Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Privacy-Oriented Virtual Network Embedding
Leonardo Richter BaysRodrigo Ruas OliveiraLuciana Salete Buriol
Marinho Pilla BarcellosLuciano Paschoal Gaspary
May 2015
Privacy-Oriented Virtual Network Embedding 1/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Overview
Introduction
Proposed Solution
Evaluation
Conclusions
Ongoing Work
Privacy-Oriented Virtual Network Embedding 2/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Network Virtualization
• Enables the creation of virtual topologies on top of physicalsubstrates
• Has been embraced by academic researchers and the Industry
• Key concerns: efficient resource mapping and privacy
Privacy-Oriented Virtual Network Embedding 3/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Privacy
• Recent discovery of pervasive electronic surveillance hashighlighted privacy concerns
• These concerns are even more exacerbated in networkvirtualization
• Security mechanisms must be considered in order to maintaina desired level of privacy
Privacy-Oriented Virtual Network Embedding 4/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Related Work
• Different methods have been used to solve the embeddingproblem:◦ Optimization Models – [Chowdhury et al., 2011; Alkmim et al., 2013]◦ Relaxations – [Chowdhury et al., 2011; Alkmim et al., 2013]◦ Heuristic approaches – [Yu et al., 2008; Cheng et al., 2011]
• We are not aware of previous attempts to reconcile efficientresource mapping and the satisfaction of security requirements
Privacy-Oriented Virtual Network Embedding 5/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Objectives
• Reconciling:◦ Efficient usage of physical resources◦ Fulfillment of different levels of confidentiality:• End-to-end cryptography• Point-to-point cryptography• Non-overlapping networks
• Considering precise costs of security mechanisms
Privacy-Oriented Virtual Network Embedding 6/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Optimization Model
• Based on Integer Linear Programming• Inputs:◦ Physical and virtual topologies◦ Routers: throughput, cryptographic protocol support◦ Links: bandwidth◦ Locations◦ Costs related to cryptographic operations◦ Conflicting VNs◦ Previously embedded VNs
Privacy-Oriented Virtual Network Embedding 7/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Optimization Model
Objective Function: Minimize overall bandwidth consumption:
min∑
(i,j)∈LP
∑r∈NV ,(k ,l)∈LV
BVr ,k ,lW
Lr AL
i,j,r ,k ,l
Constraints:• Fulfill capacity requirements• Ensure proper router and link mapping• Ensure desired level of confidentiality• Fulfill location requirements• Maintain previous mappings
Privacy-Oriented Virtual Network Embedding 8/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
• Based on Simulated Annealing
• Same inputs and constraints as the optimization model
• Aims at minimizing overall bandwidth consumption
Privacy-Oriented Virtual Network Embedding 9/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
• Generates an initial mapping and iteratively moves virtualrouters attempting to improve the solution
• Allows the generation of unfeasible solutions◦ Such solutions are penalized in order to encourage feasible ones
• Runs until the best found solution is close enough to optimalityor a maximum number of iterations has been reached
Privacy-Oriented Virtual Network Embedding 10/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
Algorithm Proposed Heuristic Algorithm1:2:3:4:5:6:7:8:9:10:11:12:13:14:15:16:
Privacy-Oriented Virtual Network Embedding 11/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
Algorithm Proposed Heuristic Algorithm1: s ← generateInitialSolution2: c ← evaluateSolution(s)3: sbest ← s; cbest ← c4:5:6:7:8:9:10:11:12:13:14:15:16:
Privacy-Oriented Virtual Network Embedding 11/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
Algorithm Proposed Heuristic Algorithm1: s ← generateInitialSolution2: c ← evaluateSolution(s)3: sbest ← s; cbest ← c4: k ← 05: while k < kmax and c > cmax do6:7:8:9:10:11:12:13:14:15:16: end while
Privacy-Oriented Virtual Network Embedding 11/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
Algorithm Proposed Heuristic Algorithm1: s ← generateInitialSolution2: c ← evaluateSolution(s)3: sbest ← s; cbest ← c4: k ← 05: while k < kmax and c > cmax do6: s′ ← generateNeighbor(s)7: c′ ← evaluateSolution(s′)8:9:10:11:12:13:14:15:16: end while
Privacy-Oriented Virtual Network Embedding 11/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
Algorithm Proposed Heuristic Algorithm1: s ← generateInitialSolution2: c ← evaluateSolution(s)3: sbest ← s; cbest ← c4: k ← 05: while k < kmax and c > cmax do6: s′ ← generateNeighbor(s)7: c′ ← evaluateSolution(s′)8: t ← temperature(k , kmax )9: if probability(c, c′, t) > random[0, 1) then10: s ← s′; c ← c′
11: end if12:13:14:15:16: end while
