Trust-Aware Service Function Chain Embedding: A Path-Based Approach
TTrust-Aware Service Function Chain Embedding: APath-Based Approach
Nariman Torkzaban, and John S. Baras
Department of Electrical and Computer Engineeringand the Institute for Systems ResearchUniversity of Maryland, College Park, MD 20742, USAEmail: { narimant | baras } @umd.edu ©2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, includingreprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, orreuse of any copyrighted component of this work in other works. Abstract —With the emergence of network function virtu-alization (NFV), and software-defined networking (SDN), therealization and implementation of service function chains (SFCs)have become much easier. An SFC is an ordered set of inter-connected virtual network functions (VNFs). NFV allows fordecoupling the network functions from proprietary hardwarerealizing a software-based implementation of VNFs on commod-ity hardware, and SDN decouples the network control from itsforwarding logic allowing for a more flexible and programmabletraffic routing among the VNFs. The SFC embedding problem(i.e. placement of SFCs on a shared substrate and establishingthe corresponding traffic routes between the VNFs), has beenextensively studied in the literature.In this paper, we extend a previous work on trust-awareservice chain embedding with generalizing the role of trust byincorporating the trustworthiness of the service network linksand substrate network paths into the SFC embedding decisionprocess. We first introduce and formulate the path-based trust-aware service chain embedding problem as a mixed integer-linearprogram (MILP), and then provide an approximate model basedon selecting k − shortest candidate substrate paths for hostingeach virtual link, to reduce the complexity of the model. Wevalidate the performance of our methods through simulationsand conduct a discussion on evaluating the methods and someoperation trade-offs. Index Terms —Network Function Virtualization; Service Func-tion Chain; SFC embedding; Path-Based SFC Embedding.
I. I
NTRODUCTION
The recent advances in NFV and SDN has enabled thenetwork operators to launch and manage their networks faster,easier, and cheaper. Accordingly, given the advanced virtual-ization and programmability features, there are less operationsand consequently less cost associated with service presentationand maintenance. More specifically, NFV reduces the networkprovisioning cost by decoupling the network functions fromthe proprietary hardware and implementing them on commod-ity hardware. In contrast to traditional networks where variousnetwork functions such as firewall, deep packet inspection,intrusion detection systems, video optimizer, etc. where de-ployed using specialized hardware, instances of such VNFscan be implemented on virtual machines(VMs) or containers,allowing for an easier and a more flexible provisioning ofscalable solutions and driving higher profitability for thenetwork providers. Complex network service requests can be provisioned byservice function chaining. An SFC is comprised from an or-dered set of inter-connected virtual network functions (VNFs)with logical dependencies. In this context, the SFC embeddingproblem (i.e. placement of SFCs on a shared NFV infrastruc-ture and establishing the corresponding traffic routes betweenthe VNFs) is of a great significance.Inspired by the notion of trust in NFV [22] and with thegoal of integrating the NFV security requirements in SFCembedding decisions, the trust-aware SFC embedding problemwas motivated and introduced in [1], by integrating trustweights in the SFC embedding problem, where the securitydemands of each NF and the trustworthiness level of eachsubstrate host were represented by the trust weights. In thispaper, we generalize the approach in [1] by augmentingthe role of trust. More precisely, we take into account thetrustworthiness requirements for both the NFs and the edgesbetween them. In a similar fashion we assign trust values to thesubstrate network paths as well as the substrate hosts to modelthe trustworthiness of the NFV infrastructure. Similar to [1],we assume such trust values are computed and aggregated by atrust evaluator process, based on the network configuration andmonitoring data and are distributed and provided to the entityin charge of the SFC embedding (network orchestrator, orcontroller) in a timely manner. Interested