网络功能虚拟化技术研究进展
|
摘要
企业通常部署各种网络功能设备来实现企业网络所需的网络功能.例如,防火墙和入侵检测系统可以加强企业网络的安全性;缓存代理和广域网优化器可以提升企业网络的性能.然而,企业部署、更新和维护网络功能设备需要大量开销.不同网络功能设备之间的差异使得企业需要庞大的专业团队来管理网络设备.物理设备固定的位置和处理能力使得企业网络无法有效解决网络拥塞带来的设备失效问题.随着企业网络规模的增长,网络功能设备管理、维护和更新产生的开销急剧上升.面对日益增长的网络功能设备运维开销和管理难度,网络功能虚拟化(Network Function Virtualization,NFV)技术提出将网络功能和物理硬件设备解耦,通过在通用商用服务器上部署和管理网络功能,为企业降低了网络设备管理难度,减少了网络功能设备开销,提供了灵活的网络服务部署策略,例如,动态回收/扩展.尽管NFV技术能为企业带来便捷和利益,但是实现一个实用而高效的NFV系统存在很多挑战.针对NFV系统实现中存在的问题和挑战,学术界和工业界已投入大量精力对NFV技术进行研究和尝试.该文首先介绍欧洲电信标准协会制定的NFV技术标准结构,并根据其分类总结NFV系统实现中存在的问题和挑战,将当前研究成果分为网络功能虚拟化、网络功能虚拟化设施和管理、网络编排三个部分.软件定义网络(Software Defined Network,SDN)和NFV技术可以相互弥补促进,该文对其之间的关系进行了研究.然后,该文着重从虚拟化网络功能(Virtual Network Function,VNF)构建及运行环境优化、NFV管理系统设计及优化、策略实施与验证、资源分配和迁移策略、NFV负载均衡和状态管理技术、NFV架构中的安全问题几个方面来深入分析NFV技术当前的学术研究成果.最后介绍了NFV技术在云计算、移动通讯以及家庭网络中的应用场景实例,同时对NFV技术进行总结并展望未来研究发展方向.
Various middleboxes have been deployed to enable diversified functionalities in enterprise networks.For example,Firewalls and Intrusion Detection Systems are used to enhance the security of the network,and Cache Proxies and WAN Optimizations are used to improve the performance of the enterprise networks.However,it is painful for enterprises to deploy,update,or maintain such physical devices in their enterprise networks.Moreover,because of the discrepancybetween network function devices of the different manufacturers,enterprises need to hire large management teams with extensive knowledge to manage the network functions devices.Because of the fixed location and network traffic process capacity of the hardware network function devices,the network traffic congestion always causes the failure of the network functions.The overhead of middlebox management,maintenance and update increase significantly as enterprise networks grow.Fortunately,the emerging Network Function Virtualization(NFV)technology can address these issues by decoupling the physical network equipment from the network functions that run on them.With the NFV technology,an enterprise can efficiently reduce complicated network function management and the cost of deploying network function equipment by deploying network functions in commercial servers.It can also enable flexible service deployment strategies for the enterprises,e.g.,dynamically scale in/out.Although NFV can bring significant benefits to enterprises,there are still many challenges in developing practical and efficient NFV.In order to solve such problems,researchers in academia and industry have devoted to the study of the NFV technology.This paper presents the first systematic study of the literature of the NFV technology.Firstly,we review the standard architecture of NFV established by the European Telecom Standards Institute Industry Specification Group for NFV(ETSI ISG NFV).We classify and summarize the problems and challenges in the developing of NFV systems based on the standard architecture of NFV.The study can be classified into the following three categories:Network Function Virtualization,Network Function Virtualization Infrastructure(NFVI),and Management And Network Orchestration(MANO).Furthermore,Software Defined Network(SDN)is a new type of network architecture which are designed to achieve flexible and intelligent network traffic control by decoupling the control plane and data plane of network devices,NFV and SDN can complement each other in various aspects,we study the relationship between the NFV and SDN.Secondly,we systematically study building blocks of NFV,i.e.,virtual network function(VNF)construction,and the running environment optimization in NFV,the design of NFV management system and its optimization,policy enforcement and verification,resource allocation and migration,load balance and state management technology,and NFV security.Thirdly,the NFV technology has been deployed in different kinds of industry fields,we show the practical deployment issues of NFV by discussing the application scenario cases of NFV,e.g.in cloud computing,mobile communication,and home network.Finally,we summarize the advantages and shortcomings of NFV by comparing the NFV technology and classical physical network function devices and present the future research directions of the NFV technology from six aspects based on the standard architecture of ETSI NFV.
