The Research On Key Technologies For Resource Optimization And Security In Network Function Virtualization

With the introduction of new-generation network construction technologies,such as Network Function Virtualization(NFV)and Software-Defined Networking(SDN),many aspects of information system infrastructure and network application development have been deeply affected.It should be noted that new performance challenges and security threats also exist in NFV/SDN related network systems,many of which have not existed in traditional network architectures or existing in traditional networks but have been shown different features in new network architectures.However,the new features brought by NFV/SDN networking technologies,such as resource flexibility,on-demand deployment,high reliability and resource centralization can bring new opportunities to the areas of network resource optimization and network security.This paper focuses on the deployment,migration and optimization of network resources,and the security issues based on network functional virtualization.With the research of several key technologies,this paper attempts to lay a technological foundation for the network functional virtualization to build an efficient,stable,secure and reliable framework.In this paper,we conduct researches on the optimization and security of network resources under the NFV environment.The main contributions are listed as follows:Firstly,the problem of optimizing the deployment of service function chains(SFCs)under security constraints is studied.In NFV network,the SFC is presented as a series of virtual network functions(VNFs)deployed in virtual machine and managed by a centralized management and orchestration system.In such environment,how to optimize the deployment of SFC under security constraints is a key technical challenge.This paper abstracts and model the deployment of SFC under security constraints as integer programming problem.On this basis,a two-stage optimization algorithm for SFC deployment under security constraints is proposed.Both theoretical analysis and simulation experiments show that this optimization algorithm can achieve the expected results in the optimal deployment of service function chains.Secondly,the cost of VNF migration and the optimization and selection of migration target are studied.In the NFV network,the VNF needs to be migrated in the network as the network environment changes.In this paper,the reduction of resource load rate is the principle of migration node sorting,from high to low one by one until the queue is empty.In view of the overhead of migration and optimization of migration target selection,this paper proposes a model that takes the buffer size consumed in SDN controller as the migration cost of VNF.Based on this,a heuristic algorithm for computing migration target is proposed,which can obtain the approximate solution of optimal migration target in polynomial time.Theoretical analysis and simulation experiments show the rationality and effectiveness of this optimization algorithm.Thirdly,A Virtual Machine based VNF migration and optimization technology is proposed.The traditional researches on the VNF migration mainly focuses on the construction of a migration mechanism.However,these researches may cause huge impact in safety and reliability.In view of the problems brought by the existing migration technologies,a solution for migrating VNF through virtual machines is proposed in this paper.Specifically,through the integration with Consolidated Middlebox technology,VNF serving the same network flow type are deployed in the same virtual machine and the virtual machines are migrated at the same time as the VNFs are migrated.Considering resource constraints such as bandwidth in the network,Heuristic algorithms in different network scenarios are proposed to help minimize the cost of virtual machine migration.Theoretical analysis and simulation experiments show the effectiveness of the algorithm.At last,an ARP spoofing defense technology based on OpenFlow,Active ARP Inspection(AAI),is proposed.In this paper,ARP spoofing,a typical example of a traditional network attack technique,is used to analyze the performance and characteristics of network security threats in NFV/SDN network.Based on the analyzation,a three phases mechanism for ARP spoofing defense of “sample-detect-response” is built in OpenFlow controller.By implementing the prototype system of this mechanism in POX controller,this paper tests the AAI mechanism.The test results show that this system can effectively defend ARP spoofing in the network with acceptable performance overhead.Needless to say,the research on network resource optimization and security in NFV helps to solve some key basic problems in constructing next-generation network technology.However,due to the complexity of the problem,there are two difficulty aspects to solve the related problems,one is to choose the timing of the VNF migration,the second is to model the general security issues,which is always the balance between performance and cost issues.