EP2940968A1 - Network infrastructure management - Google Patents

Network infrastructure management Download PDF

Info

Publication number
EP2940968A1
EP2940968A1 EP14305649.7A EP14305649A EP2940968A1 EP 2940968 A1 EP2940968 A1 EP 2940968A1 EP 14305649 A EP14305649 A EP 14305649A EP 2940968 A1 EP2940968 A1 EP 2940968A1
Authority
EP
European Patent Office
Prior art keywords
resource allocation
vim
proxy
allocation request
nfv
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP14305649.7A
Other languages
German (de)
French (fr)
Inventor
Colin L'anson
Marc Flauw
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Enterprise Development LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Priority to EP14305649.7A priority Critical patent/EP2940968A1/en
Priority to US15/304,968 priority patent/US10397352B2/en
Priority to PCT/US2014/049550 priority patent/WO2015167595A1/en
Publication of EP2940968A1 publication Critical patent/EP2940968A1/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0896Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
    • H04L41/0897Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities by horizontal or vertical scaling of resources, or by migrating entities, e.g. virtual resources or entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0896Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Definitions

  • NFV Network Functions Virtualization
  • IT Information Technology
  • NFV Network Functions Virtualization
  • PNFs Physical Network Functions
  • DPI Deep Packet Inspectors
  • NAT Network Address Translators
  • NFV aims to consolidate many network equipment types onto, for example, standardized high volume servers, switches, and storage through the implementation of Virtualized Network Functions (VNFs) in software which can run on a range of standard hardware.
  • VNFs Virtualized Network Functions
  • NFV aims to transform network operations because the VNFs can be dynamically moved to, or instantiated in, various locations in the network as required without the need for installation of new hardware. Allocation of resources to a VNF is typically made via an NFV Orchestrator (NFVO), which includes the System overall resource management view. In cases where the NFVO is bypassed in resource allocation, the consistency of the overall resource management view can be compromised, reducing the efficiency of the System resulting in resources being lost. It is an object of the implementations described herein to mitigate against at least some of these problems.
  • NFVO NFV Orchestrator
  • the European Telecommunications Standards Institute define an architecture for NFV in the standard "ETSI NFV Reference Architecture Framework ETSI GS NFV 002 VI.1.1 (2013-10)".
  • the NFV Infrastructure comprising hardware resources such as servers, storage, and networking components, as well as virtualized Computing, storage, and networking
  • VNFM Virtualized Infrastructure Manager
  • VNFM VNF Managers
  • Operation of the IM(s) and the VNFM(s) are overseen by an NFV Orchestrator (NFVO), which includes the System overall resource management view across multiple instances of the NFV infrastructures.
  • NFVO NFV Orchestrator
  • the NFV Orchestrator interfaces directly with the VNFMs and the VIMs.
  • the associated VNFM makes a request to the NFVO to allocate infrastructure resources.
  • This request may comprise, for example, a request for a Virtual Machine with W GB of Random Access Memory, X GB of storage, Operating System Y, and Virtual Local Area Network connection Z.
  • the NFVO selects the most appropriate available resource(s).
  • the response may comprise, for example, the allocated Virtual Machine Identifier, a login name, and security credentials for use of the resource.
  • the NFVO prepares and provisions the selected resource(s) via the VIM. Once the resource(s) is/are ready for use, the NFVO informs the VNFM of the allocated resource(s). In allocating resources in such a way, at ail times the NFVO has an exact view of what infrastructure is in use, and to whom it is allocated.
  • a VNFM may need to make a request for more or less resources. This can be effected using a similar procedure as described above, namely making a request directly to the NFVO, who then may allocate more or less resources as appropriate. This procedure ensures the NFVO maintains a complete and accurate overview of the allocated infrastructure.
  • An alternative scenario also supported by ETSI use cases, allows the VNFN to request directly resources from the VIM, bypassing the NFVO. Bypassing the NFVO however may lead to a compromise of the completeness and accuracy of the NFVO's overview of allocated infrastructure. Even if the VNFM informs the NFVO of the change of allocation, any delays in the communication of this information may lead to inconsistencies in the allocation data at the NFVO, and so may reduce the effectiveness and efficiency of the System. Furthermore, using this approach, if there are any failures in the VNFM, then the associated resources may become orphaned from the System and effectively lost. The NFVO will no longer have an accurate view of the allocated and free resources.
  • FIG. 1 shows a simplified schematic representation of an NFV System architecture.
  • the System architecture comprises a NFVO 102.
  • the NFVO 102 is in direct communication with Operation Support Systems (OSS) 104 which are used at a high level to administer and maintain network Systems.
  • OSS Operation Support Systems
  • the NFVO 102 may, for example, run as software on a physical or virtual server (not shown) to operate, manage and automate the software and infrastructure associated with NFV resources in order to implement, for example, a defined service model.
  • the NFVO 102 is also in direct communication with at least one VNFM 110 which may, for example, run as software on a physical or virtual server (not shown), via interface Or-Vnfm 105.
  • the VNFM 110 manages, via interface Ve-Vnfm 103, instances of virtual network functions (VNFs 108a to 108c) used, for example, by various applications (APPs 106a to 106c), for example Traffic Steering applications, running on the network.
  • VNFs 108a to 108c are implementations of a network function that can be deployed on a suitable NFV Infrastructure (NFVI) 122 (i.e. the totality of ail hardware and software components that build up the environment in which VNFs are deployed), typically running as a virtual machine in a Hypervisor (or other resource pooling/sharing) environment.
  • NFVI NFV Infrastructure
  • the NFVO 102 is also in direct communication with Virtualized Infrastructure Manager VIM 120, which may, for example, run as software on a physical or virtual server (not shown), via interface Or-Vi 107.
  • the VIM 120 manages, via interface Nf-Vi 111, the NFVI 122 used, for example, by the VNFs 108a to 108c to perform their function.
  • the NFVI 122 may comprise Virtual Infrastructure (VI) 116, for example, virtual Computing, storage, and networking infrastructure, for example, hardware resources such as physical Computing and storage resources and a physical communications network.
  • the VIM may comprise a component 118 for processing and/or responding to resource allocation requests.
  • the VNFM 110 is in direct communication with the VIM 120 via interface Vi-Vnfm (not shown in figure 1 ).
  • the associated VNFM 110 makes a request to the NFVO 102 to allocate the infrastructure resource.
  • the NFVO 102 selects the most appropriate available resource, in this example a physical storage resource, from a database of resources 113 of the NFVI 122.
  • the NFVO 102 then communicates with the VIM 120 to prepare and provision the selected resource of the NFVI 122.
  • the NFVO 102 updates ils resource allocation database 113, and informs the VNFM 110 of the allocated resource.
  • the VNF 108a to 108c associated with the initial request for resources is then free to use the allocated resource.
  • the NFVO 102 has an exact view of what infrastructure is in use, and to whom it is allocated.
  • the VNFM 110 may bypass the NFVO 102 in requesting additional or reduced resources of the NFVI 122 by communicating with the VIM 120 directly. Bypassing the NFVO 102, however, may lead to a compromise of the completeness and accuracy of the NFVO's overview (e.g. the allocation database 113 of the NFVO 102) of allocated infrastructure. Even if the VNFM 110 were to inform the NFVO 102 of the change of allocation of the resource of NFVI 122, any delays in the communication of this information may lead to inconsistencies in the allocation data at the NFVO 102, and so may reduce the effectiveness and efficiency of the System. Furthermore, using this alternative operation, if there are any failures in the VNFM 110, then the associated resources of the NFVI 122 may be orphaned from the System and effectively lost from the NFVO's 102 overview.
  • Exemplary implementations allowing a VNFM 110 to request and be allocated resources directly from a VIM 120 whilst ensuring the maintenance of the NFVO's 102 overview involve a proxy in the communications path between the at least one VNFM 110 and VIM 120, which are described below with reference to Figures 1 and 2 .
  • a proxy server 200 in in the communications path between the at least one VNFM 110 and VIM 120 there is a proxy server 200, and the proxy server 200 is in direct communication with the NFVO 102.
  • the proxy 200 may be made thin in the network, i.e. the delay caused by the operations of the proxy 200 are near negligible in the network.
  • the purpose of the proxy 200 is to ensure that an accurate record of the allocated and free resources inside an NFV deployment is maintained at the NFVO 102, without limiting the mode of operation of the VNFM 110 to requesting and receiving resource allocation through the NFVO 102. This is advantageous in both enabling flexibility and ensuring consistency of resource allocation in a multi-vendor environment.
  • FIG. 2 is a flow diagram showing a method according to an exemplary implementation.
  • a VNFM 110 makes a request to the VIM 120 for more or less resources of the NFVI 122.
  • the request is intercepted by the proxy 200 and the contents read. The request is then forwarded to the VIM 120 and also sent in near real time to the NFVO 102.
  • a response from the VIM 120 for example, allocating the requested resources, is intercepted by the proxy 200 and forwarded to the VNFM 110 and also sent in near real time to the NFVO 102.
  • the information in the request and/or the response may be used, for example, by a resource manager of the NFVO 102 to validate the requests and/or update a resource allocation database 113.
  • the proxy 200 may wait until it has received the response from the VIM 120, before sending both the request and the response to the NFVO 102 simultaneously or near simultaneously.
  • the database 113 is a database of ail of the resources of the NFVI 122 and of authorized resource allocations, for example, resources authorized for an individual service provider, for each APP 106a to 106c, or for each VNF 108a to 108c.
  • information relating to an intercepted request and/or response is compared to the database 113.
  • a determination is made whether the request and/or response would result in an authorized allocation of resources or not. If it is determined that the request and/or response would result in an authorized allocation of resources, in S312 the NFVO 102 may record the request data and the subsequently intercepted response data, and update the resource allocation database 113 accordingly.
  • the NFVO 102 may raise an alert to a higher level of service management, for example to an Operations Support System, which may intervene.
  • This alert may, for example, trigger a search for and/or resolution of corruption in the resource database, or, for example, an inquiry into the reason why an unauthorized request was sent.
  • Figure 3 shows essentially the same architecture of figure 1 , except for that the proxy 200 is located within, i.e. is a part of, the VIM 120.
  • the different implementations of the proxy 200 of Figure 1 and Figure 3 may have differing implications for the modification of the downstream trust chain from the VNFM 110 to the VIM 120 due to the proxy 200.
  • the proxy may not be totally invisible.
  • the proxy 200 incorporated into the VIM 120 of Figure 3 there will be no impact on the trust chain.
  • the standalone proxy 200 may have its own identity and security credentials, whereas this may not be necessary when incorporated to the VIM.
