A Survey of Network Function Placement Chen Qian

A Survey of Network Function Placement Chen Qian, Xin Li University of Kentucky

Network Function • Middlebox • Networking device that perform functions other than packet forwarding

Network Function Security Network Function Firewall IDS Acceleration Network Function WAN Optimizer Proxy

Policy Chain Http Firewall IDS Proxy Non http Firewall • Correctness: sequential order • Efficiency: not traverse unnecessary ones

Network Functions Placement • Policy chain Http Firewall • Placement Firewall Proxy IDS Proxy S 2 Considerations: bandwidth, latency, S 4 cost, etc. S 1 S 3

Network Functions Virtualizaiton Hardware IDS Software WAN Optimizer More flexible and cheaper Proxy

Survey of Network Function Placemen • Hardware Network Function • Virtual Network Function (VNF) • Thread based • VM based • Other Forms

Survey of Network Function Placemen • Hardware Network Function • Virtual Network Function (VNF) • Thread based • VM based • Other Forms

Placement: Hardware Network Functions • Stand-alone network functions (e. g. passive monitor) • Locating [Infocom’ 05] Minimize cost -> Set Cover Problem (NP Hard)

Placement: Hardware Network Functions • Chained network functions • Traffic Steering • Simple [Sigcomm’ 13] Firewall Policy Chain: Http Firewall IDS Proxy Placement. S 1 determine routing paths ->Minimize latency S 2 Dst

Placement: Hardware Network Functions • Recap NF types independent chained Location Traffic Steering Placement Objective in-line optional max coverage / min. cost off-line compulsory min latency

Survey of Network Function Placemen • Hardware Network Function • Virtual Network Function (VNF) • Thread based • VM based • Other Forms

Placement: Virtual Network Functions • Thread based (e. g. consolidation [NSDI’ 12]) • Light weight • No resource isolation • Virtual machine based (e. g. E 2 [SOSP’ 15] ) • Additional overhead • Resource isolation

Placement: Virtual Network Functions • Thread based (e. g. consolidation [NSDI’ 12]) VPN Web Mail IDS Proxy Threads Firewall Resource consumption is proportional to traffic Protocol Parsers Session Management

Placement: Virtual Network Functions • Thread based VNF placement Policy Chain: Http Process (0. 4) Firewall IDS Proxy Process (0. 3) N 3 N 1 N 2 P: N 1 N 3 Load consolidating Balance Monolithic

Placement: Virtual Network Functions • Virtual machine based (e. g. E 2 [SOSP’ 15] ) Overhead

Placement: Virtual Network Functions • Virtual machine based placement (VM placement) • TMVPP [INFOCOM’ 10], Oktopus [SIGCOMM’ 11], Cloud. Mirror [SIGCOMM’ 14] placement IDS WAN Optimizer Proxy

Placement: Virtual Network Functions • Recap VNF form On path? Isolation? Thread VM • Other aspects • Location dependency, handling mangling network functions, order preserver, etc.

Mangling Network Functions • Header modification NAT H 1 Firewall Monolithic consolidation can handle Internet mangling network functions S S 1 2 H 2

Survey of Network Function Placemen • Hardware Network Function • Virtual Network Function (VNF) • Thread based • VM based • Other Forms

Placement: Other forms • Coordinated Distributed Network Functions • Csamp [NSDI’ 08] • On path load balance • Host-based Network Functions • ETTM [NSDI’ 11] • Monolithic consolidation

Challenges and Future work • Take advantages of traffic pattern of policy chains • Different from production VMs • Coordinate placement and other mechanisms to incorporate mangling network functions.

Thanks!