Privacy-Oriented Virtual Network Embedding SolutionEvaluationConclusionsOngoing Work Network Virtualization Enables the creation of virtual topologies on top of physical substrates
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Overview
Introduction
Proposed Solution
Evaluation
Conclusions
Ongoing Work
Privacy-Oriented Virtual Network Embedding 2/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Network Virtualization
• Enables the creation of virtual topologies on top of physicalsubstrates
• Has been embraced by academic researchers and the Industry
• Key concerns: efficient resource mapping and privacy
Privacy-Oriented Virtual Network Embedding 3/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Privacy
• Recent discovery of pervasive electronic surveillance hashighlighted privacy concerns
• These concerns are even more exacerbated in networkvirtualization
• Security mechanisms must be considered in order to maintaina desired level of privacy
Privacy-Oriented Virtual Network Embedding 4/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Related Work
• Different methods have been used to solve the embeddingproblem:◦ Optimization Models – [Chowdhury et al., 2011; Alkmim et al., 2013]◦ Relaxations – [Chowdhury et al., 2011; Alkmim et al., 2013]◦ Heuristic approaches – [Yu et al., 2008; Cheng et al., 2011]
• We are not aware of previous attempts to reconcile efficientresource mapping and the satisfaction of security requirements
Privacy-Oriented Virtual Network Embedding 5/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Objectives
• Reconciling:◦ Efficient usage of physical resources◦ Fulfillment of different levels of confidentiality:• End-to-end cryptography• Point-to-point cryptography• Non-overlapping networks
• Considering precise costs of security mechanisms
Privacy-Oriented Virtual Network Embedding 6/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Optimization Model
• Based on Integer Linear Programming• Inputs:◦ Physical and virtual topologies◦ Routers: throughput, cryptographic protocol support◦ Links: bandwidth◦ Locations◦ Costs related to cryptographic operations◦ Conflicting VNs◦ Previously embedded VNs
Privacy-Oriented Virtual Network Embedding 7/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
Algorithm Proposed Heuristic Algorithm1: s ← generateInitialSolution2: c ← evaluateSolution(s)3: sbest ← s; cbest ← c4:5:6:7:8:9:10:11:12:13:14:15:16:
Privacy-Oriented Virtual Network Embedding 11/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
Algorithm Proposed Heuristic Algorithm1: s ← generateInitialSolution2: c ← evaluateSolution(s)3: sbest ← s; cbest ← c4: k ← 05: while k < kmax and c > cmax do6:7:8:9:10:11:12:13:14:15:16: end while
Privacy-Oriented Virtual Network Embedding 11/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
Algorithm Proposed Heuristic Algorithm1: s ← generateInitialSolution2: c ← evaluateSolution(s)3: sbest ← s; cbest ← c4: k ← 05: while k < kmax and c > cmax do6: s′ ← generateNeighbor(s)7: c′ ← evaluateSolution(s′)8:9:10:11:12:13:14:15:16: end while
Privacy-Oriented Virtual Network Embedding 11/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
Algorithm Proposed Heuristic Algorithm1: s ← generateInitialSolution2: c ← evaluateSolution(s)3: sbest ← s; cbest ← c4: k ← 05: while k < kmax and c > cmax do6: s′ ← generateNeighbor(s)7: c′ ← evaluateSolution(s′)8: t ← temperature(k , kmax )9: if probability(c, c′, t) > random[0, 1) then10: s ← s′; c ← c′
11: end if12:13:14:15:16: end while
Privacy-Oriented Virtual Network Embedding 11/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
Algorithm Proposed Heuristic Algorithm1: s ← generateInitialSolution2: c ← evaluateSolution(s)3: sbest ← s; cbest ← c4: k ← 05: while k < kmax and c > cmax do6: s′ ← generateNeighbor(s)7: c′ ← evaluateSolution(s′)8: t ← temperature(k , kmax )9: if probability(c, c′, t) > random[0, 1) then10: s ← s′; c ← c′
11: end if12: if c < cbest and isFeasible(s) then13: sbest ← s; cbest ← c14: end if15: k ← k + 116: end while
Privacy-Oriented Virtual Network Embedding 11/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Evaluation – Fixed Parameters
• General parameters:◦ 250 time slots◦ On average, 5 requests arrive per slot (Poisson)◦ Average duration of 5 slots (exponential)
• Heuristic algorithm parameters:◦ Maximum number of iterations: 5,000◦ Maximum overhead factor: 3◦ Penalty factor: 100
Privacy-Oriented Virtual Network Embedding 12/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Evaluation – Fixed Parameters
• Physical network:◦ Routers: 10 Gbps throughput◦ Distributed among 16 locations◦ 95% support cryptographic protocols◦ Links: 1–10 Gbps
• Virtual networks:◦ Two routers with location constraints◦ 35% of VNs do not require cryptography◦ 35% of VNs require end-to-end cryptography◦ 30% of VNs require point-to-point cryptography◦ 5% of VNs conflict with a previously embedded VN
Privacy-Oriented Virtual Network Embedding 13/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Evaluation – Variable Parameters
• Network sizes:◦ Physical network of size 100, VN sizes ranging from 2 to 5◦ Physical network of size 500, VN sizes ranging from 2 to 10
• Cryptographic Algorithms:◦ AES-128◦ AES-256
Privacy-Oriented Virtual Network Embedding 14/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Results
0
2
4
6
8
10
12
50 100 150 200 250
Ave
rage
Sol
utio
n T
ime
(in s
econ
ds)
Time Slots
Opt. 100r AES−128Opt. 100r AES−256
Heur. 100r AES−128Heur. 100r AES−256
Opt. 500r AES−128Opt. 500r AES−256
Heur. 500r AES−128Heur. 500r AES−256
Figure: Time needed to find the accepted solution.