  • An exemplary mode of operation in the architecture shown in Figure 4 is the same as that described above with reference to the architecture of Figure 1 and Figure 2 , except that since the proxy 200 in the architecture shown in Figure 3 is within, i.e.
  • VIM 120 is a part of the VIM 120, rather than requests and responses between the VNFM 110 and the VIM 120 being intercepted and forwarded by the proxy 200, such requests and responses are instead received and sent by a proxy function of the VIM 120 to a component 118 of the VIM 120.
  • This component may be, for example a component of the VIM 120 for processing and/or responding to resource allocation requests.
  • the use of the proxy 200 in these exemplary modes of operation minimizes the time the resource allocation database 113 of the NFVO 102 is not up to date.
  • the database 113 will be updated shortly after the proxy 200 informs the NFVO 102 of the response from the VIM 120. This is as compared to a situation as described above in the standard ETSI Reference Architecture Framework, where the NFVO 102 is informed by the VNFM 110 of a resource allocation only after the VNFM 110 receives ail the responses from the VIM 120 informing it of the complete resource allocation for this VNF.
  • the allocation state of the resources may be inconsistent with the allocation database 113 of the NFVO 102. This may lead to unexpected behaviors of the automation of the allocation of resources by the NFVO 102, and may lead to the loss of resources from the System, and/or major System failures that would be hard to recover from without reinitializing the System.
  • the use of the proxy 200 in these exemplary modes of operation ensures that a response from a VIM 120 allocating resources to a VNFM 110 is intercepted for forwarding to the NFVO 102 for updating its allocation database 113 before the VNFM 110 receives the response. Hence even if the VNFM 110 fails, the overview of the allocation of resources at the NFVO 102 is up to date.
  • the proxy 200 therefore ensures that an accurate record of the allocated and free resources inside an NFV deployment may be maintained, without limiting that a request for resources by a VNFM 110 must go via an NFVO 102. Regardless of whether the NFVO 102 is bypassed or not, the proxy 200 therefore ensures there is a consistent overview of resource allocation, ensuring the maximum utilization of resources and reducing management costs.
  • the proxy 200 may be made active, as described below with reference to Figure 4 .
  • the proxy 200 may be configured by the NFVO 102, for example by a resource manager of the NFVO 102, to only allow valid requests to pass from the VNFM 110 to the VIM 120 (or one of its components).
  • the NFVO 102 may communicate to the proxy 200 which sources, for example, which VNFs 108a to 108c, APPs 106a to 106c, or VNFM 110 are authorized to be allocated which resource.
  • the proxy 200 intercepts (or alternatively receives) and reads a request from a VNFM 110 to a VIM 120.
  • the proxy 200 compares the source and resources of the request to authorized resource allocations. In S506, on the basis of the comparing, the proxy 200 decides whether the request is valid, for example if fulfillment of the request would result in an authorized allocation of resources or not. If the proxy 200 intercepts (or receives) a request from a VNFM 110 for resources for which there is no authorization, then, in S508, the proxy 200 does not forward (or pass on) the request to the VIM 120 (or one of its components). The proxy 200 may alert the NFVO 102 to the fact that such an unauthorized request has been made, which may be passed on by the NFVO 102 to a higher level management.
  • the proxy 200 may, for example, in response to receiving an unauthorized request, be configured to general a response to the unauthorized request informing the VNFM 110 that the request has been denied.
  • the VNFM 110 may then resend its request to the NFVO 102 in order to be allocated resources which have been authorized for the VNFM 110 to use. If the request is determined in S506 to be valid however, then in S510 the proxy 200 forwards (or passes on) the request to the VIM 120 (or one of its components) and also sends the request to the NFVO 102.
  • the proxy 200 may then intercept, read and forward the response from the VIM 120 (or one of its components) to the VNFM 110, and send the response to the NFVO 102.
  • the NFVO 102 may record the received request and response data and, for example, update the resource allocation database 113 accordingly.
  • the proxy 200 may also be configured by the NFVO 102, for example by a resource manager of the NFVO 102, to rewrite a request received from a VNFM 110 before forwarding or passing on the request to VIM 120 (or one of its components).
  • the NFVO 102 may communicate to the proxy 200 that a request for resources which are unauthorized be rewritten as a request only for those resources of the original request which are authorized for use.
  • the NFVO 102 may communicate to the proxy 200 to rewrite a request for resources so that the request is directed to a different VIM 120 than the one specified in the original request.
  • the NFVO may communicate to the proxy to implement policy controls, for example rewrite a request for resources so as to limit the resources allocated to lower priority requests.
  • the described implementations therefore ensure a maximum use of resources between different VNFs controlled by multiple VNFMs to the extent that they are authorized. This is critical for NFV as it is based on multiple applications running for multiple vendors in the same hosting environments. Further, the exemplary implementations may prevent the wrongful or erroneous allocation of resources, and so reduce the risk of multiple applications failing at the same time arising from the automated nature of the errors.
  • FIG. 5 is a flow diagram of an exemplary generalized method for operating a proxy 200 of the present invention.
  • a resource allocation request is received from a VNFM 110.
  • the resource allocation request is sent to a component of a VIM 120.
  • a response to the resource allocation request is received from the component of the VIM 120.
  • the response is sent to the NFVO 102.
  • FIG. 6 is a flow diagram of an exemplary generalized method for operating an NFV Orchestrator 102 of the present invention.
  • a response to a resource allocation request is received via interface 115 with a proxy 200, the response originating from a component of a VIM 120 in response to a resource allocation request from a VNF manager 110 forwarded to the component of the VIM by the proxy.
  • FIG 7 depicts example components of a server 802, which in one example, implements the proxy 200 of Figures 1 and 3 .
  • the server 802 includes software 804, which includes adaptation software 820 that is executable on one or more multiple processors 806 to implement the described functions of the proxy 200.
  • a processor 806 can include a microprocessor, microcontroller, processor module or subsystem, programmable integrated circuit, programmable gate array, or another control or Computing device.
  • the server 802 further comprises one or more network interfaces 808 to allow the server 802 to communicate with the VNFMs 110, NFVOs 102, and, where necessary IMs 120.
  • the server 802 further comprises a storage medium 810, which can store various software, data, machine-readable instructions, or any other type of information required for the proxy 200 to implement its functions.
  • the storage medium may store proxy software 804, which may comprise adaptation software 820 for adapting a proxy to implement any of the functions of proxy 200 as described above.
  • the storage medium (or storage media) 810 can be implemented as one or multiple computer-readable or machine-readable storage media.
  • the storage media include different forms of memory including semiconductor memory devices such as dynamic or static random access memories (DRAMs or SRAMs), erasable and programmable read-only memories (EPROMs), electrically erasable and programmable read-only memories (EEPROMs) and flash memories; magnetic disks such as fixed, floppy and removable disks; other magnetic media including tape; optical media such as compact disks (CDs) or digital video disks (DVDs); or other types of storage devices.
  • DRAMs or SRAMs dynamic or static random access memories
  • EPROMs erasable and programmable read-only memories
  • EEPROMs electrically erasable and programmable read-only memories
  • flash memories such as fixed, floppy and removable disks
  • magnetic media such as fixed, floppy and removable disks
  • optical media such as compact disks (CDs) or digital video disks (DVDs); or other
  • the instructions discussed above can be provided on one computer-readable or machine-readable storage medium, or alternatively, can be provided on multiple computer-readable or machine-readable storage media distributed in a large System having possibly plural nodes.
  • Such computer-readable or machine-readable storage medium or media is (are) considered to be part of an article (or article of manufacture).
  • An article or article of manufacture can refer to any manufactured single component or multiple components.
  • the storage medium or media can be located either in the machine running the machine-readable instructions, or located at a remote site from which machine-readable instructions can be downloaded over a network for execution.
  • FIG 8 depicts example components of a server 902, which in one example, implements the NFVO 102 of Figures 1 and3.
  • the server 902 includes software 904, which includes adaptation software 920 that is executable on one or more multiple processors 906 to implement the described functions of the NFVO 102.
  • a processor 906 can include a microprocessor, microcontroller, processor module or subsystem, programmable integrated circuit, programmable gate array, or another control or Computing device.
  • the server 902 further comprises one or more network interfaces 908 to allow the server 902 to communicate with the OSS 104, VNFMs 110, proxy 200, and VIMs 120.
  • the server 902 further comprises a storage medium 910, which can store various software, data, machine-readable instructions, or any other type of information required for the NFVO 102 to implement ils functions.
  • the storage medium may store NFVO software which may comprise adaptation software 920 for adapting a NFVO to implement any of the functions of the NFVO 102 as described above.
  • the storage medium 910 may comprise the resource allocation database 113.
  • the storage medium (or storage media) 910 can be implemented as one or multiple computer-readable or machine-readable storage media.
  • the storage media include different forms of memory including semiconductor memory devices such as dynamic or static random access memories (DRAMs or SRAMs), erasable and programmable read-only memories (EPROMs), electrically erasable and programmable read-only memories (EEPROMs) and flash memories; magnetic disks such as fixed, floppy and removable disks; other magnetic media including tape; optical media such as compact disks (CDs) or digital video disks (DVDs); or other types of storage devices.
  • DRAMs or SRAMs dynamic or static random access memories
  • EPROMs erasable and programmable read-only memories
  • EEPROMs electrically erasable and programmable read-only memories
  • flash memories such as fixed, floppy and removable disks
  • magnetic media such as fixed, floppy and removable disks
  • optical media such as compact disks (CDs) or digital video disks (DVDs); or other
  • the instructions discussed above can be provided on one computer-readable or machine-readable storage medium, or alternatively, can be provided on multiple computer-readable or machine-readable storage media distributed in a large System having possibly plural nodes.
  • Such computer-readable or machine-readable storage medium or media is (are) considered to be part of an article (or article of manufacture).
  • An article or article of manufacture can refer to any manufactured single component or multiple components.
  • the storage medium or media can be located either in the machine running the machine-readable instructions, or located at a remote site from which machine-readable instructions can be downloaded over a network for execution.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

