Enabling Automatic VNF Deployment based on Smart Contract Events

The concept of Network Functions Virtualization (NFV) proposes to host physical middleboxes in generic hardware using virtualization technologies, such as Virtual Machines (VMs) [2]. With this virtualization approach, security functions, such as firewalls, Deep Packet Inspection (DPI), and Load Balancers (LB), can be rapidly deployed in the network infrastructure as Virtual Network Functions (VNF) to mitigate attacks (e.g., firewalls, and DPI) or to increase the overall network performance (e.g., LB). In this context, the response time to deploy and allocate resources to these VNFs is crucial. However, currently, the human network operator is responsible for performing the necessary actions (e.g., selecting VNFs, allocating resources, attaching disk volumes, and so on) to deploy the VNFs in the infrastructure. This human-based interaction is prone to errors, delays in the deployment, and requires in-depth infrastructure technical knowledge from operators. Thus, approaches to automate this process are required to decrease the overall response time while simplifying the deployment process.

One approach to address this problem is to rely on events emitted by blockchain-based Smart Contracts (SC) [1] to automatically deploy the defined VNFs in the infrastructure. Blockchain-based SCs provide two interesting properties (a) data immutability, and (b) data decentralization. The first property guarantees the integrity of the values emitted in the events using the underlying cryptographic principles of the blockchain to ensure correct code execution. Whereas the second property guarantees the availability of the SC content because the SC is stored in each of the blockchain nodes.

The goal of this thesis is to research how to automatically deploy and allocate resources to VNFs based on events emitted by SCs. In this sense, the underlying NFV Management and Orchestrator (MANO) must be able to listen to SC events and communicate with blockchain nodes. For example, in the cybersecurity context, whenever a system is under attack, it can signalize an SC [3] that it is under attack, then, the SC can emit an event with the attack characteristics and an NFV-enabled infrastructure, which is listening to SC, can deploy the necessary mitigation VNFs, and inform the domain under attack to redirect its traffic to the VNFs, mitigating the attack. 

[1] M. Alharby and A. van Moorsel. Blockchain-based smart contracts: A systematic mapping study. CoRR, abs/1710.06372, 2017.

[2] ETSI. Network Functions Virtualisation (NFV). White Paper, october 2012. Available at https://portal.etsi.org/nfv/nfv\_white\_paper.pdf Accessed 18 June, 2019.

[3] B. Rodrigues, T. Bocek, and B. Stiller. Enabling a cooperative, multi-domain DDoS defense by a blockchain signaling system (BloSS). In Proceedings of the 42nd IEEE Conference on Local Computer Networks, 2017.