当前位置: X-MOL 学术IEEE Trans. Parallel Distrib. Syst. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A Scalable Stateful Approach for Virtual Security Functions Orchestration
IEEE Transactions on Parallel and Distributed Systems ( IF 5.6 ) Pub Date : 2021-01-08 , DOI: 10.1109/tpds.2021.3049804
Niloofar Moradi , Alireza Shameli-Sendi , Alireza Khajouei

Previous works suggested different approaches to implementing service chaining. Their goal is to enhance the performance of the middleboxes and satisfy the expectations of the cloud providers and users. To meet these expectations, the delay factor, i.e., flow through the low-cost paths, as well as the best node processing factor, are considered. Achieving these two goals simultaneously turns the middlebox optimal placement into an NP-hard problem. Therefore, when the problem size is large, it is infeasible to obtain an optimal solution at a reasonable time. One of the important issues which has not been considered in the previous works is stateful optimal placement when receiving a new request. Due to resource constraints as well as financial costs for the customers, it is not possible to create functions for all requests. Therefore, not only it is possible to integrate the same network functions between new flows, but it will also be examined between new on-demand network functions as well as existing ones. Our proposed approach not only reduces the creation of network functions that can be cost-effective for the customer but also because of the migration of previous network functions (integration with on-demand network functions) to optimize new requests, overall, it will optimize the entire network cost over time. We formulated the problem as 0-1 programming problem. The results of this article are based on a fat-tree data center. To show that our stateful solution is scalable in large networks, we use network zoning and topology partitioning heuristics. Our simulations show that we were able to scale our placement model to a network with 54K nodes and 1.5M edges.

中文翻译:

虚拟安全功能编排的可扩展状态方法

先前的工作提出了实现服务链的不同方法。他们的目标是增强中间盒的性能,并满足云提供商和用户的期望。为了满足这些期望,考虑了延迟因子,即流经低成本路径的路径以及最佳节点处理因子。同时达到这两个目标会将中间盒的最佳放置变成一个NP难题。因此,当问题规模很大时,在合理的时间获得最佳解决方案是不可行的。在先前的工作中未曾考虑的重要问题之一是在收到新请求时的有状态最佳放置。由于资源限制以及客户的财务成本,不可能为所有请求创建功能。因此,不仅可以在新流程之间集成相同的网络功能,而且还将在新的按需网络功能与现有网络功能之间进行检查。我们提出的方法不仅减少了对客户而言具有成本效益的网络功能的创建,而且还因为迁移了以前的网络功能(与按需网络功能集成)以优化新请求,总体而言,它将优化随着时间的推移,整个网络的成本。我们将该问题表述为0-1编程问题。本文的结果基于胖树数据中心。为了证明我们的状态解决方案可在大型网络中扩展,我们使用网络分区和拓扑分区启发法。我们的仿真表明,我们能够将布局模型扩展到具有54K节点和1.5M边缘的网络。
更新日期:2021-01-29
down
wechat
bug