A Semantic-Based Policy Analysis Solution for the Deployment of NFV Services

Abstract

Policies in network function virtualization (NFV) systems may conflict when they have different restrictions on the shared resources. In this context, it is of paramount importance to identify such conflicts before sending network service (NS) request (NS-Req) to the embedding algorithm to avoid unexpected behavior in its execution. Since both NS-Req and NFV infrastructure (NFVI) may contain many policies, the process of conflict detection and diagnosis is an intricate work both for humans and computer systems. Besides, as conflicts may occur among a set of constraints, pairwise detection will not suffice. Therefore, this paper proposes NSChecker, a semantic verification system to detect and diagnose policy conflicts in NFV environments. To achieve its functionality, NSChecker uses an ontology, called Onto-NFV, to describe the NFVI, NS, and associated policies. With Onto-NFV, conflicts detection is carried out through description logic (DL) inconsistency verification. We develop a prototype of NSChecker in Java and validate its capabilities on a small scenario with three use cases, showing that it supports conflict detection concerning the following policies: network function precedence, resource usage, and location. Finally, we evaluate NSChecker performance using some real topologies. The results shows that our solution is efficient even in scenarios with 50 000 nodes.