容器化安全服务功能链低延迟优化编排研究

Low-latency Optimal Orchestration of Containerized Security Service Function Chain

云计算的发展带来了安全服务虚拟化的需求,基于NFV/SDN技术构建服务功能链是解决数据中心虚拟化安全服务需求的重要途径。容器化已成为安全服务功能链编排的最新发展趋势。传统安全服务功能链编排算法通常针对虚拟机架构,在轻量级、延迟、灵活性等方面无法满足要求,没有充分发挥容器化NFV平台的性能优势。文章构建了容器化NFV平台的编排模型,分析了安全服务功能链网络延迟优化目标,研究了扁平网络拓扑下的近似局部最优性质。文章设计了一种延迟优化放置(LOP)算法,采用分阶段决策方式处理每个安全服务功能链请求,并在每个阶段采用选择可容纳连续VNF数最多的物理主机的方式,最小化每个安全服务功能链的跨主机延迟。仿真实验与对比分析表明,与最大化资源利用率的MINI算法相比,文章所提出的LOP算法可以实现降低延迟的优化目标,减少放置安全服务功能链的资源消耗。

The development of cloud computing brings the need for security services virtualization. Building SFC(service function chain) based on NFV/SDN technology is an important way to meet the need of virtualized security services in data centers. Containerization has become the latest development trend of security SFC orchestration. Traditional security SFC orchestration algorithms are usually on the virtual machine architectures, which can not meet requirements in lightweight, latency, flexibility, etc., and have not fully utilized the performance advantages of containerized NFV platform. This paper constructs a containerized NFV platform orchestration model, analyzes the network latency optimization goal of security SFC, and studies the approximate local optimization property under flat network topology. This paper proposes a latency optimal placement(LOP) algorithm, which uses multi-stage decision to handle each security SFC request, and in each stage, a physical host that can hold the maximum number of consecutive VNFs is selected to minimize the cross host latency of each security SFC. Simulation experiments and comparative analysis show that, compared with MINI algorithm that maximizes resource utilization, the LOP algorithm proposed in this paper can achieve the optimization goal of reducing latency, and can reduce the resource consumption of placing the security SFC.