verification of nfv services : problem statement and challenges...
TRANSCRIPT
![Page 1: Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea](https://reader030.vdocuments.us/reader030/viewer/2022032704/56649d6d5503460f94a4e094/html5/thumbnails/1.jpg)
Verification of NFV Services : Problem
Statement and Challengesdraft-shin-nfvrg-service-verification-01
M-K. Shin, ETRIK. Nam, Friesty
S. Pack, Korea Univ. S. Lee, ETRI
Tae-wan Kim, LG U+ NFVRG Meeting@IETF92, Dallas
![Page 2: Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea](https://reader030.vdocuments.us/reader030/viewer/2022032704/56649d6d5503460f94a4e094/html5/thumbnails/2.jpg)
Update since IETF91New Title
Verification of NFV Services : Problem Statement and Challenges
A co-author addedTae-wan Kim from operators
Verification framework is newly revised and discussed based on the latest NFV phase-2 works (e.g., terms, framework, etc.)
Table of Contents1. Introduction2. Problem statement : Property to be checked 2.1 Dependencies of Network Service Components 2.2 Loop-Free in VNF FGs 2.3 Load Balancing and Optimization among VNF Instances 2.4 Policy and State Consistency 2.5 Performance 2.6 Security 3. Minimal Requirements4. Architectural Framework 4.1 Properties and Invariants 4.2 APIs5. Challenging Issues6. Security Considerations
2
![Page 3: Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea](https://reader030.vdocuments.us/reader030/viewer/2022032704/56649d6d5503460f94a4e094/html5/thumbnails/3.jpg)
Motivation and Problems
Motivation Check consistency and safety of network service configurations on virtual and physical resources Incomplete or inconsistent configuration of VNF and
forwarding graph (FG, aka service chain) could cause break-down of the supporting infrastructure.
Network and service properties to be checked1. Dependencies of Network Service Components
2. Loop-Free in VNF FGs
3. Policy and State Consistency
4. Load Balancing and Optimization among VNF Instances
5. Performance Bottleneck
6. Security Hole 3
![Page 4: Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea](https://reader030.vdocuments.us/reader030/viewer/2022032704/56649d6d5503460f94a4e094/html5/thumbnails/4.jpg)
Properties (NFV vs. SDN)NFV context (Service-level)
SDN context (Network-level)
Dependency of network service components (e.g., network controller vs. VNF/resource manager/orchestrator)
No blackhole (e.g., no packet loss)
Loop-free in VNF FGs (aka. ser-vice chains)
Loop-free (e.g, routing/switch-ing)
Load balancing and optimiza-tion in VNF FGs (aka. service chains)
Flow table rule consistency be-tween multiple applications (E.g., OpenFlow)
Policy and state consistency (e.g., end-to-end context, vir-tual vs. physical resource, etc.)
Dynamic info/statistics consis-tency (e.g., flow, port, QoS, etc.)
Performance Consistency with legacy L2/L3 protocols (e.g., STP)
Security (L4-L7) Security (L3 firewall, etc.) 4
![Page 5: Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea](https://reader030.vdocuments.us/reader030/viewer/2022032704/56649d6d5503460f94a4e094/html5/thumbnails/5.jpg)
Minimal RequirementsR1 : It SHOULD be able to check global and local properties and invariants. (E.g., Loop-freeness and resource isolation between VNFs can be regarded as global. The policies that are related only to the specific network controllers or devices are local.)
R2 : It SHOULD be able to access to the entire resource DBs as well as network states whenever verification tasks are started.
R3 : It SHOULD be independent from specific solutions and frameworks, and APIs.
R4 : It SHOULD process standard protocols such as Netconf, YANG, OpenFlow, I2RS, etc. and northbound and southbound interfaces that are related network configurations, and used by OSS.
5
![Page 6: Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea](https://reader030.vdocuments.us/reader030/viewer/2022032704/56649d6d5503460f94a4e094/html5/thumbnails/6.jpg)
Verification Framework
Option 1 : Verification Manager in MANO
Option 2 : OSS interaction
Option 3 : VNF instances
6
![Page 7: Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea](https://reader030.vdocuments.us/reader030/viewer/2022032704/56649d6d5503460f94a4e094/html5/thumbnails/7.jpg)
Note that Verification Service and Verification Manager in the NFV MANO should communicate using APIs to accomplish the verification tasks.
Computing
Hardware
StorageHardware
NetworkHardware
Hardware resources
Virtualisation Layer
VirtualisedInfrastructu
reManager(s)
VNFManager(
s)VNF 2
OSS/BSS
NFVI
VNF 3VNF 1
Virtual Computin
g
Virtual Storage
Virtual Network
EMS 2 EMS 3EMS 1
Orchestrator
Service, VNF and Infrastructure Description Verification
Server
NetworkStates
DB
Verifier
PropertyLibrary
Compiler &
Interpreter
APIs
Verification FrameworkMANO
Verification
Manager
7
Option 1
![Page 8: Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea](https://reader030.vdocuments.us/reader030/viewer/2022032704/56649d6d5503460f94a4e094/html5/thumbnails/8.jpg)
VerificationServer
NetworkStates DB
Verifier
Property Library
Compiler & Interpreter
APIs
VerificationService
8
Computing
Hardware
StorageHardware
NetworkHardware
Hardware resources
Virtualisation Layer
VirtualisedInfrastructu
reManager(s)
VNFManager(
s)VNF 2
OSS/BSS
NFVI
VNF 3VNF 1
Virtual Computin
g
Virtual Storage
Virtual Network
EMS 2 EMS 3EMS 1
Orchestrator
Service, VNF and Infrastructure Description
MANOOption 2
![Page 9: Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea](https://reader030.vdocuments.us/reader030/viewer/2022032704/56649d6d5503460f94a4e094/html5/thumbnails/9.jpg)
Computing
Hardware
StorageHardware
NetworkHardware
Hardware resources
Virtualisation Layer
VirtualisedInfrastructu
reManager(s)
VNFManager(
s)VNF 2
OSS/BSS
NFVI
VNF 3Verification(VNF)
Virtual Computin
g
Virtual Storage
Virtual Network
EMS 2 EMS 3Verification(EMS 1)
Orchestrator
Service, VNF and Infrastructure Description
MANO
9
Option 3
![Page 10: Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea](https://reader030.vdocuments.us/reader030/viewer/2022032704/56649d6d5503460f94a4e094/html5/thumbnails/10.jpg)
Challenging IssuesFinding infinite loops
General solutions for the infinite loop can lead to intractable problem (e.g. the halting problem). To make the verification practical and minimize the complexity, some of the restrictions are required.
Real-time verificationA few invariants can be checked in real-time but it would be impossible if the size of VNFs increases or properties checked are complex.
Languages and their semanticsNetwork service descriptions in NFV need to be precisely expressed using appropriate semantics (e.g., formal method). Languages and semantic models optimized to the verification framework need to selected or newly developed.
10
![Page 11: Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI K. Nam, Friesty S. Pack, Korea](https://reader030.vdocuments.us/reader030/viewer/2022032704/56649d6d5503460f94a4e094/html5/thumbnails/11.jpg)
Next StepCollect more requirements from operators and collaborate with ETSI NFV TST WG
Investigate and be involved in open source projects (e.g., OPNFV as well as Open Daylight)
Adopt as a RG document
11