A survey on the communication and network enablers for cloud-based services: state of the art, challenges, and opportunities
- 337 Downloads
The wide adoption of the cloud computing concept has resulted in major impacts in both fixed and mobile communication networks leading to cutting-edge research to provide appropriate network architecture and protocols, along with resource management mechanisms. Cloud computing research has been witnessing the interplay between the system and communication aspects in order to offer powerful inter-networking and interoperability between the systems and networks. This paper reviews recent works focusing on architectural design issues, virtualization solutions, and challenges in cloud communications and networking. We mainly discuss the architectural challenges and solutions in today’s leading cloud communication technologies starting with network virtualization, software-defined networking (SDN), network function virtualization (NFV), and SDN-enabled NFV solutions. Furthermore, considering the benefits of cloud computing for mobile communications, we overview the cloud-RAN architecture for radio access networks, along with its support for various existing and future wireless communication technologies including future 5G wireless networks. We study each cloud communication technology by focusing on the existing works from the standpoint of objectives, challenges, and solutions. Furthermore, for all cloud communication concepts, we present a thorough discussion on the open issues and opportunities.
KeywordsCloud communications Cloud networking Network virtualization Software-defined networking Network function virtualization Cloud radio access networks 5G
During the last decade, significant improvements have occurred in the area of cloud computing. Cloud computing is a type of hosted service that uses the Internet to offer the information technology service to customers. The major benefits of the cloud-based technology solutions include scalability, resilience, flexibility, efficiency, and outsourcing of non-core activities while ensuring security and robustness of cloud services remains as challenges . Cloud networking has appeared as a cloud-inspired solution to make network resources available to the organizations over the Internet so that the organizations can reduce recurring and non-recurring costs to maintain a network infrastructure. Furthermore, by opting-in a cloud networking solution, scaling out/down elastically becomes possible whenever required .
Cloud computing has introduced a major impact to both fixed and mobile communication networks, and led to several challenges and requirements to provide standardized network architecture and protocols . We categorize the issues in cloud networking under three themes, namely architectural design issues, network virtualization issues, and issues related to software defined networking.
Cloud architectural issues come under the category of infrastructure as a service (IaaS), which raises the problem of designing basic cloud infrastructures along with security issues related to guarantee system robustness, resilience, privacy/data protection, and availability issues. Indeed, the main challenge in the architectural design is to ensure that services remain uninterrupted and without degradation in the service quality .
Network virtualization basically denotes decoupling of the roles of the traditional Internet service provider (ISPs) into the following independent entities: (1) infrastructure providers (InPs) that are responsible for the management of the physical infrastructure. (2) Service providers (SP) that aggregate resources from multiple infrastructure providers and create virtual networks to offer end-to-end services . For wide adoption of network function virtualization, standard interfaces between SPs and InPs along with signaling and bootstrapping have to be implemented. Furthermore, resource and topology discovery requires the InPs to have the full topological view of the network in terms of interconnection between the existing physical nodes and the capacities of these nodes and links whereas the SPs should be able to discover the presence and topology of other co-existing virtual networks enabling these virtual networks to collaborate and communicate with each other to provide a more complex service. In addition to these, network virtualization also bares challenges related to admission control and usage policy, mobility management, and security/privacy .
Software-defined networking (SDN) stands for the decoupling of the data plane and control plane for the sake of flexible programmability of the network through a centralized controller . While SDN transforms the conventional networking paradigm, several challenges are faced in the implementation of SDN despite its effective and efficient use in cloud computing. Some of these challenges include controller placement, scalability, performance, security, interoperability, reliability, increasing demands, and implementation.
Prior to this study, several survey articles have tackled different aspects of cloud computing and communications. In , the authors present a survey on particularly SDN, discussing its architecture and recent developments along with the research challenges and issues that need to be addressed for future development of SDN. In , the authors mainly focus on the energy efficiency of the infrastructure by discussing the energy efficiency correlation between many ICT domains. Furthermore, existing research and development in these domains that support cloud computing are reviewed. In addition to these, in , the authors discuss various energy efficiency techniques to overcome the high energy consumption challenges. Furthermore, in the same study, software-based optimization techniques are presented to achieve minimum energy consumption. The study in  focuses on the decentralization of computing functionality out of the data centers and the need for a new architecture in the cloud infrastructure for data intensive computing and other requirements. In , a survey study focusing on stability, agility, latency, and multi-tenancy aspects of data center networks. Resource management in clouds has also been tackled in a survey study .
Apart from prior surveys, in this paper, we provide a thorough review of the state of the art for the communication and networking enablers that can help to expand the adoption of cloud services. While surveying these enablers, we particularly focus on the architectural design issues, network virtualization and software-defined-based solutions. Furthermore, we also present cloud radio access (C-RAN) solutions and their integration with the 5G networks. Based on the state of the art and requirements for all of these technologies, we identify open issues and challenges under each subject.
