دانلود رایگان مقاله مجموعه ابزارها برای تعبیه شبکه مجازی و فوریتی در بسترهای OpenFlow مبتنی بر SDN

abstract

Network virtualization has become increasingly popular in recent years. It has the potential to allow timely handling of network infrastructure requests and, after instantiated, their lifecycle. In addition, it enables improved physical resource utilization. However, the use of network virtualization in large-scale, real environments depends on the ability to adequately map virtual routers and links to physical resources, as well as to protect virtual networks against security threats. With respect to security, mechanisms supporting confidentiality and privacy have become essential in light of recent discoveries related to pervasive electronic surveillance. In this paper we propose a set of tools to efficiently embed virtual networks with privacy support and to allow their real instantiation on top of SDN/OpenFlow-based substrates. This toolset unfolds into three main contributions: (a) an exact VNE model suitable for smaller networks, which also serves the purpose of determining an optimality baseline; (b) a heuristic VNE algorithm, which features precise modeling of overhead costs of security mechanisms and handles incoming requests in an online manner; and (c) a VNE to SDN/OpenFlow translation mechanism, which takes as input the outcome of the heuristic VNE algorithm and produces a set of coherent OpenFlow rules to guide the real instantiation of the mapped virtual networks. We present a detailed performance comparison between the proposed heuristic and the optimization model. The obtained results demonstrate that the heuristic algorithm is able to find feasible mappings in the order of seconds even when dealing with large network infrastructures. Finally, we demonstrate how mappings generated by our heuristic VNE algorithm may be implemented in practice as well as assess the technical feasibility of this process.

6. Conclusions

Reconciling efficient resource mapping and satisfaction of security requirements is of paramount importance for the use of network virtualization in real environments. In this paper, we presented both an ILP-based and a heuristic online virtual network embedding algorithm featuring precise modeling of overhead costs of security mechanisms. We reported a detailed evaluation, comparing the performance of the heuristic approach and the ILP model according to a number of metrics. Further, we presented and evaluated a mechanism for deploying virtual networks on top of SDN/OpenFlow infrastructures using the mappings produced by our approaches. Our solution allows security mechanisms to be embedded in a manner that is transparent to users, with ample support for various applications. While virtual network requesters are free to employ additional security mechanisms, this ensures that any network application will meet a minimum desired level of protection, in line with recent challenges related to privacy and trust. Our experiments have shown that the ILP model is able to find optimal solutions in the order of seconds when considering physical networks with up to a hundred routers. However, as it is modeled to solve an NP Hard problem, it does not scale to larger network sizes. Experiments performed with this model revealed that after increasing the physical network size to 500 routers, several hours were needed to map individual virtual network requests. In contrast, the proposed heuristic algorithm is able to find feasible mappings for environments using such large networks while remaining in the order of minutes. The heuristic algorithm leads to high quality mappings, keeping low the gap between solutions produced by the heuristic approach and the ILP-based one while retaining the ability to scale to large network sizes. Additionally,the heuristic algorithm is flexible, allowing parameterizations that lead to more precise mappings if so desired, at the cost of possibly elevating solution times to the order of a few hours. To summarize, while the ILP model is capable of optimally embedding virtual networks on smaller physical infrastructures, the heuristic algorithm is better suited for larger substrate networks, being able to map virtual network requests in a timely manner.