• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.21-27
• /
• 2023

In the cloud computing environment, servers and applications can be set up within minutes, and recovery in case of fail ures has also become easier. Particularly, using virtual servers in the cloud is not only convenient but also cost-effective compared to the traditional approach of setting up physical servers just for temporary services. However, most of the und erlying networks and security systems that serve as the foundation for such servers and applications are primarily hardwa re-based, posing challenges when it comes to implementing cloud virtualization. Even within the cloud, there is a growing need for virtualization-based security and protection measures for elements like networks and security infrastructure. This paper discusses research on enhancing the security of cloud networks using network virtualization technology. I configured a secure network by leveraging virtualization technology, creating virtual servers and networks to provide various security benefits. Link virtualization and router virtualization were implemented to enhance security, utilizing the capabilities of virt ualization technology. The application of virtual firewall functionality to the configured network allowed for the isolation of the network. It is expected that based on these results, there will be a contribution towards overcoming security vulnerabil ities in the virtualized environment and proposing a management strategy for establishing a secure network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4023-4043
• /
• 2016

Network virtualization has been regarded as a core attribute of the Future Internet. In a network virtualization environment (NVE), multiple heterogeneous virtual networks can coexist on a shared substrate network. Thus, a substrate network failure may affect multiple virtual networks. In this case, it is increasingly critical to provide survivability for the virtual networks against the substrate network failures. Previous research focused on mechanisms that ensure the resilience of the virtual network. However, the resource efficiency is still important to make the mapping scheme practical. In this paper, we study the survivable virtual network embedding mechanisms against substrate link and node failure from the perspective of improving the resource efficiency. For substrate link survivability, we propose a load-balancing and re-configuration strategy to improve the acceptance ratio and bandwidth utilization ratio. For substrate node survivability, we develop a minimum cost heuristic based on a divided network model and a backup resource cost model, which can both satisfy the location constraints of virtual node and increase the sharing degree of the backup resources. Simulations are conducted to evaluate the performance of the solutions. The proposed load balancing and re-configuration strategy for substrate link survivability outperforms other approaches in terms of acceptance ratio and bandwidth utilization ratio. And the proposed minimum cost heuristic for substrate node survivability gets a good performance in term of acceptance ratio.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.159-165
• /
• 2016

Through the NFV (Network Function Virtualization), companies such as network service providers and carriers have sought to dramatically reduce CAPEX / OPEX by improving the speed of new service provisioning and flexibility of network construction through the S/W-based devices provided by NFV. One of the most important considerations for establishing an NFV network to provide dynamic services is to determine how to dynamically allocate resources (VNFs), the basic building blocks of network services, in the right place. In this paper, we analyzed the latest research trends on VNF node, link allocation, and scheduling in nodes that are required to provide arbitrary NS in NFV framework. In this paper, we also propose VNF scheduling problems that should be studied further in RA (Resource Allocation).

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.8
• /
• pp.1071-1076
• /
• 2020

The importance of network separation is due to the use of the Internet with existing business PCs, resulting in an internal information leakage event, and an environment configured to allow servers to access the Internet, which causes service failures with malicious code. In order to overcome this problem, it is necessary to use network virtualization to separate networks and network interconnection systems. Therefore, in this study, the construction area was constructed into the network area for the Internet and the server farm area for the virtualization system, and then classified and constructed into the security system area and the data link system area between networks. In order to prove the excellence of the proposed method, a network separation construction study using network virtualization was conducted based on the basis of VM Density's conservative estimates of program loads and LOBs.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.8
• /
• pp.491-498
• /
• 2014

Due to the ossification of current Internet, it is hard to accommodate new service requirements. One of the solutions to this problem is network virtualization. In this paper, we propose a heuristic virtual network embedding method for network virtualization. The proposed method checks whether the candidate substrate nodes in the substrate network have the possibility of satisfying virtual link requirements. It gives priority to the virtual nodes and the substrate nodes, and embeds the node with higher priority first. Also, the proposed method tries to cluster the mapped substrate nodes if possible. We evaluate the performance of the proposed method in terms of time complexity and virtual network acceptance rate.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.1
• /
• pp.145-164
• /
• 2014

