with MINI algorithm that maximizes resource utilization, the LOP algorithm proposed in this paper can achieve the optimization goal of reducing latency, and can reduce the resource consumption of placing the security SFC.

Key words: cloud security, container network, service function chain, latency optimization

CLC Number:

TP309

XU Yuwei, ZHAO Baokang, SHI Xiangquan, SU Jinshu. Low-latency Optimal Orchestration of Containerized Security Service Function Chain[J]. Netinfo Security, 2020, 20(7): 11-18.

Figures/Tables 7

References 23

[1]	PHAM C, TRAN N H, REN S, et al. Traffic-Aware and Energy-Efficient VNF Placement for Service Chaining: Joint Sampling and Matching Approach[J]. IEEE Transactions on Services Computing, 2020,13(1):172-185.
[2]	LAGHRISSI A, TALEB T. A Survey on the Placement of Virtual Resources and Virtual Network Functions[J]. IEEE Communications Surveys & Tutorials, 2019,21(2):1409-1434.
[3]	MECHTRI M, GHRIBI C, SOUALAH O, et al. NFV Orchestration Framework Addressing SFC Challenges[J]. IEEE Communications Magazine, 2017,55(6):16-23.
[4]	CHEN Zhuo, FENG Gang, LIU Bei, et al. Service Function Chain Migration Reconfiguration Strategy for Delay Optimization in Operator Networks[J]. Acta Electronica Sinica, 2018,46(9):2229-2237.
	陈卓, 冯钢, 刘蓓, 等. 运营商网络中面向时延优化的服务功能链迁移重配置策略[J]. 电子学报, 2018,46(9):2229-2237.
[5]	SOENEN T, VAN ROSSEM S, TAVERNIER W, et al. Insights from SONATA: Implementing and Integrating a Microservice-based NFV Service Platform with a DevOps Methodology[EB/OL]. , 2020-3-19.
[6]	HUANG Qiang, LI Ning. 5G Edge Computing Evolution[J]. Designing Techniques of Posts and Telecommunications, 2018(11):68-73.
	黄强, 李宁. 5G边缘计算演进[J]. 邮电设计技术, 2018(11):68-73.
[7]	BEN JEMAA F, PUJOLLE G, PARIENTE M. QoS-Aware VNF Placement Optimization in Edge-Central Carrier Cloud Architecture[C]// IEEE. 2016 IEEE Global Communications Conference, December 4-8, 2016, Washington, DC, USA. NJ: IEEE, 2016: 1-7.
[8]	VIZARRETA P, CONDOLUCI M, MACHUCA C M, et al. QoS-Driven Function Placement Reducing Expenditures in NFV Deployments[C]// IEEE. 2017 IEEE International Conference on Communications (ICC), May 21-25, 2017, Paris, France. NJ: IEEE, 2017: 1-7.
[9]	LIU Junjie, LU Wei, ZHOU Fen, et al. On Dynamic Service Function Chain Deployment and Readjustment[J]. IEEE Transactions on Network and Service Management, 2017,14(3):543-553.
[10]	BAUMGARTNER A, REDDY V S, BAUSCHERT T. Mobile Core Network Virtualization: A Model for Combined Virtual Core Network Function Placement and Topology Optimization[C]// IEEE. The 2015 1st IEEE Conference on Network Softwarization (NetSoft), April 13-17, 2015, London, UK. NJ: IEEE, 2015:1-9.
[11]	LIU Caixia, LU Ganqiang, TANG Hongbo, et al. Adaptive Deployment Method for Virtualized Network Function Based on Viterbi Algorithm[J]. Journal of Electronics and Information Technology, 2016,38(11):2922-2930.
	刘彩霞, 卢干强, 汤红波, 等. 一种基于Viterbi算法的虚拟网络功能自适应部署方法[J]. 电子与信息学报, 2016,38(11):2922-2930.
