Virtual Network Function Placement For Resilient Service...

Virtual Network Function Placement For ResilientService Chain Provisioning

Ali Hmaity, Marco Savi, Francesco Musumeci, Massimo Tornatore, Achille PattavinaPolitecnico di Milano, Department of Electronics, Information and Bioengineering, Milan, Italy

E-mail: [email protected]

Abstract—Virtualization technologies are changing the waynetwork operators deploy and manage Internet services. Inparticular in this study we focus on the new Network FunctionVirtualization (NFV) paradigm, which consists in instantiatingVirtual Network Function (VNFs) in Commercial-Off-The-Shelf(COSTS) hardware. Adopting NFV network operators can dy-namically instantiate Network Functions (NFs) based on currentdemands and network conditions, allowing to save capital andoperational costs. Typically, VNFs are concatenated together ina sequential order to form Service Chains (SCs) that providespecific Internet Services to the users. In this paper we studydifferent approaches to provide the resiliency of SCs againstsingle-link and single-node failures. We propose three IntegerLinear Programming (ILP) models to solve the VNF placementproblem with the VNF service chaining while guaranteeingresiliency against single-node/link, single-link and single-nodefailures. Moreover we evaluate the impact of latency of SCson the VNFs distribution. We show that providing resiliencyagainst both single-link and single-node failures necessitates theactivation of twice the amount of resources in terms of nodes,and that for latency critical services providing resiliency againstsingle-node failures comes at the same cost with respect toresiliency against single-link and single-nodes failures.

I. INTRODUCTION

For network operators, offering new bandwidth-intensiveand latency-constrained (e.g cloud gaming or video stream-ing)Internet services is a challenging task due to the adoptionof proprietary hardware appliances, the high cost of offering,maintaining and integrating these services. Network FunctionsVirtualization (NFV) is a new architectural paradigm thatwas proposed to improve the flexibility of network serviceprovisioning and reduce the time to market of new services[1]. NFV can revolutionize how network operators designtheir infrastructure by leveraging virtualization to separatesoftware instances from hardware appliances, and decouplingfunctionalities from locations for faster service provisioning.NFV supports the instantiation of Virtual Network Function(VNFs) through software virtualization techniques and runsthem on Commercial-Off-The-Shelf (COTS) hardware. Hence,the virtualization of network functions opens the way tothe provisioning of new services without the installation ofnew equipment. It is clear that NFV brings a whole newdimension to the landscape of telecommunication industrymarket due to the possibility of reducing capital investments,energy consumption by consolidating network functions, andby introducing tailored services based on customers needs.Moreover, NFV simplifies service deployment by exploitingthe concept of service chaining [2]: a Service Chain (SC) is a

sequential concatenation of VNFs and/or hardware appliancesto provide a specific Internet service (e.g., VoIP, Web Service,etc.) to the users.Before deploying NFV solutions in operational networks sev-eral challenges regarding performance, availability, securityand survivability need to be tackled. In this work we focuson SCs resiliency against single-link/node failures. To thebest of our knowledge, this is the first study to investigatethe resiliency of SCs provisioning. Our main objective isto model a survivable placement of VNFs while minimizingresources, in terms of number of VNFs instances placed inthe network. We develop three different Integer Linear Pro-gramming (ILP) models to solve the VNF placement problemwith service chaining while guaranteeing resiliency againstsingle-node/single-link, single-link and single-node failures.We show the amount of nodes needed to supply and comparethese results with an Unprotected scenario. Furthermore, weinvestigate the effect of latency on the proposed protectionschemes.

The rest of this paper is organized as follows. SectionII discuss the NFV and the service-chaining concept andoverviews existing works appeared in literature. In SectionIII we present the network model used, while in Section IVwe present the resilient design scenarios and discuss theirfailure prevention potential. In Section V the resilient SCsprovisioning problem is formally stated and the ILP modelsare shown. In Section VI we present the case-studies and showthe obtained numerical results. Finally, conclusion and futurework are discussed in Section VII.

II. RELATED WORKS

NFV is still a concept under standardization. Currently,a number of standardization activities in the NFV area arecarried by ETSI and IETF, [3] [4] [5]. ETSI has defined anarchitectural framework that enables VNFs to be deployed andexecuted on a Network Functions Virtualization Infrastructure(NFVI), which comprises commodity servers logically sepa-rated/partitioned by a software layer. Above the hypervisorlayer, the component in charge of mapping the VNFs tophysical resources, a VNF is mapped to a Virtual Machine(VM) in the NFVI and its deployment and managementis handled by the Management and Orchestration (MANO)system [6].

