nfv chaining, placement and...

www.thalesgroup.com

NFV chaining, placement and orchestration

MATHIEU BOUET (THALES COMMUNICATIONS & SECURITY)

2

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.

Action transverse GdR RSD (Réseaux et Systèmes Distribués)

Agenda

NFV introduction

vDPI placement problem

Centrality-based heuristic

Performance evaluation

Conclusion and perspectives

3

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Network Functions Virtualization (NFV)

▌ Convergence between IT

and Network

▌ Service-oriented multi-

tenant systems

pay as you go, on

demand…

▌ Software-defined systems

programmability,

virtualization,

automation…

ETSI’s vision for NFV

4

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


ETSI NFV Reference Architectural Framework

VIM

NFV PoP NFV WAN

NFV PoP

VNF

VNFC VNFC

VNF

VNFC VNFC

(Virtual) Network Service

VNF VNF NFVO

OSS/ BSS

Virtualized Infrastructure Manager (VIM): control and manage the NFVI

compute, storage and network resources

collection and forwarding of performance measurements and events

VNF Manager: lifecycle management of VNF

instances overall coordination and adaptation

role for configuration and event reporting between NFVI and the E/NMS

NFV Orchestrator: on-boarding of new Network Service

(NS), VNF-FG and VNF Packages NS lifecycle management (including

instantiation, scale-out/in, performance measurements, event correlation, termination)

global resource management, validation and authorization of NFVI resource requests

policy management for NS instances

VNF = Virtual Network Function

VNFC = VNF Container

PoP = Point of Presence

VNFM

5

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


NFV Key Capability 1 – Service Chaining

Access Network

Point of Presence

(processing and storage)

Core Network

Point of Presence

(processing and storage)

Infrastructure Network

End Functional Block

End Functional Block

Network Service

VNF VNF VNF VNF

Hosting of VNFs

Dynamic creation and composition of chains of services

VNF = Virtual Network Function

6

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


NFV Key Capability 2 – Load Sharing and Fault Tolerance

Fast, flexible and diverse

hosting of VNFC instances

VNFC VNFC VNFC VNFC VNFC VNFC

Fast, flexible and diverse

hosting of VNFC instances

VNFC VNFC VNFC VNFC VNFC VNFC

VNFC = VNF Container

VNFC layer protocols

supporting load sharing

and fault tolerance

Parallel VNFC instances supporting load sharing and fault tolerance

7

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


NFV Key Capability 3 – New Commercial Boundaries

VNF orchestration

VNF management

VNF orchestration

VNF management

Distributed hosting, storing and connecting infrastructure

VNF

VNFC VNFC VNFC

VNF

VNFC VNFC VNFC

VNF

VNFC VNFC VNFC

NFVI management

hosting hosting hosting

VNF orchestration

VNF management

COMMERCIAL BOUNDARY

8

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


NFV ecosystem

▌ Standardization bodies

ETSI NFV ISG

- Launched in 2012, 235 companies, including 34 service providers

IRTF

- NFVRG (launched in October 2014)

IETF

- Service Function Chaining (SFC), launched in April 2014

But also TMF, MEF etc.

▌ Open source initiatives and

communities

open vSwitch, OpenDaylight (Linux Foundation), OpenStack, OpenMANO, Open Platform for NFV (OPNFV), Docker, KVM, LXC (Linux

Foundation)…

▌ Industrial products

Virtualized DPI engine (e.g. Qosmos,

Procera…)

Software-based network accelerator (e.g.

6WIND, Intel…)

SDN-NFV solutions by ALU, Cisco, HP, Juniper,

RAD etc.

9

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Agenda

NFV introduction





10

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


virtualized Deep Packet Inspection (vDPI)

Case study:

vDPI: virtualized Deep Packet

Inspection

Used to monitor all traffic flows in a

network using a vDPI function:

For cyber-security, accounting,

service chaining…

Leverage available L7 probes

(Procera Networks, up to 8Gb/s per

CPU core)

Joint work with Jeremie Leguay

(Huawei) and Vania Conan (Thales)

11

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Placing vDPI in a WAN

NFVI-POP

Physical link

Logical link

12

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Joint placement and routing optimization