The rest of the paper is organized as follows. In Section 2, we present the design issues in cloud communications. Section 3 reviews the network virtualization concept and its connection to the cloud computing concept. Section 4 presents the SDN and NFV concepts separately, and moves into integrated SDN-NFV solutions along with the opportunities and challenges when the two concepts are combined. Section 5 approaches the problem from a wired/wireless integration standpoint by investigating the role of C-RAN in the 5G era from various perspectives. Finally, in Section 6, we provide a high level summary of the reviewed solutions, and give future directions.
2 Design issues in cloud networking
In this section, we present a brief review on cloud computing service architecture, along with the design issues and challenges. We particularly present cloud deployment models and the security issues faced by cloud architectures. Furthermore, we also present the communication modes in cloud networking in comparison with traditional communication modes. This is followed by a brief discussion on cloud networking challenges with inter-data center and intra-data center networks. We also present some of the practical aspects and issues faced in cloud networking.
2.1 Service architectures
A service provider in a cloud computing environment is a two-tier entity that consists of InPs and the SPs. The InPs are responsible for managing the cloud platforms, resource provisioning, and pay-per-use billing whereas the SPs rent the resources provided by one or more InPs. In its simplest form, the cloud architecture can be considered as a four-layer model with the following layers: hardware layer, infrastructure layer, platform layer, and application layer. Cloud services operate on these layers, and they can be grouped under the following three categories: IaaS, platform as a service (PaaS), and software as a service (SaaS) [56, 158].
In IaaS, the infrastructural resources such as virtual machines are provisioned on demand. PaaS offers a platform for the users to develop and run their own applications by accessing programming tools, libraries, services, and tools that are compatible and supported by the infrastructure of the SP. In SaaS, users are subscribed to applications running on the cloud. Access to SaaS applications requires thin client interfaces or a program interface.
Several platforms are available to evaluate design and planning models of cloud infrastructures and to overcome. CloudSim is a Java-based cloud simulator that enables simulation of a cloud system consisting of large data centers . The necessary features of cloud computing model can be achieved by CloudSim. The simulator allows the developer to replicate the external and internal deployment of services. It allows modeling of the storage and provisioning of resources among virtual machines along with application services and brokerage. Recently, new functionalities to simulate containerized clouds have also been introduced to the CloudSim simulator . The GreenCloud is mainly used as an energy aware and packet-level simulator for cloud computing infrastructures by introducing detailed energy consumption information . GreenCloud is implemented over the NS2 network simulator by introducing infrastructural components such as servers, switches, links, and workload. The authors in  present a performance study on cloud computing simulators and identify the benefit of the GreenCloud simulator as the availability of application deadline specification to start and stop an application. Moreover, providing packet-level energy consumption information and the support for many power saving algorithms have been pointed out as further benefits of the GreenCloud simulator . OpenStack is a widely recognized open source cloud platform that allows developers to deploy public and private IaaS cloud scenarios in a scalable and efficient manner. OpenStack is built on a three-node structure to deploy a cloud, namely the compute, controller, and network nodes .
2.2 Cloud deployment models
There are three deployment models in the cloud, namely private clouds, public clouds, and hybrid clouds. A private cloud is dedicated for the use of a single organization. The private cloud can be built or managed either by the organization in its corporate data center or by external providers in their cloud data centers. Private cloud services offer high availability, high reliability, security, and rapid control over performance.
Private clouds are ideal for organizations that have dynamic computing needs and work with highly sensitive information. The users have the ability to perform multi-tenancy, self-service, scalability, and on demand resource made available for computing . Despite these benefits, high operational costs and—if the data center is to be on premise—high capital expenditures for equipment, application deployment, resources staffing, and security are the drawbacks of private cloud deployment. Thus, the benefit of no up-front cost and pay as you go service costs do not exactly exist in a private cloud deployment since a dedicated data center deployment will be required. Consequently, prolonged service outages are also likely to happen [56, 158].
In the public cloud deployment model, SPs own the infrastructure and provide their resources as service to multiple consumers. Public clouds offer reduced capital expenditures because of not requiring initial investment on the infrastructure, high scalability, and on demand availability of resources. On the other hand, public clouds lack fine grained control over data, security, and network settings .
Hybrid clouds offer a combination of the public cloud and the private cloud services with the aim of addressing the limitation of each approach by splitting the service infrastructure between private and public clouds. Hybrid clouds offer flexibility, controllability, and security over the application data in comparison to public clouds [56, 158].
2.3 Practical cloud networking aspects and issues
In this section, we present some of the practical issues seen in cloud networking, some of which still remain challenges to the providers.
2.3.1 Elastic load balancers and virtual private cloud
Elastic load balancer (ELB) is primarily used to balance the distribution of incoming traffic from the users over the active instances. Automatic distribution of incoming traffic helps to offer high availability. Furthermore, it also provides security as it works along with the virtual private cloud (VPC) to provide integrated certificate management and secure socket layer (SSL) decryption. Availability guarantee under ELB is provided by handling any failure or surge in the network traffic through autoscaling. For instance, AWS ELB runs continuous monitoring of the incoming traffic metrics and works in coordination with Amazon CloudWatch . Despite the load balancing functionality introduced by ELB in the network, there exist several practical challenges. For instance, due to the unavailability of private IP, a conventional security group can not be created with an ELB. A proposed solution to cope with this challenge is to use an HAProxy software load balancer that has a private IP address and hence can be used with the security group .
2.3.2 Virtual IP addresses
Virtual IP address or VIP was initially proposed as a remedy to the loss of communication in the case of an adapter failure that leads to disruption in packet transmission. Load balancers are configured with virtual IP addresses, and arriving requests towards a VIP destination are routed to the appropriate domain in layer 2. The physical IP addresses are configured for each VIP on the load balancer. In the case of a failure of a load balancer, another load balancer takes over to ensure service continuity [3, 48, 101].
2.3.3 Virtual private clouds (VPCs)
There are various challenges experienced with the adoption of cloud services for enterprise-level use. Typical challenges occur when linking applications to virtual machines outside the cloud to the applications on virtual machines within the cloud. Major issues arise from the viewpoint of the flexibility of resource allocation and security. Virtual private cloud (VPC) concept is considered to be a possible solution to overcome these challenges. VPC acts as a private cloud infrastructure within a public cloud setting, thus providing enterprises with the secure set of cloud computing resources that are connected to their own infrastructure via VPNs. VPCs can be used to create a large pool of resources that can be accessed by multiple sites at the same time. By a VPC, the enterprise users are granted access to any range of IP addresses without any conflicts with other public cloud users. Moreover, a VPC provides secure connection and eliminates the need for setting up firewalls on the cloud and the enterprise site. A major concern here is that SPs remotely specify the security settings and are not completely aware if it is implemented completely . Hence, the SPs have to ensure that for each VPC, the LAN is properly segmented and different cloud enterprise users are isolated .
2.3.4 Inter-data center and intra-data center networks
Inter-data center networking aims to interconnect geographically distributed servers over high speed links with high availability and resilience. Major concern is to identify the optimal placement of data centers and dimensioning the network. The authors in  propose using location independent addressing and having servers be a part of any server pool. The authors in  propose to transfer the data by splitting and forwarding along multiple destination paths with intermediate data centers in order to use the left over bandwidth in inter-data center network during the off-peak periods. This method is well-suited for performing backups and migration of non-real time data. In order to achieve energy efficient communication in inter-data center networks, the authors in  propose anycast/manycast-based provisioning strategies for upstream traffic towards data centers over IP-over-WDM backbone. The authors in , discuss the architecture and network design to achieve resilience and low cost energy consumption in inter-data center communication over elastic optical network backbone. To achieve resiliency in communication between end users and geographically distributed data centers, the authors propose manycast/multicast communication protocols. In these works, when inter-datacenter links are provisioned over IP-over-WDM links, requests are routed over virtual links that are to be mapped onto physical paths. A virtual link consists of a set of physical light-paths that enable communication over a wavelength channel.
As for the intra-data center networking, the study in  presents available optical technologies to interconnect huge number of identical servers and switches. This allows us to take advantage of the distributed compute power from parallel CPU in the warehouse scale-data centers. The application layer software can efficiently use the distributed compute power by assigning parallel jobs to any server irrespective of location and communication overhead. In order to achieve this aims, a flattened network with high bandwidth among the servers that are interconnected must be provided. Various topologies can enable intra-datacenter networking. These include cluster computing architectures like torus, hypercube, fat-tree , and flattened butterfly . It is stated that the limitation of the number of ports on the cluster switches will eventually limit the number of servers that can be interconnected in a cluster. It is also worth mentioning that the rich bandwidth availability in an intra-data center network enables efficient energy consumption .
2.4 Cloud computing security
Security is a major concern in order to implement a protected and robust system by aiming at data confidentiality, privacy, integrity, and availability. The bigger the cloud computing market expands the more susceptible it gets to attacks of various forms. It is not possible for the cloud vendors to protect all the users’ sensitive data even with firewall and other security features setup in their environment. It is also necessary to choose a reliable SP before setting up a cloud environment because all the organizations’ sensitive data will be stored in a third party cloud SPs’ location [56, 114, 158].