The problem of embedding SCs into a physical infrastruc-ture can be considered as an extended version of two NP-

𝑣1

𝑣2

𝑣3

𝑣4

𝑣6

𝑣5

Start Point

VNFrequest

2

EndPoint

StartPoint

EndPoint

S𝐂 𝟏

S𝐂 𝟐

VNFrequest

1

VNF1

Phase 1:Mapping VNFsto NFV nodes VNF2 VNF3 VNF4

VNF3VNF4

VNF2

VNF1

Phase 2:Mapping VNF requests toNFV nodes that host VNFs

VNFrequest

3

VNFrequest

4

Fig. 1. Two service chains, each having different VNFs, embedded in thephysical network.

hard problems: The Virtual Network Embedding (VNE) [7],[8]and Location-Routing Problems (LRP) [9]. The similaritywith VNE resides in the fact that SCs can be consideredas virtual networks characterized by a chain topology whereVNFs represent virtual nodes, chained together through virtuallinks that must be mapped to a physical path.The similaritywith LRP consists in jointly considering the problem of findingthe optimal placement of VNFs, among a set of potentiallocations, along with the routing between VNFs. The LRPcombines this two planning tasks and solves them with theobjective to reduce costs of nodes, edges or paths.

Ref [10] formalizes the VNF and SC concepts and developsan ILP model fro the optimal placement of VNF and SCs. Anextended version of this model [11], considers that the upscal-ing of an existing VNF introduces additional cost, whereashosting multiple VNFs within the same physical nodes in-troduces context switching costs. Our model leverages andextends both the above mentioned works. Ref [12] developsan ILP model for the efficient placement of VNFs consideringprocessing-resource sharing. In [13] an Online algorithm thatconsiders jointly the VM placement and routing is proposed.Finally authors in [14] focus on the deployment of VNFs ina hybrid environment where some NFs are virtualized andothers are use specific hardware appliances. In this work wefocus on resiliency of deployed SCs and the impact of the QoS(Quality of Service) requirements on the protection schemeadopted. Some research efforts have focused on resiliency ofVMs. Ref [15] presents a VM placement method to achieveredundancy against host server failures with a minimum setof servers. The idea is to minimize the resources in order toprovide a certain protection level. With respect to our workno consideration is made on the resource sharing and theperformance requirements of the VNFs that run on the VMs.Moreover, the authors focus only on failure that occur withinphysical nodes, while we include also failures of physicallinks. Finally, Ref [16] proposes a model to describe thecomponents of services along with a management system todeploy such information model, with the objective to providean automated and resilient deployment. A part from the

differences in the general approach in Ref [16] focuses onresiliency of single VNF, Whereas we consider the resiliencyof the whole SC.

III. SERVICE CHAINS AND NETWORK MODEL

A. Network modelWe model the physical network as a directed graph com-

posed of a set of physical nodes (which can host VNFs or onlyact as forwarding nodes) and a set of physical link representingthe set of fiber links. Each physical link is associated with abandwidth capacity. The physical nodes equipped with COTShardware are referred to as NFV nodes and can have differentamount of processing capacity in terms of number of VMsthat they can host.

B. Service chains modelService chains are composed by sequential concatenation of

multiple VNFs. To deploy a SC, an operator need to find theright placement of VNFs into the NFV nodes (VNF placementprocess) in the physical network and chain them through aphysical path. Different SCs can share multiple VNFs anddifferent VNFs can be placed into the same physical NFVnode. As shown in Fig. 1, two SCs composed of differentVNFs have both as start point the physical node v1 and asend point the physical node v6. In addition, VNF1 is sharedamong the two SCs and mapped to physical node v2 whichshall be equipped with enough processing capacity to hostsuch VNF.

C. VNF modelGenerally, a VNF is an abstracted object that performs

operations on input traffic. Each VNF has a processing capa-bility which corresponds to the number of CPU Cores that areassigned to the VM that host that VNF. Moreover, we assumethat each service corresponds to one SC modeled through asimple line graph composed by a pair of start/end-points, aset of virtual nodes representing the VNFs and a set of virtuallinks chaining consecutive VNFs requests within the SC1. Inorder to simplify the modeling, the concept of requests aredecoupled from the VNFs that compose the Service chains.In other words, as shown in Fig. 1 (phase 1 and 2), a SC isconsidered as a chain of VNF requests. In order to deploySCs in the network, VNF instances are mapped to NFV nodes(phase 1) and successively, VNF requests are mapped to thoseNFV nodes that hosts the requested VNFs (phase 2). The sameapply for the mapping of end-points, which we assume havefixed location,known a priori, and that they cannot host VNFs.Furthermore, we assume the each SC serves aggregated trafficof a set of users requesting a specific service from a specificphysical location

IV. RESILIENT DESIGN PROTECTION SCHEMES

One important aspect for network operators is to guaranteeservice continuity in case of failures. To achieve such objec-

1We use the term virtual node to indicate the start/end point and the VNFscomposing the SC and refer to to the segment used to chain two consecutiveVNFs within the same SC as virtual link.

