NFV chaining, placement and orchestration MATHIEU BOUET (THALES COMMUNICATIONS & SECURITY) www.thalesgroup.com
Agenda NFV introduction vdpi placement problem Centrality-based heuristic Performance evaluation Conclusion and perspectives 2
Network Functions Virtualization (NFV) Convergence between IT and Network Service-oriented multitenant systems pay as you go, on demand 3 Software-defined systems programmability, virtualization, automation ETSI s vision for NFV
ETSI NFV Reference Architectural Framework (Virtual) Network Service OSS/ BSS VNF VNF NFVO NFV Orchestrator: on-boarding of new Network Service (NS), VNF-FG and VNF Packages NS lifecycle management (including instantiation, scale-out/in, performance measurements, event correlation, termination) global resource management, validation and authorization of NFVI resource requests policy management for NS instances 4 VNF VNFC NFV PoP VNFC NFV WAN VNF VNFC NFV PoP VNFC VNF = Virtual Network Function VNFC = VNF Container PoP = Point of Presence VNFM VIM VNF Manager: lifecycle management of VNF instances overall coordination and adaptation role for configuration and event reporting between NFVI and the E/NMS Virtualized Infrastructure Manager (VIM): control and manage the NFVI compute, storage and network resources collection and forwarding of performance measurements and events
NFV Key Capability 1 Service Chaining Dynamic creation and composition of chains of services End Functional Block Network Service VNF VNF VNF VNF End Functional Block Hosting of VNFs Access Network Point of Presence (processing and storage) Core Network Point of Presence (processing and storage) Infrastructure Network 5 VNF = Virtual Network Function
NFV Key Capability 2 Load Sharing and Fault Tolerance Parallel VNFC instances supporting load sharing and fault tolerance VNFC VNFC VNFC VNFC VNFC VNFC VNFC VNFC VNFC VNFC VNFC VNFC VNFC layer protocols supporting load sharing and fault tolerance 6 Fast, flexible and diverse hosting of VNFC instances Fast, flexible and diverse hosting of VNFC instances VNFC = VNF Container
NFV Key Capability 3 New Commercial Boundaries COMMERCIAL BOUNDARY VNF VNFC VNFC VNFC VNF VNFC VNFC VNFC VNF VNFC VNFC VNFC VNF orchestration VNF orchestration VNF orchestration VNF management VNF management VNF management hosting hosting hosting NFVI management Distributed hosting, storing and connecting infrastructure 7
NFV ecosystem Standardization bodies ETSI NFV ISG - Launched in 2012, 235 companies, including 34 service providers IRTF - NFVRG (launched in October 2014) IETF Open source initiatives and communities open vswitch, OpenDaylight (Linux Foundation), OpenStack, OpenMANO, Open Platform for NFV (OPNFV), Docker, KVM, LXC (Linux Foundation) 8 - Service Function Chaining (SFC), launched in April 2014 But also TMF, MEF etc. Industrial products Virtualized DPI engine (e.g. Qosmos, Procera ) Software-based network accelerator (e.g. 6WIND, Intel ) SDN-NFV solutions by ALU, Cisco, HP, Juniper, RAD etc.
