A promising area of application for Network Function Virtualization is in network security, where chains of Virtual Security Network Functions (VSNFs), i.e., security-specific virtual functions such as firewalls or Intrusion Prevention Systems, can be dynamically created and configured to inspect, filter or monitor the network traffic. However, the traffic handled by VSNFs could be sensitive to specific network requirements, such as minimum bandwidth or maximum end-to-end latency. Therefore, the decision on which VSNFs should apply for a given application, where to place them and how to connect them, should take such requirements into consideration. Otherwise, security services could affect the quality of service experienced by customers. In this paper we propose PESS (Progressive Embedding of Security Services), a solution to efficiently deploy chains of virtualised security functions based on the security requirements of individual applications and operators' policies, while optimizing resource utilization. We provide the PESS mathematical model and heuristic solution. Simulation results show that, compared to state-of-the-art application-agnostic VSNF provisioning models, PESS reduces computational resource utilization by up to 50%, in different network scenarios. This result ultimately leads to a higher number of provisioned security services and to up to a 40% reduction in end-to-end latency of application traffic.
翻译:网络功能虚拟化应用领域充满希望的网络功能虚拟化应用领域是网络安全,虚拟安全网络功能(VSNF)链链(虚拟安全网络功能),即防火墙或入侵预防系统等特定安全虚拟功能,可以动态地创建和配置,以检查、过滤或监测网络流量;然而,VSNF处理的流量可以敏感地适应具体的网络要求,例如最小带宽或最高端至端的端至端的悬浮度。因此,VSNF应申请某个特定应用程序、放置这些功能和如何连接这些功能的决定应考虑到这些要求。否则,安保服务会影响客户所经历的服务质量。在本文件中,我们提议PESS(安保服务的累进式嵌入),根据个人应用程序和操作者政策的安全要求,高效部署虚拟化安全功能链,同时优化资源利用。我们提供了PESSS数学模型和超度解决方案。模拟结果显示,与最先进的应用应用VSNF提供模式和如何连接这些功能,否则,安保服务可能会影响客户的服务质量。我们提议,PESSSSSVS将这一计算资源利用率最终降低到50%至50%,最终降低网络。
相关内容
微信扫码咨询专知VIP会员