Project Home: | www.forschung-it-sicherheit-kommunikationssysteme.de/projekte/sendate-planets |
Funding Agency: | BMBF |
Duration: | 3 years, 01.03.2016-28.02.2019 |
Contact: | N. Deric (nemanja.deric(at)tum.de) |
A. Varasteh (amir.varasteh(at)tum.de) | |
P. Vizarreta Paz (petra.stojsavljevic(at)tum.de) | |
C. Mas Machuca (cmas@tum.de) | |
A. Blenk (andreas.blenk(at)tum.de) | |
W. Kellerer (wolfgang.kellerer(at)tum.de) |
Scope of Project
SENDATE Project - Large Data Centers (DCs) are forming the most important control centers of the Internet nowadays. Within DCs, business as well as private data is stored, edited, forwarded, and processed. Although current DCs have a huge computing power, massive storage capacities, and an enormous performance based on centrally stored data, they are located far away from the customer, use the network only for transport, and are mostly run by non-European companies. This leads to low flexibility, long delays to customers, and security concerns.
New application scenarios of our digital society such as Industrial Internet, mobile connected objects, Internet of Things, health applications, and especially 5G lead to a huge number of end devices and an enormous increase of traffic volume. The high demands on security, location awareness, service guarantees, flexibility, and latency require a convergence of telecommunication networks and IT as well as distributed data centers, which are placed close to the customers. Innovative approaches such as Network Functions Virtualization (NFV) in combination with Software Defined Networking (SDN) are the basis for a secure, flexible, low latency, and locality-aware distributed data center approach to support the upcoming application scenarios.
The goal of the SENDATE research program is to provide the scientific, technical, and technological concepts and solutions for
- A clean-slate architecture supporting the application scenario demands
- Intra-DC -security, -control, -management, and -orchestration
- Placement, control, and management of Virtual Network Functions (VNF)
- High speed transport networks to interconnect servers in a DC, data centers together, and the end users.
This includes on the one hand the development of a flexible control-plane using SDN, an on the other hand a powerful data-plane with high flexibility. Security is an integral part of all sub-parts.
SENDATE - PLANETS - PLUTO - The chair of communication networks is part of the SENDATE - PLANETS (ProgrammabLe Architecture for distributed NETwork functions and Security) project.
The sub-project name is PLUTO (PLanning and design of secUre and resilienT SDN/NFV based netwOrk)
Contributions
1. Network Virtualization
1.1 Network Hypervisor
Network Virtualization (NV) indeed offers improved resource utilization as the physical infrastructure is shared between multiple tenants. To realize NV, a new entity is placed between the controllers and the physical network, so called network hypervisor. We designed and implemented a Framework for Flexible and Reliable SDN Virtualization, HyperFlex, which has been presented in IFIP/IEEE IM. HyperFlex provides on-demand network virtualization integrated with admission control control, as well as control plane isolation and SLA performance guarantees. HyperFlex implementation is publicly available on github.
However, as network hypervisor is usually a dedicated entity, it has to be place within the network as well. In IEEE NFV-SDN 2015, we have presented a few different formulations of optimization models for hypervisor placement problem (HPP). Further, we also provide initial analysis, where we demonstrate the needed number of network hypervisors for achieving a certain control plane latency.
Furthermore, provisioning the required network hypervisor resources is a challenging problem as well. Thus, in CNSM 2018, we have proposed a measurement-based analysis of the impact of topology abstraction on CPU utilization of a network hypervisor. We further extend the presented work by developing a measurement-based prediction model which can support arbitrary physical topologies and randomly generated virtual networks. As network hypervisors are limited in resources, we even show that providing such prediction model significantly improves the performance of admission control mechanisms.
1.2 Virtual Network Embedding
Another problem in NV is virtual network embedding (VNE), i.e., mapping the requested virtual resources (by tenents) to underlying physical infrastructure. Hence, in CNSM 2016, we have published an admission control based framework which utilizes Recurrent Neural Networks, with a goal of improving the run time and resource utilization of different VNE algorithms. Moreover, in IEEE INFOCOM 2018, we have presented NeuroViNE, a novel approach which uses Hopfield networks to reduce the search space of the existing VNE algorithms and make them faster and more resource-efficient.
2. Secure and Reliable SDN Networks
2.1 Secure SDN Controller Synchronization
In this project, we present MORPH, SDN architecture for detecting and handling byzantine failures of SDN controllers. To this end, we have deployed multiple identical instances of SDN controllers. Thus, by replicating the controllers behaviour, the detection of faulty or malicious controllers is possible. Furthermore, we use controller-to-controller synchronization in order to support deployment of stateful and stateless applications in SDN control plane. Moreover, as the message overhead of such architecture is non-negligible, we also present a dynamic system capable of adapting to the controller failures.
