TOWARDS DEPENDABLE NETWORK FUNCTION VIRTUALIZATION SERVICES
MetadataShow full item record
Despite the great momentum NFV has gained over the last few years, a closer look under the hood reveals that NFV introduces numerous dependability challenges. Compared to traditional IT applications with the availability in the order of 2'9s to 3'9s, telecom service providers require their network service being "always on" (5'9s or 6'9s). On the other hand, VMs/standard servers that are used to implement NFV are more prone to failures compared to dedicated hardware. Besides, NFV also raises security/privacy issues due to its supporting of the cloud environment where confidential information belonging to end-users and enterprises can be exposed to an external third party or attackers. How to protect users' privacy while providing complex network function services at middleboxes is an open problem.In this study, we took steps to address the availability and security/privacy, two challenges of providing dependable NFV services. First, we studied how to allocate the minimum amount of resource when mapping service function chains while guaranteeing the availability requirements. To this end, we formulated these them as optimization problems and solved them by proposing several approximation algorithms. In the second part of the thesis, we showed our design and implementation of SPABox and REET, two middlebox-based NF services that perform deep packet inspection (DPI) and WAN optimization directly over encrypted traffic, respectively. Specifically, SPABox is the first middlebox based system that supports both signature and data analysis based DPI functionalities and REET is the first system allowing a middlebox to eliminate network traffic redundancy at packet-level.The proposed approaches and results will make NFV services not only more efficient but also more dependable, thus accelerating their adoptions.