ArticlePDF Available

Software Defined Networking (SDN) and Network Function Virtualization (NFV)

MDPI
Future Internet
Authors:
Papavassiliou
Papavassiliou
Papavassiliou
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Download full-text PDF
Read full-text
Download citation

Abstract

The role of Software Defined Networking (SDN) and Network Function Virtualization (NFV) have been instrumental in realizing the transition and vision “from black boxes to a white box towards facilitating 5G network architectures”. Though significant research results and several deployments have occurred and realized over the last few years focusing on the NFV and SDN technologies, several issues—both of theoretical and practical importance—remain still open. Accordingly, the papers of this special issue are significant contributions samples within the general ecosystem highlighted above, ranging from SDN and NFV architectures and implementations, to SDN-NFV integration and orchestration approaches, while considering issues associated with optimization, network management and security aspects. In particular, a total of nine excellent articles (one review and eight original research articles) have been accepted, following a rigorous review process, and addressing many of the aforementioned challenges and beyond.
Available via license: CC BY
Content may be subject to copyright.
Future Internet 2020, 12, 7; doi:10.3390/fi12010007 www.mdpi.com/journal/futureinternet
Editorial
Software Defined Networking (SDN) and Network
Function Virtualization (NFV)
Symeon Papavassiliou
School of Electrical and Computer Engineering, National Technical University of Athens,
Iroon Polytechniou 9, 15780 Athens, Greece; papavass@mail.ntua.gr
Received: 25 December 2019; Accepted: 31 December 2019; Published: 2 January 2020
Abstract: The role of Software Defined Networking (SDN) and Network Function Virtualization
(NFV) have been instrumental in realizing the transition and vision “from black boxes to a white
box towards facilitating 5G network architectures”. Though significant research results and several
deployments have occurred and realized over the last few years focusing on the NFV and SDN
technologies, several issues—both of theoretical and practical importance—remain still open.
Accordingly, the papers of this special issue are significant contributions samples within the general
ecosystem highlighted above, ranging from SDN and NFV architectures and implementations, to
SDN-NFV integration and orchestration approaches, while considering issues associated with
optimization, network management and security aspects. In particular, a total of nine excellent
articles (one review and eight original research articles) have been accepted, following a rigorous
review process, and addressing many of the aforementioned challenges and beyond.
Keywords: SDN architectures and design; NFV architectures and design; SDN-NFV integration;
SDN-NFV orchestration; autonomic network management; security in SDN
1. Introduction
Next generation communication networks are expected to be implemented on virtualized
infrastructures where network functions are deployed on virtual machines instead of current
proprietary equipment. Moving away from an architecture that is based on a multitude of black boxes
that are equipped with specialized network hardware and pre-loaded with specialized software to a
new architecture consisting of a “white box” running a multitude of specialized network software
appears to be the dominant choice and the direction in current and future communication and
computing infrastructures. This is also required to support the 5G vision, calling for a new network
architecture that directs flexible, dynamically configurable network elements to provide on-demand
customized services to traffic demands that may be dynamic in time and space, all while supporting
heterogeneity and diversity.
Towards realizing such a technological paradigm shift software defined networking (SDN) and
network function virtualization (NFV) have been proven as two promising technologies for
managing future networks. With their enormous benefits, including reducing operational costs,
better resource utilization, and easier management requirements, the adoption of such technologies
is gaining significant momentum. Increasing network resource utilization and decreasing operational
costs have traditionally been among the key objectives in the era of network management and control.
NFV allows for even further flexibility by migrating network functions from dedicated hardware to
virtual machines that are running on commodity hardware. SDN has emerged as a key driver for
innovation and change in networking as several market and technology factors converge. Such
factors include the growth of cloud applications and services across enterprise and cloud providers,
a focus on converged infrastructures (compute/storage/network), and software-defined datacenters.
Future Internet 2020, 12, 7 2 of 3
2. Contributions
The papers included in this Special Issue of the Future Internet journal highlight some of the
emerging issues that are associated with the NFV and SDN technologies—both of theoretical and
practical importance—along with their applicability in the merging of the next generation
networking era in an innovative and insightful way.