Startpoint

VNF1Endpoint

VNF2 VNF3 VNF4

(a) Service chain to be embedded

VNF1VNF2 VNF3

VNF4

VNF1

VNF2VNF3

VNF4

Backup VNF

Primary VNF

Endpoint

Startpoint

(b) End-to-end protection

VNF1

VNF2VNF3

VNF4

Workingpath

protectionpath

Startpoint

Endpoint

(c) Virtual-link protection

VNF1

VNF2

VNF3

VNF1

VNF2

VNF3VNF4

VNF4

primary pathand backup path mightshare the samephysical link

Startpoint

Endpoint

(d) Virtual-node protection

Fig. 2. Proposed protection schemes.

tive, resiliency must be taken into account in the design phase.This means deploying redundancy VNFs instances, whichare kept in standby mode and activated upon the occurrenceof a node or link failure that comprises the service of theprimary VNFs. The redundancy schemes depend on the type offailures. In this section we present the three protection schemesproposed in this work. The redundancy approaches are dividedin the following two categories:

a) On-Site Redundancy: Critical VNFs supporting criti-cal services and customers require fast switchover to backupVNFs in order to ensure availability. In order to ensure latencyexpectation, backup VNFs need to be instantiated on-site(i.e., Centralized Redundancy). Critical VNFs may necessitatea 1+1 level of redundancy while less critical function cantolerate a 1:1 redundancy. The main benefits from a centralizedredundancy is to reduce switchover time, which allow tospeed up the recovery process, and reduce the amount ofVNF internal state information that need to be transfered fromprimary to backup VNFs. Note that this approach does notprovide resiliency against node failures, since primary andbackup VNFs share the same physical location.

b) Off-Site Redundancy: A off-site redundancy architec-ture involves having redundant VNFs placed in (hot or cold)standby mode in selected remote locations or NFVI nodes inthe network operator’s serving region. The intent is to instanti-ate them when there are failed VNFs in many NFVI-Points-of-

Presence (NFVI-PoP). Moreover, this approach can guaranteeresiliency against link and node failures since backup VNFs donot share the same physical locations as primary VNFs. Hence,based on the service criticalness and the resiliency guaranteestargeted the operator can choose between an on-site or an off-site redundancy approach [17].In this work we propose three resiliency protection schemes.The first consists of an end-to-end protection of the entire SC.The idea behind such design is to have a SC that is resilientagainst single-link and single-node failures. To achieve suchgoal a primary SC is embedded in the physical network tosupport the related service in normal conditions and it isprotected through a backup SC which has its VNFs embeddedin different physical locations. The physical paths used tochain primary and backup VNFs must be node disjoint. Fig.2(b) shows an example of such protection scheme, where athe SC illustrated in Fig. 2(a), composed fo four VNFs, is toembedded into the physical network. This protection schemecan be considered as an Off-site redundancy strategy since allbackup VNFs are instantiated in different locations from wherethe primary ones are hosted. In this case, both redundancystrategies 1+1 and 1:1 are possible, depending on the servicelatency requirement and operators’ design objective in termsof resource utilization. Note that both primary and backupphysical paths resulting from the embedding must meet thelatency requirement of the service. We refer to this protectionstrategy as End-to-end protection (E2E-P).

The second protection scheme can be considered as an On-site redundancy protection scheme, with the objective to pro-tect the virtual links used to concatenate the VNFs of a certainSC. Hence, providing resiliency against physical link failures.Each virtual link of the SCs is embedded through two physicalpaths, one primary path and one backup path, which must notshare any physical link, while different primary/backup virtuallinks of the same SC can share common physical links. Anexample of such scenario is shown in Fig. 2(c). We refer tothis protection scheme as Virtual-link protection (Vl-P).

Finally, the last protection scheme provides resiliencyagainst single-node failure. Each VNF composing the SC isinstantiated in two disjoint physical locations, whereas thephysical paths used to concatenate the primary and backupVNFs might share physical links. This protection schemesuits operators’ need when failures occur in nodes withhigher probability with respect to links. An example of thisscenario is shown in Fig. 2(d). We refer to this scenario asVirtual-node protection (Vn-P).

V. PROBLEM STATEMENT

A. Modeling the physical topology

We model the physical network as a directed graph G =(V,E) where V represents the set of physical nodes v ∈ V ,which can host VNFs or act as forwarding nodes, while Erepresents the set of physical links (v, v′) ∈ E which modelhigh-capacity fiber links. Each physical link is associatedwith a latency contribution due to signal transmission andpropagation, denoted with λ(v, v′) and a bandwidth capacity

β(v, v′) . The physical nodes equipped with COTS hardwareare reffered as NFV nodes and can have different amount ofprocessing capacity in terms of number of Virtual machinethat they can host. Finally, we consider a processing-relatedlatency ω(v) : v ∈ V , introduced by NFV nodes. This latencycontribution is proportional to the number of SCs sharing thesame VNF, hence, if a VNF is shared among a high numberof SCs, the context switching latency would impact more thetotal latency.

