基于异构备份与重映射的服务功能链部署方案

doi:10.11959/j.issn.2096-109x.2018051

网络与信息安全学报 ›› 2018, Vol. 4 ›› Issue (6): 23-35.doi: 10.11959/j.issn.2096-109x.2018051

基于异构备份与重映射的服务功能链部署方案

谢记超¹,伊鹏¹,张震¹,张传浩^1,²,谷允捷¹

¹ 国家数字交换系统工程技术研究中心，河南郑州 450002
² 铁道警察学院公安技术系，河南郑州 450053

修回日期:2018-05-26 出版日期:2018-06-01 发布日期:2018-08-08
作者简介:谢记超（1993-），男，河北石家庄人，国家数字交换系统工程技术研究中心硕士生，主要研究方向为网络安全、网络功能虚拟化。|伊鹏（1977-），男，湖北黄冈人，国家数字交换系统工程技术研究中心研究员、博士生导师，主要研究方向为网络空间安全、新型网络体系结构。|张震（1985-），男，山东济宁人，国家数字交换系统工程技术研究中心讲师，主要研究方向为新型网络体系结构。|张传浩（1979-），男，河南郑州人，铁道警察学院讲师，主要研究方向为网络信息安全、网络功能虚拟化。|谷允捷（1994-），男，山东济宁人，国家数字交换系统工程技术研究中心硕士生，主要研究方向为网络功能虚拟化。
基金资助:
国家重点研发计划基金资助项目(2016YFB0801200);国家重点研发计划基金资助项目(2017YFB0801200);国家网络空间安全专项基金资助项目(2017YFB0803204);公安部科技计划基金资助项目(2017JSYJC08)

Service function chain deployment scheme based on heterogeneous backup and remapping

Jichao XIE¹,Peng YI¹,Zhen ZHANG¹,Chuanhao ZHANG^1,²,Yunjie GU¹

¹ National Digital Switching System Engineering ＆Technological Research Center,Zhengzhou 450002,China
² Public Security Technology Department,Rail Police College,Zhengzhou 450053,China

Revised:2018-05-26 Online:2018-06-01 Published:2018-08-08
Supported by:
The National Key Research and Development Project of China(2016YFB0801200);The National Key Research and Development Project of China(2017YFB0801200);The National Cyberspace Security Special Project of China(2017YFB0803204);The Ministry of Public Security Science and Technology General Project of China(2017JSYJC08)

摘要/Abstract

摘要：

网络功能虚拟化技术提高了服务功能链部署的灵活性，然而虚拟网络功能面临着不确定失效和恶意攻击问题，现有的冗余备份部署方法能在一定程度上解决虚拟网络功能的失效问题，但未考虑节点同构性在面临恶意攻击时的缺陷。为此提出一种考虑节点异构性的部署方法，在进行冗余备份和重映射时保证节点的异构性。实验表明，相比于同构备份方法，所提方法在请求接受率下降3.8%，带宽消耗增加9.2%的情况下，显著提高了攻击者的攻击时间成本。

关键词: 网络功能虚拟化, 服务功能链, 虚拟网络功能, 可靠性, 备份, 同构性, 异构性

Abstract:

Network function virtualization technology improves the flexibility of service function chains' deployment.However,the virtual network functions are under the pressure of uncertain failures and malicious attacks.The existing redundant backup methods can solve the problem of VNF failures to some extent,it does not consider the defects of node homogeneity in the face of malicious attacks.A deployment method considering the heterogeneity of nodes was proposed,guaranteeing the heterogeneity of nodes when perform redundant backup and remapping.Simulation experiments demonstrate that the proposed method significantly increases attacker's attack time cost under the cost of the request acceptance rate decreases by 3.8% and the bandwidth consumption increase by 9.2% comparing to the homogeneity backup method.

Key words: NFV, SFC, VNF, reliability, backup, homogeneity, heterogeneity

中图分类号:

TP393

谢记超,伊鹏,张震,张传浩,谷允捷. 基于异构备份与重映射的服务功能链部署方案[J]. 网络与信息安全学报, 2018, 4(6): 23-35.