The first paper [1] provides a systematic literature review of the use of SDN technologies, along
with the associated services and tools, in the broader area of tactile networks, coalition networks, ad-
hoc networks, military networks, and/or mission-critical infrastructures.
The second paper [2] explores the issue of creating isolated and dynamically secured overlay
networks and overcoming the limitations of current NFV implementations that are designed for
deployment within trusted domains, where overlay networks with static trusted links are utilized to
enable network security. This is achieved by introducing a novel tiered architecture for the automated
establishment of encrypted tunnels in NFV in a multi-domain environment.
The third paper [3] introduces a resource consolidation scheme that implements network
resource management concepts through software-defined networking (SDN) control features,
allowing for the realization of application aware concepts. The goal of the paper is to establish a
necessary baseline for a tool-based decision support method aiming at facilitating the selection of
cloud services in a multi-cloud environment.
The fourth paper [4] introduces a novel autonomic network management (ANM) and
optimization framework that demonstrates how SDN and software defined radios (SDRs) can be
effectively combined to achieve reconfiguration flexibility, improved performance, and the efficient
use of available resources in SDR-based cognitive radio networks (CRNs). The authors also provide
a realization and evaluation of the proposed framework in two different realistic testbeds, namely
Implementing Radio in Software (IRIS) and Open-Access Research Testbed for Next-Generation
Wireless Networks (ORBIT) of the Orchestration and Reconfiguration Control Architecture (ORCA)
federation.
The fifth paper [5] focuses on the effective and efficient virtualized network functions (VNF)
placement within edge and cloud infrastructures in order to provide enhanced networking services
to Internet of Things (IoT) applications. In particular, the authors propose a novel approach to
facilitate the placement and deployment of service-chained VNFs in a network cloud infrastructure
that can be extended by using the mobile edge computing (MEC) infrastructure for accommodating
mission-critical and delay-sensitive traffic.
The sixth paper [6] deals with the design and evaluation of a scalable NFV orchestration
architecture that supports elastic cloud and bandwidth resource allocation. A further contribution of
the paper is the use of segment routing (SR) to implement the data plane of the proposed architecture,
achieving an overall solution of reduced complexity with respect to the corresponding of traditional
orchestrations.
The seventh paper [7] builds on the emerging trend of using SDN technology to make the 5G
network functional and programmable in order to deal with the heterogeneity in traditional 5G
networks. The authors propose a robust security architecture for SDN-based 5G networks in order to
treat inherent security issues due to the intelligence centralization that is used in SDN. The proposed
security architecture is based on the synchronized secret approach and, in principle, leverages a
common secret shared by the back-end system and the network users to avoid illegal service requests
from malicious network attackers.
The eighth paper [8] capitalizes on the extensive flexibility and programmability that are offered
by SDN technology, and it proposes the realization of an SDN-powered mobile edge computing
(MEC) architecture to deal with the joint problem of intelligent MEC server selection and end-users’
data offloading in multiple MEC servers and multiple end-user environments. The intelligence and
novelty of the proposed framework lie in the use of reinforcement learning and game theoretic
techniques, both of which allow for a distributed and efficient realization.
The last paper [9] deals with the inherent complexities and challenges that are associated with
service and platform deployment in cloud-based environments, as required for the successful
Future Internet 2020, 12, 7 3 of 3
adoption of 5G technologies. The authors offer a solution to this problem by introducing a novel
workflow for the composition, deployment, and management of platforms and services in multi-
cloud environments, agnostic to the underlying technologies, protocols, and application program
interfaces (APIs). The adopted model in this work is built around the principles of micro-services,
modularity, and build-to-order.
Acknowledgments: The guest editor wish to thank all the contributing authors, the professional reviewers for
their precious help with the review assignments, and the excellent editorial support from the Future Internet
journal at every stage of the publication process of this special issue.
Conflicts of Interest: The author declares no conflict of interest.
References
1. Gkioulos, V.; Gunleifsen, H.; Weldehawaryat, G.K. A Systematic Literature Review on Military Software
Defined Networks. Future Internet 2018, 10, 88.
2. Gunleifsen, H.; Gkioulos, V.; Kemmerich, T. A Tiered Control Plane Model for Service Function Chaining
Isolation. Future Internet 2018, 10, 46.
3. Abbasi, A.A.; Jin, H. v-Mapper: An Application-Aware Resource Consolidation Scheme for Cloud Data
Centers. Future Internet 2018, 10, 90.
4. Stamou, A.; Kakkavas, G.; Tsitseklis, K.; Karyotis, V.; Papavassiliou, S. Autonomic Network Management
and Cross-Layer Optimization in Software Defined Radio Environments. Future Internet 2019, 11, 37.
5. Leivadeas, A.; Kesidis, G.; Ibnkahla, M.; Lambadaris, I. VNF Placement Optimization at the Edge and
Cloud. Future Internet 2019, 11, 69.
6. Eramo, V.; Lavacca, F.G.; Catena, T.; Polverini, M.; Cianfrani, A. Effectiveness of Segment Routing
Technology in Reducing the Bandwidth and Cloud Resources Provisioning Times in Network Function
Virtualization Architectures. Future Internet 2019, 11, 71.
7. Yao, J.; Han, Z.; Sohail, M.; Wang, L. A Robust Security Architecture for SDN-Based 5G Networks. Future
Internet 2019, 11, 85.
8. Mitsis, G.; Apostolopoulos, P.A.; Tsiropoulou, E.E.; Papavassiliou, S. Intelligent Dynamic Data Offloading
in a Competitive Mobile Edge Computing Market. Future Internet 2019, 11, 118.
9. Mimidis-Kentis, A.; Soler, J.; Veitch, P.; Broadbent, A.; Mobilio, M.; Riganelli, O.; Van Rossem, S.; Tavernier,
W.; Sayadi, B. The Next Generation Platform as A Service: Composition and Deployment of Platforms and
Services. Future Internet 2019, 11, 119.
© 2020 by the author. Licensee MDPI, Basel, Switzerland. This article is an open
access article distributed under the terms and conditions of the Creative
Commons Attribution (CC BY) license
(http://creativecommons.org/licenses/by/4.0/).
... Network Function Virtualization (NFV) acts as a key enabler, deploying virtualized network functions (VNF) to meet Quality of Service (QoS) and lowlatency requirements. Ensuring latency lower than a threshold τ (for satisfying the required QoS demands) is critical for real-time applications like industrial control systems [70][71][72]. ...
... [ [70][71][72] Analyze NFV's role in enabling QoS and reducing communication latency in IIoT applications. ...
A Survey on the Applications of Cloud Computing in the Industrial Internet of Things
Article
Full-text available
  • Feb 2025
The convergence of cloud computing and the Industrial Internet of Things (IIoT) has significantly transformed industrial operations, enabling intelligent, scalable, and efficient systems. This survey provides a comprehensive analysis of the role cloud computing plays in IIoT ecosystems, focusing on its architectural frameworks, service models, and application domains. By leveraging centralized, edge, and hybrid cloud architectures, IIoT systems achieve enhanced real-time processing capabilities, streamlined data management, and optimized resource allocation. Moreover, this study delves into integrating artificial intelligence (AI) and machine learning (ML) in cloud platforms to facilitate predictive analytics, anomaly detection, and operational intelligence in IIoT environments. Security challenges, including secure device-to-cloud communication and privacy concerns, are addressed with innovative solutions like blockchain and AI-powered intrusion detection systems. Future trends, such as adopting 5G, serverless computing, and AI-driven adaptive services, are also discussed, offering a forward-looking perspective on this rapidly evolving domain. Finally, this survey contributes to a well-rounded understanding of cloud computing’s multifaceted aspects and highlights its pivotal role in driving the next generation of industrial innovation and operational excellence.
View
... This made model development and deployment a lot quicker and gave telecom providers the edge to deploy their model in network environments and counter threats as they emerged (Cui and Zhang 2021). Furthermore, new sophisticated technologies, such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), have evolved to support the integration of AI techniques with enhanced and elastic anomaly detection mechanisms (Papavassiliou 2020). These are programmable and flexible technologies that can plug into AI-based anomaly detection which needs an integrated and real-time perception of the network hardware architecture (Schmitt 2023). ...
Artificial intelligence advances in anomaly detection for telecom networks
Article
Full-text available
  • Jan 2025
  • ARTIF INTELL REV
Telecommunication networks are becoming increasingly dynamic and complex due to the massive amounts of data they process. As a result, detecting abnormal events within these networks is essential for maintaining security and ensuring seamless operation. Traditional methods of anomaly detection, which rely on rule-based systems, are no longer effective in today’s fast-evolving telecom landscape. Thus, making AI useful in addressing these shortcomings. This review critically examines the role of Artificial Intelligence (AI), particularly deep learning, in modern anomaly detection systems for telecom networks. It explores the evolution from early strategies to current AI-driven approaches, discussing the challenges, the implementation of machine learning algorithms, and practical case studies. Additionally, emerging AI technologies such as Generative Adversarial Networks (GANs) and Reinforcement Learning (RL) are highlighted for their potential to enhance anomaly detection. This review provides AI’s transformative impact on telecom anomaly detection, addressing challenges while leveraging 5G/6G, edge computing, and the Internet of Things (IoT). It recommends hybrid models, advanced data preprocessing, and self-adaptive systems to enhance robustness and reliability, enabling telecom operators to proactively manage anomalies and optimize performance in a data driven environment.
View
... Virtualization (NFV) to centralize control and virtualize network functions [18], ensuring efficient resource allocation and rapid service provisioning [19]. The service layer hosts applications and services, leveraging edge computing and cloud platforms to deliver personalized, low-latency experiences. ...
Security Schemes for the Next-Generation Networks: A Survey
Article
  • Nov 2024
The rapid evolution of next-generation networks (NGNs), characterized by advancements such as 5G, 6G, edge computing, and the Internet of Things (IoT), has introduced unprecedented opportunities for connectivity and innovation. However, this progress has also expanded the attack surface, leading to new and complex security challenges. This paper provides a comprehensive review of state-of-the-art security schemes tailored for NGNs, emphasizing the interplay of confidentiality, integrity, availability, and privacy. Key areas explored include authentication mechanisms, end-to-end encryption, intrusion detection systems, and distributed ledger technologies. Furthermore, the role of artificial intelligence and machine learning in predicting and mitigating threats is analyzed. The paper also investigates emerging paradigms such as zero-trust architectures, quantum-resistant cryptographic algorithms, and secure network slicing. Through a critical assessment of existing frameworks and their limitations, this work proposes a unified approach that integrates adaptive security policies, decentralized trust models, and real-time threat intelligence. By addressing both technical and operational perspectives, this study aims to guide the development of resilient and secure NGNs, ensuring a sustainable digital future.
View
... eSIM, short for Embedded Subscriber Identity Module, is a technology that enables the use of a digital SIM card directly embedded within a device, such as a smartphone, tablet, or wearable, without needing a physical SIM card [23]. The 5G architecture is characterized by the following key components [24][25][26][27]: ...
Authentication and Key Agreement Protocol in Hybrid Edge–Fog–Cloud Computing Enhanced by 5G Networks
Article
Full-text available
  • Jun 2024
The Internet of Things (IoT) has revolutionized connected devices, with applications in healthcare, data analytics, and smart cities. For time-sensitive applications, 5G wireless networks provide ultra-reliable low-latency communication (URLLC) and fog computing offloads IoT processing. Integrating 5G and fog computing can address cloud computing’s deficiencies, but security challenges remain, especially in Authentication and Key Agreement aspects due to the distributed and dynamic nature of fog computing. This study presents an innovative mutual Authentication and Key Agreement protocol that is specifically tailored to meet the security needs of fog computing in the context of the edge–fog–cloud three-tier architecture, enhanced by the incorporation of the 5G network. This study improves security in the edge–fog–cloud context by introducing a stateless authentication mechanism and conducting a comparative analysis of the proposed protocol with well-known alternatives, such as TLS 1.3, 5G-AKA, and various handover protocols. The suggested approach has a total transmission cost of only 1280 bits in the authentication phase, which is approximately 30% lower than other protocols. In addition, the suggested handover protocol only involves two signaling expenses. The computational cost for handover authentication for the edge user is significantly low, measuring 0.243 ms, which is under 10% of the computing costs of other authentication protocols.