Various middleboxes have been deployed to enable diversified functionalities in enterprise networks.For example,Firewalls and Intrusion Detection Systems are used to enhance the security of the network,and Cache Proxies and WAN Optimizations are used to improve the performance of the enterprise networks.However,it is painful for enterprises to deploy,update,or maintain such physical devices in their enterprise networks.Moreover,because of the discrepancybetween network function devices of the different manufacturers,enterprises need to hire large management teams with extensive knowledge to manage the network functions devices.Because of the fixed location and network traffic process capacity of the hardware network function devices,the network traffic congestion always causes the failure of the network functions.The overhead of middlebox management,maintenance and update increase significantly as enterprise networks grow.Fortunately,the emerging Network Function Virtualization(NFV)technology can address these issues by decoupling the physical network equipment from the network functions that run on them.With the NFV technology,an enterprise can efficiently reduce complicated network function management and the cost of deploying network function equipment by deploying network functions in commercial servers.It can also enable flexible service deployment strategies for the enterprises,e.g.,dynamically scale in/out.Although NFV can bring significant benefits to enterprises,there are still many challenges in developing practical and efficient NFV.In order to solve such problems,researchers in academia and industry have devoted to the study of the NFV technology.This paper presents the first systematic study of the literature of the NFV technology.Firstly,we review the standard architecture of NFV established by the European Telecom Standards Institute Industry Specification Group for NFV(ETSI ISG NFV).We classify and summarize the problems and challenges in the developing of NFV systems based on the standard architecture of NFV.The study can be classified into the following three categories:Network Function Virtualization,Network Function Virtualization Infrastructure(NFVI),and Management And Network Orchestration(MANO).Furthermore,Software Defined Network(SDN)is a new type of network architecture which are designed to achieve flexible and intelligent network traffic control by decoupling the control plane and data plane of network devices,NFV and SDN can complement each other in various aspects,we study the relationship between the NFV and SDN.Secondly,we systematically study building blocks of NFV,i.e.,virtual network function(VNF)construction,and the running environment optimization in NFV,the design of NFV management system and its optimization,policy enforcement and verification,resource allocation and migration,load balance and state management technology,and NFV security.Thirdly,the NFV technology has been deployed in different kinds of industry fields,we show the practical deployment issues of NFV by discussing the application scenario cases of NFV,e.g.in cloud computing,mobile communication,and home network.Finally,we summarize the advantages and shortcomings of NFV by comparing the NFV technology and classical physical network function devices and present the future research directions of the NFV technology from six aspects based on the standard architecture of ETSI NFV.
引文
[1]Sherry J,Hasan S,Scott C,et al.Making middleboxes someone else’s problem:Network processing as a cloud service.ACM SIGCOMM Computer Communication Review,2012,42(4):13-24
[2]Guerzoni R.Network functions virtualisation:An introduction,benefits,enablers,challenges and call for action,introductory white paper//Proceedings of the SDN and OpenFlow World Congress.Darmstadt,Germany,2012:5-7
[3]Mijumbi R,Serrat Fernndez J,Gorricho Moreno J L.Self-managed resources in network virtualisation environments//Proceedings of the 2015IFIP/IEEE International Symposium on Integrated Network Management.Ottawa,Canada,2015:1099-1106