There is described a method for operating a proxy in a network function virtualization (NFV) System. The NFV System comprises a virtualized network function (VNF) manager for managing a VNF, a virtualized infrastructure manager (VIM) for managing a resource, and a NFV orchestrator. The method comprises: receiving a resource allocation request for the VIM from the VNF manager; sending the resource allocation request to a component of the VIM; receiving a response to the resource allocation request from the component of the VIM; and sending the response to the NFV orchestrator.

Description

    Background
  • Network Functions Virtualization (NFV) is an emerging design approach for constructing Information Technology (IT) applications, particularly in the telecommunications industry. The classical approach to network architecture is based upon fragmented, purpose built hardware for implementing network functions - also known as Physical Network Functions (PNFs) (e.g. firewalls, Deep Packet Inspectors (DPI)), Network Address Translators (NAT)) which require physical installation at every site at which they are needed. In contrast, NFV aims to consolidate many network equipment types onto, for example, standardized high volume servers, switches, and storage through the implementation of Virtualized Network Functions (VNFs) in software which can run on a range of standard hardware. Furthermore, NFV aims to transform network operations because the VNFs can be dynamically moved to, or instantiated in, various locations in the network as required without the need for installation of new hardware. Allocation of resources to a VNF is typically made via an NFV Orchestrator (NFVO), which includes the System overall resource management view. In cases where the NFVO is bypassed in resource allocation, the consistency of the overall resource management view can be compromised, reducing the efficiency of the System resulting in resources being lost. It is an object of the implementations described herein to mitigate against at least some of these problems.
    • Brief Description of the Drawings
  • Various features and advantages of the present disclosure will be apparent from the detailed description which follows, taken in conjunction with the accompanying drawings, which together illustrate, by way of example only, features of the present disclosure, and wherein:
    • Figure 1 shows a simplified schematic representation of an exemplary architecture illustrating an exemplary implementation;
    • Figure 2 is a flow diagram illustrating a method according to an exemplary implementation;
    • Figure 3 shows a simplified schematic representation of an exemplary architecture illustrating an exemplary implementation;
    • Figure 4 is a flow diagram illustrating a method according to an exemplary implementation;
    • Figure 5 is a flow diagram illustrating a method according to an example;
    • Figure 6 is a flow diagram illustrating a method according to an example;
    • Figure 7 illustrates an example server; and Figure 8 illustrates an example server.
    Detailed Description
  • The following abbreviations which may be found in the specification and/or the drawings are defined as follows:
    IM Infrastructure Manager
    NFV Network Functions Virtualization
    NFVI NFV Infrastructure
    NFVO NFV Orchestrator
    OSS Operation Support Systems
    PNF Physical Network Function
    VIM Virtual IM
    VI Virtual Infrastructure
    VNF Virtual Network Function
    VNFM Virtual Network Function Manager
  • The European Telecommunications Standards Institute (ETSI) define an architecture for NFV in the standard "ETSI NFV Reference Architecture Framework ETSI GS NFV 002 VI.1.1 (2013-10)". In this architecture, the NFV Infrastructure (NFVI), comprising hardware resources such as servers, storage, and networking components, as well as virtualized Computing, storage, and networking, is managed by a Virtualized Infrastructure Manager (VIM). The VNFs utilizing resources of the NFVI are managed by VNF Managers (VNFM). Operation of the IM(s) and the VNFM(s) are overseen by an NFV Orchestrator (NFVO), which includes the System overall resource management view across multiple instances of the NFV infrastructures. In this reference architecture, the NFV Orchestrator (NFVO) interfaces directly with the VNFMs and the VIMs.
  • In a normal operation of the NFV architecture, as defined in ETSI standard use cases, when a VNF requires a resource, the associated VNFM makes a request to the NFVO to allocate infrastructure resources. This request may comprise, for example, a request for a Virtual Machine with WGB of Random Access Memory, XGB of storage, Operating System Y, and Virtual Local Area Network connection Z. In response, the NFVO selects the most appropriate available resource(s). The response may comprise, for example, the allocated Virtual Machine Identifier, a login name, and security credentials for use of the resource. The NFVO prepares and provisions the selected resource(s) via the VIM. Once the resource(s) is/are ready for use, the NFVO informs the VNFM of the allocated resource(s). In allocating resources in such a way, at ail times the NFVO has an exact view of what infrastructure is in use, and to whom it is allocated.
  • In some scenarios however, elastic operation is required and/or desired, and so a VNFM may need to make a request for more or less resources. This can be effected using a similar procedure as described above, namely making a request directly to the NFVO, who then may allocate more or less resources as appropriate. This procedure ensures the NFVO maintains a complete and accurate overview of the allocated infrastructure.
  • An alternative scenario, also supported by ETSI use cases, allows the VNFN to request directly resources from the VIM, bypassing the NFVO. Bypassing the NFVO however may lead to a compromise of the completeness and accuracy of the NFVO's overview of allocated infrastructure. Even if the VNFM informs the NFVO of the change of allocation, any delays in the communication of this information may lead to inconsistencies in the allocation data at the NFVO, and so may reduce the effectiveness and efficiency of the System. Furthermore, using this approach, if there are any failures in the VNFM, then the associated resources may become orphaned from the System and effectively lost. The NFVO will no longer have an accurate view of the allocated and free resources.
  • Referring now to the drawings, and first to Figure 1, there will be described an NFV architecture.
  • Figure 1 shows a simplified schematic representation of an NFV System architecture. The System architecture comprises a NFVO 102.
  • The NFVO 102 is in direct communication with Operation Support Systems (OSS) 104 which are used at a high level to administer and maintain network Systems. The NFVO 102 may, for example, run as software on a physical or virtual server (not shown) to operate, manage and automate the software and infrastructure associated with NFV resources in order to implement, for example, a defined service model.
  • The NFVO 102 is also in direct communication with at least one VNFM 110 which may, for example, run as software on a physical or virtual server (not shown), via interface Or-Vnfm 105. The VNFM 110 manages, via interface Ve-Vnfm 103, instances of virtual network functions (VNFs 108a to 108c) used, for example, by various applications (APPs 106a to 106c), for example Traffic Steering applications, running on the network. VNFs 108a to 108c are implementations of a network function that can be deployed on a suitable NFV Infrastructure (NFVI) 122 (i.e. the totality of ail hardware and software components that build up the environment in which VNFs are deployed), typically running as a virtual machine in a Hypervisor (or other resource pooling/sharing) environment.
  • The NFVO 102 is also in direct communication with Virtualized Infrastructure Manager VIM 120, which may, for example, run as software on a physical or virtual server (not shown), via interface Or-Vi 107. The VIM 120 manages, via interface Nf-Vi 111, the NFVI 122 used, for example, by the VNFs 108a to 108c to perform their function. The NFVI 122 may comprise Virtual Infrastructure (VI) 116, for example, virtual Computing, storage, and networking infrastructure, for example, hardware resources such as physical Computing and storage resources and a physical communications network. The VIM may comprise a component 118 for processing and/or responding to resource allocation requests. In the standard ETSI Reference Architecture Framework, the VNFM 110 is in direct communication with the VIM 120 via interface Vi-Vnfm (not shown in figure 1).
  • As described above, in the normal operation of the NFV architecture, as defined in ETSI standard use cases, when a VNF 108a to 108c requires a resource, for example a physical storage resource, the associated VNFM 110 makes a request to the NFVO 102 to allocate the infrastructure resource. In response, the NFVO 102 selects the most appropriate available resource, in this example a physical storage resource, from a database of resources 113 of the NFVI 122. The NFVO 102 then communicates with the VIM 120 to prepare and provision the selected resource of the NFVI 122. Once it has been communicated by the VIM 120 to the NFVO 102 that the resource has been prepared and provisioned and is ready for use, the NFVO 102 updates ils resource allocation database 113, and informs the VNFM 110 of the allocated resource. The VNF 108a to 108c associated with the initial request for resources is then free to use the allocated resource. As described above, in allocating resources in such a way, the NFVO 102 has an exact view of what infrastructure is in use, and to whom it is allocated.