View
... Hence, flexible and adaptive infrastructure becomes essential in accommodating the diverse needs of IoT devices. Network Function Virtualization (NFV) and Software-Defined Networking (SDN) are instrumental in creating a dynamic and programmable infrastructure, allowing network administrators to allocate resources based on the specific needs of IoT applications [35] . ...
NEXT GENERATION NETWORKS: ADVANCEMENTS, CHALLENGES, AND OPPORTUNITIES FOR SCALABLE AND SECURE INFRASTRUCTURE
Chapter
Full-text available
  • Mar 2024
Computer network & communication book series provides a premier interdisciplinary platform for researchers, practitioners and educators to publish not only the most recent innovations, trends, and concerns but also practical challenges encountered and solutions adopted in the fields of networks and communication. This book will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of Computer network & communication. The book series looks for significant contributions to all major fields of the networking and communication technologies in theoretical and practical aspects. It provides a platform to the researchers and practitioners from both academia as well as industry to meet and share cutting-edge development in the field.
View
... These hardware are usually expensive and cannot easily be updated. Thus, a new technology, Network Function Virtualization (NFV), virtualizes these functions by moving them from relying hardware to being implemented in software installed in off-the-shelf server hardware [2]. NFV virtualizes data plane and creates building blocks that can be linked together to support variety of complex NFs, thereby improving the flexibility and usability significantly [3]. ...
Prioritization and offloading in P4 switch integrated with NFV
Article
Full-text available
  • Apr 2024
  • TELECOMMUN SYST
The architecture of integrating Software Defined Networking (SDN) with Network Function Virtualization (NFV) is excellent because the former virtualizes the control plane, and the latter virtualizes the data plane. As Programming Protocol-independent Packet Processors (P4) become popular, the architecture integrating SDN with NFV may shift from traditional switches to P4 switches. In this architecture, which integrates P4 switch and NFV (P4 + NFV), network functions can be provided in both P4 switches (PNF) and NFV (VNF). Thus, to minimize packet delay, an offloading problem between P4 switches and NFV in this P4 + NFV should be addressed. This paper tackles this offloading problem and figures out the prioritization mechanism between newly arriving packets and packets that require VNF for minimizing packet delay. We model and analyze the P4 + NFV architecture using an M/M/1 queuing model with non-preemptive priority. Also, we propose an optimization solution based on gradient descent to find the optimal offloading probability of going to VNF. Results show that optimal offloading from P4 switch to NFV can reduce the average packet delay from 13.74 to 40.73%, when packets requiring VNF are given higher priority than newly arriving packets.
View
... With the advent of quantum computing [209], there is a need for research to develop post-quantum cryptographic algorithms and protocols that can ensure the security of transport layer communications in a post-quantum computing era. ...
TCP/IP Stack Transport Layer Performance, Privacy, and Security issues
Article
Full-text available
  • Mar 2024
Transmission Control Protocol/ Internet Protocol (TCP/IP) is the backbone of Internet transmission. The Transport Layer of the TCP/IP stack, which includes TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) protocols, plays a crucial role in ensuring reliable communication between devices over a network. To come up with measures that make networks more secure, it is important to learn about the vulnerabilities that exist in the transport TCP/IP stack and then have an understanding of the typical attacks carried out in such layer. This paper explores how the TCP Protocol works, the TCP/IP 3 Way Handshake, TCP Header Structure, the typical vulnerabilities and the classical attacks of transport layer TCP/IP, tools, and solutions adopted to prevent and reduce the chances of some of these attacks. The findings indicated that the major TCP/ IP stack transport layer threats include Finger printing, SYN Flood, TCP reassembly and sequencing, IP Spoofing, TCP session hijacking, RST and FIN denial of service attack, Ping of Death, Low Rate/ Shrew Attacks. Their preventive measures and mechanisms are discussed.