B. VNF and service chains Modeling

Generally, a VNF is an abstracted object that performsoperations on input traffic. Each VNF f ∈ F has a processingcapability which corresponds to the number of CPU Cores thatare assigned to the VM that host the VNF f . We assume thata VNF shared among different SCs must run on a VM withenough capacity in terms of CPUs and that each VNF requireone CPU core of the VM.Moreover, we assume that each service corresponds to one SCmodeled through a simple line graph Sc = (Ec∪U cGc) whereEc is the set of end-points of the SC, U c is the set of VNFrequests u, while Gc is the set of virtual links (u, u′) chainingrequests u and u′ ∈ U c. In order to simplify the modeling theconcept of requests are decoupled from the actual networkfunctions that compose the Service chains. In other wordsVNFs are mapped to requests through a mapping parameterγcu that specify the network function f ∈ F requested byrequest u ∈ U c, while requests are mapped to physical nodesthrough a decision variable. The same apply for the mappingof end-points, which we assume are fixed location and known apriori. Furthermore, we assume the each SC serve a set of usersrequesting a specific service from a specific physical location,and that each virtual link composing the SC is characterizedby a bandwidth requirement γ(u, u′) : u, u′ ∈ U c, c ∈ C.In addition, each SC is associated with a maximum toleratedlatency, referred to as φ(c) : c ∈ C.

TABLE IPARAMETERS DESCRIPTION FOR THE ILP MODEL

Parameter Domain Description

ηcu c ∈ C, u ∈ Uc Physical start/end pointwhere u is mapped for SC c

γcu c ∈ C Network function requests u for SC c,u ∈ Gc γcu ∈ F

βv,v′ (v, v′) ∈ E Bandwidth capacity of physical link(v, v′)

λv,v′ (v, v′) ∈ E Latency of physical link (v, v′)ωv ∈ E v ∈ V contest switching latency of node v.τcu ∈ F c ∈ C, u ∈ Uc VNF f requested by request u in the SC

cφc c ∈ C Maximum tolerated latency for SC c

Nreq(f) f ∈ F Maximum number of requests of differentSCs that VNF f can handle

NV M (v) v ∈ V Maximum number of virtual machinesthat node v can host

M Big-M parameter

C. ILP models

We now formulate the ILP models for resilient placement ofVNFs. In Table I and Table II we summarize the parametersand the variables used. Given a physical topology, a set of SCs

TABLE IIVARIABLES DESCRIPTION FOR THE ILP MODELS

Variable Domain Description

mcu,v ∈ {0, 1}

c ∈ C, u ∈Ucv ∈ V

Binary variable equal to 1iff the primary VNF requestu of SC c is mapped tophysical node v

ncu,v ∈ {0, 1}

c ∈ C, u ∈Ucv ∈ V

Binary variable equal to 1iff the backup VNF requestu of SC c is mapped tophysical node v

xcv,v′,x,y,u,u′ ∈

{0, 1}c ∈ C, (v, v′) ∈E, x ∈ V, y ∈V, (u, u′) ∈ Gc

Binary variable equal to 1iff the physical link (v, v′)belongs to the path betweennodes x and y where pri-mary VNFs requests u andu′ for SC c are mapped,otherwise, 0

ycv,v′,x,y,u,u′ ∈ {0, 1}

c ∈ C, (v, v′) ∈E, x ∈ V, y ∈V, (u, u′) ∈ Gc

Binary variable equal to 1iff the physical link (v, v′)belongs to the path betweenx and y where backupVNFs requests u and u′ forSC c are mapped, otherwise0

if,v ∈ {0, 1}f ∈ F ,v ∈ V Binary variable equal to 1

iff VNF f is hosted byphysical node v otherwise 0

av ∈ {0, 1}v ∈ V Binary variable equal to 1

iff node v hosts at least oneVNF.

to be deployed in the network, we want to find the optimalplacement of VNFs such that:

• The number of VNF nodes is minimized.• Latency requirements of SCs are met.• Resiliency is achieved according to the goals of the above

mentioned scenarios (see Fig. 2 of section IV).

Objective function

Minimize∑v∈V

av (1)

We consider three types of constraints to solve this problems,namely: Placement constraint, routing constraints and perfor-mance constraints. Due to space limitation we show only theconstraints for the E2E-P protection scenario and give a briefdescription of what differs in the other two scenarios, Vl-Pand Vn-P.Placement constraintsConstraints (2a) and (2b) force each primary/backup VNF tobe mapped to one single node. Equations 2c) and (2d statethat a corresponding VNF f is mapped to physical node vonly if there is a primary/backup VNF request. Constraint (2e)enforces that primary and backup VNF request u cannot bemapped to the same node (node disjointness).