Jichao XIE,Peng YI,Zhen ZHANG,Chuanhao ZHANG,Yunjie GU. Service function chain deployment scheme based on heterogeneous backup and remapping[J]. Chinese Journal of Network and Information Security, 2018, 4(6): 23-35.

图/表 17

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

表1

图11

图12

图13

图14

图15

图16

参考文献 24

[1]	MEDHAT A M , TALEB T , ELMANGOUSH A ,et al. Service function chaining in next generation networks:state of the art and research challenges[J]. IEEE Communications Magazine, 2017,55(2): 216-223.
[2]	SHERRY J , HASAN S , SCOTT C ,et al. Making middleboxes someone else's problem:network processing as a cloud service[J]. ACM Sigcomm Computer Communication Review, 2012,42(4): 13-24.
[3]	MIJUMBI R , SERRAT J , GORRICHO J L ,et al. Network function virtualization:state-of-the-art and research challenges[J]. IEEE Communications Surveys ＆ Tutorials, 2017,18(1): 236-262.
[4]	NFV ISG . Network functions virtualisation-an introduction,benefits,enablers,challenges ＆ call for action[R]. 2012.
[5]	DONOVAN J , . How do you keep pace with a 100,000 percent increase in wireless data traffic[C]// Open Networking Summit. 2015.
[6]	COTRONEO D , SIMONE L D , IANNILLO A K ,et al. Network function virtualization:challenges and directions for reliability assurance[C]// IEEE International Symposium on Software Reliability Engineering Workshops. 2014: 37-42.
[7]	Network functions virtualisation (NFV); reliability; report on models and features for end-to-end reliability[R]. 2016.
[8]	GUNAWI H S , HAO M , ELIAZAR K J ,et al. Why does the cloud stop computing? lessons from hundreds of service outages[C]// ACM Symposium on Cloud Computing. 2016: 1-16.
[9]	FAN J , GUAN C , REN K ,et al. Guaranteeing availability for network function virtualization with geographic redundancy deployment[R]. 2015.
[10]	MEDHAT A M , CARELLA G A , PAULS M ,et al. Resilient orchestration of service functions chains in a NFV environment[C]// Network Function Virtualization and Software Defined Networks. 2017: 7-12.
[11]	HMAITY A , SAVI M , MUSUMECI F ,et al. Virtual network function placement for resilient service chain provisioning[C]// International Workshop on Resilient Networks Design and Modeling. 2016.
[12]	HERKER S , AN X , KIESS W ,et al. Data-center architecture impacts on virtualized network functions service chain embedding with high availability requirements[C]// IEEE Globecom Workshops. 2015: 1-7.
[13]	CASAZZA M , FOUILHOUX P , BOUET M ,et al. Securing virtual network function placement with high availability guarantees[C]// IFIP Networking Conference (IFIP Networking) and Workshops. 2017: 1-9.
[14]	BECK M T , BOTERO J F , KAI S . Resilient allocation of service function chains[C]// Network Function Virtualization and Software Defined Networks. 2017: 1-6.
[15]	DING W , YU H , LUO S . Enhancing the reliability of services in NFV with the cost-efficient redundancy scheme[C]// IEEE International Conference on Communications. 2017: 1-6.
[16]	CARPIO F , JUKAN A . Improving reliability of service function chains with combined vnf migrations and replications[J]. ar Xiv Preprint ar Xiv:1711.08965, 2017.
[17]	LONG Q , ASSI C , SHABAN K ,et al. Reliability-aware service provisioning in NFV-enabled enterprise datacenter networks[C]// International Conference on Network and Service Management. 2017.
[18]	LONG Q , ASSI C , SHABAN K ,et al. A reliability-aware network service chain provisioning with delay guarantees in nfv-enabled enterprise datacenter networks[J]. IEEE Transactions on Network＆ Service Management, 2017,(99): 1-1.
[19]	YE Z , CAO X , WANG J ,et al. Joint topology design and mapping of service function chains for efficient,scalable,and reliable network functions virtualization[J]. IEEE Network, 2016,30(3): 81-87.
[20]	季新生, 赵硕, 艾健健 ,等. 异构备份式的虚拟网映射方法研究[J]. 电子与信息学报, 2018,40(5): 1087-1093.
	JI X S , ZHAO S , AI J et al . Research on hetero-geneousbackup virtual network embedding[J]. Journal of Electronics and Information Technology, 2018,40(5): 1087-1093.
[21]	张淼, 季新生, 艾健健 ,等. 基于操作系统多样性的虚拟机安全部署策略[J]. 网络与信息安全学报, 2017,3(10): 35-43.
	ZHANG M , JI X S , AI Jianjian ,et al. Secure deployment strategy of virtual machines based on operating system diversity[J]. Chinese Journal of Network and Information Security, 2017,3(10): 35-43.
[22]	SEXTON J , STORLIE C , NEIL J . Attack chain detection statistical analysis and data mining[J]. The ASA Data Science Journal, 2015,8(5-6): 353-363.
[23]	BARI F , CHOWDHURY S R , Ahmed R ,et al. Orchestrating virtualized network functions[J]. IEEE Transactions on Network ＆ Service Management, 2016,PP(99): 1.
[24]	刘彩霞, 卢干强, 汤红波 ,等. 一种基于Viterbi算法的虚拟网络功能自适应部署方法[J]. 电子与信息学报, 2016,38(11): 2922-2930.
	LIU CX , LU GQ , TANG HB ,et al. Adaptive deployment method for virtualized network function based on viterbi algorithm[J]. Journal of Electronics and Information Technology, 2016,38(11): 2922-2930.

