Elsevier

Computer Networks

Volume 121, 5 July 2017, Pages 89-99
Computer Networks

Secure virtual network embedding with flexible bandwidth-based revenue maximization

https://doi.org/10.1016/j.comnet.2017.04.020Get rights and content

Abstract

Network virtualization is an effective way to overcome the ossification of Internet by enabling multiple virtual networks to coexist on a shared infrastructure. Virtual network embedding is a resource allocation problem concerned with the assignment of physical resources to the virtual networks. Several security issues about virtual network embedding are hitherto unexplored. For instance, some virtual network operators may distrust each other and require that their virtual infrastructure is not cohosted on the same physical equipment. In this paper, we address this problem by proposing a virtual network embedding problem that ensures that the virtual networks of conflicting operators are mapped to different physical equipments. Furthermore, our problem formulation enables the virtual links to select among a range of discrete bandwidth values, each with a corresponding price and thereby realizing any possible revenue function. We evaluate the performance of our heuristic algorithm by comparison with the results obtained from our integer linear programming formulation using optimization software CPLEX.

Introduction

The explosive growth of Internet encourages the development of new technologies and applications; however, its large scale hinders their deployment. Since there are numerous service providers, applying a new architecture or technology requires mutual agreements among Internet Service Providers (ISPs) and necessitates changes in the routers and main computers. Therefore, Internet is increasingly becoming ossified. To deal with this problem, the concept of “network virtualization” has been proposed in the literature. In this approach, the substrate (physical) network provider offers a substrate (physical) network to support virtual networks [1]. This way, the deployment of new technologies becomes possible without any need to change the physical network or negotiate contracts between the ISPs [2]. An infrastructure provider (InP) deploys and maintains the network equipment and a service provider (SP) is responsible for the deployment of network protocols and the offering of end-to-end services, while a virtual network provider (VNP) assembles virtual resources from one or more InPs and a virtual network operator (VNO) installs, manages and operates the virtual network [3].

A major resource allocation challenge in virtual networks is the Virtual Network Embedding (VNE) problem, which is to embed virtual networks in a substrate network by adhering to some constraints like bandwidth requirements and optimizing a certain objective function such as revenue or energy efficiency. This problem is also known as Virtual Network Assignment problem in the literature. There are numerous variants of this problem in the literature with various constraints and objective functions such as CPU, disk, and memory requirements of the substrate and virtual links, load balancing, maximum length requirement for the virtual paths, requirement on the maximum number of virtual nodes or links that can be assigned to a certain substrate node or link, and economical benefits [4].

Authors in [5] proved that the VNE problem is NP-hard by reduction from the multi-way separator problem. Besides, another study [6] has proved by reduction from the unsplittable flow problem that the problem is still NP-hard even when the virtual nodes are already assigned and the problem is merely making the virtual link assignments by adhering to the bandwidth requirements. Some studies in the literature focus on the online version of the problem [7], whereas some other studies [8] use reoptimization techniques based on producing new solutions by modifying old solutions. In addition, there are also some studies [9] that consider the case where the resource demands in the virtual network request (VNR) are time-varying. The survey paper in [3] categorizes the rich literature about VNE problems according to various criteria such as centralized/distributed, static/dynamic, concise/redundant as well as according to their objectives such as providing QoS-compliant embeddings, maximizing the economical profit and providing survivable embeddings. An important open research issue indicated by Fischer et al. [3] is security. When virtual networks belonging to different VNOs share the same physical equipment, vulnerabilities occur due to the possible deployment of malicious software by one VNO to attack the resources of the other VNO. These attacks can range from encyrption attacks that retrieve unauthorized information by exploiting security vulnerabilities in the virtualization software to denial of service (DoS) attacks. Therefore, different VNOs may distrust one another and require that their virtual infrastructure is not cohosted on the same physical equipment [3]. In this paper, we address this open research issue by providing a virtual network embedding formulation that ensures that the resources allocated to the conflicting virtual networks do not share the same physical resources. To the best of our knowledge, this paper is the first one in the literature that provides a VNE formulation with such a feature. Unlike this paper, other secure VNE formulations [10], [11], [12] treat security as a resource (similar to bandwidth or CPU) demanded and offered by the virtual and substrate networks, respectively, and neglects the possible request of the VNOs to not share the same physical resources by the virtual networks of a certain set of other VNOs. Besides, this feature of our model is useful also to provide survivability by providing disjoint multiple paths for certain virtual links that request more survivability (will be explained in detail in Section 2).