∑v∈V m

cu,v = 1 ∀c ∈ C, u ∈ U c (2a)∑

v∈V ncu,v = 1 ∀c ∈ C, u ∈ U c (2b)

if,v ≤∑

u∈Uc:γcu=f

mcu,v + ncu,v ∀f ∈ F, v ∈ V (2c)

∑u∈Uc:γc

u=f

mcu,v + ncu,v ≤M · if,v ∀f ∈ F, v ∈ V (2d)

mcu,v + ncu,v ≤ 1 ∀u ∈ U c, c ∈ C, v ∈ V : v 6= ηcu (2e)

Routing constraintsConstraints (3a) [(3b)] ensure that a physical link (v, v′) canbelong to a path between two nodes x and y for a virtuallink (u, u′) of the SC c only if two consecutive primary[backup] VNF requests u and u′ are mapped to these nodes,respectively. Note that equations (3a)-(4d) contain products ofbinary variables that we linearize in order to solve the ILPmodels.

wcv,v′,x,y,u,u′ ≤ mcu,x·mc

u′,y (3a)

∀c ∈ C, (v, v′) ∈ E, x, y ∈ V, (u, u′) ∈ Gc

pcv,v′,x,y,u,u′ ≤ ncu,x·ncu′,y (3b)

∀c ∈ C, (v, v′) ∈ E, x, y ∈ V, (u, u′) ∈ Gc

Equations (4a)-(4b) [(4c)-(4d)] are source and destinationsconstraints for primary and backup VNF requests, respectively.They ensure that a virtual link starts in node x where primary[backup] start-point request u of SC c is mapped, and that thevirtual link end in node y where primary [backup] end-pointrequests u′ of SC c is mapped.∑

(x,v)∈E:x,y∈V wcx,v,x,y,u,u′ ·mcu,x ·mc

u′,y = 1 (4a)

∀c ∈ C, (u, u′) ∈ Gc∑(v,y)∈E:x,y∈V wcv,y,x,y,u,u′ ·mc

u,x ·mcu′,y = 1 (4b)

∀c ∈ C, (u, u′) ∈ Gc∑(x,v)∈E:x,y∈V pcx,v,x,y,u,u′ ·ncu,x · ncu′,y = 1 (4c)

∀c ∈ C, (u, u′) ∈ Gc∑(v,y)∈E:x,y∈V pcv,y,x,y,u,u′ ·ncu,x · ncu′,y = 1 (4d)

∀c ∈ C, (u, u′) ∈ Gc

During the mapping of primary/backup VNF requests on aphysical path between x and y incoming links for the node xare not considered, constraint (5a), and no outgoing link fornode y is considered (constraint (5b)∑(v,x)∈E:v∈V

wcv,x,x,y,u,u′ =∑

(v,x)∈E:v∈V

pcv,x,x,y,u,u′ = 0 (5a)

∀c ∈ C, x ∈ V, y ∈ V : x 6= y, (u, u′) ∈ Gc∑(y,v)∈E:v∈V

wcy,v,x,y,u,u′ =∑

(y,v)∈E:v∈V

pcy,v,x,y,u,u′ = 0 (5b)

∀c ∈ C, x ∈ V, y ∈ V : x 6= y, (u, u′) ∈ Gc

Constraints (6a)-(6d) are transit constraints for primary/backupVNF requests. In particular, constraints (6a) and (6b) ensurethat for any intermediate node ω within the physical pathbetween x and y, if one of the incoming links belong to theprimary/backup physical path, then also one of its outgoing

links belong to the physical path. While constraints (6c) [(6d)]avoid the use of multiple incoming [outgoing] links of theintermediate node.∑

(v,w)∈E:v∈V

wcv,w,x,y,u,u′ =∑

(w,v′)∈E:v∈V

wcw,v′,x,y,u,u′ (6a)

∀c ∈ C,w ∈ V, x, y ∈ V : x 6= w, y 6= w, (u, u′) ∈ Gc∑(v,w)∈E:v∈V

pcv,w,x,y,u,u′ =∑

(w,v′)∈E:v∈V

pcw,v′,x,y,u,u′ (6b)


wcv,w,x,y,u,u′ ≤ 1 (6c)


pcv,w,x,y,u,u′ ≤ 1 (6d)

∀c ∈ C,w ∈ V, x, y ∈ V : x 6= w, y 6= w, (u, u′) ∈ Gc

Finally, constraint (7a) ensures that a physical link (v, v′) iswhether part of the primary physical path or in the backupphysical path used for the embedding of all VNF request ofSC c. ∑

(u,u′)∈Gc

wcv,v′,x,y,u,u′ + pcv,v′,x,y,u,u′ ≤ 1 (7a)

∀c ∈ C, x, y, v, v′ ∈ V : (v, v′) ∧ (v′, v) ∈ E

Latency and capacity constraints

∑f∈F

if,v ≤M.av ∀v ∈ V (8a)

av ≤∑f∈F

if,v ∀v ∈ V (8b)∑c∈C

(u,u′)∈Gc

x,v∈V

(wcv,v′,x,y,u,u′ + pcv,v′,x,y,u,u′) · βu,u′ ≤ Cv,v′ (8c)

