Abstract
Software-defined networking (SDN) and network function virtualization (NFV) make a network programmable, resulting in a more flexible and agile network. An important and promising application for these two technologies is network security, where they can dynamically chain virtual security functions (VSFs), such as firewalls, intrusion detection systems, and intrusion prevention systems, and thus inspect, monitor, or filter traffic flows in cloud data center networks. In view of the strict delay constraints of security services and the high failure probability of VSFs, we propose the use of a security service chain (SSC) orchestration algorithm that is latency aware with reliability assurance (LARA). This algorithm includes an SSC orchestration module and VSF backup module. We first use a reinforcement learning (RL) based Q-learning algorithm to achieve efficient SSC orchestration and try to reduce the end-to-end delay of services. Then, we measure the importance of the physical nodes carrying the VSF instance and backup VSF according to the node importance of VSF. Extensive simulation results indicate that the LARA algorithm is more effective in reducing delay and ensuring reliability compared with other algorithms.
Highlights
For traditional networks, security services are generally implemented by deploying dedicated hardware devices in series or bypassing at the key positions of the network
Network end-to-end security services usually require different types of security service functions and are types of security service chain (SSC) technology based on Software-defined networking (SDN)/network function virtualization (NFV)
This section uses Python to build the environment for simulation, which includes four modules: a substrate network building module, an SSC request generation module, an SSC mapping module based on the Q-learning algorithm, and a virtual security functions (VSFs) backup module
Summary
Security services are generally implemented by deploying dedicated hardware devices in series or bypassing at the key positions of the network. (1) We take the strict delay constraints of security services and the high failure probability of VSFs into account, and propose the LARA algorithm for an SSC orchestration problem with low latency and high reliability demands. (2) We apply AI algorithms to the SSC placement problem and use an RL-based Q-learning algorithm This speeds up the security service response by reducing the end-to-end delay of the SSC. Chua et al [16] proposed the use of a round-robin scheduling heuristic algorithm for calculating a feasible solution for the resource allocation calculation of the SFC This solution distributes network traffic between switches on the top of the rack to reduce the use of nodes and minimize the end-to-end delay as much as possible. It is necessary to use artificial intelligence methods to improve the mapping effect of service chains
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
