Future Internet 2018, 10(6), 46; https://doi.org/10.3390/fi10060046
A Tiered Control Plane Model for Service Function Chaining Isolation
Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2815 Gjøvik, Norway
*
Author to whom correspondence should be addressed.
Received: 28 March 2018 / Revised: 18 May 2018 / Accepted: 2 June 2018 / Published: 4 June 2018
(This article belongs to the Special Issue Software Defined Networking (SDN) and Network Function Virtualization (NFV))
Abstract
This article presents an architecture for encryption automation in interconnected Network Function Virtualization (NFV) domains. Current NFV implementations are designed for deployment within trusted domains, where overlay networks with static trusted links are utilized for enabling network security. Nevertheless, within a Service Function Chain (SFC), Virtual Network Function (VNF) flows cannot be isolated and end-to-end encrypted because each VNF requires direct access to the overall SFC data-flow. This restricts both end-users and Service Providers from enabling end-to-end security, and in extended VNF isolation within the SFC data traffic. Encrypting data flows on a per-flow basis results in an extensive amount of secure tunnels, which cannot scale efficiently in manual configurations. Additionally, creating secure data plane tunnels between NFV providers requires secure exchange of key parameters, and the establishment of an east–west control plane protocol. In this article, we present an architecture focusing on these two problems, investigating how overlay networks can be created, isolated, and secured dynamically. Accordingly, we propose an architecture for automated establishment of encrypted tunnels in NFV, which introduces a novel, tiered east–west communication channel between network controllers in a multi-domain environment. View Full-TextKeywords:
software defined networks; service function chain; virtual network functions; border gateway protocol; traffic isolation; key management services
▼
Figures
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

Share & Cite This Article
MDPI and ACS Style
Gunleifsen, H.; Gkioulos, V.; Kemmerich, T. A Tiered Control Plane Model for Service Function Chaining Isolation. Future Internet 2018, 10, 46.
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.
Related Articles
Article Metrics
Comments
[Return to top]
Future Internet
EISSN 1999-5903
Published by MDPI AG, Basel, Switzerland
RSS
E-Mail Table of Contents Alert