  • In an alternative operation of the architecture of Figure 1, the VNFM 110 may bypass the NFVO 102 in requesting additional or reduced resources of the NFVI 122 by communicating with the VIM 120 directly. Bypassing the NFVO 102, however, may lead to a compromise of the completeness and accuracy of the NFVO's overview (e.g. the allocation database 113 of the NFVO 102) of allocated infrastructure. Even if the VNFM 110 were to inform the NFVO 102 of the change of allocation of the resource of NFVI 122, any delays in the communication of this information may lead to inconsistencies in the allocation data at the NFVO 102, and so may reduce the effectiveness and efficiency of the System. Furthermore, using this alternative operation, if there are any failures in the VNFM 110, then the associated resources of the NFVI 122 may be orphaned from the System and effectively lost from the NFVO's 102 overview.
  • Exemplary implementations allowing a VNFM 110 to request and be allocated resources directly from a VIM 120 whilst ensuring the maintenance of the NFVO's 102 overview involve a proxy in the communications path between the at least one VNFM 110 and VIM 120, which are described below with reference to Figures 1 and 2.
  • In Figure 1, in in the communications path between the at least one VNFM 110 and VIM 120 there is a proxy server 200, and the proxy server 200 is in direct communication with the NFVO 102.
  • In some exemplary implementations, the proxy 200 may be made thin in the network, i.e. the delay caused by the operations of the proxy 200 are near negligible in the network.
  • There is an existing interface Vi-Vnfm, between the VNFM 110 and the VIM 120 in the standard ETSI Reference Architecture Framework, in which the proxy 200 may be placed as shown in Figure 1. However, to allow direct communication between the proxy 200 and the NFVO 102, a new interface 115 not part of the current ETSI Reference Architecture Framework is introduced.
  • The purpose of the proxy 200 is to ensure that an accurate record of the allocated and free resources inside an NFV deployment is maintained at the NFVO 102, without limiting the mode of operation of the VNFM 110 to requesting and receiving resource allocation through the NFVO 102. This is advantageous in both enabling flexibility and ensuring consistency of resource allocation in a multi-vendor environment.
  • An exemplary mode of operation of the proxy 200 in the exemplary implementation of Figure 1 will now be described in more detail with reference to Figure 2, which is a flow diagram showing a method according to an exemplary implementation.
  • In an exemplary mode of operation, in the architecture shown in Figure 1, a VNFM 110 makes a request to the VIM 120 for more or less resources of the NFVI 122. In S302 of Figure 2, the request is intercepted by the proxy 200 and the contents read. The request is then forwarded to the VIM 120 and also sent in near real time to the NFVO 102. In S304, a response from the VIM 120, for example, allocating the requested resources, is intercepted by the proxy 200 and forwarded to the VNFM 110 and also sent in near real time to the NFVO 102. The information in the request and/or the response may be used, for example, by a resource manager of the NFVO 102 to validate the requests and/or update a resource allocation database 113. In some exemplary implementations, the proxy 200 may wait until it has received the response from the VIM 120, before sending both the request and the response to the NFVO 102 simultaneously or near simultaneously.
  • The database 113 is a database of ail of the resources of the NFVI 122 and of authorized resource allocations, for example, resources authorized for an individual service provider, for each APP 106a to 106c, or for each VNF 108a to 108c. In S308, information relating to an intercepted request and/or response is compared to the database 113. In S310, a determination is made whether the request and/or response would result in an authorized allocation of resources or not. If it is determined that the request and/or response would result in an authorized allocation of resources, in S312 the NFVO 102 may record the request data and the subsequently intercepted response data, and update the resource allocation database 113 accordingly. If, however, it is determined by the NFVO 102 that the request and/or response would result in an unauthorized allocation of resources, or is otherwise is in error, for example, is a request for a resource that is already allocated, then in S314, the NFVO 102 may raise an alert to a higher level of service management, for example to an Operations Support System, which may intervene. This alert may, for example, trigger a search for and/or resolution of corruption in the resource database, or, for example, an inquiry into the reason why an unauthorized request was sent.
  • An alternative exemplary implementation is shown in Figure 3, which shows essentially the same architecture of figure 1, except for that the proxy 200 is located within, i.e. is a part of, the VIM 120.
  • The different implementations of the proxy 200 of Figure 1 and Figure 3 may have differing implications for the modification of the downstream trust chain from the VNFM 110 to the VIM 120 due to the proxy 200. In the case of the 'standalone' proxy 200 of Figure 1, the proxy may not be totally invisible. In the case of the proxy 200 incorporated into the VIM 120 of Figure 3, there will be no impact on the trust chain. For example, the standalone proxy 200 may have its own identity and security credentials, whereas this may not be necessary when incorporated to the VIM. An exemplary mode of operation in the architecture shown in Figure 4 is the same as that described above with reference to the architecture of Figure 1 and Figure 2, except that since the proxy 200 in the architecture shown in Figure 3 is within, i.e. is a part of the VIM 120, rather than requests and responses between the VNFM 110 and the VIM 120 being intercepted and forwarded by the proxy 200, such requests and responses are instead received and sent by a proxy function of the VIM 120 to a component 118 of the VIM 120. This component may be, for example a component of the VIM 120 for processing and/or responding to resource allocation requests.
  • The use of the proxy 200 in these exemplary modes of operation minimizes the time the resource allocation database 113 of the NFVO 102 is not up to date. For a request from a VNFM 110 that is authorized, the database 113 will be updated shortly after the proxy 200 informs the NFVO 102 of the response from the VIM 120. This is as compared to a situation as described above in the standard ETSI Reference Architecture Framework, where the NFVO 102 is informed by the VNFM 110 of a resource allocation only after the VNFM 110 receives ail the responses from the VIM 120 informing it of the complete resource allocation for this VNF. Further, in the situation as in the reference architecture, if, for example, a VNFM 110 fails after it has been allocated resources, but before it has reported the allocation to the NFVO 102, the allocation state of the resources may be inconsistent with the allocation database 113 of the NFVO 102. This may lead to unexpected behaviors of the automation of the allocation of resources by the NFVO 102, and may lead to the loss of resources from the System, and/or major System failures that would be hard to recover from without reinitializing the System. The use of the proxy 200 in these exemplary modes of operation, however, ensures that a response from a VIM 120 allocating resources to a VNFM 110 is intercepted for forwarding to the NFVO 102 for updating its allocation database 113 before the VNFM 110 receives the response. Hence even if the VNFM 110 fails, the overview of the allocation of resources at the NFVO 102 is up to date.
  • The proxy 200 therefore ensures that an accurate record of the allocated and free resources inside an NFV deployment may be maintained, without limiting that a request for resources by a VNFM 110 must go via an NFVO 102. Regardless of whether the NFVO 102 is bypassed or not, the proxy 200 therefore ensures there is a consistent overview of resource allocation, ensuring the maximum utilization of resources and reducing management costs.
  • In some exemplary implementations, the proxy 200 may be made active, as described below with reference to Figure 4.
  • The proxy 200 may be configured by the NFVO 102, for example by a resource manager of the NFVO 102, to only allow valid requests to pass from the VNFM 110 to the VIM 120 (or one of its components). For example, the NFVO 102 may communicate to the proxy 200 which sources, for example, which VNFs 108a to 108c, APPs 106a to 106c, or VNFM 110 are authorized to be allocated which resource. In S502 of Figure 4, the proxy 200 intercepts (or alternatively receives) and reads a request from a VNFM 110 to a VIM 120.