Works in the literature [7], [13], [14], [15], [16], [17], [18], [19], [20], [21], [22], [23], [24] consider the case where each link has a certain bandwidth request. The only work in the literature that relaxes this requirement is [25], where the bandwidth requirement of some links are only probabilistically satisfied. When each virtual link has a fixed bandwidth requirement, in order for a VNR to be accepted, the bandwidth requirements of all virtual links (possibly together with some other requirements) have to be satisfied. However, this is a rather restrictive and unrealistic requirement since being obliged to satisfy a fixed bandwidth level for each virtual link can cause feasibility problems and in reality, virtual links are usually fine with a range of bandwidth values rather than a single one. For service level specifications, a range of bandwidth values is appropriate as long as the range conforms to the SLA specifications. The only possible drawback in having a range of bandwidth values is the possible increase in the computational complexity. This trade-off between flexibility and computational complexity needs to be taken into account while determining the range of bandwidth values. Besides, revenue function used in most works in the literature [7], [13], [14], [15], [16], [17], [18], [19], [20], [21], [22], [23], [24] is a linear function of the total bandwidth used by the VNR. The work in [26] pinpoints the unrealistic nature of the linear function and instead uses an exponential cost function. Unlike our work, the paper in [26] focuses on cost rather than revenue, where the cost represents traffic utilization. Their motivation for exponential cost function is because of the fact that the costs increase very rapidly as the traffic utilization increases. When a revenue function is used, linear function is again unrealistic because of the economies of scale; i.e., in practice, the per-unit revenue decreases as the offered bandwidth value increases. Certainly, an operator may opt to use a linear function; however, an exponential function better serves the market needs since it makes it more appealing to utilize more bandwidth due to economies of scale. Unlike other works in the literature, we propose in this paper a model where the infrastructure provider offers a range of discrete bandwidth values, each with a corresponding price. Note that our model can be tailored to work in the fixed bandwidth case by giving only a single bandwidth and price pair as input. Moreover, each virtual link has a minimum and maximum bandwidth requirement depending on the application (email, video etc.). A customer’s willingness to pay can also be incorporated to our model by appropriately changing the maximum bandwidth requirement depending on the maximum price that the customer is willing to pay. Our virtual network embedding formulation assigns bandwidth levels to virtual links so that both the requirements of the links are satisfied and the revenue of the infrastructure provider is maximized. The flexibility that our model offers results in higher revenue; therefore, it is advantageous for the infrastructure provider. Furthermore, unlike other works in the literature, not only linear or exponential, but any revenue function (as a discrete function of offered bandwidth values) can be realized by our model.

Our formulation in this paper is able to handle multiple VNRs and provides admission control in addition to location awareness; i.e., it ensures that each virtual node is mapped to a substrate node that is compliant with the distance requirement of the virtual node. Moreover, our model is suitable both for online and offline settings. In an online setting, each VNR can be embedded as soon as the VNR request arrives by giving this VNR request as input to our problem. If this VNR is in conflict with any previously allocated VNR, then the graph given as input to our problem can be modified by excluding these previously allocated resources that are in conflict with the new arrival and thereby ensuring conflict-free operation. In an offline setting, VNRs that arrive during a certain time period can be buffered and then our model can be executed.

Contributions of this paper can be summarized as follows:

  • (i)

    To the best of our knowledge, our virtual network embedding problem in this paper is the first one in the literature that ensures that conflicting VNRs do not share the same substrate resources

  • (ii)

    To the best of our knowledge, this is the first paper that enables flexibility of choosing a certain bandwidth for each virtual link among a set of discrete bandwidth levels

  • (iii)

    To the best of our knowledge, this paper proposes the first VNE problem that enables the revenue to be any function of bandwidth allocated to the virtual links.

Section snippets

Substrate network

We model the substrate network as an undirected graph and denote it by GS=(VS,ES), where VS is the set of substrate nodes and ES is the set of substrate links. Each substrate node vSVS is associated with a location loc(vS). Each substrate link (u, w) ∈ ES among substrate nodes u, wVS is associated with a bandwidth capacity value BE(u, w) denoting the total amount of bandwidth of the link.

Virtual network requests (VNRs)

Let G be the set of VNRs and g be the index of a VNR such that g{1,2,,|G|}. Each VNR g is associated

Proposed heuristic algorithm

Recall that VNE problem is NP-Hard even in its special cases [5], [6]. Hence, we provide in this section a polynomial-time heuristic algorithm for the optimization problem we formulated in (1)–(24). Algorithm 1 presents the pseudocode of our proposed heuristic algorithm.

Our algorithm first finds in Line 1 a set of VNRs among which there is no conflict. To this end, we construct a conflict graph where the vertex set corresponds to the set of VNRs and there is an edge between two vertices if and

Simulation results

As in [7], [14], [30], we generate the substrate and virtual network topologies using GTITM [31]. The capacity of each substrate link is uniformly distributed between 15 and 30. We evaluate the impact of our flexible bandwidth scheme by comparison with the static bandwidth scheme results. In the flexible bandwidth scheme, each virtual link has minimum required bandwidth bmin=6 and maximum required bandwidth bmax=14. In the static bandwidth scheme, the bandwidth requested by each virtual link is

Conclusion

In this paper, we have formulated a secure virtual network embedding problem as an integer linear program. Our formulation ensures that the virtual networks of conflicting virtual network operators are not cohosted on the same physical equipment. Our formulation also offers flexible bandwidth management by enabling the virtual links to select among a range of possible bandwidth values, each having a different revenue and thereby realizing any possible revenue function. We propose a

Cihangir Beşiktaş received the B.S. degree in computer engineering from Istanbul Technical University, Istanbul, Turkey, in 2009, the M.S. degree in computer engineering from Gebze Technical University, Kocaeli, Turkey, in 2012. He is currently studying his Ph.D. education in computer engineering at Gebze Technical University. He has been working as a Senior Researcher at Information Technologies Institute, TUBITAK BILGEM, Kocaeli, Turkey since 2009. His main research interests are software

References (31)

  • N.F. Butt et al.

