网络功能虚拟化环境下安全服务链故障的备份恢复机制
|
摘要
针对网络功能虚拟化(network function virtualization,NFV)环境下安全服务链(security service chain,SSC)故障问题,提出一种基于比例资源预留的备份恢复机制.该方法采用前摄性处理思想,预先在物理网络中按比例划分主备用资源并构造节点/链路候选集合;当发生节点故障时,从候选集合中选取重映射目标并为其分配预留的备用资源,利用改进的离散粒子群(discrete particle swarm optimization,DPSO)算法及时地解决节点故障重映射问题,在降低资源占用的同时提高故障修复率;当发生链路故障时,通过改变底层物理路径流量分割比例,将受影响流量迁移到候选集合的可用链路中,设计动态路径分割算法有效解决了链路故障重定向问题,实现底层物理网络资源剩余价值最大化.仿真实验验证了算法在不同物理网络环境下的适应性和不同故障模型下的有效性,此外,还初步探索了主用比例的取值对所提备份恢复机制的影响.
Considering the fault problem of security service chain(SSC)in a network function virtualization(NFV)environment,this paper proposes a backup and recovery mechanism for SSC based on proportional resource reservation.According to the proactive processing idea,it divides the resource proportionally in a substrate network and constructs a candidate set for each substrate node/link beforehand.When the node fault suddenly occurs,it chooses the fault recovery targets in the candidate set and allocates the reserved backup resources.It solves the node fault remapping problem immediately by using the improved discrete particle swarm optimization(DPSO)algorithm,decreasing the occupancy of resources while increasing the repair rate.When the link fault suddenly occurs,it redirects the affected traffic to the available links in the candidate set by changing the traffic splitting-rate of the substrate path.We design the dynamical path splitting algorithm to solve the link fault redirect problem effectively,maximizing the residual value of the underlying substrate network resources.The simulation experiment verifies the proposed algorithm from two aspects:one is the adaptability under different substrate network environments and the other is the validity under different fault models.In addition,we also make a preliminary explore to the appropriate value of the main proportion for the impact of our proposed backup and recovery mechanism.
Considering the fault problem of security service chain(SSC)in a network function virtualization(NFV)environment,this paper proposes a backup and recovery mechanism for SSC based on proportional resource reservation.According to the proactive processing idea,it divides the resource proportionally in a substrate network and constructs a candidate set for each substrate node/link beforehand.When the node fault suddenly occurs,it chooses the fault recovery targets in the candidate set and allocates the reserved backup resources.It solves the node fault remapping problem immediately by using the improved discrete particle swarm optimization(DPSO)algorithm,decreasing the occupancy of resources while increasing the repair rate.When the link fault suddenly occurs,it redirects the affected traffic to the available links in the candidate set by changing the traffic splitting-rate of the substrate path.We design the dynamical path splitting algorithm to solve the link fault redirect problem effectively,maximizing the residual value of the underlying substrate network resources.The simulation experiment verifies the proposed algorithm from two aspects:one is the adaptability under different substrate network environments and the other is the validity under different fault models.In addition,we also make a preliminary explore to the appropriate value of the main proportion for the impact of our proposed backup and recovery mechanism.