∀(v, v′) ∈ E

σcw =∑

v∈V,u∈Uc

mcu,v · ωv ∀c ∈ C (8d)

σcp =∑

v∈V,u∈Uc

ncu,v · ωv ∀c ∈ C (8e)∑x,v∈V

(u,u′)∈Gc

(v,v′)∈E

(wcv,v′,x,y,u,u′ · λv,v′) + σcw ≤ φc ∀c ∈ C (8f)

∑x,v∈V

(u,u′)∈Gc

(v,v′)∈E

(pcv,v′,x,y,u,u′ · λv,v′) + σcp ≤ φc ∀c ∈ C (8g)

∑f∈F

if,v ≤ NVM (v) ∀v ∈ V (8h)∑c∈C

u∈Uc:γcu=f

mcu,v + ncu,v ≤ Nreq(f) ∀v ∈ V, f ∈ F (8i)

Constraints (8a)-(8b) select the active NFV nodes. A node isconsidered active if it hosts at least one single VNF. Constraint(8c) ensures that link capacity is not exceeded, whereas con-straints (8d) and (8e) compute the context switching latencycontribution σcw and σcp for primary and backup embedding ofSC c, respectively. The maximum latency of primary/backupembedding of SC c are constrained in (8f)-(8g). Finally, themaximum number of VMs that node v can host is boundedby (8h), and the number of parallel requests that a given VNFcan serve is constrained in (8i).

D. Modeling other scenarios

With respect to the E2E-P, in the Vl-P we must ensurethat the primary and backup physical path used to map acertain virtual link of a SC do not share any physical link.and no node disjointness constraint is required. Here the linkdisjointness is applied considering only one single virtual linkat the time. Finally, for the Vn-P scenario, only the nodedisjointness constraint apply and no disjointness constraintsbetween primary/backup physical paths are needed since theycan use the same physical links.

E. Problem complexity

The total number of variables and constraints of the E2E-Poptimization problems can be calculated using the followingformulas:

Nvars = |V | · (2 · |C||̇U c|+2 · |C||E||V ||Gc|+ |F |+1) (9)

Nconst = |C| · (2 · |U c|+ |U c||V |+ 2 · |E||Gc||V |2+4 · |Gc|+ |V |2 + 4 · |V |3|Gc|+ |V |2|E|+ 4)+

3 · |V | · (|F |+ 1) + |E|(10)

In both equations we observe that the dominant term forvariables and constraints is 2 · |E||Gc||V |2. Thus, the problemcomplexity, for all proposed protection scenarios, given by thesum of the number of variables and number of constraints isin the order of O(|Gc| · |E| · |C| · |V |2).

VI. CASE STUDY AND RESULTS

In this section we present and discuss the results of theILP models shown in section V. To solve the ILP problemsCPLEX 12.6.1.0 installed on hardware platform equipped with8× 2 GHz processor and 8 Gb of RAM. In order to evaluatethe impact of latency requirements on the protection scenarioswe investigated the embedding of two types of services chains:The first one with stringent latency requirement (On-line Gam-ing) and second one with non stringent latency requirements(Web Service). The maximum end-to-end tolerated latency forthese services has be set to 500 ms for Web-service and 60 msfor Online-Gaming [11]. Table III shows the VNFs composingboth SCs, their bandwidth requirements and maximum allowedlatency. Due to the hardness of the optimization problem, weconsidered only two SCs in each optimization run and solvedthe ILP models for two homogeneous cases, when 2 SCsof the same type are embedded in the network, and for oneheterogeneous case, when the two SC types are embedded in

the network. As physical topology we considered the NSFNETnetwork (14 nodes and 22 bidirectional links). In addition, weassume that all the physical nodes are NFV nodes and canact as start/end points of SCs. Each NFV node is assumed tohave the same capacity in terms of VMs they can accomodate.We set the context switching delay to 4 ms per VNF andassume that link capacity is 1 Gbps (i.e., link capacity is nota strict constraint). Moreover, we assume that the bandwidthrequirements of virtual links chaining VNFs is the same forthe whole SC (i.e, data rate do not change at the output ofthe VNFs). These results were obtained averaging the resultsof 10 instances, for each value of nodes capacity and eachprotection scenario, considering different pairs of start/endpoints at each instance. Fig. 3(a), Fig. 3(b) and Fig. 3(c)show the average number of active nodes needed to support ofthe proposed protection scenarios for different values of nodecapacity (number of VMs that a node can host).

