Matthias Rost

Network service chaining with optimized network function embedding supporting service decompositions

The rise of Software-Defined Networking (SDN) and Network Function Virtualization (NFV) introduce opportunities for service providers to reduce CAPEX/OPEX and to offer and quickly deploy novel network services. In particular, SDN and NFV enable the flexible composition of network functions, a generic service concept known as network service chaining (NSC).However, the control of resources, management and configuration of network service chains is challenging. In particular, there typically exist multiple options on how an abstract network service can be decomposed into more refined, inter-connected network functions. Moreover, efficient algorithms have to be devised to allocate the network functions. The underlying algorithmic problem can be seen as a novel generalization of the Virtual Network Embedding Problem (VNEP), where there exist multiple realization options. The joint optimization of decomposition and embedding has not been studied in the literature before.This paper studies the problem of how to optimally decompose and embed network services. In particular, we propose two novel algorithms to map NSCs to the network infrastructure while allowing possible decompositions of network functions. The first algorithm is based on Integer Linear Programming (ILP) which minimizes the cost of the mapping based on the NSCs requirements and infrastructure capabilities. The second one is a heuristic algorithm to solve the scalability issue of the ILP formulation. It targets to minimize the mapping cost by making a reasonable selection of the network function decompositions. The experimental results indicate that considering network function decompositions at the time of the embedding significantly improves the embedding performance in terms of acceptance ratio while decreasing the mapping cost in the long run in both optimal and heuristic solutions.

Good Network Updates for Bad Packets: Waypoint Enforcement Beyond Destination-Based Routing Policies

Networks are critical for the security of many computer systems. However, their complex and asynchronous nature often renders it difficult to formally reason about network behavior. Accordingly, it is challenging to provide correctness guarantees, especially during network updates. This paper studies how to update networks while maintaining a most basic safety property, Waypoint Enforcement (WPE): each packet is required to traverse a certain checkpoint (for instance, a firewall). Waypoint enforcement is particularly relevant in todays increasingly virtualized and software-defined networks, where new in-network functionality is introduced flexibly. We show that WPE can easily be violated during network updates, even though both the old and the new policy ensure WPE. We then present an algorithm WayUp that guarantees WPE at any time, while completing updates quickly. We also find that in contrast to other transient consistency properties, WPE cannot always be implemented in a wait-free manner, and that WPE may even conflict with Loop-Freedom (LF). Finally, we present an optimal policy update algorithm OptRounds, which requires a minimum number of communication rounds while ensuring both WPE and LF, whenever this is possible.

Towards Unified Programmability of Cloud and Carrier Infrastructure

The rise of cloud services poses considerable challenges on the control of both cloud and carrier network infrastructures. While traditional telecom network services rely on rather static processes (often involving manual steps), the wide adoption of mobile devices including tablets, smartphones and wearables introduce previously unseen dynamics in the creation, scaling and withdrawal of new services. These phenomena require optimal flexibility in the characterization of services, as well as on the control and orchestration of both carrier and cloud infrastructure. This paper proposes a unified programmability framework addressing: the unification of network and cloud resources, the integrated control and management of cloud and network, the description for programming networked/cloud services, and the provisioning processes of these services. In addition proofs-of-concept are provided based on existing open source control software components.

It's a Match!: Near-Optimal and Incremental Middlebox Deployment

The virtualization and softwarization of modern computer networks offers new opportunities for the simplified management and exible placement of middleboxes as e.g. rewalls and proxies. This paper initiates the study of algorithmically exploiting the exibilities present in virtualized and software-defined networks. Particularly, we are interested in the initial as well as the incremental deployment of middleboxes. We present a deterministic O(log(min{n,k})) approximation algorithm for n-node computer networks, where k is the middlebox capacity. The algorithm is based on optimizing over a submodular function which can be computed efficiently using a fast augmenting path approach. The derived approximation bound is optimal: the underlying problem is computationally hard to approximate within sublogarithmic factors, unless P = NP holds. We additionally present an exact algorithm based on integer programming, and complement our formal analysis with simulations. In particular, we consider the number of used middleboxes and highlight the benefits of the approximation algorithm in incremental deployments. Our approach also finds interesting applications, e.g., in the context of incremental deployment of software-defined networks.

Beyond the Stars: Revisiting Virtual Cluster Embeddings

It is well-known that cloud application performance can critically depend on the network. Over the last years, several systems have been developed which provide the application with the illusion of a virtual cluster: a star-shaped virtual network topology connecting virtual machines to a logical switch with absolute bandwidth guarantees. In this paper, we debunk some of the myths around the virtual cluster embedding problem. First, we show that the virtual cluster embedding problem is not NP-hard, and present the fast and optimal embedding algorithm VC-ACE for arbitrary datacenter topologies. Second, we argue that resources may be wasted by enforcing star-topology embeddings, and alternatively promote a hose embedding approach. We discuss the computational complexity of hose embeddings and derive the HVC-ACE algorithm. Using simulations we substantiate the benefits of hose embeddings in terms of acceptance ratio and resource footprint.