引文
[1]Paul S,Pan J L,Jain R.Architectures for the future networks and next generation Internet:A survey[J].Computer Communications,2011,34(1):2-42
[2]Quinn P,Guichard J,Yadav N.Network Service Chaining Problem Statement,RFC 7498[S].Fremont,CA:IETF,2015
[3]Huang Tao,Liu Jiang,Huo Ru,et al.Survey of research on future network architectures[J].Journal on Communications,2014,35(8):184-197(in Chinese)(黄韬,刘江,霍如,等.未来网络体系架构研究综述[J].通信学报,2014,35(8):184-197)
[4]Lantz B,Heller B,Mckeown N.A network in a laptop:Rapid prototyping for software-defined networks[C]//Proc of the 9th ACM SIGCOMM Workshop on Hot Topics.New York:ACM,2010:1-6
[5]Chiosi M,Clarke D,Willis P,et al.Network functions virtualization-introductory white paper[OL].[2017-06-22].https://portal.etsi.org/nfv/nfv whitepaper.pdf
[6]Jeff W.Delivering Security Virtually Everywhere with SDN and NFV:IHS INFONETICS White Paper[OL].[2017-04-28].http://www.juniper.net/assets/fr/fr/local/pdf/analystreports/2000602-en.pdf
[7]Lee W,Choi Y H,Kim N.Study on virtual service chain for secure software-defined networking[OL].[2017-11-12].http://onlinepresent.org/proceedings/vol29_2013/36.pdf
[8]Shin S,Porras P,Yegneswaran V,et al.FRESCO:Modular composable security services for software-defined networks[C]//Proc of the 20th Annual Network and Distributed System Security Symp.San Diego:Internet Society,2013:32-48
[9]Ocampo A F,Gil-Herrera J,Isolani P H,et al.Optimal service function chain composition in network functions virtualization[C]//Proc of the 11th Int Conf on Autonomous Infrastructure,Management and Security.Berlin:Springer,2017:62-76
[10]Gill P,Jain N,Nagappan N.Understanding network failures in data centers:Measurement,analysis,and implications[J].ACM SIGCOMM Computer Communication Review,2011,41(4):350-361
[11]Hwang J,Ramakrishnan K K,Wood T.NetVM:High performance and flexible networking using virtualization on commodity platforms[J].IEEE Trans on Network and Service Management,2015,12(1):34-47
[12]Martins J,Ahmed M,Raiciu C,et al.Enabling fast,dynamic network processing with clickOS[C]//Proc of the2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking.New York:ACM,2013:67-72
[13]Zhang Wei,Liu Guyue,Zhang Wenhui,et al.OpenNetVM:A platform for high performance network service chains[C]//Proc of the 2016 Workshop on Hot Topics in Middleboxes and Network Function Virtualization.New York:ACM,2016:26-31
[14]Dwaraki A,Wolf T.Adaptive service-chain routing for virtual network functions in software-defined networks[C]//Proc of the 2016 Workshop on Hot Topics in Middleboxes and Network Function Virtualization.New York:ACM,2016:32-37
[15]Xiong Gang,Hu Yuxiang,Lan Julong,et al.A mechanism for configurable network service chaining and its implementation[J].KSII Trans on Internet&Information Systems,2016,10(8):3701-3727
[16]Luizelli M C,Bays L R,Buriol L S,et al.Piecing together the NFV provisioning puzzle:Efficient placement and chaining of virtual network functions[C]//Proc of the 12th Int Symp on Integrated Network Management.Piscataway,NJ:IEEE,2015:98-106
[17]Riera J F,Hesselbach X,Escalona E,et al.On the complex scheduling formulation of virtual network functions over optical networks[C]//Proc of Int Conf on Transparent Optical Networks.Piscataway,NJ:IEEE,2014:1-5
[18]Jordi F R,Eduard E,Josep B,et al.Virtual network function scheduling:Concept and challenges[C]//Proc of the2nd Int Conf on Smart Communications in Network Technologies.Piscataway,NJ:IEEE,2014:1-5
[19]Mijumbi R,Serrat J,Gorricho J L,et al.Design and evaluation of algorithms for mapping and scheduling of virtual network functions[C]//Proc of the 2015 Int Conf on Network Softwarization.Piscataway,NJ:IEEE,2015:1-9