readers are referredto [2], and [1] for more detailed information on trust and itsintegration to the SFC embedding problem.We also note that the method in [1] is link-based ; i.e. i)The flow decision variables are link-to-link; and ii) Providedin the output is the assignment of each request link to a set ofsubstrate links that are guaranteed to generate valid continuoussubstrate paths by suitable flow formation and conservationconstraints. However, in this paper we represent the SFCembedding problem by a path-based model; i.e. i) The flowdecision variables are link-to-path; and ii) In the output, therequest links are directly assigned to the pre-selected substratepaths.In fact, one of the main contributions of this paper is topropose a path-based model for the SFC embedding problem(PB-SCE) which provides multiple advantages over the tradi-tional link-based formulation used in [1]. Firstly, a path-basedformulation allows for the integration of various network androuting policies within the service chain embedding framework a r X i v : . [ c s . N I] O c t ith low complexity. For instance, PB-SCE can be simplyaugmented by a path pre-selection phase to admit requirementssuch as, traffic splitting, guaranteeing maximum delay or cost,or even assuring the existence of (disjoint) backup paths.Moreover, within the path-based framework many of thedesign metrics that would enforce non-linear constraints tothe link-based formulation (e.g. reliability, trust, availability,etc.), can simply be computed along the network paths in anoffline fashion and be input to the path-based formulation.For instance, it is not possible in the link-based formulationin [1] to incorporate a linear constraint for capturing the trustrequirement of each virtual edge; however, in the path-basedmodel it is straightforward to compute the trustworthiness ofa network path following the corresponding trust aggregationpolicy and then input it to the model as a linear constraint.This is the main motivation for introducing the path-basedtrust-aware SFC embedding (PB-TASCE) model.Finally, we note that in the context of trust-aware servicechain embedding, a pth-based model allows for abstractingout the method by which trustworthiness of the infrastructureis computed and aggregated. Precisely, considering a path-based approach which only requires the trust values assignedto the paths, disregarding how this value is computed basedon the similar for the underlying components, allows for theapplication of our method in different settings, where trustneeds to be modeled differently [2]. For instance, interpretingtrust as a multiplicative metric will lead to a different trust-worthiness judgment for a path comparing to the case wheretrustworthiness of a path is computed as the minimum of thetrustworthiness of all its edges.The remainder of the paper is organized as follows. Sec-tion II describes the trust-aware service chain embeddingproblem. In Section III we introduce the path-based MILP for-mulation and its approximate k − shortest path based variants.Section IV presents our evaluation results, whereas Section Vprovides an overview of the related work. Finally, in SectionVI, we highlight our conclusions and discuss directions forfuture work.II. N ETWORK M ODEL AND P ROBLEM D ESCRIPTION
The substrate network, is modeled as an undirected graph G s = ( N s , E s ) , while the request network is modeled as adirected graph G f = ( N f , E f ) . Each substrate node u ∈ N s has a residual processing capacity r u , and each substrate link ( u , v ) ∈ E s has a bandwidth capacity of c uv , while the CPUrequirement of request node i ∈ N f and the bandwidth demandof a request link ( i , j ) ∈ E f are represented by g i and d i j accordingly.We denote by t u the trustworthiness of the substrate node u ∈ N s , and by t i the trust requirement of the request node i ∈ N f , while this metric for a request link ( i , j ) ∈ E f is denoted by t i j and for a substrate path p by t p , where p is a connected setof edges in the substrate graph. As in [1], trust takes fractionalnumerical value in [ , ] . We note that the trustworthiness of asubstrate path can be any function (according to specific use- case or methodology) of the trust values corresponding to thelinks and nodes belonging to that path.We define the following components of the path-basedformulation to facilitate the description of the model: Definition 1:
Augmented Graph.