▌ Cost model

NFV infrastructure has costs in network and compute resources

vDPI function has a pay-per-use license costs for each CPU and NFVI-POP used

▌ Overall problem

For a given flow demand, find the minimal cost placement and routing

NFVI-POP

NFV-Infrastructure

NFV 1 NFV 1 DPI

NFVI-POP NFVI-POP Flow 1

1Gb/s

NFVI-POP NFVI-POP Flow 2

1Gb/s

Initial situation:

NFV License cost: $4000

Bandwidth cost: $150

NFVI-POP NFVI-POP

C B A

NFVI-POP

NFVI-POP NFVI-POP

D E

Optimized situation:

NFV License cost: $2000

Bandwidth cost: $200

NFV 1 NFV 1 Crypto

Flow 1

1Gb/s

Flow 2

1Gb/s

Re

sou

rce

vie

w

C B A

D E

13

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Problem definition

▌ A multi-commodity flow problem

Map a given demand (traffic matrix)

On a given physical network

▌ With an extension to include vDPI probes

Split each demand in two inter-related ones

Such that every initial flow passes through a vDPI probe

▌ Complexity

NP-hard as we do not split flows over multiple paths (integer)

14

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Problem formulation

▌ Parameters

Set of flows F

- fsize, fs, fd for each

Costs

- Wdpi (site), wcpu, wbw

Capacities

- Cdpi (probes)

- Ci,j (links)

▌ Variables

Ressources

- dpi (site), cpu

Routing

- x, y (edges’ assignment)

15

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Agenda

NFV introduction





16

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.



▌ Heuristic based on centrality

Centrality derived from the betweenness centrality

Cost function

17

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.





Cost function

18

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.





Cost function

19

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Agenda

NFV introduction





20

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Experimental validation on real-world GEANT dataset

▌ Data sets

Pan-European research and education backbone GEANT

Captured in 2006 by Uhlig et al. with 22 nodes, 36 high capacity 40G links, and traffic matrices with 462

demands

▌ Parameters

DPI cost per CPU ($2500), Network cost ($10 per Mb/s on links)

▌ Implementation

MILP with GLPK (open source C solver)

Heuristic implementation in Java with JUNG

21

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Performance evaluation on GEANT

▌ Observations

Very good match in terms of cost but variations on the decisions

Heuristics 16-32 times faster

vDPI can be deployed on a limited number of sites

Number of vDPI Computation duration Costs decomposition

22

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Going large scale!

▌ Generating random graphs

Different network structures

- Barabasi-Albert

- Erdős–Rényi

Flat traffic matrix where everybody communicate with each other

▌ Example of number of links for

Barabasi-Albert graphs

Density: 0.05

23

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Performance evaluation on large graphs

▌ Barabasi-Albert graphs

vDPI (site opening cost) = $2500


24

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Performance evaluation on large graphs

▌ Erdős–Rényi graphs

vDPI (site opening cost) = $2500


25

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Conclusion and perspective

▌ A Centrality-based greedy algorithm for vDPI placement

Finds out a vDPI engine deployment that satisfies the trade-off between

the minimum number of probes and the minimum network load

Very good match in terms of cost but variations on the decisions

Very fast computation w.r.t. to the ILP

▌ Other ongoing work

VNFs chaining and placement -> CloudNet 2015

Service composition and brokerage -> CloudNet 2015

NFV marketplace modeling -> Official in the coming days!

And more to come!

26

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


ANR REFLEXION Project

▌ REsilient and FLEXible Infrastructure

for Open Networking

▌ Starting date:

1st February 2015

▌ Duration:

2 years + 6 months

▌ Coordinator:

Mathieu Bouet, Thales Communications & Security SAS

▌ Consortium:

1. Thales Communications & Security SAS (TCS)

2. Orange SA

3. Institut National de Recherche en Informatique et en Automatique (INRIA)

4. Laboratoire d'Informatique de Paris 6 (LIP6)

5. Ecole Normale Supérieure De Lyon (ENSL)

6. 6WIND

7. Institut Mines Telecom - LTCI Télécom ParisTech (TPT)

ANR-14-CE28-0019

27

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

- ©

Th

ale

s 2

01

5 A

ll rig

hts

re

serv

ed

.


Website

27

http://anr-reflexion.telecom-paristech.fr/







www.thalesgroup.com

Thank you!

Questions?

[email protected]

nfv chaining, placement and...

Documents