乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,6,23]],"date-time":"2024-06-23T10:29:50Z","timestamp":1719138590093},"reference-count":30,"publisher":"MDPI AG","issue":"6","license":[{"start":{"date-parts":[[2018,6,4]],"date-time":"2018-06-04T00:00:00Z","timestamp":1528070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"This article presents an architecture for encryption automation in interconnected Network Function Virtualization (NFV) domains. Current NFV implementations are designed for deployment within trusted domains, where overlay networks with static trusted links are utilized for enabling network security. Nevertheless, within a Service Function Chain (SFC), Virtual Network Function (VNF) flows cannot be isolated and end-to-end encrypted because each VNF requires direct access to the overall SFC data-flow. This restricts both end-users and Service Providers from enabling end-to-end security, and in extended VNF isolation within the SFC data traffic. Encrypting data flows on a per-flow basis results in an extensive amount of secure tunnels, which cannot scale efficiently in manual configurations. Additionally, creating secure data plane tunnels between NFV providers requires secure exchange of key parameters, and the establishment of an east\u2013west control plane protocol. In this article, we present an architecture focusing on these two problems, investigating how overlay networks can be created, isolated, and secured dynamically. Accordingly, we propose an architecture for automated establishment of encrypted tunnels in NFV, which introduces a novel, tiered east\u2013west communication channel between network controllers in a multi-domain environment.<\/jats:p>","DOI":"10.3390\/fi10060046","type":"journal-article","created":{"date-parts":[[2018,6,4]],"date-time":"2018-06-04T16:14:30Z","timestamp":1528128870000},"page":"46","source":"Crossref","is-referenced-by-count":6,"title":["A Tiered Control Plane Model for Service Function Chaining Isolation"],"prefix":"10.3390","volume":"10","author":[{"ORCID":"http:\/\/orcid.org\/0000-0002-4498-3235","authenticated-orcid":false,"given":"H\u00e5kon","family":"Gunleifsen","sequence":"first","affiliation":[{"name":"Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2815 Gj\u00f8vik, Norway"}]},{"given":"Vasileios","family":"Gkioulos","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2815 Gj\u00f8vik, Norway"}]},{"given":"Thomas","family":"Kemmerich","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology, 2815 Gj\u00f8vik, Norway"}]}],"member":"1968","published-online":{"date-parts":[[2018,6,4]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Quinn, P., and Elzur, U. (2017). Network Service Header, Internet Engineering Task Force. Work in Progress.","DOI":"10.17487\/RFC8300"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Farrel, A., Bryant, S., and Drake, J. (2018). An MPLS-Based Forwarding Plane for Service Function Chaining, Internet Engineering Task Force. Work in Progress.","DOI":"10.17487\/RFC8595"},{"key":"ref_3","unstructured":"Gunleifsen, H., Kemmerich, T., and Petrovic, S. (2016). An End-to-End Security Model of Inter-Domain Communication in Network Function Virtualization, Norsk Informasjonssikkerhetskonferanse (NISK)."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"B62","DOI":"10.1364\/JOCN.7.000B62","article-title":"Integrated SDN\/NFV management and orchestration architecture for dynamic deployment of virtual SDN control instances for virtual tenant networks","volume":"7","author":"Vilalta","year":"2015","journal-title":"J. Opt. Commun. Netw."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Chowdhury, N.M.K., Rahman, M.R., and Boutaba, R. (2009, January 19\u201325). Virtual network embedding with coordinated node and link mapping. Proceedings of the 2009 Conference on Computer Communications, Rio de Janeiro, Brazil.","DOI":"10.1109\/INFCOM.2009.5061987"},{"key":"ref_6","unstructured":"Yin, H., Xie, H., Tsou, T., Lopez, D.R., Aranda, P.A., and Sidi, R. (2012). SDNi: A Message Exchange Protocol for Software Defined Networks (SDNS) across Multiple Domains, Internet Engineering Task Force. Work in Progress."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Haleplidis, E., Joachimpillai, D., Salim, J.H., Lopez, D., Martin, J., Pentikousis, K., Denazis, S., and Koufopavlou, O. (2014, January 1\u20133). ForCES applicability to SDN-enhanced NFV. Proceedings of the 2014 Third European Workshop on Software Defined Networks (EWSDN), Budapest, Hungary.","DOI":"10.1109\/EWSDN.2014.27"},{"key":"ref_8","unstructured":"European Telecommunications Standards Institute (ETSI) (2018, June 03). Network Function Virtualization (NFV). Report on SDN Usage in NFV Architectural Framework. Available online: http:\/\/www.etsi.org\/deliver\/etsi_gs\/NFV-EVE\/001_099\/005\/01.01.01_60\/gs_NFV-EVE005v010101p.pdf."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Kulkarni, S., Arumaithurai, M., Ramakrishnan, K., and Fu, X. (2017, January 7\u20139). Neo-NSH: Towards scalable and efficient dynamic service function chaining of elastic network functions. Proceedings of the 2017 20th Conference on Innovations in Clouds, Internet and Networks (ICIN), Paris, France.","DOI":"10.1109\/ICIN.2017.7899429"},{"key":"ref_10","unstructured":"Farrel, A., Drake, J., Rosen, E.C., Uttaro, J., and Jalil, L. (2017). BGP Control Plane for NSH SFC, Internet Engineering Task Force. Work in Progress."