[4]Kreutz D,Ramos F M V,Verissimo P E,et al.Softwaredefined networking:A comprehensive survey.Proceedings of the IEEE,2015,103(1):14-76
[5]Bifulco R,Canonico R,Brunner M,et al.A practical experience in designing an OpenFlow controller//Proceedings of the2012European Workshop on Software Defined Networking Software Defined Networking(EWSDN).Darmstadt,Germany,2012:61-66
[6]Hawilo H,Shami A,Mirahmadi M,et al.NFV:State of the art,challenges,and implementation in next generation mobile networks(vEPC).IEEE Network,2014,28(6):18-26
[7]Drutskoy D,Keller E,Rexford J.Scalable network virtualization in software-defined networks.IEEE Internet Computing,2013,17(2):20-27
[8]McKeown N,Anderson T,Balakrishnan H,et al.OpenFlow:Enabling innovation in campus networks.ACM SIGCOMMComputer Communication Review,2008,38(2):69-74
[9]Martins J,Ahmed M,Raiciu C,et al.ClickOS and the art of network function virtualization//Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation.Seattle,USA,2014:459-473
[10]Panda A,Han S,Jang K,et al.NetBricks:Taking the Vout of NFV//Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation(OSDI),Savannah,USA,2016:203-216
[11]Kohler E,Morris R,Chen B,et al.The Click modular router.ACM Transactions on Computer Systems,2000,18(3):263-297
[12]Rizzo L,Lettieri G.Vale,a switched Ethernet for virtual machines//Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies.Nice,France,2012:61-72
[13]Lattner C,Adve V.LLVM:A compilation framework for lifelong program analysis&transformation//Proceedings of the International Symposium on Code Generation and Optimization:Feedback-Directed and Runtime Optimization.Palo Alto,USA 2004:75-86
[14]Gordon C S,Parkinson M J,Parsons J,et al.Uniqueness and reference immutability for safe parallelism.Association for Computing Machinery’s Special Interest Group on Programming Languages Notices,2012,47(10):21-40
[15]Palkar S,Lan C,Han S,et al.E2:A framework for NFVapplications//Proceedings of the 25th Symposium on Operating Systems Principles.Monterey,USA,2015:121-136
[16]Han S,Jang K,Panda A,et al.SoftNIC:A software NICto augment hardware.Electrical Engineering and Computer Science Department,University of California,Berkeley,CA,USA:Technology Report:UCB/EECS-2015-155,2015
[17]Kernighan B W,Lin S.An efficient heuristic procedure for partitioning graphs.The Bell System Technical Journal,1970,49(2):291-307
[18]Sekar V,Egi N,Ratnasamy S,et al.Design and implementation of a consolidated middlebox architecture//Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation.Vancouver,Canada,2012:24-24
[19]Bremler-Barr A,Harchol Y,Hay D.OpenBox:A softwaredefined framework for developing,deploying,and managing network functions//Proceedings of the Conference of the ACM Special Interest Group on Data Communication.Salvador,Brazil,2016:511-524
[20]Sun C,Bi J,Zheng Z,et al.NFP:Enabling network function parallelism in NFV//Proceedings of the Conference of the ACM Special Interest Group on Data Communication.Los Angeles,USA,2017:43-56
[21]Fayazbakhsh S K,Chiang L,Sekar V,et al.Enforcing network-wide policies in the presence of dynamic middlebox actions using FlowTags//Proceedings of the 9th USENIXConference on Networked Systems Design and Implementation.Seattle,USA,2014:533-546
[22]Gember A,Krishnamurthy A,John S S,et al.Stratos:Anetwork-aware orchestration layer for virtual middleboxes in clouds.arXiv preprint,2013,1305(0209):1-13
[23]Panda A,Lahav O,Argyraki K,et al.Verifying isolation properties in the presence of middleboxes.Archive(arXiv),2014,1409(7687):1-12
[24]Ying Z,Wu W,Banerjee S,et al.SLA-Verifier:Stateful and quantitative verification for service chaining//Proceedings of the IEEE International Conference on Computer Communication.Atlanta,USA,2017:328-341
[25]Fayaz S K,Yu T,Tobioka Y,et al.Buzz:Testing contextdependent policies in stateful networks//Proceedings of the13th USENIX Symposium on Networked Systems Design and Implementation(NSDI 16).Boston,USA,2016:275-289