    Topology-Awareness and Reoptimization Mechanism for Virtual Network Embedding

    (2010)
  • S. Zhang et al.

    Virtual network embedding with opportunistic resource sharing

    IEEE Trans. Parallel Distrib. Syst.

    (2014)
  • S. Liu et al.

    Security-aware virtual network embedding

    IEEE International Conference on Communications (ICC)

    (2014)
  • L.R. Bays et al.

    Security-aware optimal resource allocation for virtual network embedding

    International Conference on Network and Service Management

    (2012)
  • P. Chau et al.

    Security-awareness in network virtualization: a classified overview

    IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS)

    (2014)
  • Cited by (0)

    Cihangir Beşiktaş received the B.S. degree in computer engineering from Istanbul Technical University, Istanbul, Turkey, in 2009, the M.S. degree in computer engineering from Gebze Technical University, Kocaeli, Turkey, in 2012. He is currently studying his Ph.D. education in computer engineering at Gebze Technical University. He has been working as a Senior Researcher at Information Technologies Institute, TUBITAK BILGEM, Kocaeli, Turkey since 2009. His main research interests are software defined networking and cloud computing.

    Didem Gözüpek received the B.S. degree (high honors) in telecommunications engineering from Sabancı University, Istanbul, Turkey, in 2004, the M.S. degree in electrical engineering from the New Jersey Institute of Technology (NJIT), Newark, NJ, USA, in 2005, and the Ph.D. degree in computer engineering from Bogazici University, Istanbul, Turkey, in 2012. She is an Associate Professor with the Computer Engineering Department, Gebze Technical University, Kocaeli, Turkey. From 2005 to 2008, she worked as an R&D Engineer in a telecommunications company in Istanbul. Her main research interests are structural and algorithmic graph theory, approximation algorithms, and optimization problems in communication networks. Dr. Gözüpek received the CAREER Award from the Scientific and Technological Research Council of Turkey (TUBITAK) in 2014, the Dr. Serhat Özyar Young Scientist of the Year Honorary Award in 2013, the Bogazici University Ph.D. Thesis Award in 2012, and ASELSAN PhD Fellowship in 2011. She was a finalist for the Google Anita Borg Memorial Scholarship in 2009.

    Aydın Ulaş received his B.S., M.S. and Ph.D. degrees in computer engineering from Boğaziçi University, İstanbul, in 1999, 2001 and 2008 respectively. He worked as a post-doctoral researcher and assistant professor in Università degli Studi di Verona, Italy and worked on the FP7 project SIMBAD (Similarity based Pattern Analysis and Recognition). He is currently working as a senior researcher and solution architect for Argela technologies on SDN and NFV for the telecommunications industry. He is the Turkish consortium lead for the Celtic+ project SIGMONA and guest lecturing in various universities. His research interests include SDN&NFV, machine learning for networking, classifier combination, statistical comparison of classification algorithms, medical imaging, bioinformatics, and machine learning. He is a reviewer for several international conferences and journals and he is a senior member of IEEE Computational Intelligence Society and IAPR Turkish chapter (TÖTİAD).

    Erhan Lokman received the B.S. degree in electronics and communication engineering from Istanbul Technical University, Istanbul, Turkey, in 1992, the M.S. degree in electronics and communication engineering from Istanbul Technical Univesity, Istanbul, Turkey, in 2005. From 1993 to 2000, he worked as an R&D Engineer and as a System Design Engineer in Alcatel (Istanbul TURKEY, Antwerpen Belgium and Dulles, Washington DC. From 2000 to 2003, he continued his technology survey in Oksijen Technology and led many cutting edge and field proven projects and products. He continues his carrier in Argela Technologies as R&D Director in Software Defined Networks and Network Function Virtualization areas. He has 20+ years of experience in Telecommunications and has extensive knowledge in Telecom Networks, Value Added Services, Fixed Mobile Convergence, VoIP, IMS and IPTV areas. He has also contributed in many patents and papers.

    This work is supported by Argela Technologies, Istanbul, Turkey, as part of the MILAT project supported by the Turkish Undersecretariat for Defense Industries (SSM). A preliminary version of this paper appeared in the Proceedings of IEEE NOMS 2016.

    View full text