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Quinn, P., Elzur, U., and Pignataro, C. (2018, June 03). Network Service Header (NSH)-[Review]. Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc8300.txt.","DOI":"10.17487\/RFC8300"},{"key":"ref_12","unstructured":"Internet Engineering Task Force (2015). Authenticated and Encrypted NSH Service Chains, Internet Engineering Task Force. Internet-Draft Draft-Reddy-SFC-NSH-Encrypt-00."},{"key":"ref_13","unstructured":"Lopez, R., and Lopez-Millan, G. (2017). Software-Defined Networking (SDN)-Based IPsec Flow Protection, Internet Engineering Task Force. Internet-DraFt Draft-Abad-I2NSF-SDN-IPsec-Flow-Protection-03."},{"key":"ref_14","unstructured":"Marques, P.R., Mauch, J., Sheth, N., Greene, B., Raszuk, R., and McPherson, D.R. (2018, June 03). Dissemination of Flow Specification Rules. Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc5575.txt."},{"key":"ref_15","unstructured":"Halpern, J.M., and Pignataro, C. (2018, June 03). Service Function Chaining (SFC) Architecture. Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc7665.txt."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Gunleifsen, H., Kemmerich, T., and Petrovic, S. (2017, January 27\u201330). Security Requirements for Service Function Chaining Isolation and Encryption. Proceedings of the 2017 IEEE 17th International Conference on Communication Technology, Chengdu, China.","DOI":"10.1109\/ICCT.2017.8359856"},{"key":"ref_17","unstructured":"Chandra, R., Rekhter, Y., Bates, T.J., and Katz, D. (2018, June 03). Multiprotocol Extensions for BGP-4. Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc4760.txt."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Bush, R., and Austein, R. (2018, June 03). The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1. Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc8210.txt.","DOI":"10.17487\/RFC8210"},{"key":"ref_19","unstructured":"European Telecommunications Standards Institute (ETSI) (2018, June 03). Network Function Virtualization (NFV). Management and Orchestration. Available online: http:\/\/www.etsi.org\/deliver\/etsi_gs\/NFV-MAN\/001_099\/001\/01.01.01_60\/gs_nfv-man001v010101p.pdf."},{"key":"ref_20","unstructured":"European Telecommunications Standards Institute (ETSI) (2018, June 03). Network Function Virtualization (NFV). Architectual Framework v1.1.1; 2013. Available online: http:\/\/www.etsi.org\/deliver\/etsi_gs\/NFV\/001_ 099\/002\/01.01.01_60\/gs_NFV002v010101p.pdf."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Bierman, A., Bjorklund, M., and Watsen, K. (2018, June 03). RESTCONF Protocol. Available online: https:\/\/rfc-editor.org\/rfc\/rfc8040.txt.","DOI":"10.17487\/RFC8040"},{"key":"ref_22","unstructured":"Organization for the Advancement of Structured Information Standards (OASIS) (2018, June 03). TOSCA Simple Profile for Network Functions Virtualization (NFV) Version 1.0, Committee Specification Draft 04 2016. Available online: http:\/\/docs.oasis-open.org\/tosca\/tosca-nfv\/v1.0\/tosca-nfv-v1.0.pdf."},{"key":"ref_23","unstructured":"Vilhuber, J., Kamada, K., Sakane, S., and Thomas, M. (2018, June 03). Kerberized Internet Negotiation of Keys (KINK). Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc4430.txt."},{"key":"ref_24","unstructured":"Bellovin, S., Bush, R., and Ward, D. (2018, June 03). Security Requirements for BGP Path Validation. Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc7353.txt."},{"key":"ref_25","unstructured":"The Fast Data Project (2018, June 03). Vector Packet Processing Test Framework. Available online: https:\/\/docs.fd.io\/vpp\/17.04\/."},{"key":"ref_26","unstructured":"Quagga (2018, June 03). Quagga Routing Suite. Available online: http:\/\/www.quagga.net."},{"key":"ref_27","unstructured":"Raeburn, K. (2018, June 03). Encryption and Checksum Specifications for Kerberos 5. Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc3961.txt."},{"key":"ref_28","unstructured":"Racoon (2018, June 03). Racoon IPSec Key Exchange System. Available online: http:\/\/www.racoon2.wide.ad.jp."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Perino, D., Gallo, M., Laufer, R., Houidi, Z.B., and Pianese, F. (2016, January 10\u201314). A programmable data plane for heterogeneous NFV platforms. Proceedings of the 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), San Francisco, CA, USA.","DOI":"10.1109\/INFCOMW.2016.7562049"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Eiras, R.S.V., Couto, R.S., and Rubinstein, M.G. (2016, January 16\u201318). Performance evaluation of a virtualized HTTP proxy in KVM and Docker. Proceedings of the 2016 7th International Conference on the Network of the Future (NOF), Buzios, Brazil.","DOI":"10.1109\/NOF.2016.7810144"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/10\/6\/46\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,11]],"date-time":"2024-06-11T03:44:03Z","timestamp":1718077443000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/10\/6\/46"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,6,4]]},"references-count":30,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2018,6]]}},"alternative-id":["fi10060046"],"URL":"https:\/\/doi.org\/10.3390\/fi10060046","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,6,4]]}}}