NFVRG Meeting@IETF92, Dallas Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI.

Slides:



Advertisements
Similar presentations
Network Virtualization and Service Awareness Properties of FNs
Advertisements

ETSI NFV Management and Orchestration - An Overview
Benchmarking VNFs and their Infrastructure Al Morton March 7, 2014.
Ing. Tomáš Halagan.  Today’s network infrastructure  NFV in nutshell  Terms and definitions of NFV  NFV High Level Architecture  Benefits of NFV.
Network Innovation using OpenFlow: A Survey
Keith Wiles DPACC vNF Overview and Proposed methods Keith Wiles – v0.5.
Gap Analysis of Simplified Use of Policy Abstractions (SUPA) Presenter: Jun Bi draft-bi-supa-gap-analysis-02 IETF 92 SUPA BoF Dallas, TX March 23, 2015.
Please direct any questions or comments to
Proposed NFVRG Honolulu, Hawaii
Dynamic Adaptation of VNF Forwarding Graph
Resource Management for Dynamic Service Chain Adaptation
OSCAR Project Proposed Project for OPNFV
Copyright © 2014 Juniper Networks, Inc. 1 OSCAR Project Proposed Project for OPNFV Stuart Mackie NFV/SDN Architect.
OSCAR Project Proposed Project for OPNFV
Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park
A Software-Defined Approach for End-to-end IoT Networking
IETF 91: Open Platform for NFV Collaboration with I2NSF Chris Donley 1.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
A Survey on Interfaces to Network Security
Ekrem Kocaguneli 11/29/2010. Introduction CLISSPE and its background Application to be Modeled Steps of the Model Assessment of Performance Interpretation.
OpenContrail for OPNFV
Kostas Giotis, Yiannos Kryftis, Vasilis Maglaris
Software-Defined Networks Jennifer Rexford Princeton University.
VeriFlow: Verifying Network-Wide Invariants in Real Time
Enter NFVRG An Intro to NFV and its Research Problems Diego R. Lopez Telefonica I+D July 2014.
Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.
Software-Defined Networking - Attributes, candidate approaches, and use cases - MK. Shin, ETRI M. Hoffmann, NSN.
Application Policy on Network Functions (APONF) G. Karagiannis and T.Tsou 1.
ETSI NFV ISG- Steven Wright, MBA, PhD, JD 13 Nov Chairman, ETSI NFV ISG.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
Resource Management for Dynamic Service Chain Adaptation S. Lee (ETRI) S. Pack (Korea Univ.) M.-K. Shin (ETRI)
BoF: Open NFV Orchestration using Tacker
SDN Management Layer DESIGN REQUIREMENTS AND FUTURE DIRECTION NO OF SLIDES : 26 1.
DPACC Management Aspects
NFV Configuration Problem Statements Haibin Song Georgios Karagiannis
Virtualized Network Function (VNF) Pool BoF IETF 90 th, Toronto, Canada. BoF Chairs: Ning Zong Melinda Shore
Azher Mughal / Beraldo Leal Programming OpenFlow Flows for Scientific Profit 1 Azher Mughal / Beraldo Leal SuperComputing 2015.
Specific SDK Specific SDK NFVO Specific VNFM Specific VNFM VNF Message Queue JSON REST API.
Header Space Analysis: Static Checking for Networks Broadband Network Technology Integrated M.S. and Ph.D. Eun-Do Kim Network Standards Research Section.
14 March 2016 Bryan Sullivan, AT&T Artur Tyloch, Canonical
Outline PART 1: THEORY PART 2: HANDS ON
Is SDN Delivering? Jez Clark Solutions Architect Alternative Networks 13 th September 2013.
Benoit Claise Mehmet Ersue
Distributed mobility management deployment scenario and architecture draft-liu-dmm-deployment-scenario-03 V.Liu
Early Adopter of NFV? Mitigate Risk! UKNOF 34 - Manchester Anthony Magee, 21 st April 2016 Global Business Development.
When RINA Meets NFV Diego R. López Telefónica
NFP: Enabling Network Function Parallelism in NFV
SDN controllers App Network elements has two components: OpenFlow client, forwarding hardware with flow tables. The SDN controller must implement the network.
ONAP and MEF LSO External API Framework Functional Reference Architecture 12 July 2017 Andy Mayer, Ph.D. © 2016 AT&T Intellectual Property. All rights.
Orchestration and Controller Architecture Alignment Vimal Begwani AT&T
Xin Li, Chen Qian University of Kentucky
SDN challenges Deployment challenges
Lifecycle Service Orchestration (LSO) Models in context
SDN Network Updates Minimum updates within a single switch
Orchestration and Controller Alignment for ONAP Release 1
draft-bernini-nfvrg-vnf-orchestration
OPEN-O Modeling Directions (DRAFT 0.6)
ARC: Definitions and requirements for SO/APP-C/VF-C discussion Chris Donley Date , 2017.
OPEN-O Modeling Directions (DRAFT 0)
MEF Modeling Activities
Chapter 18 MobileApp Design
A SDN Attestation Approach
Cisco Dumps Braindumps Dumps4download.us
NFP: Enabling Network Function Parallelism in NFV
State of OPNFV MANO OPNFV MANO WG Report
Software Defined Networking (SDN)
Management and Orchestration in Complex and Dynamic Environment
NFP: Enabling Network Function Parallelism in NFV
Using Service Function Chaining for In-Network Computation
Latest Update on Gap Analysis of Openstack for DPACC
Presentation transcript:

NFVRG Meeting@IETF92, Dallas Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea Univ. S. Lee, ETRI Tae-wan Kim, LG U+ NFVRG Meeting@IETF92, Dallas

Update since IETF91 2 New Title A co-author added Verification of NFV Services : Problem Statement and Challenges A co-author added Tae-wan Kim from operators Verification framework is newly revised and discussed based on the latest NFV phase-2 works (e.g., terms, framework, etc.) Table of Contents 1. Introduction 2. Problem statement : Property to be checked 2.1 Dependencies of Network Service Components 2.2 Loop-Free in VNF FGs 2.3 Load Balancing and Optimization among VNF Instances 2.4 Policy and State Consistency 2.5 Performance 2.6 Security 3. Minimal Requirements 4. Architectural Framework 4.1 Properties and Invariants 4.2 APIs 5. Challenging Issues 6. Security Considerations 2

Motivation and Problems Check consistency and safety of network service configurations on virtual and physical resources Incomplete or inconsistent configuration of VNF and forwarding graph (FG, aka service chain) could cause break-down of the supporting infrastructure. Network and service properties to be checked Dependencies of Network Service Components Loop-Free in VNF FGs Policy and State Consistency Load Balancing and Optimization among VNF Instances Performance Bottleneck Security Hole 3

Properties (NFV vs. SDN) NFV context (Service-level) SDN context (Network-level) Dependency of network service components (e.g., network controller vs. VNF/resource manager/orchestrator) No blackhole (e.g., no packet loss) Loop-free in VNF FGs (aka. service chains) Loop-free (e.g, routing/switching) Load balancing and optimization in VNF FGs (aka. service chains) Flow table rule consistency between multiple applications (E.g., OpenFlow) Policy and state consistency (e.g., end-to-end context, virtual vs. physical resource, etc.) Dynamic info/statistics consistency (e.g., flow, port, QoS, etc.) Performance Consistency with legacy L2/L3 protocols (e.g., STP) Security (L4-L7) Security (L3 firewall, etc.) 4

Minimal Requirements R1 : It SHOULD be able to check global and local properties and invariants. (E.g., Loop-freeness and resource isolation between VNFs can be regarded as global. The policies that are related only to the specific network controllers or devices are local.) R2 : It SHOULD be able to access to the entire resource DBs as well as network states whenever verification tasks are started. R3 : It SHOULD be independent from specific solutions and frameworks, and APIs. R4 : It SHOULD process standard protocols such as Netconf, YANG, OpenFlow, I2RS, etc. and northbound and southbound interfaces that are related network configurations, and used by OSS. 5

Verification Framework Option 1 : Verification Manager in MANO Option 2 : OSS interaction Option 3 : VNF instances 6

Verification Framework Option 1 MANO Orchestrator Verification Manager OSS/BSS Service, VNF and Infrastructure Description Verification Server APIs EMS 1 EMS 2 EMS 3 VNF Manager(s) Compiler & Interpreter VNF 1 VNF 2 VNF 3 Property Library NFVI Verifier Virtualised Infrastructure Manager(s) Virtual Computing Virtual Storage Virtual Network Network States DB Virtualisation Layer Hardware resources Computing Hardware Storage Hardware Network Hardware Note that Verification Service and Verification Manager in the NFV MANO should communicate using APIs to accomplish the verification tasks. 7

8 Option 2 Verification Server MANO OSS/BSS EMS 1 EMS 2 EMS 3 VNF APIs Property Library Network States DB Compiler & Interpreter Verifier Option 2 MANO Orchestrator OSS/BSS Verification Service Service, VNF and Infrastructure Description EMS 1 EMS 2 EMS 3 VNF Manager(s) VNF 1 VNF 2 VNF 3 NFVI Virtualised Infrastructure Manager(s) Virtual Computing Virtual Storage Virtual Network Virtualisation Layer Hardware resources Computing Hardware Storage Hardware Network Hardware 8

Service, VNF and Infrastructure Description Option 3 MANO Orchestrator OSS/BSS Service, VNF and Infrastructure Description Verification (EMS 1) EMS 2 EMS 3 VNF Manager(s) Verification (VNF) VNF 2 VNF 3 NFVI Virtualised Infrastructure Manager(s) Virtual Computing Virtual Storage Virtual Network Virtualisation Layer Hardware resources Computing Hardware Storage Hardware Network Hardware 9

Challenging Issues 10 Finding infinite loops Real-time verification General solutions for the infinite loop can lead to intractable problem (e.g. the halting problem). To make the verification practical and minimize the complexity, some of the restrictions are required. Real-time verification A few invariants can be checked in real-time but it would be impossible if the size of VNFs increases or properties checked are complex. Languages and their semantics Network service descriptions in NFV need to be precisely expressed using appropriate semantics (e.g., formal method). Languages and semantic models optimized to the verification framework need to selected or newly developed. 10

Next Step Collect more requirements from operators and collaborate with ETSI NFV TST WG Investigate and be involved in open source projects (e.g., OPNFV as well as Open Daylight) Adopt as a RG document 11