  • In S504, the proxy 200 compares the source and resources of the request to authorized resource allocations. In S506, on the basis of the comparing, the proxy 200 decides whether the request is valid, for example if fulfillment of the request would result in an authorized allocation of resources or not. If the proxy 200 intercepts (or receives) a request from a VNFM 110 for resources for which there is no authorization, then, in S508, the proxy 200 does not forward (or pass on) the request to the VIM 120 (or one of its components). The proxy 200 may alert the NFVO 102 to the fact that such an unauthorized request has been made, which may be passed on by the NFVO 102 to a higher level management. The proxy 200 may, for example, in response to receiving an unauthorized request, be configured to general a response to the unauthorized request informing the VNFM 110 that the request has been denied. The VNFM 110 may then resend its request to the NFVO 102 in order to be allocated resources which have been authorized for the VNFM 110 to use. If the request is determined in S506 to be valid however, then in S510 the proxy 200 forwards (or passes on) the request to the VIM 120 (or one of its components) and also sends the request to the NFVO 102. In S512, the proxy 200 may then intercept, read and forward the response from the VIM 120 (or one of its components) to the VNFM 110, and send the response to the NFVO 102. In S516 the NFVO 102 may record the received request and response data and, for example, update the resource allocation database 113 accordingly.
  • The proxy 200 may also be configured by the NFVO 102, for example by a resource manager of the NFVO 102, to rewrite a request received from a VNFM 110 before forwarding or passing on the request to VIM 120 (or one of its components). For example, the NFVO 102 may communicate to the proxy 200 that a request for resources which are unauthorized be rewritten as a request only for those resources of the original request which are authorized for use. As a further example, during times of service migration, during System recovery, or at times of peak demand, the NFVO 102 may communicate to the proxy 200 to rewrite a request for resources so that the request is directed to a different VIM 120 than the one specified in the original request. In a still further example, the NFVO may communicate to the proxy to implement policy controls, for example rewrite a request for resources so as to limit the resources allocated to lower priority requests.
  • The described implementations therefore ensure a maximum use of resources between different VNFs controlled by multiple VNFMs to the extent that they are authorized. This is critical for NFV as it is based on multiple applications running for multiple vendors in the same hosting environments. Further, the exemplary implementations may prevent the wrongful or erroneous allocation of resources, and so reduce the risk of multiple applications failing at the same time arising from the automated nature of the errors.
  • Figure 5 is a flow diagram of an exemplary generalized method for operating a proxy 200 of the present invention. In S602, a resource allocation request is received from a VNFM 110. In S604, the resource allocation request is sent to a component of a VIM 120. In S606, a response to the resource allocation request is received from the component of the VIM 120. In S608, the response is sent to the NFVO 102.
  • Figure 6 is a flow diagram of an exemplary generalized method for operating an NFV Orchestrator 102 of the present invention. In S702, a response to a resource allocation request is received via interface 115 with a proxy 200, the response originating from a component of a VIM 120 in response to a resource allocation request from a VNF manager 110 forwarded to the component of the VIM by the proxy.
  • Figure 7 depicts example components of a server 802, which in one example, implements the proxy 200 of Figures 1 and 3. The server 802 includes software 804, which includes adaptation software 820 that is executable on one or more multiple processors 806 to implement the described functions of the proxy 200.
  • A processor 806 can include a microprocessor, microcontroller, processor module or subsystem, programmable integrated circuit, programmable gate array, or another control or Computing device.
  • The server 802 further comprises one or more network interfaces 808 to allow the server 802 to communicate with the VNFMs 110, NFVOs 102, and, where necessary IMs 120.
  • The server 802 further comprises a storage medium 810, which can store various software, data, machine-readable instructions, or any other type of information required for the proxy 200 to implement its functions. The storage medium may store proxy software 804, which may comprise adaptation software 820 for adapting a proxy to implement any of the functions of proxy 200 as described above.
  • The storage medium (or storage media) 810 can be implemented as one or multiple computer-readable or machine-readable storage media. The storage media include different forms of memory including semiconductor memory devices such as dynamic or static random access memories (DRAMs or SRAMs), erasable and programmable read-only memories (EPROMs), electrically erasable and programmable read-only memories (EEPROMs) and flash memories; magnetic disks such as fixed, floppy and removable disks; other magnetic media including tape; optical media such as compact disks (CDs) or digital video disks (DVDs); or other types of storage devices. Note that the instructions discussed above can be provided on one computer-readable or machine-readable storage medium, or alternatively, can be provided on multiple computer-readable or machine-readable storage media distributed in a large System having possibly plural nodes. Such computer-readable or machine-readable storage medium or media is (are) considered to be part of an article (or article of manufacture). An article or article of manufacture can refer to any manufactured single component or multiple components. The storage medium or media can be located either in the machine running the machine-readable instructions, or located at a remote site from which machine-readable instructions can be downloaded over a network for execution.
  • Figure 8 depicts example components of a server 902, which in one example, implements the NFVO 102 of Figures 1 and3. The server 902 includes software 904, which includes adaptation software 920 that is executable on one or more multiple processors 906 to implement the described functions of the NFVO 102.
  • A processor 906 can include a microprocessor, microcontroller, processor module or subsystem, programmable integrated circuit, programmable gate array, or another control or Computing device.
  • The server 902 further comprises one or more network interfaces 908 to allow the server 902 to communicate with the OSS 104, VNFMs 110, proxy 200, and VIMs 120.
  • The server 902 further comprises a storage medium 910, which can store various software, data, machine-readable instructions, or any other type of information required for the NFVO 102 to implement ils functions. The storage medium may store NFVO software which may comprise adaptation software 920 for adapting a NFVO to implement any of the functions of the NFVO 102 as described above. The storage medium 910 may comprise the resource allocation database 113.
  • The storage medium (or storage media) 910 can be implemented as one or multiple computer-readable or machine-readable storage media. The storage media include different forms of memory including semiconductor memory devices such as dynamic or static random access memories (DRAMs or SRAMs), erasable and programmable read-only memories (EPROMs), electrically erasable and programmable read-only memories (EEPROMs) and flash memories; magnetic disks such as fixed, floppy and removable disks; other magnetic media including tape; optical media such as compact disks (CDs) or digital video disks (DVDs); or other types of storage devices. Note that the instructions discussed above can be provided on one computer-readable or machine-readable storage medium, or alternatively, can be provided on multiple computer-readable or machine-readable storage media distributed in a large System having possibly plural nodes. Such computer-readable or machine-readable storage medium or media is (are) considered to be part of an article (or article of manufacture). An article or article of manufacture can refer to any manufactured single component or multiple components. The storage medium or media can be located either in the machine running the machine-readable instructions, or located at a remote site from which machine-readable instructions can be downloaded over a network for execution.
  • The above implementations are to be understood as illustrative examples. Further implementations are envisaged. It is to be understood that any feature described in relation to any one example may be used alone, or in combination with other features described, and may also be used in combination with one or more features of any other of the examples, or any combination of any other of the examples. Furthermore, equivalents and modifications not described above may also be employed without departing from the scope of the invention, which is defined in the accompanying claims.