The authors in  present the issues concerning data security, where the SP depends on the infrastructure provider for data security. This is similar to the case under VPC where the confidentiality and audit-ability of the data in the cloud is provided by the infrastructure provider . Furthermore, a trusted platform module (TPM) to achieve trust at the hardware layer is also considered while the use of virtual machine monitors are proposed to secure the virtualization platform . While migration and encryption attacks target the infrastructure layer, the attacks seen in the platform layer include man-in-the-middle, XML, and injection attacks . Solutions proposed to overcome these attacks are mutual authentication, authorization, and web services security standards. To address software layer vulnerabilities, clients depend on the SPs . Solutions to ensure software level security include strong encryption techniques and fine-grained authorization control. Last but not least, DNS and Sniffer attacks are typical threats in the network layer, and mitigation efforts include using domain name system security extensions and sniffer program in the NIC .
3 Network virtualization
Prior to this section, communication modes in cloud systems, as well as virtual topology design and challenges have been briefly introduced. In this section, we present detailed review of network virtualization benefits and challenges.
The concept of virtualization descents from the virtual memory concept, which led to the concepts of storage and desktop virtualization, and finally to the virtualization of networks through virtual private networks (VPN), enabling secure access to private networks and VLANs, which allow multiple users to access the network with isolation and no interference from other users. Virtualization plays an important role in providing isolation, shared resources, aggregation, dynamic reallocation, and ease of management . With the advent of cloud computing and virtualization of computing resources, network virtualization decouples the roles of the conventional ISP into infrastructure provisioning and service provisioning.
One of the key benefits of network virtualization is scalable management of resources. For instance, moving a virtual machine (VM) from one subnet to another changes its IP address resulting in complicated routing. Since IP addresses are known to be locators and system identifiers when a VM moves its layer 3 identifier changes, thus when the VM is moved with in the same subnet (i.e., L2 domain) it is less complex than moving between different subnets.
Network virtualization also enables network programmability without being restricted to the IP and the network architecture. The existence of multi-administrative domains is hidden by network virtualization where multi-provider scenarios become possible. Furthermore, virtualization of networks also enables the deployment of various different types of applications and protocols over the shared physical network infrastructure. As stated in , some of the crucial requirements that a virtualized network needs to satisfy are a carrier-class reliability, guaranteed scalability, enforcement of isolation between the virtual networks. As recent research addresses the challenges regarding control, management and provisioning of virtualized networks, network virtualization has become a promising tool that minimizes the cost of ownership, allows reselling of the infrastructure to third parties and provision of the network infrastructure as a managed service [14, 32].
4 SDN and NFV
In this section, we briefly describe the SDN architecture along with a discussion on its advantages. We also provide a survey of the challenges and proposed solutions with respect to security, design, heavy demands, resilience, and scalability.
SDN concept denotes decoupling of the control and data planes in a network in order to improve the flexibility of network management and enhance the programmability of the network, as well as its reliability and flexibility [12, 86]. Network function virtualization (NFV) decouples the software implementation of network functions from the underlying hardware . While SDN and NFV are not necessarily implemented together, they can cooperate and complement each other.
The application layer is the topmost layer of the SDN architecture and is responsiblefor software-driven business and security applications such as network visualization, intrusion detection systems (IDS), intrusion prevention systems (IPS), firewall, and mobility management. Also known as the network management center, the application layer communicates with the underlying control layer through the application-control plane interface called as Northbound application interface.
A control plane is a centralized component equipped with the intelligence to manage the traffic flow, take routing, flow forwarding, and packet dropping decisions through software. The control plane operates as a mediator between the application and data plane layers. When multiple controllers are deployed in a distributed environment, east-bound and west-bound interfaces are used for inter-controller communications as seen in Fig. 2. Communication between the controller and data plane layers utilizes the south-bound API.
A data plane represents the packet forwarding hardware that consists of routers, switches, and access points that are programmable to support the standard interfaces. The primary function of the data plane layer is to forward the packets to the destination in the network .
4.2 Challenges in SDN
As we present in this subsection, controller placement, scalability, performance, security, interoperability, and reliability are the key challenges in SDN.
As stated in , in conventional networking, in case of a network equipment failure, connections can be restored through backup nodes and links in order to ensure low outage time. In the SDN architecture, since network management is handled by a single controller, the network is vulnerable to unavailability due to single point of failure at the central controller. To improve network reliability, the controller needs to be designed with the capability of enabling multi-path or fast traffic re-routing to the links that are active in case of a link or path failure. This also calls for the need for architectural changes including new alternate controllers to support the main controller in case of failure.
The scalability of the SDN controller stems from the lack of having standard API for the planes, and the SDN controller’s being the bottleneck, especially when the number of switches and nodes are increased.
Performance of SDN is evaluated in terms of flow-setup time and the flows per-second the controller can switch. The two modes of flow-setup, namely the proactive and reactive modes, have their own flow limitations and initiation overheads. These can be overcome by focusing on the causes of delay in flow-setup time and the I/O performance of the controller. Well known optimization techniques such as I/O batching, and maestro approach, IBT (input batching threshold) and PRT (pending raw packet threshold) can help improve the performance.
4.2.1 Switch design challenges
As a result of decoupling the data and control planes, an SDN switch operates on a set of rules that are presented by the SDN controller. OpenFlow is the most known and widely adopted flow-based switch design to introduce flow-level control to the traditional Ethernet switch . However, as the performance of an SDN switch directly impacts the overall performance of the network, designing efficient SDN switches remains several challenges. The authors in  identify control and global visibility coupling as the overhead of OpenFlow in terms of switch implementation. To this end, a new switch design mechanism, DevoFlow , has been proposed by decoupling global visibility and control with the ultimate goal of reducing the number of interactions between the switch and the controller, as well as the number of ternary content-addressable memory (TCAM) entries.
Comparison of recent studies / reviews on challenges, solutions and open issues in SDN
Rawat and Reddy 
Increase in power consumption
High capacity processors
Low-power security mechanisms, high visibility, and scalability
Shamugam et al. 
Controller design, scalability, performance
Failures in controller (controller design), standard API, controller bottleneck (scalability), flow initiation/limitation
Efficiently utilize controller functions, input/output batching and maestro approach
Newer architectures must support an alternate controller
Masoudi and Ghaffari 
Switch design, scalability, controller platform, security
Heterogeneous implementation, flow table capacity, performance (switch design); high availability, interoperability, modularity and flexibility (controller); scalability of planes
Consistent fault tolerant data store, security, and dependability
Nunes et al. 
Switch design, controller platform
Excessive processing power
Heterogeneous networks and information centric networking
Kreutz et al. 
Switch design, controller platform, scalability, resilience
Excessive processing power (switch design); high availability and interoperability (controller); data/control plane scalability; link failure detection, fast reaction decisions, fault tolerance failure data plane, high availability of control plane
NOSIX , TCAM compression, shadow MACs (switch design); IRIS IO engine  (controller); LOCAL, CONGEST  (availability); DevoFlow , maestro , NOX-MT , Kandoo, DIFANE  (scalability). Google B4 , SlickFlow , INFLEX  (resilience)
Fault-tolerant SDN, migration path to SDN, extending SDN toward carrier transport networks, network-as-a-service cloud computing paradigm, suitable interface between ROAN layers.
Hu et al. 
No specifications on handling feedback data, high traffic burden slows down data forwarding
Self-learning in the controllers via traffic pattern analysis
High intelligence in flow table/rules control
Hakiri et al. 
Flow setup latency, Load-balancing, over-provisioning (Scalability); DDoS, malware attacks, spam, phishing
Security assertion markup language, intrusion prevention system (IPS), OF-RHM, security policy in L4 to L7
Network-wide view in controllers, automated mapping between planes, formal modeling and model checking for trustworthiness.
Li et al. 
Security switch, channel, controller
Scanning, spoofing, hijacking, DoS
Securing flows, access control and policy enforcement
Ali et al. 
Forged traffic flows, DoS, switch hijacking
Enforce rate bounds for control plane, AVANT-GUARD , PermOF
Increase in-network capabilities for security functionality.
Scott-Hayward et al. 
Unauthorized access, data leakage, data modification, compromised application, DoS
Data leakage, data modification, secure recovery from failures
Flow tables store flow matching rules within network devices; hence, providing switches with large and efficient flow tables becomes a challenge . Further challenges that are identified in the conventional OpenFlow switches are the performance of these switches in terms of fast versus slow path, the latency versus throughput trade-off of the control channel, and the hardware versus software design challenges.
As presented in the table, from the standpoint of computing, research investigates the maximum throughput that can be achieved by the OpenFlow switches with the high capacity processor that they require to work efficiently. Furthermore, as seen in the table, NOSIX is one of the proposed solutions, a portable API that separates the application requirements from the switch heterogeneity . Most of the existing approaches suggest utilizing TCAMs  for holding flow tables; these are small in capacity and cost. Moreover, compression techniques to reduce the number of entires in flow tables are being researched. Espresso heuristic  is another solution that is proposed to reduce the forwarding information base whereas shadow MACs  use label switching to overcome inconsistent updates and rule space exhaustion . In addition, various hardware combination of novel SDN switches in order to optimize the performance and capabilities, such as SRAM, RIDRAM, DRAM, GPU, FPGA, NPs, and CPUs work with TCAMs. El Ferkouss et al. [37, 83, 94, 102, 111, 120]. In the surveyed studies, one can also see methods proposed by Rain Man firmware an alternative to the TCAM-based design that includes need for new hardware architectures for future SDN switching devices to enable scalable forwarding planes . The research in  proposes the solution DIFANE  which reduces number of requests to controller by proactively pushing flow entries to the DevoFlow  switch, which handles short-lived flows in switch and long-lived flows in controller.
