SDN,NFV System

Control Plane Innovation

We proposed Transparent Flow Migration (TFM), a distributed flow migration framework for NFV, which completely decouples the state transfer and packets migration, enabling the parallel execution of these two processes in order to improve the migration efficiency and reduce overheads. The TFM Controller provides a Northbound API to high-level applications to validate SLA requirements and policies by migrating flows. The TFM Box, a introduced a shim layer, implements all packet processing related to flow migration so that to provides a transparent packet migration to NFs. TFM protocol is used to control the distributed stateful packet processing and synchronize control messages among TFM components.

Data Plane Innovation

Solving a multitude of tasks that range from improving network performance, security and launching a new network service, middleboxes have mushroomed in Internet, data centers and end user premises to such an extent that the number of deployed middleboxes matches that one of routers and switches in a majority of enterprise networks. However, these boxes are built using complex dedicated hardware, turning them into “black boxes” which cause headaches in terms of design, deployment, operation and management.

Network Function Virtualization (NFV) has been proposed with a promise to implement these diverse hardware appliances on off-the-shelf servers, switches and storage by leveraging virtualization technology. NFV has gained a wide range of interests due to its advantages such as reduced equipment cost, power consumption, time to market and deployment complexity. Nevertheless, the promise comes with performance challenges. Middleboxes usually handle high traffic loads. This proposes high performance requests on both I/O and processing capabilities of the infrastructure that NFV runs on. However, implementing appliances on standard servers instead of specified hardware causes the serious performance degradation unavoidably.

The Future Internet Research Group explores hardware as well as software-based solutions to optimize the NFV data plane with respect to latency, throughput, and power efficiency. Our focus is to investigate novel algorithms, compacted data structures, efficient strategies and parallel architectures that exploit state-of-the-art technologies including heterogeneous multi-processor, multi/many-core processors, TCAM and ASIC to realize flexible designs for data plane kernels. Efficient IP lookup and packet Classification algorithms were proposed to break the bottleneck for virtual switches and routers. Compact Pattern matching data structures were designed to accommodate the limited memory resource on chip. Parallel architecture was designed to take the full advantage of the multi-core and many-core processors.

SDN/NFV System

Network Function Visualization (NFV) has emerged in the past couple of years as a solution for Internet Service Providers(ISPs) and security equipment vendors that deploy highly flexible and low cost network security solutions for small and medium enterprises as a value-added service. NFV leverages on the increasing processing power available in commodity hardware to develop software based ”virtual” functionality that can provide the service chain that is needed to implement full network infrastructures.

With the research results of the control and data plane, we have developed a high performance NFV-Cloud (NFC) platform with series of VNFs, such as Firewall, NAT, IDS, IPS. The platform is now deployed in China Science and Technology Network (CSTNET), and China Telecom at JingSu province, providing virtual security service for the tenants in these two ISPs.