Claims (19)

  1. A method for operating a proxy in a network function virtualization (NFV) System, wherein the NFV System comprises a virtualized network function (VNF) manager for managing a VNF, a virtualized infrastructure manager (VIM) for managing a resource, and a NFV orchestrator, the method comprising:
    receiving a resource allocation request for the VIM from the VNF manager;
    sending the resource allocation request to a component of the VIM;
    receiving a response to the resource allocation request from the component of the VIM; and
    sending the response to the NFV orchestrator.
  2. The method of claim 1, further comprising:
    sending the response to the VNF manager.
  3. The method of claim 1, wherein the proxy is part of the VIM.
  4. The method of claim 1, further comprising:
    sending the resource allocation request to the NFV orchestrator.
  5. The method of claim 1, further comprising:
    reading the resource allocation request;
    comparing the resource allocation request to data relating to authorized resource allocations; and
    determining, based on the comparing, whether the allocation of resources of the request is an authorized resource allocation; and
    sending the resource allocation request to the component of the VIM only if it is determined that the allocation of resources of the request is an authorized resource allocation.
  6. The method of claim 1, further comprising:
    modifying the resource allocation request prior to sending the resource allocation request to the component of the VIM.
  7. The method of claim 1, further comprising:
    reading the received resource allocation request; and
    redirecting and/or rewriting, based on an indication from the NFV Orchestrator, the received resource allocation request, such that the resource allocation request is sent to a component of a VIM that is different from a VIM specified in the received resource allocation request, and/or requests an allocation of resources different from an allocation of resources requested by the received resource allocation request.
  8. A method for operating a network function virtualization (NFV) Orchestrator in a NFV System, wherein the NFV system comprises a virtualized network function (VNF) manager for managing a VNF, an virtualized infrastructure manager (VIM) for managing a resource, and a proxy, the method comprising:
    receiving, via an interface to the proxy, a response to a resource allocation request, the response originating from a component of the VIM in response to the resource allocation request from the VNF manager forwarded to the component of the VIM by the proxy.
  9. The method of claim 8, further comprising:
    receiving, from the proxy, the resource allocation request.
  10. The method of claim 9, further comprising:
    comparing the received resource allocation request with data of a database of authorized resource allocations; and
    determining, based on the comparing, whether the allocation of resources of the request is an authorized resource allocation.
  11. The method of claim 10, wherein in response to a determination that the allocation of resources of the resource allocation request is an authorized resource allocation, the allocation of resources of the request and response is recorded in a resource allocation database, and wherein in response to a determination that the allocation of resources of the resource allocation request is not an authorized resource allocation, an alert is raised to a higher level service management.
  12. The method of claim 8, further comprising:
    sending, to the proxy, an indication for the proxy to redirect and/or rewrite a received resource allocation request, received at the proxy, such that a resource allocation request sent by the proxy is to a component of a VIM different from a component of a VIM specified in the received resource allocation request, and/or relates to an allocation of resources different from an allocation of resources of the received resource allocation request.
  13. The method of claim 8, further comprising:
    updating a database based on the response.
  14. A proxy System for use in a network function virtualization (NFV) System, wherein the NFV System comprises a virtualized network function (VNF) manager for managing a VNF, virtualized infrastructure manager (VIM) for managing a resource, and a NFV orchestrator, wherein the proxy System is to:
    intercept a resource allocation request for the VIM from the VNF manager;
    send the resource allocation request to a component of the VIM;
    receive a response to the resource allocation request from the component of the VIM; and
    forward the response to the NFV orchestrator.
  15. The proxy System of claim 14, wherein the proxy System is further to:
    send the response to the VNF manager.
  16. The proxy System of claim 14, wherein the proxy System is a part of the VIM.
  17. A network function virtualization (NFV) Orchestrator for a NFV System, wherein the NFV System comprises a virtualized network function (VNF) manager for managing a VNF, a virtualized infrastructure manager (VIM) for managing a resource, and a proxy, wherein the NFV Orchestrator comprises an interface to the proxy to:
    receive, from the proxy, a response to a resource allocation request, the response originating from a component of the VIM and sent in response to the resource allocation request from the VNF manager forwarded to the component of the VIM by the proxy.
  18. The network function virtualization (NFV) Orchestrator of claim 17, further to:
    receive, from the proxy, the resource allocation request.
  19. The network function virtualization (NFV) Orchestrator of claim 17, further to:
    update a database based on the response.
EP14305649.7A 2014-04-30 2014-04-30 Network infrastructure management Withdrawn EP2940968A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP14305649.7A EP2940968A1 (en) 2014-04-30 2014-04-30 Network infrastructure management
US15/304,968 US10397352B2 (en) 2014-04-30 2014-08-04 Network infrastructure management
PCT/US2014/049550 WO2015167595A1 (en) 2014-04-30 2014-08-04 Network infrastructure management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP14305649.7A EP2940968A1 (en) 2014-04-30 2014-04-30 Network infrastructure management

Publications (1)

Publication Number Publication Date
EP2940968A1 true EP2940968A1 (en) 2015-11-04

Family

ID=50736014

Family Applications (1)

Application Number Title Priority Date Filing Date
EP14305649.7A Withdrawn EP2940968A1 (en) 2014-04-30 2014-04-30 Network infrastructure management

Country Status (3)