For a commodity (virtuallink) k = ( i , j ) where i j ∈ E f we denote by G ks = ( N ks , E ks ) , theaugmented graph corresponding to commodity k , whereby forevery node u ∈ N s that is eligible for hosting request node i ,the directed augmented edge ( i , u ) is added to E s . Similarly,for every node u that is eligible for hosting the request node j , the directed augmented edge ( u , j ) will be added to E s .Hence, for the augmented graph, explicitly we will have: N ks = N s ∪ { i , j } E ks = E s ∪ { iu | u ∈ N s and t u ≥ t i and r u ≥ g i }∪{ u j | u ∈ N s and t u ≥ t j and r u ≥ g j } Furthermore, we denote by G as = ( N as , E as ) the augmentedgraph corresponding to the request graph G f = ( N f , E f ) , whichcontains all the nodes and links in all of the augmented graphsfor all the commodities. Definition 2:
Augmented Path.
For a commodity K = ( i , j ) where ( i , j ) ∈ E f we denote by p k from i to j , a genericaugmented path corresponding to commodity k , where theinitial and the final links are augmented edges correspondingto commodity k . In other words, once we remove the initialand final edge from p k the result will be a path of the originalgraph G s . We further denote by P k , the set of all augmentedpaths corresponding to commodity k , and by P the set of allaugmented paths.For instance, fig. 3 shows an augmented graph for com-modity (virtual link) ( i , j ) in the Request Graph depicted infig. 2, that is going to be placed on the substrate networkshown in fig. 1. Furthermore. each of the directed paths in theaugmented graph depicted in fig. 3, that start with a red edgeand end with a blue edge, is an augmented path correspondingto commodity ( i , j ) .III. P ROBLEM F ORMULATION
In this section we provide the formulation for PB-SCEand PB-TASCE models as well as a k-shortest path basedapproximation algorithm to reduce the complexity of theoptimization model while maintaining high results accuracy.
A. Path-based Model
In order to achieve a path-based formulation which takesinto account the trustworthiness of both substrate nodes andpaths, we define two sets of variables to declare the formula-tion of the problem: • x , denotes the set of binary variables x iu which expressthe assignment of VNF i to substrate node u . • f , denotes the set of continuous variables f p which expressthe amount of flow passing through the augmented path p ∈ P in the augmented substrate graph.ig. 1: Substrate Graph G s =( N s , E s ) Fig. 2: Request Graph G f =( N f , E f ) Fig. 3: Augmented SubstrateGraph G i js = ( N i js , E i js ) forvirtual link i j Fig. 4: Trust-Aware SFCEmbedding SolutionWe start with a MILP formulation as follows which containsall the service requirements as hard constraints.
PB-TASCE Objective:Minimize ∑ p ∈ P c p f p + γ ∑ i ∈ N f ∑ u ∈ N s t u x iu (1) Placement Constraints: ∑ u ∈ N S x iu = , ∀ i ∈ N F (2) ∑ p ∈ P ij f p = d i j , ∀ i j ∈ E f (3) ∑ p ∈ P : iu ∈ p f p ≤ x iu M , ∀ i ∈ N f , u ∈ N s (4) Trust Constraints: ( t u − t i ) x iu ≥ , ∀ i ∈ N F , ∀ u ∈ N S (5) ( t p − t i j ) f p ≥ , ∀ k ∈ E f , p ∈ P k (6) Capacity Constraints: ∑ i ∈ N F g i x iu ≤ r u , ∀ u ∈ N S (7) ∑ p : uv ∈ p f p ≤ c uv , ∀ uv ∈ E s (8) Domain Constraints: x iu ∈ { , } , ∀ i ∈ N F , u ∈ N S (9) f p ≥ , ∀ p ∈ P (10)The objective function (1) is the weighted sum of the flowembedding (bandwidth) and server assignment (processing)costs with γ being the normalization factor to determine thebalance between the two terms of the objective function.The processing cost corresponding to each substrate serveris proportional to its trust value, i.e. the more trustworthyservers are more expensive. Constraints set (2) ensures thateach request nodes is placed on one substrate node. Constraintsset (3) makes sure that the traffic demand of each request linkwill be allocated to this commodity using as many augmentedpaths as needed, while constraints set (4) enforces that no flow passes through the paths that are not allowed to be usedprovided the node assignment policy, where M is a largeenough constant.Constraints sets (5), and (6) guarantee that the trust re-quirements of each virtual link and each virtual node aresatisfied, while constraints sets (7), and (8) guarantee that theallocated CPU and bandwidth resources do not exceed theresidual capacity for each substrate node and link respectively.Constraints sets (9), and (10) are the domain constraintscorresponding to variable sets x and f respectively. We notethat removing constraints (5), and (6) from the last model givesthe baseline PB-SCE model. B. Approximation Method