[26]Mehraghdam S,Keller M,Karl H.Specifying and placing chains of virtual network functions//Proceedings of the Cloud Networking(CloudNet).Luxembourg,The Grand Duchy of Luxembourg,2014:7-13
[27]Basta A,Kellerer W,Hoffmann M,et al.Applying NFVand SDN to LTE mobile core gateways,the functions placement problem//Proceedings of the 4th Workshop on All Things Cellular:Operations,Applications,&Challenges.Chicago,USA,2014:33-38
[28]Luizelli M C,Bays L R,Buriol L S,et al.Piecing together the NFV provisioning puzzle:Efficient placement and chaining of virtual network functions//Proceedings of the 2015IFIP/IEEE International Symposium on Integrated Network Management(IM).Ottawa,Canada,2015:98-106
[29]Riggio R,Bradai A,Rasheed T,et al.Virtual network functions orchestration in wireless networks//Proceedings of the 2015 11th International Conference on Network and Service Management.Barcelona,Spain,2015:108-116
[30]Amaldi E,Coniglio S,Koster A M C A,et al.On the computational complexity of the virtual network embedding problem.Electronic Notes in Discrete Mathematics,2016,52:213-220
[31]Moens H,De Turck F.VNF-P:A model for efficient placement of virtualized network functions//Proceedings of the 10th International Conference on Network and Service Management(CNSM).Rio de Janeiro,Brazil,2014:418-423
[32]Riggio R,Rasheed T,Narayanan R.Virtual network functions orchestration in enterprise WLANs//Proceedings of the 2015IFIP/IEEE International Symposium on Integrated Network Management(IM).Ottawa,Canada,2015:1220-1225
[33]Ma W,Sandoval O,Beltran J,et al.Traffic aware placement of interdependent NFV middleboxes//Proceedings of the IEEE International Conference on Computer Communication.Atlanta,USA,2017:631-645
[34]Mijumbi R,Serrat Fernndez J,Gorricho Moreno J L,et al.Design and evaluation of algorithms for mapping and scheduling of virtual network functions//Proceedings of the2015 1st IEEE Conference on Network Softwarization(NetSoft).Bologna,Italy,2015:1-9
[35]Fayaz S K,Tobioka Y,Sekar V,et al.Bohatei:Flexible and elastic DDoS defense//Proceedings of the USENIXSecurity Symposium.Washington DC,USA,2015:817-832
[36]Rajagopalan S,Williams D,Jamjoom H,et al.Split/Merge:System support for elastic execution in virtual middleboxes//Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation(NSDI 13).Lombard,IL,2013:227-240
[37]Gember-Jacobson A,Viswanathan R,Prakash C,et al.OpenNF:Enabling innovation in network function control.ACM SIGCOMM Computer Communication Review,2015,44(4):163-174
[38]Khalid J,Gember-Jacobson A,Michael R,et al.Paving the way for NFV:Simplifying middlebox modifications using StateAlyzr//Proceedings of the 13th USENIX Symposium on Networked Systems Design and Implementation(NSDI 16).Boston,USA,2016:239-253
[39]Deng J,Li H,Hu H,et al.On the safety and efficiency of virtual firewall elasticity control//Proceedings of the 24th Network and Distributed System Security Symposium(NDSS’17).San Diego,USA,2017:235-248
[40]Gill P,Jain N,Nagappan N.Understanding network failures in data centers:measurement,analysis,and implications//Proceedings of the ACM Special Interest Group on Data Communication(SIGCOMM).Toronto,Canada,2011:350-361
[41]Sherry J,Gao P X,Basu S,et al.Rollback-recovery for middleboxes.ACM SIGCOMM Computer Communication Review,2015,45(4):227-240
[42]Horwitz S,Reps T,Binkley D.Interprocedural slicing using dependence graphs.ACM Transactions on Programming Languages and Systems,1990,12(1):26-60
[43]Andersen L O.Program Analysis and Specialization for the CProgramming Language[Ph.D.dissertation].University of Copenhagen,Copenhagen,Denmark,1994
[44]Steensgaard B.Points-to analysis in almost linear time//Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages.St.Petersburg Beach,USA,1996:32-41
[45]Yuan X,Duan H,Wang C.Bringing execution assurances of pattern matching in outsourced middleboxes//Proceedings of the 2016IEEE 24th International Conference on Network Protocols.Singapore,2016:1-10