Network virtualization provides a promising tool to allow multiple heterogeneous virtual networks to run on a shared substrate network simultaneously. A long-standing challenge in network virtualization is the Virtual Network Embedding (VNE) problem: how to embed virtual networks onto specific physical nodes and links in the substrate network effectively. Recent research presents several heuristic algorithms that only consider single topological attribute of networks, which may lead to decreased utilization of resources. In this paper, we introduce six complementary characteristics that reflect different topological attributes, and propose three topology-aware VNE algorithms by leveraging the respective advantages of different characteristics. In addition, a new KS-core decomposition algorithm based on two characteristics is devised to better disentangle the hierarchical topological structure of virtual networks. Due to the overall consideration of topological attributes of substrate and virtual networks by using multiple characteristics, our study better coordinates node and link embedding. Extensive simulations demonstrate that our proposed algorithms improve the long-term average revenue, acceptance ratio, and revenue/cost ratio compared to previous algorithms.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.4618-4639
• /
• 2018

One of the most innovative paradigms for the next-generation of wireless cellular networks is the cloud-radio access networks (C-RANs). In C-RANs, base station functions are distributed between the remote radio heads (RHHs) and base band unit (BBU) pool, and a communication link is defined between them which is referred as the fronthaul. This leveraging link is expected to reduce the CAPEX (capital expenditure) and OPEX (operating expense) of envisioned cellular architectures as well as improves the spectral and energy efficiencies, provides the high scalability, and efficient mobility management capabilities. The fronthaul link carries the baseband signals between the RRHs and BBU pool using the digital radio over fiber (RoF) based common public radio interface (CPRI). CPRI based optical links imposed stringent synchronization, latency and throughput requirements on the fronthaul. As a result, fronthaul becomes a hinder in commercial deployments of C-RANs and is seen as one of a major bottleneck for backbone networks. The optimization of fronthaul is still a challenging issue and requires further exploration at industrial and academic levels. This paper comprehensively summarized the current challenges and requirements of fronthaul networks, and discusses the recently proposed system architectures, virtualization techniques, key transport technologies and compression schemes to carry the time-sensitive traffic in fronthaul networks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.7
• /
• pp.3393-3412
• /
• 2017

As a main challenge in network virtualization, virtual network embedding problem is increasingly important and heuristic algorithms are of great interest. Aiming at the problems of poor correlation in node embedding and link embedding, long distance between adjacent virtual nodes and imbalance resource consumption of network components during embedding, we herein propose a two-stage virtual network embedding algorithm NA-PVNM. In node embedding stage, resource requirement and breadth first search algorithm are introduced to sort virtual nodes, and a node fitness function is developed to find the best substrate node. In link embedding stage, a path fitness function is developed to find the best path in which available bandwidth, CPU and path length are considered. Simulation results showed that the proposed algorithm could shorten link embedding distance, increase the acceptance ratio and revenue to cost ratio compared to previously reported algorithms. We also analyzed the impact of position constraint and substrate network attribute on algorithm performance, as well as the utilization of the substrate network resources during embedding via simulation. The results showed that, under the constraint of substrate resource distribution and virtual network requests, the critical factor of improving success ratio is to reduce resource consumption during embedding.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3701-3727
• /
• 2016

Recently Service Function Chaining (SFC) is promising to innovate the network service mode in modern networks. However, a feasible implementation of SFC is still difficult due to the need to achieve functional equivalence with traditional modes without sacrificing performance or increasing network complexity. In this paper, we present a configurable network service chaining (CNSC) mechanism to provide services for network traffics in a flexible and optimal way. Firstly, we formulate the problem of network service chaining and design an effective service chain construction framework based on integrating software-defined networking (SDN) with network functions virtualization (NFV). Then, we model the service path computation problem as an integer liner optimization problem and propose an algorithm named SPCM to cooperatively combine service function instances with a network utility maximum policy. In the procedure of SPCM, we achieve the service node mapping by defining a service capacity matrix for substrate nodes, and work out the optimal link mapping policies with segment routing. Finally, the simulation results indicate that the average request acceptance ratio and resources utilization ratio can reach above 85% and 75% by our SPCM algorithm, respectively. Upon the prototype system, it is demonstrated that CNSC outperforms other approaches and can provide flexible and scalable network services.

• IEIE Transactions on Smart Processing and Computing
• /
• v.6 no.1
• /
• pp.60-65
• /
• 2017

Network virtualization enables us to make efficient use of resources in a physical network by embedding multiple virtual networks in the physical network. In this paper, we develop a prototype of a virtual network embedding system. Our system consists of OpenStack, which is an open source cloud service platform, and shell scripts. Because OpenStack does not provide a quality of service control function, we realize bandwidth reservation for virtual links by making use of the ingress policing function of Open vSwitch, which is a virtual switch used in OpenStack. The shell scripts in our system automatically construct the required virtual network on the physical network using the OpenStack command-line interface, and they reserve bandwidth for virtual links using the Open vSwitch command. Experimental evaluation confirms that our system constructs the requested virtual network and appropriately allocates node and link resources to it.