4.2.2 SDN controller platform challenges
Among the typical challenges with respect to the distributed controller platform, the following can be counted: latency between a forwarding device and a controller instance, fault tolerance, load balancing, consistency, and synchronization [16, 73, 124]. Further challenges in controller platform are as follows:
High availability: The authors in [58, 86, 103] identify high availability among the challenges of a controller platform and investigate methods to meet high availability requirements by using the classical LOCAL and CONGEST models of distributed systems , improving the southbound API and controller placement heuristics. Furthermore, it is reported that fault tolerant data storage is a crucial requirement to build a reliable distributed controller [16, 18, 19]. Moreover, the authors in  propose a runtime system for automated failure recovery by spawning a new controller instance. In addition, an efficient approach is also presented where static rules are installed on switches by controllers in order to locate link failure.
Control delegation and scalability: The importance of delegating the control to the data plane is discussed in [58, 86] along with its impact on the improvement of network performance by keeping the basic network functions in the data plane such as OAM, ICMP processing, MAC learning, neighborhood discovery, defect recognition, and integration [46, 104]. This approach also yields controller failure tolerance to be capable of keeping the basic network operations alive in case the controller fails. Furthermore, SDN control function such as reporting state and attribute value changes, threshold crossing alerts and hardware failure can be delegated to the data plane in order to enhance operational efficiency.
Modularity and flexibility: The need for modularity and flexibility in controllers is tackled in [58, 86]. The proposal of recursive abstraction of OpenFlow controllers, namely recursive abstraction of OpenFlow networks (ROAN)  deploys multiple controllers in a hierarchical manner. Under the same concept, ElastiCon  is an elastic distributed controller architecture that manages dynamic expansion or reduction of the controller pool based on the traffic .
The SDN controllers lack modularity; hence, the developers have to implement the basic network services from scratch [26, 104]. This results in difficulty in maintaining, building, scaling, and hindering with further development. Pyretic  and corybantic  are possible solutions that are considered for modularity in SDN .
Interoperability and application portability: Interoperability and portability solutions are expected to prevent compromise in safety or performance of the network while allowing various loosely coupled network applications to coexist on the same control plane. In , FLARE  , a control architecture for deeply programmable networks has been proposed to provide programmability to interface between control and data planes as well as the individual planes themselves.
Moving SDN control plane functionality to a logically centralized remote location introduces challenges concerning critical control plane functions such as link failure detection or restoration. Researchers tackled SDN resilience point out that the malfunctioning of any SDN element should not degrade service availability [58, 103]. While using distributed controller architecture for SDN resiliency sounds viable, related work reports potential trade-off between resilience and scalability, and further between durability and consistency. The existing SDN resilience solutions presented by the authors include Google B4 , SlickFlow (resilient flow routing in OpenFlow networks) , and INFLEX (cross-layer network resilience that provides on demand path fail-over) .
4.2.4 High volume demands
The authors in  point out the challenges regarding increase in demand volumes and consequent challenges. Suitable services for various types of data traffic is needed such as video conferencing or web browsing in a short-time range, along with efficient resource requirement utilization. The main challenge is reported as the accommodation of the growing demands while maintaining the quality of service and security for the flows [6, 17]. Network administrator also needs to estimate the required number of controllers for determining the network topology and the localization of these controllers.
4.2.5 SDN scalability
Challenges experienced with respect to controller scalability are listed as follows : (1) the overhead of flow setup latency and additional control plane traffic increasing the network load, (2) the eastbound and westbound API’s communication between SDN controllers, and (3) excessive use of computational power and storage space while throughput causes decline in the response time. DevoFlow is one of the scalability solutions that simplifies the design of high performance OpenFlow switch to enable a scalable management architecture . DIFANE is an early scalable solution that aims to reduce the number of requests destined to the controller by splitting the rule-set over the switches in the network . Kandoo is also a scalable solution that uses two layers of the controller in order to reduce the overhead of the events that occur frequently. This ultimately aims at creating a distributed control plane . In addition to these, the concept of elasticity of SDN controllers is considered while most of these studies are classified into the following three categories: control plane scalability, data plane scalability, and hybrid scalability. The proposal of developing and deploying high performance controllers in order to increase the throughput of the control platform is discussed as another approach to overcome the controller scalability. As seen in the earlier section, delegation to data plane is one of the solutions that can overcome the scalability challenges of the controller. Lastly, the hybrid approach proposes the use of authoritative switches to share the workload of the controller and improve the scalability [58, 86, 154].
