Top

The Journal of Supercomputing

Published in:

23-04-2018

Learning-based dynamic scalable load-balanced firewall as a service in network function-virtualized cloud computing environments

Authors: Naghmeh Dezhabad, Saeed Sharifian

Published in: The Journal of Supercomputing | Issue 7/2018

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Network function virtualization (NFV) is a network architecture which tries to provide communication services in clouds through virtualization techniques. Actually, NFV combines server and service and replaces a lot of network devices. NFV deploys software applications instead of hardware devices and therefore reduces network provider’s financial costs and facilities manageability. One of the services that NFVs present is virtualized firewalls in clouds. As other services in clouds, firewalls should be dynamically scaled to the needs of any business and adapt as demands increase. In this paper, a method is proposed for dynamic auto-scalability of the firewall service in cloud environments. The proposed method also balances incoming load among different virtualized firewalls which are installed as a software on virtual machines and are located in one pool. We consider a queuing model for each virtual machine. The goal here is to determine the number of active virtualized firewalls required in different time steps according to the intensity of incoming load and the proportion of total requests that goes to each firewall. Decisions are made regarding the utilization of firewall virtual machines so that QoS requirements can be met; at the same time, the resources will be saved in order to balance the performance with the cost of allocated firewall virtual machines. To solve the problem, we propose a hybrid genetic algorithm and reinforcement learning-based approach, namely GARLAS (genetic algorithm and reinforcement learning-based autonomic scaling), implemented in a cloud manager. The results of simulation with MATLAB on different realistic workloads demonstrate that the approach is able to find an optimal policy in both scalability and load balancing aspects. Also, it leads to 87.91 and 85.15% of lower average response time and 9.93 and 11.77% of improvement in utilization in comparison with static and threshold-based approaches, respectively.

previous article Design and performance evaluation of mixed multicast architecture for internet of things environment

next article Brokerage-based dependability integration in cloud computing services

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Sosinsky B (2011) Cloud computing bible. Wiley, Indianapolis

Mell P, Grance T (2011) The NIST definition of cloud computing, National Institute of Standards and Technology

Martins J, Ahmed M, Raiciu C, Olteanu V, Honda M, Bifulco R, Huici F (2014) ClickOS and the art of network function virtualization. In: 11th USENIX Conference on Networked Systems Design and Implementation, Berkeley

Li Y, Chen M (2015) Software-defined network function virtualization: a survey. IEEE Access 3:2542–2553CrossRef

Sekar V, Egi N, Ratnasamy S, Reiter MK, Shi G (2012) Design and implementation of a consolidated middlebox architecture. In: 9th USENIX Conference on Networked Systems Design and Implementation, Berkeley

Khakpour AR, Liu AX (2012) First step toward cloud-based firewalling. In: IEEE 31st Symposium on Reliable Distributed Systems (SRDS), Irvine, CA, pp 8–11

AT&T-Network-Based Firewall. http://www.business.att.com/enterprise/Family/network-security/firewall-endpoint/. Accessed Nov 2016

Salah K, Elbadawi K, Boutaba R (2012) Performance modeling and analysis of network firewalls. IEEE Trans Netw Serv Manag 9(1):12–21CrossRef

Cheswick WR, Bellovin SM, Rubin AD (2003) Firewalls and internet security: repelling the wily hacker. Addison-Wesley, BostonMATH

10.

Fuchs C (2012) Implications of deep packet inspection (DPI) internet surveillance for society. The Privacy & Security Research Paper Series, Department of Informatics and Media, Uppsala University, Sweden

11.

Virtual firewall appliances: trust misplaced (2012). http://blog.cloudpassage.com/2012/01/24/virtual-firewall-appliances-trust-misplaced/. Accessed Nov 2016

12.

He X, Chomsiri T, Namda P, Tan Z (2014) Improving cloud network security using the tree-rule firewall. Future Gen Comput Syst J 30:116–126CrossRef

13.

Kang S, Yoon W (2016) SDN-based resource allocation for heterogeneous LTE and WLAN multi-radio networks. J Supercomput 72(4):1342–1362CrossRef

14.

