Multi-Provider Secure Virtual Network Embedding

摘要

Network virtualization enables tenants to lease computing and networking resources from one or more infrastructure provider (InP), like in Infrastructure as a Service (IaaS). As such, tenants outsource their networks, fully or partially, to reduce their capital expenditure, while expecting to still provide the same quality of service to their customers. Yet, such services may rely on data considered as sensitive by tenants, tenants' customers or the law, which should be protected appropriately. Besides, personal data protection laws paired with the objective to offer an optimal customer experience may lead tenants to distribute their virtual networks over multiple InPs. Yet, the interconnection between different InPs should respect their security policies. In this paper, we aim to ease the adoption of network virtualization by guaranteeing both tenants and InPs that their security policies are all enforced when creating a virtual network. To this end, we present a Virtual Network Embedding solution in a multi-provider context, and how we leverage it in a use case.