-
Secure Service Implementation with Slice Isolation and WireGuard
Authors:
Sondre Kielland,
Ali Esmaeily,
Katina Kralevska,
Danilo Gligoroski
Abstract:
Network slicing enables the provision of services for different verticals over a shared infrastructure. Nevertheless, security is still one of the main challenges when sharing resources. In this paper, we study how WireGuard can provide an encrypted Virtual Private Network (VPN) tunnel as a service between network functions in 5G setting. The open source management and orchestration entity deploys…
▽ More
Network slicing enables the provision of services for different verticals over a shared infrastructure. Nevertheless, security is still one of the main challenges when sharing resources. In this paper, we study how WireGuard can provide an encrypted Virtual Private Network (VPN) tunnel as a service between network functions in 5G setting. The open source management and orchestration entity deploys and orchestrates the network functions into network services and slices. We create multiple scenarios emulating a real-life cellular network deploying VPN-as-a-Service between the different network functions to secure and isolate network slices. The performance measurements demonstrate from 0.8 Gbps to 2.5 Gbps throughput and below 1ms delay between network functions using WireGuard. The performance evaluation results are aligned with 5G key performance indicators, making WireGuard suited to provide security in slice isolation in future generations of cellular networks.
△ Less
Submitted 25 July, 2022;
originally announced July 2022.
-
Slicing Scheduling for Supporting Critical Traffic in Beyond 5G
Authors:
Ali Esmaeily,
Katina Kralevska,
Toktam Mahmoodi
Abstract:
One of the most challenging services fifth-generation (5G) mobile network is designed to support, is the critical services in-need of very low latency, and/or high reliability. It is now clear that such critical services will also be at the core of beyond 5G (B5G) networks. While 5G radio design accommodates such supports by introducing more flexibility in timing, how efficiently those services co…
▽ More
One of the most challenging services fifth-generation (5G) mobile network is designed to support, is the critical services in-need of very low latency, and/or high reliability. It is now clear that such critical services will also be at the core of beyond 5G (B5G) networks. While 5G radio design accommodates such supports by introducing more flexibility in timing, how efficiently those services could be scheduled over a shared network with other broadband services remains as a challenge. In this paper, we use network slicing as an enabler for network sharing and propose an optimization framework to schedule resources to critical services via puncturing technique with minimal impact on the regular broadband services. We then thoroughly examine the performance of the framework in terms of throughput and reliability through simulation.
△ Less
Submitted 6 December, 2021; v1 submitted 30 November, 2021;
originally announced December 2021.
-
Small-Scale 5G Testbeds for Network Slicing Deployment: A Systematic Review
Authors:
Ali Esmaeily,
Katina Kralevska
Abstract:
Develo** specialized cloud-based and open-source testbeds is a practical approach to investigate network slicing functionalities in the fifth-generation (5G) mobile networks. This paper provides a comprehensive review of most of the existing cost-efficient and small-scale testbeds that partially or fully deploy network slicing. First, we present relevant software packages for the three main func…
▽ More
Develo** specialized cloud-based and open-source testbeds is a practical approach to investigate network slicing functionalities in the fifth-generation (5G) mobile networks. This paper provides a comprehensive review of most of the existing cost-efficient and small-scale testbeds that partially or fully deploy network slicing. First, we present relevant software packages for the three main functional blocks of the ETSI NFV MANO framework and for emulating the access and core network domains. Second, we define primary and secondary design criteria for deploying network slicing testbeds. These design criteria are later used for comparison between the testbeds. Third, we present the state-of-the-art testbeds, including their design objectives, key technologies, network slicing deployment, and experiments. Next, we evaluate the testbeds according to the defined design criteria and present an in-depth summary table. This assessment concludes with the superiority of some of them over the rest and the most dominant software packages satisfying the ETSI NFV MANO framework. Finally, challenges, potential solutions, and future works of network slicing testbeds are discussed.
△ Less
Submitted 18 April, 2021;
originally announced April 2021.
-
5G Network Slice Isolation with WireGuard and Open Source MANO: A VPNaaS Proof-of-Concept
Authors:
Simen Haga,
Ali Esmaeily,
Katina Kralevska,
Danilo Gligoroski
Abstract:
The fifth-generation (5G) mobile networks aim to host different types of services on the same physical infrastructure. Network slicing is considered as the key enabler for achieving this goal. Although there is some progress in applying and implementing network slicing in the context of 5G, the security and performance of network slicing still have many open research questions. In this paper, we p…
▽ More
The fifth-generation (5G) mobile networks aim to host different types of services on the same physical infrastructure. Network slicing is considered as the key enabler for achieving this goal. Although there is some progress in applying and implementing network slicing in the context of 5G, the security and performance of network slicing still have many open research questions. In this paper, we propose the first OSM-WireGuard framework and its lifecycle. We implement the WireGuard secure network tunneling protocol in a 5G network to provide a VPN-as-a-Service (VPNaaS) functionality for virtualized network functions. We demonstrate that OSM instantiates WireGuard-enabled services up and running in 4 min 26 sec, with potential the initialization time to go down to 2 min 44 sec if the operator prepares images with a pre-installed and up-to-date version of WireGuard before the on-boarding process. We also show that the OSM-WireGuard framework provides considerable enhancement of up to 5.3 times higher network throughput and up to 41% lower latency compared to OpenVPN. The reported results show that the proposed framework is a promising solution for providing traffic isolation with strict latency and throughput requirements.
△ Less
Submitted 8 October, 2020;
originally announced October 2020.
-
A Cloud-based SDN/NFV Testbed for End-to-End Network Slicing in 4G/5G
Authors:
Ali Esmaeily,
Katina Kralevska,
Danilo Gligoroski
Abstract:
Network slicing aims to shape 5G as a flexible, scalable, and demand-oriented network. Research communities deploy small-scale and cost-efficient testbeds in order to evaluate network slicing functionalities. We introduce a novel testbed, called 5GIIK, that provides implementation, management, and orchestration of network slices across all network domains and different access technologies. Our met…
▽ More
Network slicing aims to shape 5G as a flexible, scalable, and demand-oriented network. Research communities deploy small-scale and cost-efficient testbeds in order to evaluate network slicing functionalities. We introduce a novel testbed, called 5GIIK, that provides implementation, management, and orchestration of network slices across all network domains and different access technologies. Our methodology identifies design criteria that are a superset of the features present in other state-of-the-art testbeds and determines appropriate open-source tools for implementing them. 5GIIK is one of the most comprehensive testbeds because it provides additional features and capabilities such as slice provision dynamicity, real-time monitoring of VMs, and VNF-onboarding to different VIMs. We illustrate the potentials of the proposed testbed and present initial results.
△ Less
Submitted 14 May, 2020; v1 submitted 22 April, 2020;
originally announced April 2020.