Privacy-Oriented Virtual Network Embedding 15/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Figure: Acceptance rate in all completed experiments.
Privacy-Oriented Virtual Network Embedding 16/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Results
1
1.5
2
2.5
50 100 150 200 250
Ave
rage
Ban
dwid
th O
verh
ead
Time Slots
No SecurityEnd−to−end Crypt.
Point−to−point Crypt.Conflicting Networks
(a) Opt. 100r AES-256
2
2.5
3
3.5
4
50 100 150 200 250
Ave
rage
Ban
dwid
th O
verh
ead
Time Slots
No SecurityEnd−to−end Crypt.
Point−to−point Crypt.Conflicting Networks
(b) Heur. 100r AES-256
Figure: Average bandwidth overhead needed to embed requests ofdifferent kinds.
Privacy-Oriented Virtual Network Embedding 17/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Conclusions
• Optimization model produces adequate results in a timelymanner for networks of limited size
• Heuristic algorithm scales to larger networks without asignificant increase in solution time
• If desired, the heuristic algorithm may lead to more preciseresults through parameterization
Privacy-Oriented Virtual Network Embedding 18/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Ongoing Work
• Further improvements to the heuristic algorithm◦ First-improvement-based local search◦ Multiple moves per temperature change◦ Logarithmic cooling schedule
• Analysis of the impact of topological factorson the VN embedding process
• SDN integration case study
Privacy-Oriented Virtual Network Embedding 19/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
References
Gustavo P. Alkmim, Daniel M. Batista, and Nelson L. S. Fonseca. Mapping virtual networksonto substrate networks. Journal of Internet Services and Applications, 3(4), 2013.ISSN 1869-0238. doi: 10.1186/1869-0238-4-3.
Xiang Cheng, Sen Su, Zhongbao Zhang, Hanchi Wang, Fangchun Yang, Yan Luo, and JieWang. Virtual network embedding through topology-aware node ranking. SIGCOMMComputer Communication Review, 41(2), 2011. ISSN 0146-4833. doi:10.1145/1971162.1971168.
M. Chowdhury, M. R. Rahman, and R. Boutaba. Vineyard: Virtual network embeddingalgorithms with coordinated node and link mapping. IEEE/ACM Transactions onNetworking, PP(99), 2011. ISSN 1063-6692. doi: 10.1109/TNET.2011.2159308.
Minlan Yu, Yung Yi, Jennifer Rexford, and Mung Chiang. Rethinking virtual networkembedding: substrate support for path splitting and migration. SIGCOMM ComputerCommunication Review, 38(2), 2008. ISSN 0146-4833. doi: 10.1145/1355734.1355737.
Privacy-Oriented Virtual Network Embedding 21/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Constraints
Constraints C1 and C3: Fulfill capacity requirements:
∑r∈NV ,j∈RV
T Vr ,jW
Rr ,jA
Ri,r ,j ≤ T P
i ∀i ∈ RP (C1)
∑r∈NV ,(k,l)∈LV
BVr ,k,lW
Lr AL
i,j,r ,k,l ≤ BPi,j ∀(i , j) ∈ LP (C3)
Privacy-Oriented Virtual Network Embedding 22/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Constraints
Constraints C2, C5, and C6: Ensure proper router and linkmapping:
∑j∈RV
ARi,r ,j ≤ 1 ∀i ∈ RP , r ∈ NV (C2)
∑i∈RP
ARi,r ,j = 1 ∀r ∈ NV , j ∈ RV (C5)
∑j∈RP
ALi,j,r ,k,l −
∑j∈RP
ALj,i,r ,k,l = AR
i,r ,k − ARi,r ,l ∀r ∈ NV , (k , l) ∈ LV , i ∈ RP
(C6)
Privacy-Oriented Virtual Network Embedding 23/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Constraints
Constraints C4, C7, and C8: Ensure desired level of security:
K Vr ,jA
Ri,r ,j ≤ K P
i ∀i ∈ RP , r ∈ NV , j ∈ RV (C4)
∑q∈NV ,k∈RV
ARi,q,k +
∑r∈NV ,l∈RV
ARi,r ,l ≤ 1 ∀q, r ∈ X , i ∈ RP (C7)
⌈∑q∈NV ,(k,l)∈LV AL
i,j,q,k,l
|LP |
⌉+
⌈∑r∈NV ,(o,p)∈LV AL
i,j,r,o,p
|LP |
⌉≤ 1 ∀q, r ∈ X , (i , j) ∈ LP
(C8)
Privacy-Oriented Virtual Network Embedding 24/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work