Software-Defined Networking (SDN) is a paradigm that enables easier network programmability based on separation between network control plane and data plane. Network Function Virtualization (NFV) is another recent technology that has enabled design, deploy, and management of softwarized networking services. The vast majority of SDN and NFV based architectures, whether they use Virtual machines (VMs) or Lightweight Virtual Machines (LVMs), are designed to program forwarding, probably the most fundamental among all network mechanisms. In this paper instead we demonstrated that there are other (as important) networking mechanisms that need programmability. In particular, we designed, implemented and extensively tested an architecture that enables policy-programmability of (live) migration of LVMs. Migration is used for maintenance, load balancing, or as a security mechanism in what is called Moving Target Defence (a virtual host migrates to hide from an attacker). Our architecture is based on Docker and it is implemented within a Software-Defined Infrastructure. Migration mechanism can be set easily by means of configuration file, to make a novel policybased architecture. We evaluated the performance of our system in several scenarios, over a local Mininet-based testbed. We analyzed the tradeoff between several Load Balancing policies as well as several Moving Target Defense solutions inspired by network coding.

A Policy-Based Architecture for Container Migration in Software Defined Infrastructures / Tao, Xu; Flavio, Esposito; Sacco, Alessio; Marchetto, Guido. - ELETTRONICO. - (2019), pp. 198-202. (Intervento presentato al convegno 2019 IEEE Conference on Network Softwarization (NetSoft) tenutosi a Parigi nel June 2019) [10.1109/NETSOFT.2019.8806659].

A Policy-Based Architecture for Container Migration in Software Defined Infrastructures

Xu Tao;SACCO, ALESSIO;Guido Marchetto
2019

Abstract

Software-Defined Networking (SDN) is a paradigm that enables easier network programmability based on separation between network control plane and data plane. Network Function Virtualization (NFV) is another recent technology that has enabled design, deploy, and management of softwarized networking services. The vast majority of SDN and NFV based architectures, whether they use Virtual machines (VMs) or Lightweight Virtual Machines (LVMs), are designed to program forwarding, probably the most fundamental among all network mechanisms. In this paper instead we demonstrated that there are other (as important) networking mechanisms that need programmability. In particular, we designed, implemented and extensively tested an architecture that enables policy-programmability of (live) migration of LVMs. Migration is used for maintenance, load balancing, or as a security mechanism in what is called Moving Target Defence (a virtual host migrates to hide from an attacker). Our architecture is based on Docker and it is implemented within a Software-Defined Infrastructure. Migration mechanism can be set easily by means of configuration file, to make a novel policybased architecture. We evaluated the performance of our system in several scenarios, over a local Mininet-based testbed. We analyzed the tradeoff between several Load Balancing policies as well as several Moving Target Defense solutions inspired by network coding.
File in questo prodotto:
File Dimensione Formato  
Final_public.pdf

accesso aperto

Descrizione: Articolo principale
Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 839.15 kB
Formato Adobe PDF
839.15 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2752093
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo