Position Paper: Software-Defined Network Service Chaining

Blendin, Jeremias; Rückert, Julius; Leymann, Nicolai; Schyguda, Georg; Hausheer, David

doi:10.1109/ewsdn.2014.14

Cited by 52 publications

(39 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…18 Unlike OpenFlow or Onix, OE is an end-to-end communication frame- 19 work for the access, metro and core networks. The OE approach ex-20 tends the advancements of Carrier Ethernet and Software Defined Net- 21 working (SDN) [26,27] for end-to-end communication through a cen-22 tralized management entity. 23 As defined by SDN [22,28], the centralized software entity (termed 24 as "controller") maintains communication channels with the net- 25 working devices.…”

Section: Introductionmentioning

confidence: 99%

“…23 As defined by SDN [22,28], the centralized software entity (termed 24 as "controller") maintains communication channels with the net- 25 working devices. It also fetches device/link-level events to create a 26 global state of the network, such as network topology, link utiliza- 27 tions, failure conditions and many others. Updated information re- 28 garding the global state of the network is essential for the efficiency 29 of complex control and management tasks such as traffic engineer- 30 ing, resource reservations, failure detection and recovery as well as 31 policy-based service provisioning [19,20].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Models and algorithms for centralized control planes to optimize control traffic overhead

Bhamare

Krishnamoorthy

Gumaste

2015

Computer Communications

View full text Add to dashboard Cite

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Models and algorithms for centralized control planes to optimize control traffic overhead

Bhamare

Krishnamoorthy

Gumaste

2015

Computer Communications

View full text Add to dashboard Cite

“…Our formulation is as follows. Equation (8) guarantees that an instance must be placed on exactly one service node; (9) constrains the fact that resource demands of all instances placed on a service node should be less than or equal to available resources in that node; (10) and (11) ensure that physical locations of the source and destination of a flow are respected, respectively; (12) constrains decision variables to be 0 or 1. For the sake of clarify, we denote (3) and (7) as 1 ( ) and 2 ( ), where = ( ) | sr + end |×| ins + end | .…”

Section: Formulationmentioning

confidence: 99%

“…Generally, an SSC is derived from the security request of individual user or application. An instance is an operational software or hardware instance capable of delivering the treatment specified by the associated security function to packets or flows [11]. We only consider software instances, namely, virtualized security functions (e.g., virtual firewall, IPS, Web filter, and virus scanner).…”

Section: Introductionmentioning

confidence: 99%

A New Approach for Delivering Customized Security Everywhere: Security Service Chain

Liu

Zhang

Liu

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

Security functions are usually deployed on proprietary hardware, which makes the delivery of security service inflexible and of high cost. Emerging technologies such as software-defined networking and network function virtualization go in the direction of executing functions as software components in virtual machines or containers provisioned in standard hardware resources. They enable network to provide customized security service by deploying Security Service Chain (SSC), which refers to steering flow through multiple security functions in a particular order specified by individual user or application. However, SSC Deployment Problem (SSC-DP) needs to be solved. It is a challenging problem for various reasons, such as the heterogeneity of instances in terms of service capacity and resource demand. In this paper, we propose an SSC-based approach to deliver security service to users without worrying about physical locations of security functions. For SSC-DP, we present a three-phase method to solve it while optimizing network and security resource allocation. The presented method allows network to serve a large number of flows and minimizes the latency seen by flows. Comparative experiments on the fat-tree and Waxman topologies show that our method performs better than other heuristics under a wide range of network conditions.

show abstract

“…Blendin et al [4], exploit Linux namespaces to create isolated service instances per service chain, allowing one-to-one mapping of users to service instances. Network Service Headers (NSH) [5] is another approach that involves the introduction of SFC-specific 4-byte headers that include all the information needed (including associated metadata) to reach a policy decision with regard to what service chain the traffic should follow.…”

Section: Related Workmentioning

confidence: 99%

A Reactive Security Framework for operational wind parks using Service Function Chaining

Fysarakis

Petroulakis

Roos

et al. 2017

2017 IEEE Symposium on Computers and Communications (ISCC)

View full text Add to dashboard Cite

Abstract-The innovative application of 5G core technologies, namely Software Defined Networking (SDN) and Network Function Virtualization (NFV), can help reduce capital and operational expenditures in industrial networks. Nevertheless, SDN expands the attack surface of the communication infrastructure, thus necessitating the introduction of additional security mechanisms. A wind park is a good example of an industrial application relying on a network with strict performance, security, and reliability requirements, and was chosen as a representative example of industrial systems. This work highlights the benefit of leveraging the flexibility of SDN/NFV-enabled networks to deploy enhanced, reactive security mechanisms for the protection of the industrial network, via the use of Service Function Chaining. Moreover, a proof of concept implementation of the reactive security framework for an industrial-grade wind park network is presented. The framework is equipped with SDN and SCADA honeypots, modelled on (and deployable to) an actual, operating wind park, allowing continuous monitoring of the industrial network and detailed analysis of potential attacks, thus isolating attackers and enabling the assessment of their level of sophistication.

show abstract

Position Paper: Software-Defined Network Service Chaining

Cited by 52 publications

References 6 publications

Models and algorithms for centralized control planes to optimize control traffic overhead

Models and algorithms for centralized control planes to optimize control traffic overhead

A New Approach for Delivering Customized Security Everywhere: Security Service Chain

A Reactive Security Framework for operational wind parks using Service Function Chaining

Contact Info

Product

Resources

About