TABLE IIIPERFORMANCE REQUIREMENTS FOR THE SERVICE CHAINS

Service Chain Chained VNFs β φcWeb-Service NAT-FW-TM-WOC-IDPS 100 kbit/s 500 ms

Online-Gaming NAT-FW-VOC-WOC-IDPS 50 kbit/s 60 ms

NAT: Network Address Translator, FW: Firewall, TM:Traffic Monitor,WOC: WAN Optimization Controller, IDPS: Intrusion Detection Prevention

System, VOC: Video Optimization Controller

A. Impact of latency

Fig. 3(a) presents the number of active nodes for the lessstringent SC in terms of latency (Web-Service). We observethat all protection scenarios are possible and that the Vl-Pscenario activates the same amount of Unprotected Scenario.We note that a service with low requirements on latency can beprotected against single-link failures (Vl-P) with no additionalNFV nodes with respect to the Unprotected case (baseline).On the other hand, providing protection against both single-link and single failure (E2E-P) requires the activation of twicethe amount of NFV nodes. In case of SCs with high latencyrequirements, in Fig. 3(b), we observe that all scenarios leadto infeasible solutions when only two VMs are allowed pernode, mainly due to the fact that distributing VNFs among highnumber of nodes increases the latency of physical paths neededto chain the VNFs and consequently violates the latencyconstraint. We also observe that the unprotected scenario,considered as baseline case, requires at least three VM perVNF node to meet latency requirement. Different results wereobtained for the Vl-P case which is infeasible independentlyfrom node capacity. This means that the operator is constrainedto place backup VNFs “Off-site” to provide resiliency againstonly single-link failures, when only latency critical SCs aredeployed. In this case, it is preferable to provide resiliencyagainst both node and link failures (E2E-P) rather than provideprotection against only node failures (Vn-P) since both sce-narios activates the same number of NFV nodes independentlyfrom node capacity. For the heterogeneous scenario shownin Fig. 3(c), all protection scenarios are possible with at

0

2

4

6

8

10

12

2 3 4 5 6 7 8

Nu

mb

er o

f ac

tive

NFV

no

des

Node capacity

UnPro Vl-P Vn-P Tot-P

(a) Web-service

0

2

4

6

8

10

12

2 3 4 5 6 7 8

Nu

mb

er o

f ac

tive

NFV

nodes

Node capacity

(b) Heterogeneous

0

2

4

6

8

10

12

2 3 4 5 6 7 8

Nu

mb

er o

f ac

tive

NFV

no

des

Node cpacity

(c) Online-gaming

Fig. 3. Comparison of the proposed protection scenarios for different latencyrequirements

least 2 VMs except from the Vl-P scenario which is onlypossible starting from 5 VMs. In terms of latency, it meansthat deploying SCs with different latency requirements andsharing VNFs between SCs can guarantee resiliency with asmall number of VMs, and consequently less failure impactwithin NFV nodes. On the other hand, for Vn-P and E2E-Pprotection scenarios, deploying the same SCs or different SCsin terms of latency requirements does not impact resources interms of NFV nodes as similar results were obtained in bothhomogeneous and heterogeneous cases starting from 3 VMsper node, except from the case of On-line gaming SCs when2 VMs are allowed per node.

B. Effect of node capacity

As can be seen from Fig. 3(a), 3(b) and 3(c), increasingnode capacity allows to decrease the number of NFV nodesirrespectively from the type of SCs deployed. In general, weobserve that the number of active nodes is halved for allprotection scenarios, when increasing the number of VMs pernode from 2 to 5. Further increase of node capacity doesnot impact the number of active nodes, which means thatVNF consolidation is limited by latency, as consolidating moreVNFs into less nodes would increase the impact of contextswitching latency.

0

10

20

30

40

50

60

E2E-

PV

n-P

Vl-

Pu

np

ro

E2E-

PV

n-P

Vl-

Pu

np

ro

E2E-

PV

n-P

Vl-

Pu

np

ro

E2E-

PV

n-P

Vl-

Pu

np

ro

E2E-

PV

n-P

Vl-

Pu

np

ro

E2E-

PV

n-P

Vl-

Pu

np

ro

E2E-

PV

n-P

Vl-

Pu

np

ro

2 3 4 5 6 7 8

Ave

rage

ho

p c

ou

t

Node capacity

E2E-P workingE2e-P backupVn-P workingVn-P backupVl-P workingVl-P backupUnpro

Fig. 4. primary/backup path lengths with respect to node capacity.

C. Impact of node capacity on the average hop count

We analyzed the impact of node capacity on the aver-age length of primary/backup physical paths of all proposedprotection strategies. In Fig.4 we show the primary/backuppaths lengths when 2 SCs with low requirements on latencyare deployed. These results were obtained by averaging thepaths lengths of 5 start/end point pairs randomly selected andtested for all protection scenarios. We observe that at theincreasing of node capacity the length of the primary pathdoes not change significantly, for all protection strategies.Different results are observable in case of backup primarypaths, where it is clear that increasing node capacity does notmean reducing backup paths lengths. This is shown by the factthat allowing more than 5 VMs per nodes does not reduce the

average backup path length, meaning that a trade-off betweenconsolidation of VNFs and link capacity exist.