[20]Nguyen V C,Kim Y H.A failover mechanism for service function chain[C]//Proc of the 2017Symp of the Korean Institute of Communications and Information Sciences.Seoul,Korean:SoongSil University Press,2017:1145-1146
[21]Suh D,Baek H,Jang S,et al.Distributed service function failover mechanism in service function chaining[C]//Proc of the 2017Int Conf on Information Networking.Piscataway,NJ:IEEE,2017:148-150
[22]Lee S I,Shin M K.A self-recovery scheme for service function chaining[C]//Proc of the 2015 Int Conf on Information and Communication Technology Convergence.Piscataway,NJ:IEEE,2015:108-112
[23]Sato Y.IEC/JIS standard-functional safety of electrical/electronic/programmable electronic safety-related systems[C]//Proc of the 1999 General Conf on Electronics,Information and Communication Engineers.London:Oxford University Press,1999:567-568
[24]Xiao Ailing,Wang Ying,Meng Luoming,et al.Virtual network embedding approach to survive multiple node failures[J].Journal on Communications,2015,36(4):81-88(in Chinese)(肖蔼玲,王颖,孟洛明,等.面向多节点故障的生存性虚拟网络映射方法[J].通信学报,2015,36(4):81-88)
[25]Zheng Jinhua,Jiang Hao,Kuang Da,et al.An approach of constructing multi-objective Pareto optimal solutions using arena's principle[J].Journal of Software,2007,18(6):1287-1297(in Chinese)(郑金华,蒋浩,邝达,等.用擂台赛法则构造多目标Pareto最优解集的方法[J].软件学报,2007,18(6):1287-1297)
[26]Zhang Changsheng,Sun Jigui,OuYang Dantong.A selfadaptive discrete particle swarm optimization algorithm[J].Acta Electronica Sinica,2009,37(2):299-304(in Chinese)(张长胜,孙吉贵,欧阳丹彤.一种自适应离散粒子群算法及其应用研究[J].电子学报,2009,37(2):299-304)
[27]Hu Wang,Yen G G,Zhang Xin.Multi-objective particle swarm optimization based on Pareto entropy[J].Journal of Software,2014,25(5):1025-1050(in Chinese)(胡旺,Yen G G,张鑫.基于Pareto熵的多目标粒子群优化算法[J].软件学报,2014,25(5):1025-1050)
[28]Calvert K L,Doar M B,Zegura E W.Modeling Internet topology[J].IEEE Communications Magazine,1997,35(6):160-163
[2]Quinn P,Guichard J,Yadav N.Network Service Chaining Problem Statement,RFC 7498[S].Fremont,CA:IETF,2015
[3]Huang Tao,Liu Jiang,Huo Ru,et al.Survey of research on future network architectures[J].Journal on Communications,2014,35(8):184-197(in Chinese)(黄韬,刘江,霍如,等.未来网络体系架构研究综述[J].通信学报,2014,35(8):184-197)
[4]Lantz B,Heller B,Mckeown N.A network in a laptop:Rapid prototyping for software-defined networks[C]//Proc of the 9th ACM SIGCOMM Workshop on Hot Topics.New York:ACM,2010:1-6
[5]Chiosi M,Clarke D,Willis P,et al.Network functions virtualization-introductory white paper[OL].[2017-06-22].https://portal.etsi.org/nfv/nfv whitepaper.pdf
[6]Jeff W.Delivering Security Virtually Everywhere with SDN and NFV:IHS INFONETICS White Paper[OL].[2017-04-28].http://www.juniper.net/assets/fr/fr/local/pdf/analystreports/2000602-en.pdf
[7]Lee W,Choi Y H,Kim N.Study on virtual service chain for secure software-defined networking[OL].[2017-11-12].http://onlinepresent.org/proceedings/vol29_2013/36.pdf
[8]Shin S,Porras P,Yegneswaran V,et al.FRESCO:Modular composable security services for software-defined networks[C]//Proc of the 20th Annual Network and Distributed System Security Symp.San Diego:Internet Society,2013:32-48
[9]Ocampo A F,Gil-Herrera J,Isolani P H,et al.Optimal service function chain composition in network functions virtualization[C]//Proc of the 11th Int Conf on Autonomous Infrastructure,Management and Security.Berlin:Springer,2017:62-76
[10]Gill P,Jain N,Nagappan N.Understanding network failures in data centers:Measurement,analysis,and implications[J].ACM SIGCOMM Computer Communication Review,2011,41(4):350-361
[11]Hwang J,Ramakrishnan K K,Wood T.NetVM:High performance and flexible networking using virtualization on commodity platforms[J].IEEE Trans on Network and Service Management,2015,12(1):34-47