Country Link
US (1) US10397352B2 (en)
EP (1) EP2940968A1 (en)
WO (1) WO2015167595A1 (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106230623A (en) * 2016-07-22 2016-12-14 中国联合网络通信集团有限公司 A kind of VIM site selection method and device
WO2017075796A1 (en) * 2015-11-06 2017-05-11 华为技术有限公司 Method and apparatus for allocating virtual resources in network functions virtualization (nfv) network
WO2017114944A1 (en) * 2015-12-30 2017-07-06 Koninklijke Kpn N.V. Network service requests
WO2017125161A1 (en) * 2016-01-21 2017-07-27 Hewlett Packard Enterprise Development Lp Resource allocation
CN107025126A (en) * 2016-01-29 2017-08-08 中国移动通信集团公司 A kind of resource regulating method, NFVO and system
WO2017137061A1 (en) * 2016-02-08 2017-08-17 Nokia Solutions And Networks Oy Resource placement control in network virtualization scenarios
WO2017143999A1 (en) * 2016-02-26 2017-08-31 中国移动通信集团公司 Resource authorization method for vnf deployment, vnfm and nfvo
CN107135192A (en) * 2016-02-26 2017-09-05 中国移动通信集团公司 Resource authorization method for deploying VNF, VNFM and NFVO
WO2017162054A1 (en) * 2016-03-23 2017-09-28 中兴通讯股份有限公司 Method and device for automatic deployment of application in virtual environment
WO2017166136A1 (en) * 2016-03-30 2017-10-05 华为技术有限公司 Vnf resource allocation method and device
WO2017181875A1 (en) * 2016-04-22 2017-10-26 华为技术有限公司 Virtualized network deployment method and deployment system
CN108243205A (en) * 2016-12-23 2018-07-03 上海诺基亚贝尔股份有限公司 A kind of method, equipment and system for being used to control cloud platform resource allocation
CN108337110A (en) * 2018-01-02 2018-07-27 中兴通讯股份有限公司 A kind of virtual resource management method and device, computer readable storage medium
CN108667777A (en) * 2017-03-31 2018-10-16 华为技术有限公司 A kind of service chaining generation method and network function composer NFVO
CN108886473A (en) * 2016-04-08 2018-11-23 华为技术有限公司 A management method and device
CN108886492A (en) * 2016-04-28 2018-11-23 日本电气株式会社 Network function virtual management and layout device, methods and procedures
CN110018898A (en) * 2018-01-10 2019-07-16 普天信息技术有限公司 Select the method and device of virtualized infrastructure manager
US20200028880A1 (en) * 2015-02-04 2020-01-23 Intel Corporation Technologies for scalable security architecture of virtualized networks

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10116514B1 (en) * 2015-03-30 2018-10-30 Amdocs Development Limited System, method and computer program for deploying an orchestration layer for a network based on network function virtualization (NFV)
EP3855681A1 (en) * 2014-09-25 2021-07-28 Apple Inc. Network functions virtualization
JP6568238B2 (en) * 2015-05-19 2019-08-28 華為技術有限公司Huawei Technologies Co.,Ltd. Hardware acceleration method and related devices
WO2017031698A1 (en) * 2015-08-25 2017-03-02 华为技术有限公司 Method, apparatus, and system for acquiring vnf information
CN106681789A (en) * 2015-11-09 2017-05-17 中兴通讯股份有限公司 Method and device for flexible authorization of network function
EP3466014B1 (en) * 2016-05-27 2020-07-08 Telefonaktiebolaget LM Ericsson (PUBL) Method and arrangement for configuring a secure domain in a network functions virtualization infrastructure
US10318723B1 (en) 2016-11-29 2019-06-11 Sprint Communications Company L.P. Hardware-trusted network-on-chip (NOC) and system-on-chip (SOC) network function virtualization (NFV) data communications
US20180241635A1 (en) * 2017-02-21 2018-08-23 Huawei Technologies Co., Ltd. Method for enabling automation of management and orchestration of network slices
US10735275B2 (en) 2017-06-16 2020-08-04 Cisco Technology, Inc. Releasing and retaining resources for use in a NFV environment
CN109428764B (en) * 2017-09-05 2021-10-15 华为技术有限公司 Virtual network function instantiation method
WO2020077585A1 (en) * 2018-10-18 2020-04-23 华为技术有限公司 Vnf service instantiation method and apparatus
US10826798B2 (en) * 2018-10-25 2020-11-03 Verizon Patent And Licensing Inc. Virtual network function bus-based auto-registration
CN111404712B (en) * 2019-01-02 2023-01-03 中国移动通信有限公司研究院 NFV network element deployment system, method, device, medium and equipment
WO2020167820A1 (en) * 2019-02-12 2020-08-20 Apple Inc. Systems and methods to deploy user plane function (upf) and edge computing virtualized network functions (vnfs) in network functions virtualization (nfv) environment networks
US11856066B2 (en) * 2022-02-25 2023-12-26 Verizon Patent And Licensing Inc. System and methods for managing physical network functions via orchestration

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2284775A2 (en) * 2009-06-25 2011-02-16 VMware, Inc. Management of information technology risk using virtual infrastructures
WO2013138977A1 (en) * 2012-03-19 2013-09-26 Intel Corporation Techniques for packet management in an input/output virtualization system

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6418461B1 (en) 1997-10-06 2002-07-09 Mci Communications Corporation Intelligent call switching node in an intelligent distributed network architecture
US8082344B2 (en) 2007-02-12 2011-12-20 Microsoft Corporation Transaction manager virtualization
WO2011144224A1 (en) * 2010-05-19 2011-11-24 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for managing communications of a physical network entity
WO2012145544A2 (en) 2011-04-19 2012-10-26 Seven Networks, Inc. Device resource sharing for network resource conservation
US8966004B2 (en) 2011-09-29 2015-02-24 Comcast Cable Communications, LLC. Multiple virtual machines in a mobile virtualization platform
TW201410052A (en) 2012-05-09 2014-03-01 Interdigital Patent Holdings Flexible network sharing
US9111241B2 (en) 2012-06-25 2015-08-18 Vmware, Inc. Creation of a social network of members of a virtualization infrastructure
US9973375B2 (en) * 2013-04-22 2018-05-15 Cisco Technology, Inc. App store portal providing point-and-click deployment of third-party virtualized network functions
WO2015082013A1 (en) * 2013-12-06 2015-06-11 Nokia Solutions And Networks Oy Management of network entity selection
KR101868918B1 (en) * 2014-01-17 2018-07-20 노키아 솔루션스 앤드 네트웍스 게엠베하 운트 코. 카게 Controlling of communication network comprising virtualized network functions
US10243863B2 (en) * 2014-02-04 2019-03-26 Nokia Solutions And Networks Oy Service scaling in communications
WO2015126430A1 (en) * 2014-02-24 2015-08-27 Hewlett-Packard Development Company, L.P. Virtual network function management with deactivated virtual machines
US9680708B2 (en) * 2014-03-14 2017-06-13 Veritas Technologies Method and apparatus for cloud resource delivery

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2284775A2 (en) * 2009-06-25 2011-02-16 VMware, Inc. Management of information technology risk using virtual infrastructures
WO2013138977A1 (en) * 2012-03-19 2013-09-26 Intel Corporation Techniques for packet management in an input/output virtualization system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"Network Function Virtualization (NFV) Management and Orchestration;GS NFV-MAN 001", ETSI DRAFT; GS NFV-MAN 001, EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE (ETSI), 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS ; FRANCE, vol. ISG - NFV, no. V0.3.3, 5 March 2014 (2014-03-05), pages 1 - 135, XP014228140 *
"Network Functions Virtualisation (NFV); Architectural Framework", 4 November 2013 (2013-11-04), XP050767875, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg_sa/WG5_TM/TSGS5_92/Docs/> [retrieved on 20131104] *
ETSI NFV REFERENCE ARCHITECTURE FRAMEWORK ETSI GS NFV 002 VI.1.1, October 2013 (2013-10-01)

