Secure Virtual Network Provisioning over Key Programmable Optical Networks.

Virtualization of optical networking infrastructure is considered a fundamental technology in the future Internet. A key principle is that virtual networks are isolated to coexist on a shared physical substrate without interference. Although a very attractive proposition for virtual network operators and users, in this paper we demonstrate that realizing complete isolation by partitioning resources is wasteful. Therefore, we propose to group virtual network requests in clusters: within a cluster, bandwidth can be shared, whereas different cluster are properly isolated. Results indicate that intelligent isolation and design of virtual networks can lead to substantial savings of optical network resources compared to a fully isolated approach. Finally, we demonstrate the trade-off between network resource utilization and control plane scalability.

New and emerging Internet applications are increasingly becoming high-performance and network-based, relying on optical network and cloud computing services. Due to the accelerated evolution of these applications, the flexibility and efficiency of the underlying optical network infrastructure as well as the cloud computing infrastructure [i.e., data centers (DCs)] become more and more crucial. In order to achieve the required flexibility and efficiency, coordinated provisioning of DCs and optical network interconnecting DCs is essential. In this paper, we address the role of high-performance dynamic optical networks in cloud computing environments. A DC as a service architecture for future cloud computing is proposed. Central to the proposed architecture is the coordinated virtualization of optical network and IT resources of distributed DCs, enabling the composition of virtual infrastructures (VIs). During the composition process of the multiple coexisting but isolated VIs, the unique characteristics of optical networks (e.g., optical layer constraints and impairments) are addressed and taken into account. The proposed VI composition algorithms are evaluated over various network topologies and scenarios. The results provide a set of guidelines for the optical network and DC infrastructure providers to be able to effectively and optimally provision VI services to users and satisfy their requirements.

Extending the researches on wavelength switched optical networks (WSON), efficient integration of the novel optical packet switching network and wavelength switching-based optical circuit switching network technologies which offers both best-effort packet delivery and QoS guaranteed lightpath services has been being studied. In addition, researches on the optical-layer transparent data processing, such as all-optical wavelength multicasting, all-optical 3R regeneration, etc, are conducted simultaneously. It is believed that future innovative optical network services (INSes) would be built on these novel future-proof technologies, and foster colorful applications in the new generation networks. Before the wide applications of INS in different fields, there would be a foreseeable strong requirement for INS firstly posed by pioneer grid applications, e.g., e-science, e-government, and e-banking, etc, which would require the high-performance underlying networks. Our research here is motivated to glue the optical networks and grid applications by integrating lightpath, geographically distributed INS systems and grid resources (e.g., computers, storages, instruments, etc.), and finally offering an easy-to-use high performance networked grid computing environment-optical grid network (OGN) to user applications. In this paper, we introduce our research activities of a distributed optical grid network infrastructure (OGNI), and the creation of the future easy-to-use INS based on OGNI. The proposals have been validated through fieldtrial experiments over a developed WSON testbed.

The future Internet is a term commonly related to research topics on new architecture for Internet. In fact, the Internet of tomorrow will rely on virtualization and cloud networking, which open the door for new security threats and attacks and address many problems related to identification, authentication, secure data transfer, and privacy in virtual networks and clouds. The purpose of our work is to define an architecture for strong authentication and identity management in virtual networks using EAP-TLS smart cards technology. The architecture is based on a Grid of EAP-TLS smart cards, as an authentication server, able to manage users' access to their virtual networks by authenticating either the user and the virtual network.

The future Internet is a term commonly related to research topics on new architecture for Internet. In fact, the Internet of tomorrow will rely on virtualization and cloud networking, which open the door for new security threats and attacks and address many problems related to identification, authentication, secure data transfer, and privacy in virtual networks and clouds. The purpose of our work is to define an architecture for strong authentication and identity management in virtual networks using EAP-TLS smart cards technology. The architecture is based on a Grid of EAP-TLS smart cards, as an authentication server, able to manage users' access to their virtual networks by authenticating either the user or the virtual network.

With the rapid development of data center, cloud computing and Internet of things technology, the ossification of traditional optical network architecture is increasingly prominent. Virtual optical network services have the characteristics of business diversification and differentiation, which leads to the increasingly complex virtual mapping between virtual network and elastic optical network. At the same time, the virtual network and the physical network are not completely decoupled. The difference of physical network results in the limited flexibility of virtual network mapping and restricts the rapid deployment of virtual network services. In order to solve this problem, this paper proposes an optical network virtual method based on network container. Firstly, a three-tier architecture model of "virtual network layer, network container layer and physical network layer" is designed, and the network container and its generation rules are defined. Secondly, a virtual network service mapping method based on network container is proposed. Finally, the physical network resources of elastic optical network are virtualized into multiple differentiated network containers to realize the rapid mapping and flexible configuration of virtual network services and network containers.