[46]Zhang X,Li Q,Wu J,et al.Generic and agile service function chain verification on cloud//Proceedings of the 2017IEEE/ACM 25th International Symposium on Quality of Service(IWQoS).Barcelona,Spain,2017:1-10
[47]Sherry J,Lan C,Popa R A,et al.Blindbox:Deep packet inspection over encrypted traffic.ACM SIGCOMM Computer Communication Review.2015,45(4):213-226
[48]Lan C,Sherry J,Popa R A,et al.Embark:Securely outsourcing middleboxes to the cloud//Proceedings of the13th USENIX Symposium on Networked Systems Design and Implementation(NSDI 16).Santa Clara,USA,2016:255-273
[49]Shih M W,Kumar M,Kim T,et al.S-NFV:Securing NFVstates by using SGX//Proceedings of the 2016ACM International Workshop on Security in Software Defined Networks&Network Function Virtualization.New Orleans,USA,2016:45-48
[50]Coughlin M,Keller E,Wustrow E.Trusted click:Overcoming security issues of NFV in the cloud//Proceedings of the ACMInternational Workshop on Security in Software Defined Networks&Network Function Virtualization.Scottsdale,USA,2017:31-36
[51]Han J,Kim S,Ha J,et al.SGX-Box:Enabling visibility on encrypted traffic using a secure middlebox module//Proceedings of the 1st Asia-Pacific Workshop on Networking.Hong Kong,China,2017:99-105
[52]Duan H,Yuan X,Wang C.LightBox:SGX-assisted secure network functions at near-native speed.Archive(arXiv).2017,1706(06261):0-10
[53]Golle P,Mironov I.Uncheatable distributed computations//Proceedings of the Cryptographers’Track at the RSAConference.Berlin,Germany,2001:425-440
[54]Hoekstra M,Lal R,Pappachan P,et al.Using innovative instructions to create trustworthy software solutions//Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.Tel-Aviv,Israel,2013:11-19
[55]McKeen F,Alexandrovich I,Berenzon A,et al.Innovative instructions and software model for isolated execution//Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.Tel-Aviv,Israel,2013:20-28
[56]Anati I,Gueron S,Johnson S,et al.Innovative technology for CPU based attestation and sealing//Proceedings of the2nd International Workshop on Hardware and Architectural Support for Security and Privacy.Tel-Aviv,Israel,2013,40-51
[57]Armbrust M,Fox A,Griffith R,et al.A view of cloud computing.Communications of the ACM,2010,53(4):50-58
[58]Kumar S,Tufail M,Majee S,et al.Service function chaining use cases in data centers.Internet Engineering Task Force Service Function Chain Work Group,2015,1(1):1-18
[59]Yang M,Liy Y,Jiny D,et al.OpenRAN:A software-defined RAN architecture via virtualization.ACM SIGCOMM Computer Communication Review,2013,43(4):549-550
[60]Yang M,Li Y,Hu L,et al.Cross-layer software-defined5G network.Mobile Networks and Applications,2015,20(3):400-409
[61]Bhaumik S,Chandrabose S P,Jataprolu M K,et al.CloudIQ:A framework for processing base stations in a data center//Proceedings of the 18th Annual International Conference on Mobile Computing and Networking.Istanbul,Turkey,2012:125-136
[62]Yang M,Li Y,Jin D,et al.Software-defined and virtualized future mobile and wireless networks:A survey.Mobile Networks and Applications,2015,20(1):4-18
[63]Yang M,Li Y,Li B,et al.Service-oriented 5G network architecture:An end-to-end software defining approach.International Journal of Communication Systems,2016,29(10):1645-1657
[64]Wang G,Ng T S E.The impact of virtualization on network performance of amazon EC2data center//Proceedings of the IEEE International Conference on Computer Communication.San Diego,USA,2010:1-9
(1)NFV Architectural Framework.http://www.etsi.org/deliver/etsi_gs/nfv/001_099/002/01.01.01_60/gs_nfv002v010101p.pdf,2013,10
(1)Terminology for Main Concepts in NFV.http://www.etsi.org/deliver/etsi_gs/NFV/001_099/003/01.02.01_60/gs_NFV003v010201p.pdf 2014,12
[2]Guerzoni R.Network functions virtualisation:An introduction,benefits,enablers,challenges and call for action,introductory white paper//Proceedings of the SDN and OpenFlow World Congress.Darmstadt,Germany,2012:5-7
