Abstract
An important and promising application for the network function virtualization (NFV) technology is in network security, where can dynamically and flexibly accomplish the chaining virtualized security network functions (VSNFs), e.g., network address translation, antispam and packet filter firewall, etc., and thus inspect, monitor or filter traffic flows in the cloud datacenter networks. However, the traffic flows addressed by the VSNFs mainly depend on the security service requirements from mobile users, such as the network security level, end-to-end latency, and security resource, etc. Considering the dynamic nature of cloud datacenter networks, determining the embedding of VSNFs and routing security service paths that optimizes the security resource utilization is a challenging problem, particularly without violating the end-to-end delay constraints and security service requirements. This can also be called security service chain dynamic embedding problem (SSC-DMP). In this paper, we present an NFV-enabled framework for a system that achieves the SSC dynamic embedding in the cloud datacenter networks. We first formulate an integer linear programming (ILP) model to solve the SSC-DMP exactly in small-scale network topology. Then, in order to reduce the time complexity when applying the large-scale network topology, we propose an efficient SSC dynamic embedding solution that is based on the particle swarm optimization. Extensive simulation results show that the proposed algorithm could significantly outperform the current benchmarks at least 35.2% and 23.1% in terms of resource consumption and end-to-end delay, respectively.
Highlights
Network security implemented by the security service chain (SSC) phenomenon arises from the fact that the traffic flows are required to steer through a set of security middleboxes in the predefined specified sequence
We study three main sub-problems: How to efficiently utilize the substrate security resources of cloud datacenter by considering the resource constraints, security constraints, end-to-end delay constraints? How to adaptively determine the appropriate virtualized security network functions (VSNFs) based on the specific security levels and the security service requirements? How to design an online dynamic novel algorithm that can adapt to the achieve SSC dynamic embedding oriented to cloud datacenter networks?
Unlike the current literatures based on the heuristics, our proposal can integrate new objectives or constraints without reconsidering the solution, which is more appropriate for the dynamic network scenarios; Secondly, we take into account the network security in the cloud datacenter network scenarios, where the network security problem is gradually becoming more and more obvious due to the explosive growth of mobile users; we consider the specific security level-based mechanism, which significantly avoids resulting in more security resource fragments and the wastage of the substrate security resources
Summary
Network security implemented by the security service chain (SSC) phenomenon arises from the fact that the traffic flows are required to steer through a set of security middleboxes in the predefined specified sequence. The SSC technology has been widely regarded as the promising and important application area for future cloud datacenter networks, where can dynamically and flexibly accomplish the chaining of the VSNFs, e.g., network address translation, antispam and packet filter firewall, etc., and inspect, monitor, or filter traffic flows This brings several advantages to the field of cloud datacenter networks that can be summarized [11]–[14]: (i) highly customizable security services according to the dynamic and different delay requirements of mobile users; (ii) rapid actions to reconstruct the security system when facing new security threats or network attacks; (iii) low Capital Expenditure (CAPEX) and Operating Expenditure (OPEX) for network operators (NOs). 1) We firstly propose an SSC dynamic embedding framework for the cloud datacenter networks, and present the network model for NFV-enabled security service chaining.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