Privacy-Oriented Virtual Network Embedding 11/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Proposed Heuristic Algorithm
Algorithm Proposed Heuristic Algorithm1: s ← generateInitialSolution2: c ← evaluateSolution(s)3: sbest ← s; cbest ← c4: k ← 05: while k < kmax and c > cmax do6: s′ ← generateNeighbor(s)7: c′ ← evaluateSolution(s′)8: t ← temperature(k , kmax )9: if probability(c, c′, t) > random[0, 1) then10: s ← s′; c ← c′
11: end if12: if c < cbest and isFeasible(s) then13: sbest ← s; cbest ← c14: end if15: k ← k + 116: end while
Privacy-Oriented Virtual Network Embedding 11/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Evaluation – Fixed Parameters
• General parameters:◦ 250 time slots◦ On average, 5 requests arrive per slot (Poisson)◦ Average duration of 5 slots (exponential)
• Heuristic algorithm parameters:◦ Maximum number of iterations: 5,000◦ Maximum overhead factor: 3◦ Penalty factor: 100
Privacy-Oriented Virtual Network Embedding 12/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Evaluation – Fixed Parameters
• Physical network:◦ Routers: 10 Gbps throughput◦ Distributed among 16 locations◦ 95% support cryptographic protocols◦ Links: 1–10 Gbps
• Virtual networks:◦ Two routers with location constraints◦ 35% of VNs do not require cryptography◦ 35% of VNs require end-to-end cryptography◦ 30% of VNs require point-to-point cryptography◦ 5% of VNs conflict with a previously embedded VN
Privacy-Oriented Virtual Network Embedding 13/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Evaluation – Variable Parameters
• Network sizes:◦ Physical network of size 100, VN sizes ranging from 2 to 5◦ Physical network of size 500, VN sizes ranging from 2 to 10
• Cryptographic Algorithms:◦ AES-128◦ AES-256
Privacy-Oriented Virtual Network Embedding 14/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Results
0
2
4
6
8
10
12
50 100 150 200 250
Ave
rage
Sol
utio
n T
ime
(in s
econ
ds)
Time Slots
Opt. 100r AES−128Opt. 100r AES−256
Heur. 100r AES−128Heur. 100r AES−256
Opt. 500r AES−128Opt. 500r AES−256
Heur. 500r AES−128Heur. 500r AES−256
Figure: Time needed to find the accepted solution.
Privacy-Oriented Virtual Network Embedding 15/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Results
0
0.2
0.4
0.6
0.8
1
50 100 150 200 250
Per
cent
age
of A
ccep
ted
Req
uest
s
Time Slots
Opt. 100r AES−128Opt. 100r AES−256
Heur. 100r AES−128
Heur. 100r AES−256Heur. 500r AES−128Heur. 500r AES−256
Figure: Acceptance rate in all completed experiments.
Privacy-Oriented Virtual Network Embedding 16/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Results
1
1.5
2
2.5
50 100 150 200 250
Ave
rage
Ban
dwid
th O
verh
ead
Time Slots
No SecurityEnd−to−end Crypt.
Point−to−point Crypt.Conflicting Networks
(a) Opt. 100r AES-256
2
2.5
3
3.5
4
50 100 150 200 250
Ave
rage
Ban
dwid
th O
verh
ead
Time Slots
No SecurityEnd−to−end Crypt.
Point−to−point Crypt.Conflicting Networks
(b) Heur. 100r AES-256
Figure: Average bandwidth overhead needed to embed requests ofdifferent kinds.
Privacy-Oriented Virtual Network Embedding 17/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Conclusions
• Optimization model produces adequate results in a timelymanner for networks of limited size
• Heuristic algorithm scales to larger networks without asignificant increase in solution time
• If desired, the heuristic algorithm may lead to more preciseresults through parameterization
Privacy-Oriented Virtual Network Embedding 18/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Ongoing Work
• Further improvements to the heuristic algorithm◦ First-improvement-based local search◦ Multiple moves per temperature change◦ Logarithmic cooling schedule
• Analysis of the impact of topological factorson the VN embedding process
• SDN integration case study
Privacy-Oriented Virtual Network Embedding 19/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Privacy-Oriented Virtual Network Embedding
Leonardo Richter BaysRodrigo Ruas OliveiraLuciana Salete Buriol
Marinho Pilla BarcellosLuciano Paschoal Gaspary
[email protected]://inf.ufrgs.br/~lrbays
Privacy-Oriented Virtual Network Embedding 20/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
References
Gustavo P. Alkmim, Daniel M. Batista, and Nelson L. S. Fonseca. Mapping virtual networksonto substrate networks. Journal of Internet Services and Applications, 3(4), 2013.ISSN 1869-0238. doi: 10.1186/1869-0238-4-3.
Xiang Cheng, Sen Su, Zhongbao Zhang, Hanchi Wang, Fangchun Yang, Yan Luo, and JieWang. Virtual network embedding through topology-aware node ranking. SIGCOMMComputer Communication Review, 41(2), 2011. ISSN 0146-4833. doi:10.1145/1971162.1971168.
M. Chowdhury, M. R. Rahman, and R. Boutaba. Vineyard: Virtual network embeddingalgorithms with coordinated node and link mapping. IEEE/ACM Transactions onNetworking, PP(99), 2011. ISSN 1063-6692. doi: 10.1109/TNET.2011.2159308.