[3]Mijumbi R,Serrat Fernndez J,Gorricho Moreno J L.Self-managed resources in network virtualisation environments//Proceedings of the 2015IFIP/IEEE International Symposium on Integrated Network Management.Ottawa,Canada,2015:1099-1106
[4]Kreutz D,Ramos F M V,Verissimo P E,et al.Softwaredefined networking:A comprehensive survey.Proceedings of the IEEE,2015,103(1):14-76
[5]Bifulco R,Canonico R,Brunner M,et al.A practical experience in designing an OpenFlow controller//Proceedings of the2012European Workshop on Software Defined Networking Software Defined Networking(EWSDN).Darmstadt,Germany,2012:61-66
[6]Hawilo H,Shami A,Mirahmadi M,et al.NFV:State of the art,challenges,and implementation in next generation mobile networks(vEPC).IEEE Network,2014,28(6):18-26
[7]Drutskoy D,Keller E,Rexford J.Scalable network virtualization in software-defined networks.IEEE Internet Computing,2013,17(2):20-27
[8]McKeown N,Anderson T,Balakrishnan H,et al.OpenFlow:Enabling innovation in campus networks.ACM SIGCOMMComputer Communication Review,2008,38(2):69-74
[9]Martins J,Ahmed M,Raiciu C,et al.ClickOS and the art of network function virtualization//Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation.Seattle,USA,2014:459-473
[10]Panda A,Han S,Jang K,et al.NetBricks:Taking the Vout of NFV//Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation(OSDI),Savannah,USA,2016:203-216
[11]Kohler E,Morris R,Chen B,et al.The Click modular router.ACM Transactions on Computer Systems,2000,18(3):263-297
[12]Rizzo L,Lettieri G.Vale,a switched Ethernet for virtual machines//Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies.Nice,France,2012:61-72
[13]Lattner C,Adve V.LLVM:A compilation framework for lifelong program analysis&transformation//Proceedings of the International Symposium on Code Generation and Optimization:Feedback-Directed and Runtime Optimization.Palo Alto,USA 2004:75-86
[14]Gordon C S,Parkinson M J,Parsons J,et al.Uniqueness and reference immutability for safe parallelism.Association for Computing Machinery’s Special Interest Group on Programming Languages Notices,2012,47(10):21-40
[15]Palkar S,Lan C,Han S,et al.E2:A framework for NFVapplications//Proceedings of the 25th Symposium on Operating Systems Principles.Monterey,USA,2015:121-136
[16]Han S,Jang K,Panda A,et al.SoftNIC:A software NICto augment hardware.Electrical Engineering and Computer Science Department,University of California,Berkeley,CA,USA:Technology Report:UCB/EECS-2015-155,2015
[17]Kernighan B W,Lin S.An efficient heuristic procedure for partitioning graphs.The Bell System Technical Journal,1970,49(2):291-307
[18]Sekar V,Egi N,Ratnasamy S,et al.Design and implementation of a consolidated middlebox architecture//Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation.Vancouver,Canada,2012:24-24
[19]Bremler-Barr A,Harchol Y,Hay D.OpenBox:A softwaredefined framework for developing,deploying,and managing network functions//Proceedings of the Conference of the ACM Special Interest Group on Data Communication.Salvador,Brazil,2016:511-524
[20]Sun C,Bi J,Zheng Z,et al.NFP:Enabling network function parallelism in NFV//Proceedings of the Conference of the ACM Special Interest Group on Data Communication.Los Angeles,USA,2017:43-56
[21]Fayazbakhsh S K,Chiang L,Sekar V,et al.Enforcing network-wide policies in the presence of dynamic middlebox actions using FlowTags//Proceedings of the 9th USENIXConference on Networked Systems Design and Implementation.Seattle,USA,2014:533-546
[22]Gember A,Krishnamurthy A,John S S,et al.Stratos:Anetwork-aware orchestration layer for virtual middleboxes in clouds.arXiv preprint,2013,1305(0209):1-13
[23]Panda A,Lahav O,Argyraki K,et al.Verifying isolation properties in the presence of middleboxes.Archive(arXiv),2014,1409(7687):1-12
[24]Ying Z,Wu W,Banerjee S,et al.SLA-Verifier:Stateful and quantitative verification for service chaining//Proceedings of the IEEE International Conference on Computer Communication.Atlanta,USA,2017:328-341