Kim Y-h, Lim H-k, Kim K-h, Han Y-H (2017) A SDN-based distributed mobility management in LTE/EPC network. J Supercomput 73(7):2919–2933. https://doi.org/10.1007/s11227-016-1724-9

15.

Chen N, Rong B, Mouaki A, Li W (2015) Self-organizing scheme based on NFV and SDN architecture for future heterogeneous networks. Mobile Netw Appl 20(4):466–472CrossRef

16.

Li P, Lia J, Huang Z, Li T, Gao C-Z, Yiu S-M, Chen K (2017) Multi-key privacy-preserving deep learning in cloud computing. Future Gen Comput Syst 74:76–85CrossRef

17.

Li J, Li J, Chen X, Jia C, Lou W (2015) Identity-based encryption with outsourced revocation in cloud computing. IEEE Trans Comput 64(2):425–437MathSciNetCrossRefMATH

18.

Luo S, Lin Z, Chen X, Yang Z, Chen J (2011) Virtualization security for cloud computing service. In: IEEE International Conference on Cloud and Service Computing

19.

Berthelot C (2011) Evaluation of a virtual firewall in a cloud environment. MSc Thesis, Napier University, Edinburgh

20.

Antonescu AF, Braun T (2016) Simulation of SLA-based VM-scaling algorithms for cloud-distributed applications. Future Gen Comput Syst 54:260–273. https://doi.org/10.1016/j.future.2015.01.015 CrossRef

21.

Kaur PD, Chana I (2014) A resource elasticity framework for QoS-aware execution of cloud applications. Future Gen Comput Syst 37(1):14–25CrossRef

22.

Lin W, Wang JZ, Liang C, Qi D (2011) A threshold-based dynamic resource allocation scheme for cloud computing. Proc Eng 23:695–703CrossRef

23.

Beloglazov A, Buyya R (2010) Adaptive threshold-based approach for energy-efficient consolidation of virtual machines in cloud data centers. In: Proceedings of the 8th International Workshop on Middleware for Grids, Clouds and e-Science. ACM, p 4

24.

Dutreilh X, Rivierre N, Moreau A, Malenfant J, Truck I (2010) From data center resource allocation to control theory and back. In: Proceedings of the 3rd IEEE International Conference on Cloud Computing, CLOUD 2010, Application and Industry Track. IEEE, pp 410–417

25.

Rao J, Bu X, Xu C, Wang L, Yin G (2009) VCONF: a reinforcement learning approach to virtual machines auto-configuration. In: ICAC ‘09 Proceedings of the 6th International Conference on Autonomic Computing, pp 137–146

26.

Dutreilh X, Kirgizov S, Melekhova O, Malenfant J, Rivierre N, Truck I (2011) Using reinforcement learning for autonomic resource allocation in clouds: toward a fully automated workflow. In: ICAS 2011: The Seventh International Conference on Autonomic and Autonomous Systems

27.

Barret E, Howley E, Duggan J (2013) Applying reinforcement learning toward automating resource allocation and application scalability in the cloud. Concurr Comput Pract Exp 25(12):1656–1674CrossRef

28.

Yazdanov L, Fetzer C (2013) VScaler: autonomic virtual machine scaling. In: IEEE Sixth International Conference on Cloud Computing (CLOUD), CA, USA, pp 212–219

29.

Rashidi S, Sharifian S (2017) A hybrid heuristic queue based algorithm for task assignment in mobile cloud. Future Gen Comput Syst 68:31–345CrossRef

30.

Wu H, Kemme B (2009) A unified framework for load distribution and fault-tolerance of application servers. In: Euro-Par’09: Proceedings of the 15th International Euro-Par Conference on Parallel Processing. Springer, Berlin, pp 178–190

31.

Rashidi S, Sharifian S (2017) Cloudlet dynamic server selection policy for mobile task off-loading in mobile cloud computing using soft computing techniques. J Supercomput. https://doi.org/10.1007/s11227-017-1983-0

32.

Ajit M, Vidya G (2013) VM level load balancing in cloud environment. In: Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT)

33.

