Visible to the public FlowSNAC: Improving FlowNAC with Secure Scaling and Resiliency

TitleFlowSNAC: Improving FlowNAC with Secure Scaling and Resiliency
Publication TypeConference Paper
Year of Publication2016
AuthorsMatias, J., Garay, J., Jacob, E., Sköldström, P., Ghafoor, A.
Conference Name2016 Fifth European Workshop on Software-Defined Networks (EWSDN)
Keywordsauthentication, Degradation, FlowNAC, FlowSNAC, life-cycle management, Load management, Monitoring, network function virtualization, NFV, orchestration systems, process control, product life cycle management, pubcrawl, Resiliency, Resilient Security Architectures, resource allocation, resource allocations, Resource management, SDN, SDN/NFV management, secure scaling, Secure State Migration, secure state transfer, security, service degradation, software defined networking, stateless components, traffic steering, VNF services

Life-cycle management of stateful VNF services is a complicated task, especially when automated resiliency and scaling should be handled in a secure manner, without service degradation. We present FlowSNAC, a resilient and scalable VNF service for user authentication and service deployment. FlowSNAC consists of both stateful and stateless components, some of that are SDN-based and others that are NFVs. We describe how it adapts to changing conditions by automatically updating resource allocations through a series of intermediate steps of traffic steering, resource allocation, and secure state transfer. We conclude by highlighting some of the lessons learned during implementation, and their wider consequences for the architecture of SDN/NFV management and orchestration systems.

Citation Keymatias_flowsnac:_2016