[25]Fayaz S K,Yu T,Tobioka Y,et al.Buzz:Testing contextdependent policies in stateful networks//Proceedings of the13th USENIX Symposium on Networked Systems Design and Implementation(NSDI 16).Boston,USA,2016:275-289
[26]Mehraghdam S,Keller M,Karl H.Specifying and placing chains of virtual network functions//Proceedings of the Cloud Networking(CloudNet).Luxembourg,The Grand Duchy of Luxembourg,2014:7-13
[27]Basta A,Kellerer W,Hoffmann M,et al.Applying NFVand SDN to LTE mobile core gateways,the functions placement problem//Proceedings of the 4th Workshop on All Things Cellular:Operations,Applications,&Challenges.Chicago,USA,2014:33-38
[28]Luizelli M C,Bays L R,Buriol L S,et al.Piecing together the NFV provisioning puzzle:Efficient placement and chaining of virtual network functions//Proceedings of the 2015IFIP/IEEE International Symposium on Integrated Network Management(IM).Ottawa,Canada,2015:98-106
[29]Riggio R,Bradai A,Rasheed T,et al.Virtual network functions orchestration in wireless networks//Proceedings of the 2015 11th International Conference on Network and Service Management.Barcelona,Spain,2015:108-116
[30]Amaldi E,Coniglio S,Koster A M C A,et al.On the computational complexity of the virtual network embedding problem.Electronic Notes in Discrete Mathematics,2016,52:213-220
[31]Moens H,De Turck F.VNF-P:A model for efficient placement of virtualized network functions//Proceedings of the 10th International Conference on Network and Service Management(CNSM).Rio de Janeiro,Brazil,2014:418-423
[32]Riggio R,Rasheed T,Narayanan R.Virtual network functions orchestration in enterprise WLANs//Proceedings of the 2015IFIP/IEEE International Symposium on Integrated Network Management(IM).Ottawa,Canada,2015:1220-1225
[33]Ma W,Sandoval O,Beltran J,et al.Traffic aware placement of interdependent NFV middleboxes//Proceedings of the IEEE International Conference on Computer Communication.Atlanta,USA,2017:631-645
[34]Mijumbi R,Serrat Fernndez J,Gorricho Moreno J L,et al.Design and evaluation of algorithms for mapping and scheduling of virtual network functions//Proceedings of the2015 1st IEEE Conference on Network Softwarization(NetSoft).Bologna,Italy,2015:1-9
[35]Fayaz S K,Tobioka Y,Sekar V,et al.Bohatei:Flexible and elastic DDoS defense//Proceedings of the USENIXSecurity Symposium.Washington DC,USA,2015:817-832
[36]Rajagopalan S,Williams D,Jamjoom H,et al.Split/Merge:System support for elastic execution in virtual middleboxes//Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation(NSDI 13).Lombard,IL,2013:227-240
[37]Gember-Jacobson A,Viswanathan R,Prakash C,et al.OpenNF:Enabling innovation in network function control.ACM SIGCOMM Computer Communication Review,2015,44(4):163-174
[38]Khalid J,Gember-Jacobson A,Michael R,et al.Paving the way for NFV:Simplifying middlebox modifications using StateAlyzr//Proceedings of the 13th USENIX Symposium on Networked Systems Design and Implementation(NSDI 16).Boston,USA,2016:239-253
[39]Deng J,Li H,Hu H,et al.On the safety and efficiency of virtual firewall elasticity control//Proceedings of the 24th Network and Distributed System Security Symposium(NDSS’17).San Diego,USA,2017:235-248
[40]Gill P,Jain N,Nagappan N.Understanding network failures in data centers:measurement,analysis,and implications//Proceedings of the ACM Special Interest Group on Data Communication(SIGCOMM).Toronto,Canada,2011:350-361
[41]Sherry J,Gao P X,Basu S,et al.Rollback-recovery for middleboxes.ACM SIGCOMM Computer Communication Review,2015,45(4):227-240
[42]Horwitz S,Reps T,Binkley D.Interprocedural slicing using dependence graphs.ACM Transactions on Programming Languages and Systems,1990,12(1):26-60
[43]Andersen L O.Program Analysis and Specialization for the CProgramming Language[Ph.D.dissertation].University of Copenhagen,Copenhagen,Denmark,1994
[44]Steensgaard B.Points-to analysis in almost linear time//Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages.St.Petersburg Beach,USA,1996:32-41
