A Semantic-Based Policy Analysis Solution for the Deployment of NFV Services

A Semantic-Based Policy Analysis Solution for the Deployment of NFV Services

Policies in network function virtualization (NFV) systems may conflict when they have different restrictions on the shared resources. In this context, it is of paramount importance to identify such conflicts before sending network service (NS) request (NS-Req) to the embedding algorithm to avoid une...

Full description

Saved in:
Bibliographic Details
Published in:IEEE eTransactions on network and service management Vol. 16; no. 3; pp. 1005 - 1018
Main Authors: Bonfim, Michel, Freitas, Fred, Fernandes, Stenio
Format: Journal Article
Language:English
Published: New York IEEE 01-09-2019
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Algorithms
Data centers
description logic
Hardware
Network function virtualization
network service
Ontologies
ontology
Policies
policy
Policy analysis
reasoning
Semantics
Servers
Topology
Virtualization
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Policies in network function virtualization (NFV) systems may conflict when they have different restrictions on the shared resources. In this context, it is of paramount importance to identify such conflicts before sending network service (NS) request (NS-Req) to the embedding algorithm to avoid unexpected behavior in its execution. Since both NS-Req and NFV infrastructure (NFVI) may contain many policies, the process of conflict detection and diagnosis is an intricate work both for humans and computer systems. Besides, as conflicts may occur among a set of constraints, pairwise detection will not suffice. Therefore, this paper proposes NSChecker, a semantic verification system to detect and diagnose policy conflicts in NFV environments. To achieve its functionality, NSChecker uses an ontology, called Onto-NFV, to describe the NFVI, NS, and associated policies. With Onto-NFV, conflicts detection is carried out through description logic (DL) inconsistency verification. We develop a prototype of NSChecker in Java and validate its capabilities on a small scenario with three use cases, showing that it supports conflict detection concerning the following policies: network function precedence, resource usage, and location. Finally, we evaluate NSChecker performance using some real topologies. The results shows that our solution is efficient even in scenarios with 50 000 nodes.
ISSN:1932-4537
1932-4537
DOI:10.1109/TNSM.2019.2917271