Cited By (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11533341B2 (en) * 2015-02-04 2022-12-20 Intel Corporation Technologies for scalable security architecture of virtualized networks
US20200028880A1 (en) * 2015-02-04 2020-01-23 Intel Corporation Technologies for scalable security architecture of virtualized networks
CN108028806A (en) * 2015-11-06 2018-05-11 华为技术有限公司 The method and apparatus that virtual resource is distributed in network function virtualization NFV networks
WO2017075796A1 (en) * 2015-11-06 2017-05-11 华为技术有限公司 Method and apparatus for allocating virtual resources in network functions virtualization (nfv) network
EP3358795A4 (en) * 2015-11-06 2018-10-31 Huawei Technologies Co., Ltd. Method and apparatus for allocating virtual resources in network functions virtualization (nfv) network
CN108028806B (en) * 2015-11-06 2020-06-16 华为技术有限公司 Method and apparatus for allocating virtual resources in network function virtualization NFV network
WO2017114944A1 (en) * 2015-12-30 2017-07-06 Koninklijke Kpn N.V. Network service requests
US11349729B2 (en) 2015-12-30 2022-05-31 Koninklijke Kpn N.V. Network service requests
CN109076027B (en) * 2015-12-30 2022-05-17 皇家Kpn公司 web service request
CN109076027A (en) * 2015-12-30 2018-12-21 皇家Kpn公司 network service request
US11915051B2 (en) 2016-01-21 2024-02-27 Suse Llc Allocating resources for network function virtualization
US12190154B2 (en) 2016-01-21 2025-01-07 Suse Llc Allocating resources for network function virtualization
US11650848B2 (en) 2016-01-21 2023-05-16 Suse Llc Allocating resources for network function virtualization
WO2017125161A1 (en) * 2016-01-21 2017-07-27 Hewlett Packard Enterprise Development Lp Resource allocation
CN107025126B (en) * 2016-01-29 2021-03-05 中国移动通信集团公司 Resource scheduling method, NFVO and system
CN107025126A (en) * 2016-01-29 2017-08-08 中国移动通信集团公司 A kind of resource regulating method, NFVO and system
US11249814B2 (en) 2016-02-08 2022-02-15 Nokia Solutions And Networks Oy Resource placement control in network virtualization scenarios
WO2017137061A1 (en) * 2016-02-08 2017-08-17 Nokia Solutions And Networks Oy Resource placement control in network virtualization scenarios
CN108885564A (en) * 2016-02-08 2018-11-23 诺基亚通信公司 Resource in network virtualization scene places control
CN107135192A (en) * 2016-02-26 2017-09-05 中国移动通信集团公司 Resource authorization method for deploying VNF, VNFM and NFVO
EP3422634A4 (en) * 2016-02-26 2019-08-14 China Mobile Communications Group Co., Ltd RESOURCE AUTHORIZATION METHOD FOR VNF, VNFM AND NFVO DEPLOYMENT
CN107135192B (en) * 2016-02-26 2020-04-21 中国移动通信集团公司 Resource authorization method for deploying VNF, VNFM and NFVO
WO2017143999A1 (en) * 2016-02-26 2017-08-31 中国移动通信集团公司 Resource authorization method for vnf deployment, vnfm and nfvo
US10999211B2 (en) 2016-02-26 2021-05-04 China Mobile Communications Group Co., Ltd. Resource authorization method for deployment of virtual network function, virtual network function manager, and network function virtualization orchestrator
WO2017162054A1 (en) * 2016-03-23 2017-09-28 中兴通讯股份有限公司 Method and device for automatic deployment of application in virtual environment
WO2017166136A1 (en) * 2016-03-30 2017-10-05 华为技术有限公司 Vnf resource allocation method and device
US10698741B2 (en) 2016-03-30 2020-06-30 Huawei Technologies Co., Ltd. Resource allocation method for VNF and apparatus
CN108886473A (en) * 2016-04-08 2018-11-23 华为技术有限公司 A management method and device
US11296945B2 (en) 2016-04-08 2022-04-05 Huawei Technologies Co., Ltd. Management method and apparatus
WO2017181875A1 (en) * 2016-04-22 2017-10-26 华为技术有限公司 Virtualized network deployment method and deployment system
US10719348B2 (en) 2016-04-28 2020-07-21 Nec Corporation Network function virtualization management and orchestration apparatus, method, and program
CN108886492A (en) * 2016-04-28 2018-11-23 日本电气株式会社 Network function virtual management and layout device, methods and procedures
EP3451594A4 (en) * 2016-04-28 2019-04-24 Nec Corporation Network function virtualization management orchestration device, method, and program
CN106230623B (en) * 2016-07-22 2019-03-15 中国联合网络通信集团有限公司 A kind of VIM site selection method and device
CN106230623A (en) * 2016-07-22 2016-12-14 中国联合网络通信集团有限公司 A kind of VIM site selection method and device
CN108243205B (en) * 2016-12-23 2021-06-08 上海诺基亚贝尔股份有限公司 Method, equipment and system for controlling resource allocation of cloud platform
CN108243205A (en) * 2016-12-23 2018-07-03 上海诺基亚贝尔股份有限公司 A kind of method, equipment and system for being used to control cloud platform resource allocation
CN108667777A (en) * 2017-03-31 2018-10-16 华为技术有限公司 A kind of service chaining generation method and network function composer NFVO
CN108667777B (en) * 2017-03-31 2021-02-05 华为技术有限公司 Service chain generation method and network function orchestrator NFVO
CN108337110A (en) * 2018-01-02 2018-07-27 中兴通讯股份有限公司 A kind of virtual resource management method and device, computer readable storage medium
CN108337110B (en) * 2018-01-02 2022-01-28 中兴通讯股份有限公司 Virtual resource management method and device and computer readable storage medium
CN110018898A (en) * 2018-01-10 2019-07-16 普天信息技术有限公司 Select the method and device of virtualized infrastructure manager
CN110018898B (en) * 2018-01-10 2021-06-18 普天信息技术有限公司 Method and apparatus for selecting virtualized infrastructure manager

Also Published As

Publication number Publication date
US10397352B2 (en) 2019-08-27
US20170208147A1 (en) 2017-07-20
WO2015167595A1 (en) 2015-11-05

Similar Documents

Publication Publication Date Title
US10397352B2 (en) Network infrastructure management
US11088903B2 (en) Hybrid cloud network configuration management
EP3675418B1 (en) Issuance of service configuration file
US11025628B2 (en) Secure modification of manufacturer usage description files based on device applications
US10503545B2 (en) Universal security agent
US9628290B2 (en) Traffic migration acceleration for overlay virtual environments
US11477247B2 (en) Systems and methods for authenticating platform trust in a network function virtualization environment
US11438242B2 (en) Method for providing PaaS service, management system, and cloud computing service architecture
US9021005B2 (en) System and method to provide remote device management for mobile virtualized platforms
CN103595801B (en) Cloud computing system and real-time monitoring method for virtual machine in cloud computing system
US20160112261A1 (en) Lawful intercept management modules and methods for li-configuration of an internal interception function in a cloud based network
US10250677B1 (en) Decentralized network address control
KR20180066148A (en) Method and device for managing certificates in a network functional virtualization architecture
US20200249975A1 (en) Virtual machine management
US20190028880A1 (en) Method for accessing context data by network service component, apparatus, and system
KR101522139B1 (en) Method for blocking selectively in dns server and change the dns address using proxy
US11228491B1 (en) System and method for distributed cluster configuration monitoring and management
US20100146120A1 (en) Caller-specific visibility masks for networking objects
US11853560B2 (en) Conditional role decision based on source environments
KR20210072816A (en) Provider network service extension
CN114629683B (en) Access method, device, equipment and storage medium of management server
US20240320022A1 (en) Software Operator for Deploying and Managing Bare Metal Clusters
US11775362B2 (en) Content provisioning to virtual machines
US10581663B2 (en) Lightweight software management shell
KR20200119432A (en) Cloud data center operating system

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

17P Request for examination filed

Effective date: 20160418

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: HEWLETT PACKARD ENTERPRISE DEVELOPMENT L.P.

17Q First examination report despatched

Effective date: 20170403

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20170815

OSZAR »