View
View
View
Assuring Efficient Path Selection in an Intent-Based Networking System: A Graph Neural Networks and Deep Reinforcement Learning Approach
Article
Full-text available
  • Apr 2024
  • J NETW SYST MANAG
The recent advancements in network systems, including Software-Defined Networking (SDN), Network Functions Virtualization (NFV), and cloud networking, have significantly enhanced network management. These technologies increase efficiency, reduce manual efforts, and improve agility in deploying new services. They also enable scalable network resources, facilitate handling demand surges, and provide efficient access to innovative solutions. Despite these advancements, the performance of interconnected nodes is still influenced by the heterogeneity of network infrastructure and the capabilities of physical links. This work introduces a comprehensive solution addressing these challenges through Intent-Based Networking (IBN). Our approach utilizes IBN for defining high-level service requirements (QoS) tailored to individual node specifications. Further, we integrate a Graph Neural Network (GNN) to model the network’s overlay topology and understand the behavior of nodes and links. This integration enables the translation of defined intents into optimal paths between end-to-end nodes, ensuring efficient path selection. Additionally, our system incorporates Deep Deterministic Policy Gradients (DDPG) for dynamic weight calculation of QoS metrics to adjust the link cost assigned to network paths based on performance metrics, ensuring the network adapts to the specified QoS intents. The proposed solution has been implemented as an IBN system design comprising an intent definition manager, a GNN model for optimal path selection, an Off-Platform Application (OPA) for policy creation, an assurance module consisting of the DDPG mechanism, and a real-time monitoring system. This design ensures continuous efficient path selection assurance, dynamically adapting to changing conditions and maintaining optimal service levels per the defined intents.
View
Intelligent Dynamic Data Offloading in a Competitive Mobile Edge Computing Market
Article
Full-text available
  • May 2019
Software Defined Networks (SDN) and Mobile Edge Computing (MEC), capable of dynamically managing and satisfying the end-users computing demands, have emerged as key enabling technologies of 5G networks. In this paper, the joint problem of MEC server selection by the end-users and their optimal data offloading, as well as the optimal price setting by the MEC servers is studied in a multiple MEC servers and multiple end-users environment. The flexibility and programmability offered by the SDN technology enables the realistic implementation of the proposed framework. Initially, an SDN controller executes a reinforcement learning framework based on the theory of stochastic learning automata towards enabling the end-users to select a MEC server to offload their data. The discount offered by the MEC server, its congestion and its penetration in terms of serving end-users’ computing tasks, and its announced pricing for its computing services are considered in the overall MEC selection process. To determine the end-users’ data offloading portion to the selected MEC server, a non-cooperative game among the end-users of each server is formulated and the existence and uniqueness of the corresponding Nash Equilibrium is shown. An optimization problem of maximizing the MEC servers’ profit is formulated and solved to determine the MEC servers’ optimal pricing with respect to their offered computing services and the received offloaded data. To realize the proposed framework, an iterative and low-complexity algorithm is introduced and designed. The performance of the proposed approach was evaluated through modeling and simulation under several scenarios, with both homogeneous and heterogeneous end-users.
View
The Next Generation Platform as A Service: Composition and Deployment of Platforms and Services
Article
Full-text available
  • May 2019
The emergence of widespread cloudification and virtualisation promises increased flexibility, scalability, and programmability for the deployment of services by Vertical Service Providers (VSPs). This cloudification also improves service and network management, reducing the Capital and Operational Expenses (CAPEX, OPEX). A truly cloud-native approach is essential, since 5G will provide a diverse range of services - many requiring stringent performance guarantees while maximising flexibility and agility despite the technological diversity. This paper proposes a workflow based on the principles of build-to-order, Build-Ship-Run, and automation; following the Next Generation Platform as a Service (NGPaaS) vision. Through the concept of Reusable Functional Blocks (RFBs), an enhancement to Virtual Network Functions, this methodology allows a VSP to deploy and manage platforms and services, agnostic to the underlying technologies, protocols, and APIs. To validate the proposed workflow, a use case is also presented herein, which illustrates both the deployment of the underlying platform by the Telco operator and of the services that run on top of it. In this use case, the NGPaaS operator facilitates a VSP to provide Virtual Network Function as a Service (VNFaaS) capabilities for its end customers.