Minlan Yu, Yung Yi, Jennifer Rexford, and Mung Chiang. Rethinking virtual networkembedding: substrate support for path splitting and migration. SIGCOMM ComputerCommunication Review, 38(2), 2008. ISSN 0146-4833. doi: 10.1145/1355734.1355737.
Privacy-Oriented Virtual Network Embedding 21/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Constraints
Constraints C1 and C3: Fulfill capacity requirements:
∑r∈NV ,j∈RV
T Vr ,jW
Rr ,jA
Ri,r ,j ≤ T P
i ∀i ∈ RP (C1)
∑r∈NV ,(k,l)∈LV
BVr ,k,lW
Lr AL
i,j,r ,k,l ≤ BPi,j ∀(i , j) ∈ LP (C3)
Privacy-Oriented Virtual Network Embedding 22/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Constraints
Constraints C2, C5, and C6: Ensure proper router and linkmapping:
∑j∈RV
ARi,r ,j ≤ 1 ∀i ∈ RP , r ∈ NV (C2)
∑i∈RP
ARi,r ,j = 1 ∀r ∈ NV , j ∈ RV (C5)
∑j∈RP
ALi,j,r ,k,l −
∑j∈RP
ALj,i,r ,k,l = AR
i,r ,k − ARi,r ,l ∀r ∈ NV , (k , l) ∈ LV , i ∈ RP
(C6)
Privacy-Oriented Virtual Network Embedding 23/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Constraints
Constraints C4, C7, and C8: Ensure desired level of security:
K Vr ,jA
Ri,r ,j ≤ K P
i ∀i ∈ RP , r ∈ NV , j ∈ RV (C4)
∑q∈NV ,k∈RV
ARi,q,k +
∑r∈NV ,l∈RV
ARi,r ,l ≤ 1 ∀q, r ∈ X , i ∈ RP (C7)
⌈∑q∈NV ,(k,l)∈LV AL
i,j,q,k,l
|LP |
⌉+
⌈∑r∈NV ,(o,p)∈LV AL
i,j,r,o,p
|LP |
⌉≤ 1 ∀q, r ∈ X , (i , j) ∈ LP
(C8)
Privacy-Oriented Virtual Network Embedding 24/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Constraints
Constraints C9, C10, and C11: Fulfill location requirements andmaintain previous mappings:
jARi,r ,k = lAR
i,r ,k ∀(i , j) ∈ SP , r ∈ NV , (k , l) ∈ SV (C9)
ARi,r ,j = ER
i,r ,j ∀(i , r , j) ∈ ER (C10)
ALi,j,r ,k,l = EL
i,j,r ,k,l ∀(i , j , r , k , l) ∈ EL (C11)
Privacy-Oriented Virtual Network Embedding 25/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Constraints
Constraint C8: Linearization:
Yq,r ,i,j ≥∑
q∈NV ,(k,l)∈LV ALi,j,q,k,l
|LP |∀q, r ∈ X , (i , j) ∈ LP (C8.1)
Zq,r ,i,j ≥∑
r∈NV ,(o,p)∈LV ALi,j,r ,o,p
|LP |∀q, r ∈ X , (i , j) ∈ LP (C8.2)
Yq,r ,i,j + Zq,r ,i,j ≤ 1 ∀q, r ∈ X , (i , j) ∈ LP (C8.3)
Privacy-Oriented Virtual Network Embedding 26/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Heuristic Algorithm
• Evaluation Function:◦ If all constraints are satisfied:∑
(i,j)∈LP
∑r∈NV ,(k,l)∈LV
BVr ,k,lW
Lr AL
i,j,r ,k,l
◦ If any constraints are not satisfied:
γ κ∑
(i,j)∈LP
∑r∈NV ,(k,l)∈LV
BVr ,k,lW
Lr AL
i,j,r ,k,l
γ – severity of the applied penaltyκ – number of unsatisfied constraints
Privacy-Oriented Virtual Network Embedding 27/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Heuristic Algorithm
• Stop criteria:◦ Maximum number of iterations has been reached; or◦ Bandwidth consumption of the best found solution is sufficiently
close to optimality:
e ≤ β∑
r∈NV ,(k,l)∈LV
BVr ,k,lW
Lr
β – maximum bandwidth overhead
Privacy-Oriented Virtual Network Embedding 28/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Heuristic Algorithm
• Probability of moving to a neighbor solution:◦ If it is better: 1.0◦ If it is worse:
exp(e/enew − 1temperature
)
temperature = 1− kkmax
Privacy-Oriented Virtual Network Embedding 29/20
Introduction Proposed Solution Evaluation Conclusions Ongoing Work
Dijkstra’s Algorithm
Weight of a link (i , j):
1 +∑
r∈NV ,(k,l)∈LV
ELi,j,r ,k,l
Privacy-Oriented Virtual Network Embedding 30/20