Agenda NFV introduction vdpi placement problem Centrality-based heuristic Performance evaluation Conclusion and perspectives 9
virtualized Deep Packet Inspection (vdpi) Case study: vdpi: virtualized Deep Packet Inspection Used to monitor all traffic flows in a network using a vdpi function: For cyber-security, accounting, service chaining Leverage available L7 probes (Procera Networks, up to 8Gb/s per CPU core) 10 Joint work with Jeremie Leguay (Huawei) and Vania Conan (Thales)
Placing vdpi in a WAN Logical link NFVI-POP Physical link 11
Resource view Joint placement and routing optimization Cost model NFV infrastructure has costs in network and compute resources vdpi function has a pay-per-use license costs for each CPU and NFVI-POP used Overall problem For a given flow demand, find the minimal cost placement and routing NFV 1 NFV 1 DPI NFV 1 NFV 1 Crypto NFV-Infrastructure Initial situation: NFV License cost: $4000 Bandwidth cost: $150 Optimized situation: NFV License cost: $2000 Bandwidth cost: $200 Flow 1 1Gb/s NFVI-POP A NFVI-POP B NFVI-POP C Flow 1 1Gb/s NFVI-POP A NFVI-POP B NFVI-POP C 12 Flow 2 1Gb/s NFVI-POP D NFVI-POP E Flow 2 1Gb/s NFVI-POP D NFVI-POP E
Problem definition A multi-commodity flow problem Map a given demand (traffic matrix) On a given physical network With an extension to include vdpi probes Split each demand in two inter-related ones Such that every initial flow passes through a vdpi probe Complexity NP-hard as we do not split flows over multiple paths (integer) 13
Problem formulation Parameters Set of flows F - fsize, fs, fd for each Costs - Wdpi (site), wcpu, wbw Capacities - Cdpi (probes) - Ci,j (links) Variables Ressources - dpi (site), cpu Routing 14 - x, y (edges assignment)
Agenda NFV introduction vdpi placement problem Centrality-based heuristic Performance evaluation Conclusion and perspectives 15
Centrality-based heuristic Heuristic based on centrality Cost function Centrality derived from the betweenness centrality 16
Centrality-based heuristic Heuristic based on centrality Cost function Centrality derived from the betweenness centrality 17
Centrality-based heuristic Heuristic based on centrality Cost function Centrality derived from the betweenness centrality 18
Agenda NFV introduction vdpi placement problem Centrality-based heuristic Performance evaluation Conclusion and perspectives 19
Experimental validation on real-world GEANT dataset Data sets Pan-European research and education backbone GEANT Captured in 2006 by Uhlig et al. with 22 nodes, 36 high capacity 40G links, and traffic matrices with 462 demands Parameters DPI cost per CPU ($2500), Network cost ($10 per Mb/s on links) Implementation 20 MILP with GLPK (open source C solver) Heuristic implementation in Java with JUNG
Performance evaluation on GEANT Computation duration Observations Number of vdpi Costs decomposition Very good match in terms of cost but variations on the decisions Heuristics 16-32 times faster vdpi can be deployed on a limited number of sites 21
Going large scale! Generating random graphs Different network structures - Barabasi-Albert - Erdős Rényi Flat traffic matrix where everybody communicate with each other Example of number of links for Barabasi-Albert graphs Density: 0.05 22
Performance evaluation on large graphs Barabasi-Albert graphs vdpi (site opening cost) = $2500 Computation duration Number of vdpi Costs decomposition 23
Performance evaluation on large graphs Erdős Rényi graphs vdpi (site opening cost) = $2500 Computation duration Number of vdpi Costs decomposition 24
Conclusion and perspective A Centrality-based greedy algorithm for vdpi placement Finds out a vdpi engine deployment that satisfies the trade-off between the minimum number of probes and the minimum network load Very good match in terms of cost but variations on the decisions Very fast computation w.r.t. to the ILP Other ongoing work VNFs chaining and placement -> CloudNet 2015 Service composition and brokerage -> CloudNet 2015 25 NFV marketplace modeling -> Official in the coming days! And more to come!
ANR REFLEXION Project REsilient and FLEXible Infrastructure for Open Networking Consortium: Starting date: 1st February 2015 Duration: 2 years + 6 months Coordinator: Mathieu Bouet, Thales Communications & Security SAS 1. Thales Communications & Security SAS (TCS) 2. Orange SA 3. Institut National de Recherche en Informatique et en Automatique (INRIA) 4. Laboratoire d'informatique de Paris 6 (LIP6) 5. Ecole Normale Supérieure De Lyon (ENSL) 6. 6WIND 7. Institut Mines Telecom - LTCI Télécom ParisTech (TPT) ANR-14-CE28-0019 26
Website http://anr-reflexion.telecom-paristech.fr/ 27
Thank you! Questions? mathieu.bouet@thalesgroup.com www.thalesgroup.com