View
A Robust Security Architecture for SDN-Based 5G Networks
Article
Full-text available
  • Mar 2019
5G is the latest generation of cellular mobile communications. Due to its significant advantage in high data rate, reduced latency and massive device connectivity, the 5G network plays a vital role in today's commercial telecommunications networks. However, the 5G network also faces some challenges when used in practice. This is because it consists of various diverse ingredients, termed heterogeneity. The heterogeneity of the 5G network has two consequences: first, it prevents us to use this technology in a uniform way, preventing the wide use of 5G technology; second, it complicates the structure of the 5G network, making it hard to monitor what is going on in a 5G network. To break through this limitation, researchers have worked in this field and design their own protocol, in which software-defined networking (SDN) is one key design concept. By separating control and data plane, SDN can make the 5G network functional and programmable, such that we can handle the heterogeneity in traditional 5G networks. In light of this, we say that SDN-5G network is attractive, but its advantages are not free. The intelligence centralization used in SDN has its own drawbacks when it comes to security. To break through this limitation, we propose a robust security architecture for SDN-based 5G Networks. To find the illegal request from malicious attackers, we add extra cryptographic authentication, termed synchronize secret. The basic idea of our scheme is leveraging preload secrets to differ attacks from regular network communications. The simulation results indicate that our work can completely handle the security problem from SDN with a low disconnect rate of 0.01%, which is much better than that from state of the art.
View
Effectiveness of Segment Routing Technology in Reducing the Bandwidth and Cloud Resources Provisioning Times in Network Function Virtualization Architectures
Article
Full-text available
  • Mar 2019
Network Function Virtualization is a new technology allowing for a elastic cloud and bandwidth resource allocation. The technology requires an orchestrator whose role is the service and resource orchestration. It receives service requests, each one characterized by a Service Function Chain, which is a set of service functions to be executed according to a given order. It implements an algorithm for deciding where both to allocate the cloud and bandwidth resources and to route the SFCs. In a traditional orchestration algorithm, the orchestrator has a detailed knowledge of the cloud and network infrastructures and that can lead to high computational complexity of the SFC Routing and Cloud and Bandwidth resource Allocation (SRCBA) algorithm. In this paper, we propose and evaluate the effectiveness of a scalable orchestration architecture inherited by the one proposed within the European Telecommunications Standards Institute (ETSI) and based on the functional separation of an NFV orchestrator in Resource Orchestrator (RO) and Network Service Orchestrator (NSO). Each cloud domain is equipped with an RO whose task is to provide a simple and abstract representation of the cloud infrastructure. These representations are notified of the NSO that can apply a simplified and less complex SRCBA algorithm. In addition, we show how the segment routing technology can help to simplify the SFC routing by means of an effective addressing of the service functions. The scalable orchestration solution has been investigated and compared to the one of a traditional orchestrator in some network scenarios and varying the number of cloud domains. We have verified that the execution time of the SRCBA algorithm can be drastically reduced without degrading the performance in terms of cloud and bandwidth resource costs.
View
VNF Placement Optimization at the Edge and Cloud †
Article
Full-text available
  • Mar 2019
Network Function Virtualization (NFV) has revolutionized the way network services are offered to end users. Individual network functions are decoupled from expensive and dedicated middleboxes and are now provided as software-based virtualized entities called Virtualized Network Functions (VNFs). NFV is often complemented with the Cloud Computing paradigm to provide networking functions to enterprise customers and end-users remote from their premises. NFV along with Cloud Computing has also started to be seen in Internet of Things (IoT) platforms as a means to provide networking functions to the IoT traffic. The intermix of IoT, NFV, and Cloud technologies, however, is still in its infancy creating a rich and open future research area. To this end, in this paper, we propose a novel approach to facilitate the placement and deployment of service chained VNFs in a network cloud infrastructure that can be extended using the Mobile Edge Computing (MEC) infrastructure for accommodating mission critical and delay sensitive traffic. Our aim is to minimize the end-to-end communication delay while keeping the overall deployment cost to minimum. Results reveal that the proposed approach can significantly reduce the delay experienced, while satisfying the Service Providers’ goal of low deployment costs.
View
Autonomic Network Management and Cross-Layer Optimization in Software Defined Radio Environments
Article
Full-text available
  • Feb 2019
The demand for Autonomic Network Management (ANM) and optimization is as intense as ever, even though significant research has been devoted towards this direction. This paper addresses such need in Software Defined (SDR) based Cognitive Radio Networks (CRNs). We propose a new framework for ANM and network reconfiguration combining Software Defined Networks (SDN) with SDR via Network Function Virtualization (NFV) enabled Virtual Utility Functions (VUFs). This is the first approach combining ANM with SDR and SDN via NFV, demonstrating how these state-of-the-art technologies can be effectively combined to achieve reconfiguration flexibility, improved performance and efficient use of available resources. In order to show the feasibility of the proposed framework, we implemented its main functionalities in a cross-layer resource allocation mechanism for CRNs over real SDR testbeds provided by the Orchestration and Reconfiguration Control Architecture (ORCA) EU project. We demonstrate the efficacy of our framework, and based on the obtained results, we identify aspects that can be further investigated for improving the applicability and increasing performance of our broader framework.
View
v-Mapper: An Application-Aware Resource Consolidation Scheme for Cloud Data Centers
Article
Full-text available
  • Sep 2018
Cloud computing systems are popular in computing industry for their ease of use and wide range of applications. These systems offer services that can be used over the Internet. Due to their wide popularity and usage, cloud computing systems and their services often face issues resource management related challenges. In this paper, we present v-Mapper, a resource consolidation scheme which implements network resource management concepts through software-defined networking (SDN) control features. The paper makes three major contributions: (1) We propose a virtual machine (VM) placement scheme that can effectively mitigate the VM placement issues for data-intensive applications; (2) We propose a validation scheme that will ensure that a cloud service is entertained only if there are sufficient resources available for its execution and (3) We present a scheduling policy that aims to eliminate network load constraints. We tested our scheme with other techniques in terms of average task processing time, service delay and bandwidth usage. Our results demonstrate that v-Mapper outperforms other techniques and delivers significant improvement in system’s performance.
View
A Systematic Literature Review on Military Software Defined Networks
Article
Full-text available
  • Sep 2018
Software Defined Networking (SDN) is an evolving network architecture paradigm that focuses on the separation of control and data planes. SDN receives increasing attention both from academia and industry, across a multitude of application domains. In this article, we examine the current state of obtained knowledge on military SDN by conducting a systematic literature review (SLR). Through this work, we seek to evaluate the current state of the art in terms of research tracks, publications, methods, trends, and most active research areas. Accordingly, we utilize these findings for consolidating the areas of past and current research on the examined application domain, and propose directions for future research.
View
A Tiered Control Plane Model for Service Function Chaining Isolation
Article
Full-text available
  • Jun 2018
This article presents an architecture for encryption automation in interconnected Network Function Virtualization (NFV) domains. Current NFV implementations are designed for deployment within trusted domains, where overlay networks with static trusted links are utilized for enabling network security. Nevertheless, within a Service Function Chain (SFC), Virtual Network Function (VNF) flows cannot be isolated and end-to-end encrypted because each VNF requires direct access to the overall SFC data-flow. This restricts both end-users and Service Providers from enabling end-to-end security, and in extended VNF isolation within the SFC data traffic. Encrypting data flows on a per-flow basis results in an extensive amount of secure tunnels, which cannot scale efficiently in manual configurations. Additionally, creating secure data plane tunnels between NFV providers requires secure exchange of key parameters, and the establishment of an east–west control plane protocol. In this article, we present an architecture focusing on these two problems, investigating how overlay networks can be created, isolated, and secured dynamically. Accordingly, we propose an architecture for automated establishment of encrypted tunnels in NFV, which introduces a novel, tiered east–west communication channel between network controllers in a multi-domain environment.
View