2.2 Reliable SDN Controller Placement
In SDN paradigm, there are software-based controllers which are responsible for managing the forwarding devices and their behaviour. The location of these SDN controllers can play a crucial role in overall network performance and reliability. In a work which has been published in RNDM 2016, we have proposed two strategies to address the reliable SDN controller placement problem, which protect the control plane against single link and node failures and provide seamless failover by exploiting the principles of resilient routing.
2.3 SDN Controller Software Reliability
SDN controllers are pieces of software, generated by humans, which can contain bugs. In CNSM 2017 and IEEE TNSM 2018, we have presented software reliability growth models which are often used to estimate and predict the reliability of the software in the operational phase based on the fault report data during the testing phase. We show that these models can be used to predict the number of residual bugs in the SDN controller software, as well as failure intensity, software reliability and optimal software release time. Moreover, in RNDM 2017, we have used Stochastic Activity Networks (SAN) model in order to apply it to a case study of a hypothetical controller based on commercial controller implementations. We show how the proposed model can be used to estimate the SDN controller steady state availability, quantify the impact of different failure modes on controller outages, as well as the effects of software ageing, and the impact of software reliability growth on the transient behaviour. Finally, in IFIP/IEEE IM 2019, we have presented the functional components in OpenDaylight SDN controller architecture, localized the most vulnerable modules and measured their contribution to the total bug content. Furthermore, we have provided high fidelity models that can accurately reproduce the stochastic behaviour of bug manifestation and bug removal rates, and discussed how these can be used to optimize the planning of the test effort, and to improve the software release management.
3. Network Dynamics and Placement
3.1 VNF Setup Phase
As a challenge in NFV-enabled networks, it is important to determine where these VNFs should be deployed in the network. In IEEE GLOBECOM 2018, we have presented an optimal VNF placement and routing approach with the objective of minimizing to total power consumption of the network and servers. In collaboration with KTH Royal Insititue of Technology in Sweden, in this paper, we have designed and evaluated an efficient, yet scalable heuristic algorithm in order to solve the aforementioned problem.
As another use case, in a work published in IEEE TNSM 2017, we have focused on designing a cost optimal 5G mobile core based on SDN and NFV. In this work, the control and data plane of LTE core functions have been modelled and the placement of them has been evaluated for centralized and distributed clouds.
3.2 VNF Operational Phase
After the deployment phase of VNFs, these entities should be monitored, controlled, and managed over their operational phase. In IEEE ICCT 2017, we have focused on dealing with overloaded and underloaded resources in a deployed VNF chain. We have formulated a distributed optimization using Alternating Direction Method of Multipliers approach to perform resource adjustment in extreme scenarios (over-/underload). As a further step, in a collaboration with Airbus Germany, the mobility of users has been taken into the account and we have presented a mobility-aware VNF placement and routing in IEEE ICC 2019. In this work, we have focused on deploying Internet-based services for flying airplanes over a time-horizon.
4. Offloading and Deploying VNF on Programmable and Accelerated Hardware
Programmable hardware represents a perfect target for both, realization of various VNFs or offloading networking tasks to accelerated hardware. Hence, at CNSM 2018, we have presented a hybrid NFV architecture capable of supporting dynamic orchestration of hardware accelerated VNFs, as well as the traditional ones. As a proof-of-concept, we have implemented a stateful and a stateless VNF using P4 language directly on programmable hardware. Furthermore, we have evaluated the impact of reconfiguration of such hardware-based VNFs on service interruption time. Additionally, in IEEE ICC 2019, we have presented HNLB, an offloading solution which utilizes both software and hardware resources (i.e., Network Interface Card (NIC)) in order to provide an inexpensive load balancer, which can scale up or down easily. HNBL exploits already available resources in NIC, in order to reduce the total number of CPU cycles needed for processing and load balance the network traffic. It has been shown that HNLB is able to outperform the state-of-the-art load balancing systems.
5. Demos
- In the demo published in IEEE INFOCOM 2019, we have demonstrated the optimal service placement, routing, and the network reconfiguration strategies in a realistic European-based Space-Air-Ground Integrated Network. We have shown by considering the mobility of the airplanes flying over Europe, how we can perform the network planning by utilizing satellite and Direct-Air-to-Ground links, while guaranteeing the QoS requirements of Internet-based services of airplanes. A video of this demo is available here.
- By extending HyperFLEX, in Netsys 2019, we have demonstrated the necessity of efficient network reconfiguration using a real time application in an emulated virtualized SDN environment. Firstly, we have shown how VNF placement can degrade the performance of time critical services heavily. Consequently, we have shown how VNF orchestration can improve the performance of such services, and we have discussed how VNF orchestration should be handled in virtualized SDN networks. A video of this demo is available here.
- In another Netsys 2019 paper (Best Demo Paper Award), we have presented a demo to show how a large-scale edge placement problem can be solved by using GPU-accelerated Natural Evolutional Strategies. We have demonstrated a system that allows the evaluation of technology choices, latency requirements and locations that should be covered at the example of the United States.
For more information regarding our contributions, please refer to our publication list, available here.
SENDATE Project web site: https://www.sendate.eu/