Transiently Secure Network Updates

Computer networks have become a critical infrastructure. Especially in shared environments such as datacenters it is important that a correct, consistent and secure network operation is guaranteed at any time, even during routing policy updates. In particular, at no point in time should it be possible for packets to bypass security critical waypoints~(such as a firewall or IDS) or to be forwarded along loops. This paper studies the problem of how to change routing policies in a transiently consistent manner. Transiently consistent network updates have been proposed as a fast and resource efficient alternative to per-packet consistent updates. Our main result is a negative one: we show that there are settings where the two basic properties waypoint enforcement and loop-freedom cannot be satisfied simultaneously. Even worse, we rigorously prove that deciding whether a waypoint enforcing, loop-free network update schedule exists is NP-hard. These results hold for both kinds of loop-freedom used in the literature: strong and relaxed loop-freedom. This paper also presents optimized, exact mixed integer programs to compute optimal update schedules. We report on extensive simulation results and initiate the discussion of scenarios where multiple waypoints need to be ensured (also known as service chains).

It's About Time: On Optimal Virtual Network Embeddings under Temporal Flexibilities

Distributed applications often require high-performance networks with strict connectivity guarantees. For instance, many cloud applications suffer from todays variations of the intra-cloud bandwidth, which leads to poor and unpredictable application performance. Accordingly, we witness a trend towards virtual networks (VNets) which can provide resource isolation. Interestingly, while the problem of where to embed a VNet is fairly well-understood today, much less is known about when to optimally allocate a VNet. This however is important, as the requirements specified for a VNet do not have to be static, but can vary over time and even include certain temporal flexibilities. This paper initiates the study of the temporal VNet embedding problem (TVNEP). We propose a continuous-time mathematical programming approach to solve the TVNEP, and present and compare different algorithms. Based on these insights, we present the CSM-Model which incorporates both symmetry and state-space reductions to significantly speed up the process of computing exact solutions to the TVNEP. Based on the CSM-Model, we derive a greedy algorithm OGA to compute fast approximate solutions. In an extensive computational evaluation, we show that despite the hardness of the TVNEP, the CSM-Model is sufficiently powerful to solve moderately sized instances to optimality within one hour and under different objective functions (such as maximizing the number of embeddable VNets). We also show that the greedy algorithm exploits flexibilities well and yields good solutions. More generally, our results suggest that already little time flexibilities can improve the overall system performance significantly.

Stitching Inter-Domain Paths over IXPs

Modern Internet applications, from HD video-conferencing to health monitoring and remote control of power-plants, pose stringent demands on network latency, bandwidth and availability. An approach to support such applications and provide inter-domain guarantees, enabling new avenues for innovation, is using centralized inter-domain routing brokers. These entities centralize routing control for mission-critical traffic across domains, working in parallel to BGP. In this work, we propose using IXPs as natural points for stitching inter-domain paths under the control of inter-domain routing brokers. To evaluate the potential of this approach, we first map the global substrate of inter-IXP pathlets that IXP members could offer, based on measurements for 229 IXPs worldwide. We show that using IXPs as stitching points has two useful properties. Up to 91% of the total IPv4 address space can be served by such inter-domain routing brokers when working in concert with just a handful of large IXPs and their associated ISP members. Second, path diversity on the inter-IXP graph increases by up to 29 times, as compared to current BGP valley-free routing. To exploit the rich path diversity, we introduce algorithms that inter-domain routing brokers can use to embed paths, subject to bandwidth and latency constraints. We show that our algorithms scale to the sizes of the measured graphs and can serve diverse simulated path request mixes. Our work highlights a novel direction for SDN innovation across domains, based on logically centralized control and programmable IXP fabrics.

An Approximation Algorithm for Path Computation and Function Placement in SDNs

We consider the task of embedding multiple service requests in Software-Defined Networks (SDNs), i.e. computing (combined) mappings of network functions on physical nodes and finding routes to connect the mapped network functions. A single service request may either be fully embedded or be rejected. The objective is to maximize the sum of benefits of the served requests, while the solution must abide node and edge capacities.

Efficient service graph embedding: A practical approach

Future network services and applications, such as coordinated remote driving or remote surgery, pose serious challenges on the underlying networks. In order to fulfill the extremely low latency requirement in combination with ultrahigh availability and reliability, we need novel approaches, for example to dynamically move network “capabilities” close to the users. This requires more flexibility, automation and adaptability to be added to the networks at different levels and operation planes. The key enabler of the novel features is network softwarization provided by NFV and SDN techniques. In this paper, we focus on a central component of the orchestration plane which is responsible for mapping the building blocks of services to available resources. Our main contribution is twofold. First, we propose a novel service graph embedding algorithm which is able to jointly control and optimize the usage of compute and network resources efficiently based on greedy heuristics. Besides, the algorithm can be configured extensively to obtain different optimization goals and trade-off running time with the search space. Second, we report on our implementation and integration with our proof-of-concept orchestration framework ESCAPE. Several experiments confirmed its practical applicability.