VII. CONCLUSIONS

In this work we proposed three different protection strate-gies to provide resilient SCs deployment against single-node,single-link, single-node and single-link failures. We reportedthe formulation of one of them through ILP, solved the ILPmodels considering a small number of SCs with differentlatency requirements, and found that a trade-off between nodecapacity and latency of the deployed SCs. In our small-scalescenario, we conclude that in order to provide resiliency toSCs against single-link and single-node failures up to 107%more NFV nodes are needed with respect to the unprotectedscenarios and the case where only single-link failures aretargeted. Future steps of this work aim at developing anheuristic model to allow solving larger instances (large numberof SCs) in reasonable time. We also aim at extending theproposed models with a shared protection scheme.

ACKNOWLEDGMENT

This research has received fundings from the EuropeanCommunity Seventh Framework Program FP7/2013-2015 un-der grant agreement no. 317762 COMBO project, and fromCOST ACTION 15127 RECODIS (Resilient CommunicationServices Protecting end-user Applications from Disaster-basedFailures).

REFERENCES

[1] Network Functions Virtualisation, “Draft ETSI GS NFV-SEC 001 v0.2.1(2014-06),” 2014.

[2] J. Halpern and C. Pignataro, “Service Function Chaining (SFC) Archi-tecture,” Tech. Rep., 2015.

[3] R. Guerzoni et al., “Network functions virtualisation: an introduction,benefits, enablers, challenges and call for action, introductory whitepaper,” in SDN and OpenFlow World Congress, 2012.

[4] W. Liu, H. Li, O. Huang, M. Boucadair, N. Leymann, Z. Cao, Q. Sun,and C. Pham, “Service Function Chaining (SFC) general use cases,” Eu-ropean Telecommunication Stadards Institute (ETSI), Service FunctionsChaining (SFC) framework, Tech. Rep., 2014.

[5] M. Boucadair, C. Jacquenet, R. Parker, D. Lopez, J. Guichard, andC. Pignataro, “Service function chaining: Framework & architecture,”ETSI-Service Functions Chaining (SFC) framework, Tech. Rep., 2013.

[6] R. Mijumbi, J. Serrat, J. l. Gorricho, S. Latre, M. Charalambides,and D. Lopez, “Management and orchestration challenges in networkfunctions virtualization,” IEEE Communications Magazine, vol. 54,no. 1, pp. 98–105, January 2016.

[7] A. Fischer, J. F. Botero, M. Till Beck, H. De Meer, and X. Hessel-bach, “Virtual Network Embedding (VNE): A survey,” CommunicationsSurveys & Tutorials, IEEE, vol. 15, no. 4, pp. 1888–1906, 2013.

[8] M. R. Rahman and R. Boutaba, “SVNE: Survivable virtual networkembedding algorithms for network virtualization,” IEEE Transactionson Network and Service Management, vol. 10, no. 2, pp. 105–118, June2013.

[9] C. Prodhon and C. Prins, “A survey of recent research on location-routing problems,” European Journal of Operational Research, vol. 238,no. 1, pp. 1–17, 2014.

[10] S. Mehraghdam, M. Keller, and H. Karl, “Specifying and placing chainsof virtual network functions,” in IEEE 3rd International Conference onCloud Networking (CloudNet). IEEE, 2014, pp. 7–13.

[11] M. Savi, M. Tornatore, and G. Verticale, “Impact of processing costs onservice chain placement in network functions virtualization,” in IEEEConference on Network Function Virtualization and Software DefinedNetwork (NFV-SDN), Nov 2015, pp. 191–197.

[12] I. Cerrato, M. Annarumma, and F. Risso, “Supporting fine-grainednetwork functions through intel DPDK,” in Third European Workshopon Software Defined Networks (EWSDN). IEEE, 2014, pp. 1–6.

[13] J. W. Jiang, T. Lan, S. Ha, M. Chen, and M. Chiang, “Joint vm placementand routing for data center traffic engineering,” in IEEE Conference onInformation Communication (INFOCOM). IEEE, 2012, pp. 2876–2880.

[14] H. Moens and F. De Turck, “VNF-P: A model for efficient placementof virtualized network functions,” in 10th International Conference onNetwork and Service Management (CNSM). IEEE, 2014, pp. 418–423.

[15] F. Machida, M. Kawato, and Y. Maeno, “Redundant virtual machineplacement for fault-tolerant consolidated server clusters,” in IEEE Net-work Operations and Management Symposium (NOMS), April 2010, pp.32–39.

[16] M. Scholler, M. Stiemerling, A. Ripke, and R. Bless, “Resilient deploy-ment of virtual network functions,” in the 5th International Congress onUltra Modern Telecommunications and Control Systems and Workshops(ICUMT). IEEE, 2013, pp. 208–214.

[17] ETSI, “GS NFV-REL 001 v1. 1.1: Network functions virtualisation(nfv);resiliency requirements,” ETSI industry Specfication Group (ISG) Net-work Functions Virtualisation (NFV), Tech. Rep., 2015.

Virtual Network Function Placement For Resilient Service...

Documents

Transcript of Virtual Network Function Placement For Resilient Service...