[45]Yuan X,Duan H,Wang C.Bringing execution assurances of pattern matching in outsourced middleboxes//Proceedings of the 2016IEEE 24th International Conference on Network Protocols.Singapore,2016:1-10
[46]Zhang X,Li Q,Wu J,et al.Generic and agile service function chain verification on cloud//Proceedings of the 2017IEEE/ACM 25th International Symposium on Quality of Service(IWQoS).Barcelona,Spain,2017:1-10
[47]Sherry J,Lan C,Popa R A,et al.Blindbox:Deep packet inspection over encrypted traffic.ACM SIGCOMM Computer Communication Review.2015,45(4):213-226
[48]Lan C,Sherry J,Popa R A,et al.Embark:Securely outsourcing middleboxes to the cloud//Proceedings of the13th USENIX Symposium on Networked Systems Design and Implementation(NSDI 16).Santa Clara,USA,2016:255-273
[49]Shih M W,Kumar M,Kim T,et al.S-NFV:Securing NFVstates by using SGX//Proceedings of the 2016ACM International Workshop on Security in Software Defined Networks&Network Function Virtualization.New Orleans,USA,2016:45-48
[50]Coughlin M,Keller E,Wustrow E.Trusted click:Overcoming security issues of NFV in the cloud//Proceedings of the ACMInternational Workshop on Security in Software Defined Networks&Network Function Virtualization.Scottsdale,USA,2017:31-36
[51]Han J,Kim S,Ha J,et al.SGX-Box:Enabling visibility on encrypted traffic using a secure middlebox module//Proceedings of the 1st Asia-Pacific Workshop on Networking.Hong Kong,China,2017:99-105
[52]Duan H,Yuan X,Wang C.LightBox:SGX-assisted secure network functions at near-native speed.Archive(arXiv).2017,1706(06261):0-10
[53]Golle P,Mironov I.Uncheatable distributed computations//Proceedings of the Cryptographers’Track at the RSAConference.Berlin,Germany,2001:425-440
[54]Hoekstra M,Lal R,Pappachan P,et al.Using innovative instructions to create trustworthy software solutions//Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.Tel-Aviv,Israel,2013:11-19
[55]McKeen F,Alexandrovich I,Berenzon A,et al.Innovative instructions and software model for isolated execution//Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy.Tel-Aviv,Israel,2013:20-28
[56]Anati I,Gueron S,Johnson S,et al.Innovative technology for CPU based attestation and sealing//Proceedings of the2nd International Workshop on Hardware and Architectural Support for Security and Privacy.Tel-Aviv,Israel,2013,40-51
[57]Armbrust M,Fox A,Griffith R,et al.A view of cloud computing.Communications of the ACM,2010,53(4):50-58
[58]Kumar S,Tufail M,Majee S,et al.Service function chaining use cases in data centers.Internet Engineering Task Force Service Function Chain Work Group,2015,1(1):1-18
[59]Yang M,Liy Y,Jiny D,et al.OpenRAN:A software-defined RAN architecture via virtualization.ACM SIGCOMM Computer Communication Review,2013,43(4):549-550
[60]Yang M,Li Y,Hu L,et al.Cross-layer software-defined5G network.Mobile Networks and Applications,2015,20(3):400-409
[61]Bhaumik S,Chandrabose S P,Jataprolu M K,et al.CloudIQ:A framework for processing base stations in a data center//Proceedings of the 18th Annual International Conference on Mobile Computing and Networking.Istanbul,Turkey,2012:125-136
[62]Yang M,Li Y,Jin D,et al.Software-defined and virtualized future mobile and wireless networks:A survey.Mobile Networks and Applications,2015,20(1):4-18
[63]Yang M,Li Y,Li B,et al.Service-oriented 5G network architecture:An end-to-end software defining approach.International Journal of Communication Systems,2016,29(10):1645-1657
[64]Wang G,Ng T S E.The impact of virtualization on network performance of amazon EC2data center//Proceedings of the IEEE International Conference on Computer Communication.San Diego,USA,2010:1-9
(1)NFV Architectural Framework.http://www.etsi.org/deliver/etsi_gs/nfv/001_099/002/01.01.01_60/gs_nfv002v010101p.pdf,2013,10
(1)Terminology for Main Concepts in NFV.http://www.etsi.org/deliver/etsi_gs/NFV/001_099/003/01.02.01_60/gs_NFV003v010201p.pdf 2014,12