A Tiered Control Plane Model for Service Function Chaining Isolation

Gunleifsen, Håkon; Gkioulos, Vasileios; Kemmerich, Thomas

doi:10.3390/fi10060046

Cited by 6 publications

(17 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The second paper [2] explores the issue of creating isolated and dynamically secured overlay networks and overcoming the limitations of current NFV implementations that are designed for deployment within trusted domains, where overlay networks with static trusted links are utilized to enable network security. This is achieved by introducing a novel tiered architecture for the automated establishment of encrypted tunnels in NFV in a multi-domain environment.…”

Section: Contributionsmentioning

confidence: 99%

Software Defined Networking (SDN) and Network Function Virtualization (NFV)

Papavassiliou

2020

Future Internet

View full text Add to dashboard Cite

The role of Software Defined Networking (SDN) and Network Function Virtualization (NFV) have been instrumental in realizing the transition and vision “from black boxes to a white box towards facilitating 5G network architectures”. Though significant research results and several deployments have occurred and realized over the last few years focusing on the NFV and SDN technologies, several issues—both of theoretical and practical importance—remain still open. Accordingly, the papers of this special issue are significant contributions samples within the general ecosystem highlighted above, ranging from SDN and NFV architectures and implementations, to SDN-NFV integration and orchestration approaches, while considering issues associated with optimization, network management and security aspects. In particular, a total of nine excellent articles (one review and eight original research articles) have been accepted, following a rigorous review process, and addressing many of the aforementioned challenges and beyond.

show abstract

Section: Contributionsmentioning

confidence: 99%

Software Defined Networking (SDN) and Network Function Virtualization (NFV)

Papavassiliou

2020

Future Internet

View full text Add to dashboard Cite

show abstract

“…However, most of the underlying network protocols, such as Geneve [14] in NSX-T, are not capable of combining SR with micro-segmentation and flow-based encryption. Hence, we have in our previous work [3] suggested a new SFC header, based on an NSH extension that adds more granularity to the security aspect of an SFC. Correspondingly, we have in this paper developed a RESTconf based control plane for distributing the forwarding decisions of this new packet header.…”

Section: Related Workmentioning

confidence: 99%

“…In this paper, we combine this SD-SA encryption architecture [7] with our new SFC header [3] and a new flow distribution control plane. The security features of the architecture are verified by demonstrating how the requirements such as isolation and encryption comply with a use case scenario.…”

Section: Related Workmentioning

confidence: 99%

“…We aim for contemporary data centre networks to support an architecture of nested SFC tunnels in order to support hop-by-hop encryption within the current NFV [1] and SFC [2] standards. As presented in our previous work [3,4], the current packet forwarding standards do not support SFC forwarding of encrypted packets because the relevant packet headers for SFC routing are also encrypted. Accordingly, our work explicitly focused on these constraints, aiming initially to provide a Proof-of-Concept for the capacity to deploy a secure architecture as an overlay to the existing NFV infrastructures.…”

Section: Introductionmentioning

confidence: 99%

“…Consequently (B), the security requirements have been identified aiming to accommodate the requirements extracted from the aforementioned studies [4]. Thirdly (C), an automated forwarding architecture has been developed based on a web service architecture, aiming to accommodate the requirements and the constraints [3]. The fourth step (D) in our studies was to develop a security protocol for exchanging encryption keys between SFs [7].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Proof-of-Concept Demonstration of Isolated and Encrypted Service Function Chains

2019

Self Cite

View full text Add to dashboard Cite

Contemporary Service Function Chaining (SFC), and the requirements arising from privacy concerns, call for the increasing integration of security features such as encryption and isolation across Network Function Virtualisation (NFV) domains. Therefore, suitable adaptations of automation and encryption concepts for the development of interconnected data centre infrastructures are essential. Nevertheless, packet isolation constraints related to the current NFV infrastructure and SFC protocols, render current NFV standards insecure. Accordingly, the goal of our work was an experimental demonstration of a new SFC packet forwarding standard that enables contemporary data centres to overcome these constraints. This article presents a comprehensive view of the developed architecture, focusing on the elements that constitute a new forwarding standard of encrypted SFC packets. Through a Proof-of-Concept demonstration, we present our closing experimental results of how the architecture fulfils the requirements defined in our use case.

show abstract

Open‐Source Architectures for Edge and Cloud Networking

2023

Cloud and Edge Networking

View full text Add to dashboard Cite

A Tiered Control Plane Model for Service Function Chaining Isolation

Cited by 6 publications

References 12 publications

Software Defined Networking (SDN) and Network Function Virtualization (NFV)

Software Defined Networking (SDN) and Network Function Virtualization (NFV)

A Proof-of-Concept Demonstration of Isolated and Encrypted Service Function Chains

Open‐Source Architectures for Edge and Cloud Networking

Contact Info

Product

Resources

About