VNF	计算资源需求
Firewall_x	1/单位带宽
Proxy_x	1/单位带宽
Nat_x	2/单位带宽
IDS_x	3/单位带宽
DPI_x	3/单位带宽
Encryption_x	4/单位带宽

基于异构备份与重映射的服务功能链部署方案

Service function chain deployment scheme based on heterogeneous backup and remapping

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 17

参考文献 24

相关文章 10

Metrics

推荐阅读 0

[1]	王泽南, 李佳浩, 檀朝红, 皮德常. 面向网络安全资源池的智能服务链系统设计与分析[J]. 网络与信息安全学报, 2022, 8(4): 175-181.
[2]	陈浩宇, 邹德清, 金海. 面向SDN/NFV环境的网络功能策略验证[J]. 网络与信息安全学报, 2021, 7(3): 59-71.
[3]	张青青, 汤红波, 游伟, 李英乐. 基于免疫算法的网络功能异构冗余部署方法[J]. 网络与信息安全学报, 2021, 7(1): 46-56.
[4]	海梅生,伊鹏,江逸茗,谢记超. 网络功能虚拟化环境中大规模资源状态监测策略[J]. 网络与信息安全学报, 2019, 5(6): 42-49.
[5]	许传丰,林晖,郭烜成,汪晓丁. 基于NFV的新的协作式DDoS防御技术[J]. 网络与信息安全学报, 2019, 5(2): 66-76.
[6]	林素青. 支持访问更新的可验证外包属性加密方案[J]. 网络与信息安全学报, 2019, 5(1): 37-49.
[7]	孙志勇,季新生,游伟,袁泉. 基于安全分级的网络切片备份与重映射方法研究[J]. 网络与信息安全学报, 2018, 4(11): 49-57.
[8]	苗笛,黄斌,李杰. 基于智慧协同网络的传感网络安全备份方法[J]. 网络与信息安全学报, 2017, 3(3): 28-33.
[9]	梁蛟,刘武,韩伟力,王晓阳,甘似禹,沈烁. 安卓云备份模块的代码安全问题分析[J]. 网络与信息安全学报, 2017, 3(1): 68-78.
[10]	慈云飞,史国振,谢绒娜,潘耀明,杨凤,叶思水. 面向移动云的基于时间的增量备份方案[J]. 网络与信息安全学报, 2016, 2(8): 48-53.