Virtual optical network embedding of time-varying traffic in elastic optical networks

In view of the increasing frequency and damage severity of disasters, network operators have become more concerned with providing disaster-resiliency measures for their optical network infrastructure, whereas mitigating network service interruption due to the disaster region failures in the optical physical medium merely by increasing network redundancy is deemed spatially inefficient and very costly, with recent advancements, wireless technology is a potential candidate solution for efficient medium diversification. This paper addresses the challenge of efficiently designing disaster-resilient wireless-link-augmented optical network infrastructure. We formulate this problem as an optimization model of finding the subset of links in an optical network topology whose wireless augmentation maximizes postdisaster recovery of overall network availability for a given budget constraint. To overcome the computational complexity of finding the optimal design solution, a novel greedy heuristic algorithm is proposed. Performance comparisons with an exhaustive enumeration search and simple heuristics demonstrate the efficiency and scalability of our heuristic algorithm.

Network virtualization has become increasingly prominent in recent years. It enables the creation of network infrastructures that are specifically tailored to the needs of distinct network applications and supports the instantiation of favorable environments for the development and evaluation of new architectures and protocols. Despite the wide applicability of network virtualization, the shared use of routing devices and communication channels leads to a series of security-related concerns. It is necessary to provide protection to virtual network infrastructures in order to enable their use in real, large scale environments. In this paper, we present an overview of the state of the art concerning virtual network security. We discuss the main challenges related to this kind of environment, some of the major threats, as well as solutions proposed in the literature that aim to deal with different security aspects.

Nowadays, a high level of digitalization, transformation of the industry, machine-to-machine communication, and many other innovative commercial, industrial and private applications set very high requirements on the underlying optical network infrastructure. Mainly for this reason, optical networks are currently undergoing a radical change from traditional static architectures to more dynamic, flexible, and adaptable concepts. In order to optimally support the emerging applications, future optical networks should be able to provide rapid and on-demand provisioning of high data rates in a flexible and efficient manner. In this talk, we will discuss current trends and challenges in the areas of softwarization and virtualization of optical network infrastructure and review various emerging technologies and architectures for future high capacity, efficient, and flexible optical transport networks.

Amidst the surge in virtual network services, resource fragmentation issues have significantly escalated in elastic optical networks (EON). In response, this paper introduces an all-encompassing fragmentation probability model, incorporating both temporal and spectral dimensions. Furthermore, we present a virtual optical network mapping strategy within the EON framework, specifically tailored for edge computing applications. This strategy ensures minimal fragmentation across the entire EON, enabling effective and continuous virtual network deployment. Experimental results reveal that our proposed technique significantly reduces the incidence of blocking, markedly improving the support for virtual optical network services.

Optical network infrastructures can be partitioned into multiple parallel, dedicated virtual networks for a physical infrastructure sharing purpose. However, different transport technologies may impact in both the amount and the characteristics of the different virtual instances that can be built on top of a single physical infrastructure. To analyse the impact of the transport technology in this regard, we present exact Integer Linear Programming (ILP) formulations that address the off-line problem of optimally allocate a set of virtual networks in two kind of substrates: wavelength switching and spectrum switching. Both formulations serve the purpose to provide opaque transport services from the virtual network point of view, where electronic terminations are assumed in the virtual network nodes. We carry out a series of experiments to validate the presented formulations and determine which is the impact of both substrates in the number of virtual networks that can be optimally allocated in the transport network.

Cloud computing is the next generation of networking computing, since it can deliver both software and hardware as on-demand resources and services over the Internet. Undoubtedly, one of the significant concerns in cloud computing is security. Virtualization is a key feature of cloud computing. In this paper, we focus on the security of virtual network in virtualized environment. First, we outline the security issues in virtual machines, and then security problems that exist in a virtual network are discussed and analyzed based on Xen platform. Finally this paper presents a novel virtual network framework aimed to control the inter-communication among virtual machines deployed in physical machines with higher security.

Network virtualization is a concept in which a Virtual Network Provider constructs logical virtual networks for various clients on a common, virtualized infrastructure substrate. However, there is currently no general framework or benchmark for assessing the security properties of these logical networks within the context of network virtualization. In this paper, we describe a virtual network security assessment process in which a preference model is constructed over a select set of network element attributes. This preference model reflects the knowledge and experience of one or more security experts. The relevant attribute values are exposed during virtual network composition. Our process answers the question: “how does the security of my virtual network compare to an equivalent topology whose attribute values are most preferred by security experts?”

Optical networks are crucial to support increasingly demanding cloud services. Delivering the requested quality of service is key to successfully provisioning end-to-end services in clouds. Therefore, as for traditional optical network services, it is of utter importance to guarantee that clouds are resilient to any failure of either network infrastructure or data centers. A crucial concept in establishing cloud services is that of network virtualization: the physical infrastructure is logically partitioned in separate virtual networks. Also, combined control of the network and data center (IT) resources is exploited. To guarantee end-to-end resilience for cloud services in such a set-up, we need to simultaneously route the services and map the virtual network, while ensuring that an alternate routing is always available. Note that the anycast routing concept applies: assigning server resources requested by the customer to a particular (physical) data center can be done transparently. This paper investigates the design of scalable optimization models to perform the virtual network mapping resiliently (for single bidirectional link failures), thus supporting resilient anycast cloud virtual networks. We compare two resilience approaches: PIP-resilience maps each virtual link to two alternate physical routes, VNO-resilience provides alternate paths in the virtual topology (while enforcing physical link disjointness).