4.2.6 SDN security
A comprehensive survey on SDN security has been presented in  along with security threats, challenges as well as existing solutions. Besides, the authors in Li et al.  discuss the security challenges in OpenFlow-based SDN, mainly focusing on the challenges related to the OpenFlow switch, controller, and the channel. At the switch level, security issues are identified as confidentiality, integrity, and availability against spoofing, scanning, hijacking, DoS (denial of service), and tampering attacks. Malicious actions and intrusions can be seen as security threats at SDN the controller level. The attacks related to the channel are man in the middle attack, network monitoring, and repudiation; and they can be used to infer sensitive information.
In OpenFlow-based SDN, various security concerns are introduced by the programmability of the control logic centralization. It is stated that rapid evolution of SDN may cause vendors to avoid complete implementation of the specifications and to skip the transport layer security (TLS) entirely resulting in an access path for the attackers. Counter measures against these attacks have been reported as follows; encryption algorithms can be used against scanning while switches and controllers should be equipped with intrusion detection systems (IDS) against intrusion attacks . Spoofing and hijacking can be defended by authentication and address validation techniques. DoS can be defended by enhanced trust mechanism and access policies. FleXam is a DoS defense mechanism that allows controller to access packet level information and help detect DoS attacks .
The research in [8, 58] discuss the categories of threats and vulnerabilities in SDN and list the threats under the following categories attack on network entities by forged traffic flows, DoS attacks on switches and controllers, and exploitation or hijacking of switches in the network to launch attacks on other entities. Control plane communications may be targeted to exploit the weaknesses in secure socket layer (SSL) and TLS protocol implementations. Stringent authentication mechanisms and trust models can mitigate the identity-based attacks while DoS is reported to be prevented by placing rate bounds on the requests of control plane.
Sandboxing is a well-defined protocol to control access to security domains. Attacks such as control plane saturation where control plane is overloaded by botnets can be overcome by the AVANT-GUARD data plane extension  that allows control plane to define traffic statistics or conditions. Another solution is enabling the switches to proxy the TCP handshake.
The authors in  discuss the potential challenges and security in SDN, associating it with the programmable aspect that introduces a complex set of problems. The authors propose security assertion markup language (SAML) allowing public and private key exchange; which is a security policy with unified syntax for OpenFlow protocol that enables authentication, authorization, access control, and secure transport between the controller and application or multiple controllers and switches. While IPS  are presented to cope with intrusion attacks, layer 4 to layer 7 services are used to insert different security policies into OpenFlow. Furthermore, assigning virtual IP addresses to hosts to hide the real IP from external attacks by using OpenFlow random host mutation (OF-RHM)  can be considered as another countermeasure against security threats in OpenFlow-based SDN.
In a comprehensive survey study in , security issues and challenges against persistent attacks have been introduced along with useful insights for countermeasures. Some of the main security issues that need to be addressed are confidentiality, authenticity, integrity, availability, and consistency. The criteria to evaluate the security provided by SDN are reported to be the network management, costs, attack detection, and migration. Major concerns related to the security of SDN are reported as unauthorized access, data leakage, data modifications, malicious/compromised applications, and DoS. The survey provides a thorough discussion on the pros and cons of SDN in improving the security of the network and the additional security challenges it brings along.
Comparison of recent studies / reviews on challenges, solutions and open issues in NFV
Cotroneo et al. 
Net. function softwarization
Reliability NFVI, limitation of fault injection testing tools
DS-Bench /D-Cloud, refail, Simian army, CloudVal
No open issues presented
Han et al. 
Network function virtualization
Virtual appliance performance, dynamic instantiation, migration, efficient placement
NAPI, DPDK, CLickOS 
Optimal performance, lightweight simplified VM, redirection architecture and carrier’s data center footprint, troubleshooting and fault isolation.
Mijumbi, et al. 
Management and orchestration, resource allocation
MANO management, deployment, operation resource migration, allocation, placement
Cloud4NFV, NetFATE, virtualized S-GW/P-GW, MIQCP, BIP, ViRUS 
Interfacing, interoperability, traffic and function monitoring, distributed management, dynamic resource allocation, VNF survivability.
Li et al. 
Network function virtualization
Function virtualization, portability, standard interfaces, function deployment, traffic steering
DPDK, NetVM, ClickOS  (FV); virtual software NFs (portability); normalized North/South bound API (Std. interfaces); heuristics (traffic steering)
Optimized solutions for traffic steering
Lal, et al. 
Isolation failure, regulatory compliance failure, DoS protection failure
Hypervisor introspection and security zoning (isolation), geo-tagging using remote attestation (regulatory compliance), flexible VNF strategic deployment (DDoS)
Standard interface for virtual security functions, securely manage/monitor VNFs during migration, trust management between vendors.