[12]	RIGGIO R, BRADAI A, RASHEED T, et al. Virtual Network Functions Orchestration in Wireless Networks[C]// IEEE. 2015 11th International Conference on Network and Service Management (CNSM), November 9-13, 2015, Barcelona, Spain. NJ: IEEE, 2015: 108-116.
[13]	SUN Quanying, LU Ping, LU Wei, et al. Forecast-Assisted NFV Service Chain Deployment Based on Affiliation-Aware vNF Placement[C]// IEEE. 2016 IEEE Global Communications Conference (GLOBECOM), December 4-8, 2016, Washington, DC, USA. NJ: IEEE, 2016: 1-6.
[14]	BHAMARE D, SAMAKA M, ERBAD A, et al. Optimal Virtual Network Function Placement in Multi-cloud Service Function Chaining Architecture[J]. Computer Communications, 2017,102:1-16.
[15]	CHEN Zhiqi, ZHANG Sheng, WANG Can, et al. A Novel Algorithm for NFV Chain Placement in Edge Computing Environments[EB/OL]. https://cis.temple.edu/~wu/research/publications/Publication_files/ZChen_GLOBECOM_2018.pdf, 2020-3-19.
[16]	LEIVADEAS A, FALKNER M, LAMBADARIS L, et al. Optimal Virtualized Network Function Allocation for an SDN Enabled Cloud[J]. Computer Standards & Interfaces, 2017,54(4):266-278.
[17]	GUO Chuanxiong, YUAN Lihua, XIANG Dong, et al. Pingmesh: A Large-scale System for Data Center Network Latency Measurement and Analysis[J]. ACM SIGCOMM Computer Communication Review, 2015,45(4):139-152.
[18]	MIOTTO G, LUIZELLI M C, CORDEIRO W L da C, et al. Adaptive Placement & Chaining of Virtual Network Functions with NFV-PEAR[J]. Journal of Internet Services and Applications, 2019,10(1):1-19.
[19]	MOENS H, TURCK F D. VNF-P: A Model for Efficient Placement of Virtualized Network Functions[C]// IEEE. 10th International Conference on Network and Service Management (CNSM) and Workshop, November 17-21, 2014, Rio de Janeiro, Brazil. NJ: IEEE, 2014: 418-423.
[20]	LUIZELLI M C, da Costa Cordeiro W L, BURIOL L S, et al. A Fix-and-optimize Approach for Efficient and Large Scale Virtual Network Function Placement and Chaining[J]. Computer Communications, 2017,102:67-77. doi: 10.1016/j.comcom.2016.11.002 URL
[21]	BOUET M, LEGUAY J, CONAN V. Cost-based Placement of Virtualized Deep Packet Inspection Functions in SDN[C]// IEEE. MILCOM 2013-2013 IEEE Military Communications Conference, November 18-20, 2013, San Diego, CA, USA. NJ: IEEE, 2013: 992-997.
[22]	CAO Jiuyue, ZHANG Yan, AN Wei, et al. VNF-FG Design and VNF Placement for 5G Mobile Networks[J]. Science China Information Sciences, 2017,60(4):17-31.
[23]	MECHTRI M, GHRIBI C, ZEGHLACHE D. VNF Placement and Chaining in Distributed Cloud[C]// IEEE. 2016 IEEE 9th International Conference on Cloud Computing (CLOUD), June27-July 2, 2016, San Francisco, CA, USA. NJ: IEEE, 2016: 376-383.

符号	含义
N	NFV平台物理主机节点集合
E	主机间网络连接边集合
G_p	NFV平台的物理网络图
H	延迟矩阵
l_xy	主机x和y之间的网络延迟
S_i	单个安全SFC
Fⁱ	S_i的VNF集合
Lⁱ	S_i上VNF间的连接关系
Γ	所有安全SFC集合
l(S_i)	S_i的网络延迟
e(u, v)	VNF u和VNFv间的邻接关系逻辑函数
δ( f,n)	VNF f与主机n间的放置关系逻辑函数
c_f	VNF f所需资源请求值
C_n	主机n的资源容量