| 10 | | The virtualization of network functions (e.g., load balancer, intrusion detection system) has enabled the deployment of such functions anytime and anywhere. This webinar discusses the deployment of a Virtual Network Function (VNF) and challenges associated with the cost and performance of delivering its service. Specifically, VNF instances can be dynamically deployed to meet changing conditions, i.e., more (less) instances to accommodate higher (less) traffic demand or more (less) stringent service requirements. To illustrate these issues, we present a basic set of GENI experiments on a topology that contains traffic sources, a destination, VNF instances of an intrusion detection system (i.e., Snort), an Open vSwitch (OVS), and a controller. The controller is used to steer traffic toward one or more Snort instances as needed so any intrusion can be detected reliably and in a timely fashion. |
| | 10 | The virtualization of network functions (e.g., load balancer, intrusion detection system) has enabled the deployment of such functions anytime and anywhere. This webinar discusses the deployment of a Virtual Network Function (VNF) and challenges associated with the cost and performance of delivering its service. Specifically, VNF instances can be dynamically deployed to meet changing conditions, i.e., more (less) instances to accommodate higher (less) traffic demand or more (less) stringent service requirements. To illustrate these issues, we present a basic set of GENI experiments on a topology that contains traffic sources, a destination, VNF instances of an intrusion detection system (i.e., Snort), an Open vSwitch (OVS), and a controller. The controller is used to steer traffic toward one or more Snort instances as needed so any intrusion can be detected reliably and in a timely fashion. !OpenFlow, as a communication protocol standard of a Software Defined Networking (SDN) architecture, is used to install (update) controller-derived forwarding rules on the OVS switch. To measure load on Snort hosts, we leverage the distributed publish-subscribe architecture of our Recursive InterNetwork Architecture (RINA). These measurements (by sensor processes) are fed to the controller to make its decisions. We show results for both a load-independent controller and a load-dependent control-theoretic controller. |