We note that the PB-TASCE model cannot be used effi-ciently in realistic settings with large scale networks due to notbeing scalable. More precisely, the complexity of the model ismostly determined by the size of path set P , and the size ofconstraints set grows exponentially with the scale of the net-work (due to constraint (6)). Indeed, for a complete substrategraph, the set P may contain as many as ( e | E f | / )( | N s | ! ) paths[5]. Even, for a sparse network graph, the size of the set ofaugmented paths for each virtual edge may grow exponentiallyin | N s | . In order to tackle this issue, we modify the PB-SCEand the PB-TASCE models to contain only the k − shortest augmented paths for each commodity. This will result in lowercomplexity at the expense of suboptimal results. Opting fordifferent values of k one can adjust the performance of thealgorithm and seek for suitable value of k to seek balancebetween complexity and result accuracy. We will explore thistrade-off in detail in the evaluation section. We refer to thesenew models as KPB-SCE and KPB-TASCE in order.IV. P ERFORMANCE E VALUATION
In this section we compare the performance of the proposedpath-based models in general with the link-based model in[1], present the outcome of our service chain embeddingscheme under both node and link trust constraints, and providethe performance evaluation results for the aforementionedapproximation methods. We first provide a description of theimulation environment setup and scenarios and then proceedwith presenting the evaluation results.
A. Experiment Setup
All models and the evaluation environment are implementedin Java, including the service chain and the infrastructuretopology generator. All the MILP formulations are modeledusing CPLEX. For the k − shortest path generator we adoptedan implementation of Yen’s algorithm [6]. All the experimentsare conducted on an Intel Xeon processor at 3.5 GHz and 16GB of main memory.For the NFV Infrastructure we generated a 3-layer fat treetopology with 16 pods. For the evaluation setup, we usedone zone of the DC with 4 pods, containing two layersof two switches and 4 servers, i.e. two servers per ToRswitch, each of which having 8 cores running at 2 GHz.Similar to [1], the initial utilization and trustworthiness ofeach server is drawn from uniform distributions U ( . , . ) ,and U ( . , ) in respective order. The inter-rack and ToR-to-Server link capacity are set to 16 and 8 Gbps accordingly. Thetrustworthiness of the substrate paths are randomly generatedaccording to a uniform distribution U ( . , ) The
SFC Requests s were generated according to three dif-ferent service chain templates as explained in great detail in[1]. The CPU demand of each VNF is obtained from theinbound traffic rate and the VNF resource profile [7][8]. Foreach SFC request, the number of VNFs, and the inbound trafficdemand, are generated according to uniform distributions U ( , ) , U ( , ) . Moreover, the virtual node trust, and thevirtual link trust requirement levels are both drawn from auniform distribution U ( . , . ) .Similar to [1], for the comparison purpose, we use ac-ceptance ratio , CPU utilization , bandwidth revenue& cost ,and processing revenue& cost with the same definitions asprovided in [1]. B. Evaluation Scenarios
We carry out two distinct sets of experiments for evaluatingthe performance of the proposed schemes. In the first setof experiments we compare the performance of path-basedservice chain embedding method to that of the link-basedscheme in [1] from different perspectives and report the results.We run the KPB-SCE model for different values of k andbenchmark them against the link-based method. None of thetrust constraints are in place for this experiment.The second set of experiments deal with service chainembedding under both node and link trust constraints. Moreprecisely, this set of experiments compare the performanceof the PB-TASCE model to that of the baseline PB-SCE,and PB-SCE with node constraints to highlight how theintegration of trust constraints impacts the performance of theSFC embedding methods. C. Evaluation Results Experiment A:
Fig. 5 shows the the comparison betweenthe performance of link-based SCE MILP model of [1], and the proposed k -pb-SCE algorithms, for different values of k = , ,
12. As fig. 5 depicts, as k increases and more paths areincluded in the solution space, the performance of the k -pb-SCE algorithm increases. The change from k = k =
10 ismore obvious than the change from k =
10 to k =
12. The 8-pb-SCE method on average admits around 55% of the requestswhile 10-pb-SCE, 12-pb-SCE, and the link-based SCE, accept67%, 70% and 74% of the requests in order.Fig. 6 compares the CPU utilization of the substrate servers.As expected, the higher the request acceptance ratio is thehigher the CPU utilization will be, as more processing re-sources are consumed. In steady state, in the case of thelink-based SCE approach, on average more than 95% ofthe processing resources are consumed. The 12-pb-SCE canalmost keep up to this level, while the CPU utilization for8-pb-SCE remains as low as around 70%.Figures 7 and 8, depict the percentage difference betweenthe per-request processing and bandwidth revenue generatedby the path-based approximation methods and the link-basedmethod. By fig. 7, the processing revenue generated by the k -pb-SCE methods remains within 10% of the optimal link-based methods. Moreover, as fig. 8 suggests, in steady state,the 8-pb-SCE method provides around 14% less bandwidthrevenue comparing to that of the optimal link-based method.This value can be mitigated to 9% and 4% by taking 10, and12 shortest paths for each commodity in the solution space.Figures 9 and 10 show the per-request profile of the band-width cost and the bandwidth revenue. Firstly, we observe asignificant difference between the bandwidth cost and revenuefor admitted requests which stems from the fact that differentfunctions can be collocated on the substrate servers whichwill induce zero bandwidth consumption and therefore zerobandwidth cost. Moreover, we observe that the more optimalthe algorithm is, the more it is successful in admitting morecostly network requests. This is because when more substratepaths are injected to the solution space as the value ofparameter k increases, more efficient options are there forplacing each request link, in the request embedding decisionmaking process.The box-plot for the per-request processing cost is depictedin Fig. 11. It can be seen that the per-request processing costfor the approximation methods remain within 10% of that ofthe link-based method confirming the observation of Fig. 7.Fig. 12 shows the CDF of the number of VNFs in eachSFC that is admitted by the SFC embedding mechanisms; i.e.the population of SFCs from certain sizes that are successfullyplaced on the substrate network. As expected, switching from k = k =
10 and then k =
12, the profile of the admitted ser-vice chain size’s converges to that of the link-based approach,which further confirms the effectiveness of our approximateembedding methods.2)
Experiment B:
Fig. 13 elaborates the impact of incorporating trust into thepath-based SCE model. As this figure suggests, for k =
12, theaddition of trust requirements for the request nodes (i.e. con-straint (5)) may reduce the performance of the SFC embeddingig. 5: Exp-A: AcceptanceRatio Fig. 6: Exp-A: CPU Utiliza-tion Fig. 7: Exp-A: IncrementalCPU Revenue to Link-Based Fig. 8: Exp-A: IncrementalBW Revenue to Link-BasedFig. 9: Exp-A: BandwidthCost per Request Fig. 10: Exp-A: BandwidthRevenue per Request Fig. 11: Exp-A: ProcessingCost per Request Fig. 12: Exp-A: CDF of Ac-cepted RequestsFig. 13: Exp-B: AcceptanceRatio Fig. 14: Exp-B: CPU Uti-lization Fig. 15: Exp-B: CDF of Ac-cepted Requests Fig. 16: Exp-B: BandwidthRevenue per Requestmethod by 10% on average in the steady state. Furthermore,when the link trust requirements are integrated within theSFC embedding framework( i.e. the 12-pb-TASCE model) theacceptance ratio diminishes by another 10%.The impact of the natural decline in the acceptance ratio,when taking into account the trust constraints can be observedin the server CPU utilization profile in Fig. 14 as well. Onecan observe that there is a 18% and a further 25% decline inthe substrate CPU utilization, associated eith the addition oftrust requirements for request nodes and links in the respectiveorder. We note that the performance