[12]Martins J,Ahmed M,Raiciu C,et al.Enabling fast,dynamic network processing with clickOS[C]//Proc of the2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking.New York:ACM,2013:67-72
[13]Zhang Wei,Liu Guyue,Zhang Wenhui,et al.OpenNetVM:A platform for high performance network service chains[C]//Proc of the 2016 Workshop on Hot Topics in Middleboxes and Network Function Virtualization.New York:ACM,2016:26-31
[14]Dwaraki A,Wolf T.Adaptive service-chain routing for virtual network functions in software-defined networks[C]//Proc of the 2016 Workshop on Hot Topics in Middleboxes and Network Function Virtualization.New York:ACM,2016:32-37
[15]Xiong Gang,Hu Yuxiang,Lan Julong,et al.A mechanism for configurable network service chaining and its implementation[J].KSII Trans on Internet&Information Systems,2016,10(8):3701-3727
[16]Luizelli M C,Bays L R,Buriol L S,et al.Piecing together the NFV provisioning puzzle:Efficient placement and chaining of virtual network functions[C]//Proc of the 12th Int Symp on Integrated Network Management.Piscataway,NJ:IEEE,2015:98-106
[17]Riera J F,Hesselbach X,Escalona E,et al.On the complex scheduling formulation of virtual network functions over optical networks[C]//Proc of Int Conf on Transparent Optical Networks.Piscataway,NJ:IEEE,2014:1-5
[18]Jordi F R,Eduard E,Josep B,et al.Virtual network function scheduling:Concept and challenges[C]//Proc of the2nd Int Conf on Smart Communications in Network Technologies.Piscataway,NJ:IEEE,2014:1-5
[19]Mijumbi R,Serrat J,Gorricho J L,et al.Design and evaluation of algorithms for mapping and scheduling of virtual network functions[C]//Proc of the 2015 Int Conf on Network Softwarization.Piscataway,NJ:IEEE,2015:1-9
[20]Nguyen V C,Kim Y H.A failover mechanism for service function chain[C]//Proc of the 2017Symp of the Korean Institute of Communications and Information Sciences.Seoul,Korean:SoongSil University Press,2017:1145-1146
[21]Suh D,Baek H,Jang S,et al.Distributed service function failover mechanism in service function chaining[C]//Proc of the 2017Int Conf on Information Networking.Piscataway,NJ:IEEE,2017:148-150
[22]Lee S I,Shin M K.A self-recovery scheme for service function chaining[C]//Proc of the 2015 Int Conf on Information and Communication Technology Convergence.Piscataway,NJ:IEEE,2015:108-112
[23]Sato Y.IEC/JIS standard-functional safety of electrical/electronic/programmable electronic safety-related systems[C]//Proc of the 1999 General Conf on Electronics,Information and Communication Engineers.London:Oxford University Press,1999:567-568
[24]Xiao Ailing,Wang Ying,Meng Luoming,et al.Virtual network embedding approach to survive multiple node failures[J].Journal on Communications,2015,36(4):81-88(in Chinese)(肖蔼玲,王颖,孟洛明,等.面向多节点故障的生存性虚拟网络映射方法[J].通信学报,2015,36(4):81-88)
[25]Zheng Jinhua,Jiang Hao,Kuang Da,et al.An approach of constructing multi-objective Pareto optimal solutions using arena's principle[J].Journal of Software,2007,18(6):1287-1297(in Chinese)(郑金华,蒋浩,邝达,等.用擂台赛法则构造多目标Pareto最优解集的方法[J].软件学报,2007,18(6):1287-1297)
[26]Zhang Changsheng,Sun Jigui,OuYang Dantong.A selfadaptive discrete particle swarm optimization algorithm[J].Acta Electronica Sinica,2009,37(2):299-304(in Chinese)(张长胜,孙吉贵,欧阳丹彤.一种自适应离散粒子群算法及其应用研究[J].电子学报,2009,37(2):299-304)
[27]Hu Wang,Yen G G,Zhang Xin.Multi-objective particle swarm optimization based on Pareto entropy[J].Journal of Software,2014,25(5):1025-1050(in Chinese)(胡旺,Yen G G,张鑫.基于Pareto熵的多目标粒子群优化算法[J].软件学报,2014,25(5):1025-1050)
[28]Calvert K L,Doar M B,Zegura E W.Modeling Internet topology[J].IEEE Communications Magazine,1997,35(6):160-163