Geethu Gopinath PP, Vasudevan SK (2015) An in-depth analysis and study of load balancing techniques in the cloud computing environment. Big Data Cloud Comput Chall 50:427–432

34.

Fu H, Zhang M (2006) Online adaptive firewall allocation in internet data center. J Comput Commun 29(10):1858–1867CrossRef

35.

Trag D, Tran N, Nguyen G, Nguyen BM (2017) A proactive cloud scaling model based on fuzzy time series and SLA awareness. Proc Comput Sci 108:365–374CrossRef

36.

Salah K, Calyam P, Boutaba R (2017) Analytical model for elastic scaling of cloud-based firewalls. IEEE Trans Netw Serv Manag 14(1):136–146CrossRef

37.

Vondra T, Šedivý J (2017) Cloud autoscaling simulation based on queueing network model. Simul Model Pract Theory 70:83–100CrossRef

38.

Arlitt MF, Williamson CL (1996) Web server workload characterization: the search for invariants. ACM SIGMETRICS Perform Eval Rev 24(1):126–137CrossRef

39.

Downey AB (2001) Evidence for long-tailed distributions in the Internet. In 1st ACM SIGCOMM Workshop on Internet Measurement, NY, USA

40.

Jin X, Min G (2008) QoS analysis of queuing systems with self-similar traffic and heavy-tailed packet sizes. In: IEEE International Conference on Communications, Beijing

41.

Downey AB (2001) The structural cause of file size. In: Ninth International Symposium on Distributions, Modeling, Analysis and Simulation of Computer and Telecommunication Systems, Cincinnati, OH

42.

Johnson NL, Kotz S, Balakrishnan N (1994) Lognormal distributions. Continuous univariate distributions. Wiley series in probability and mathematical statistics: applied probability and statistics, 2nd edn. New York, USA

43.

Duda RO, Hart PE, Stork DG (2001) Pattern classification, 2nd edn. Wiley, HobokenMATH

44.

Sutton RS, Barto AG (1998) Reinforcement learning: an introduction. MIT Press, Cambridge

45.

Sigaud O, Buffet O (2010) Markov decision process in artificial intelligence. Wiley, HobokenMATH

46.

Littman ML (1996) Algorithms for sequential decision making. Ph.D. thesis, Department of Computer Science, Brown University, Rhode Island, USA

47.

Bolch G, Greiner S, de Meer H, Trivedi KS (2006) Queueing networks and markov chain, modeling and performance evaluation with computer science application. Wiley, HobokenCrossRefMATH

48.

Yegenoglu F, Faris F, Qadan O (2000) A model for representing wide area internet packet behavior. In: IEEE International Conference on Performance, Computing, and Communications

49.

Elbeltagi E, Hegazy T, Grierson D (2005) Comparison among five evolutionary-based optimization algorithms. J Adv Eng Inform 19(1):43–53CrossRef

50.

Goldberg D (1989) Genetic algorithms in search, optimization and machine learning. Addison-Wesley, BostonMATH

51.

Monge DA, Pacini E, Mateos C, Garino CG (2017) Meta-heuristic based autoscaling of cloud-based parameter sweep experiments with unreliable virtual machines instances. Comput Electr Eng. https://doi.org/10.1016/j.compeleceng.2017.12.007

Title: Learning-based dynamic scalable load-balanced firewall as a service in network function-virtualized cloud computing environments
Authors: Naghmeh Dezhabad
Saeed Sharifian
Publication date: 23-04-2018
Publisher: Springer US
Published in: The Journal of Supercomputing / Issue 7/2018
Print ISSN: 0920-8542
Electronic ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-018-2387-5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Other articles of this Issue 7/2018

Incentive-aware virtual machine scheduling in cloud computing

A hybrid GPU cluster and volunteer computing platform for scalable deep learning

Balancing the learning ability and memory demand of a perceptron-based dynamically trainable neural network

Resource optimization of container orchestration: a case study in multi-cloud microservices-based applications

Fast induced sorting suffixes on a multicore machine

Efficient implementation of space–time adaptive processing for adaptive weights calculation based on floating point FPGAs

Premium Partner