drop caused by the nodetrust constraints is quite natural in that the substrate nodeswith lower trustworthiness host request nodes less frequently,but the severe drop in CPU utilization due to in-existenceof trustworthy substrate paths is quite more interesting; thereason being that the probability of rejecting a larger request(with more nodes and links) is higher, since due to the linktrust constraints, it gets more unlikely to find feasible substratepaths for each request link when the request size increases.To further investigate the impact of the size of requests inthe embedding decision, we tested the performance of the 12- pb-TASCE algorithm when only requests with 5 VNFs arrive.We then repeated the same experiment for the requests of only9 VNFs. In the former case, we observed an increase of around10% in the CPU utilization, while in the latter this parameterdropped by around12%.This observation is well-aligned with Fig. 15 as well whichsuggests that the 12-pb-TASCE method has a tendency toadmit the smaller requests comparing to the case when thereare no restrictions on the trustworthiness of the substrate paths.Finally, fig. 16 shows the impact of the restrictions on thetrustworthiness of substrate paths, comparing to the two othercases. We observe that the per-request bandwidth revenueremains almost the same when there are only restrictions onnode trustworthiness, since the set of feasible paths in thesolution space does not change while when the path trustconstraints are introduced the bandwidth revenue diminishesby around 15 to 20 percents.V. R
ELATED W ORK
In this section we provide a brief review of the relatedworks on SFC embedding and trust. The literature on theSFC embedding problem is quite rich. Recently, applicationsf this problem have been explored in mobile edge andfog computing [9] [10] [11], Space-Air-Ground IntegratedNetworks (SAGIN) [12], 5G core network [13], multi-domainservice provisioning [14] [15], cloud data centers [16], etc.Multiple objectives and design requirements are sought whenaddressing the SFC embedding problem including but notlimited to cost minimization [19], resiliency [20], energyconsumption minimization [21], privacy [17], security [18],and trust-awareness [1], etc.The trust-aware SFC embedding problem was discussed in[1] using a link-based formulation, where only the trustwor-thiness of request and substrate nodes were considered in adynamic environment. The path-based approach has alreadybeen considered in [3] in the domain of virtual networkembedding where a column generation framework was pro-posed for the placement of virtual network functions. Amongthe works in the literature, our approach is more similarto [3], and [5] where the paths of substrate network areconsidered for the placement of network requests. Recently,the notion of trust has been considered in the domain ofNFV and service deployment. In [22], the authors discuss thechallenges of integrating trust within the NFV infrastructure.In the context of edge deployments and multi-domain serviceprovisioning[23], trust has been considered as a determiningfactor in deciding the most secure cloud edge deployments.The work in [24] has investigated the integration of trust intocloud by incorporating it into cloud management, differentarchitecture components, concepts and implementation.VI. C
ONCLUSIONS
In this paper we introduced a framework for the path-basedtrust-aware service chain embedding problem. We started witha baseline formulation for the path-based SFC embeddingproblem. Then we provided a formulation for the approximateproblem by taking into account only k -shortest paths candi-dates for each virtual link. We finally incorporated the trustconstrains for both virtual nodes and links and evaluated theefficiency of our algorithm through simulations and numericalresults. We believe that the results accuracy and the timecomplexity of the proposed path-based methods in this papercan be further improved by the development of a scheme thatcan dynamically add or remove the network path from thefeasible solution space. A column generation framework canbe used as the core of this scheme. This problem as wellas providing a distributed logical framework for computingand aggregating the trustworthiness across a software-definednetwork, are among our future directions.A CKNOWLEDGEMENT