Yang and Fung 
Elasticity of NFV, standard interface, management and orchestration
Elasticity control signals through trusted functional blocks
Compromised VNF, DDoS, trust management in NFV
NFV enables the deployment of network elements virtually on demand and quickly on commodity platforms in a shared environment by the use of servers and virtualization technology .
The NFV management and orchestration (NFV-MANO) is considered the main functional module of the NFV architecture; it is mainly responsible for deployment, management, and the orchestration of the network services. The NFV orchestrator (NFVO), VNF manager (VNFM), and virtualized infrastructure manager (VIM) are the three main blocks of the NFV-MANO .
The NFV architecture further includes other blocks such as the VNF, the software version of the network services available on the physical network devices (e.g., firewall and load balancing), the element management (EM); which is responsible for the functionality of configuration, fault management, performance, and security. The NFV infrastructure (NFVI) offers a platform for deploying the network services in the form of physical compute resources, storage, and network. In addition, the operational support system/business support system (OSS/BSS) provides the network service by exchanging information with the NFV-MANO functional blocks; it also provides management and orchestration of legacy systems .
4.4 An overview of NFV challenges
The authors in  discuss the challenges in NFV. During virtualization, even light utilization of the underlying network can lead to abnormal latency variations and significant throughput stability. Furthermore, efficient placement of virtual functions and dynamic on demand instantiation is an issue that needs to be researched in order to enable successful adoption of the NFV solution. To address, the placement of VNFs, the authors envision placing the network functions at the edge of the network. In case of mobile core, network authors propose installation of virtualized packet gateways to handle traffic for a small geographical location at the mobile telephone switching office (MTSO).
The authors in  discuss the software reliability-related challenges in NFV. They discuss the use of fault injection techniques that deliberately introduce faults to a system, with the aim of assessing the impact of these faults on the performance and continuity of the service along with efficiency and effectiveness of the use of these mechanisms. The fault injection testing discussed in this paper are as follows: (1) for fault injection tests on VMs, D-Cloud  adopts QEMU and emulates hardware faults; (2) for fault injection testing on cloud management stack, PreFail , and Simian Army  are possible tools that allow to inject faults to cloud computing platforms. (3) For fault injection testing on hypervisor, CloudVal  framework is considered as a possible tool. It is worth mentioning that these tools are applicable to a limited extent of NFVIs; hence, the authors in  discuss the limitations to develop a new fault injection tool for NFVIs.
4.4.1 Management and orchestration
The authors in  focus on the scenarios where services to a particular customer are provided by functions that are scattered across different server pools. The challenges are listed as follows: an acceptable level of orchestrations at each user level, consistent, and on demand instantiation of all required functions to ensure the manageability of the solution. Some approaches presented here include Cloud4NFV [134, 135], an end to end management platform for VNF; and NetFATE , an orchestration approach for VFs. Furthermore, the architecture proposed in  is built on an orchestrator that ensures automatic placement of virtual nodes and allocation of network services on them.
The inter-operability support is a key requirement of NFV. The ETSI MANO framework is more focused on defining the intra-operability interfaces without providing clear guidelines on the inter-operability. The dynamicity of functions, where functions are moved from one VM to another, undervalues the availability monitoring mechanism as a part of the end-to-end management solution. The relationship between ETSI-proposed NFV-MANO framework and traditional network management functions remains open definitions.
4.4.2 Network performance of VNF
The authors in  discuss the challenges experienced in the network performance of VNFs. When a virtual network function is deployed, both host and network resources are consumed. The state of the art in the performance guarantee under NFV focuses on either host sharing or network sharing whereas sharing both types of resources remains open. Offering performance guarantees and isolation is costly and technically difficult due to resource sharing and competition between multiple network functions and also due to the heterogeneous resource specifications of different functions. When softwarized network functions are deployed through virtualization on general purpose servers, the challenge is experienced with respect to the difficulty faced to completely avoid performance degradation and knowing to what extent the performance factors such as throughput and latency will be affected. The performance degradation should be kept minimum in order not to affect the portability of VNFs on different hardware platforms. The authors discuss the use of VNF instances, software technologies like Linux’s new API (NAPI)  and Intel’s data plane development kit (DPDK) . Network performance information on different levels such as hypervisor, virtual switch, and network adapter must be gathered by the NFV architecture. In order to make proper design decisions of NFV systems, an understanding of the maximum achievable performance of the underlying programmable hardware is required .
4.4.3 Challenges at the functions level
In , the challenges at the functions level are listed as NFV portability, function virtualization, standard interface, function deployment, and traffic steering.
The challenge with respect to portability is related to achieving high performance using the hardware accelerators while having hardware independent network functions at the same time. The ability to load, execute, and move the VNFs across different but standard servers in a multi-vendor environment was expected to be possible in the NFV framework. The virtualized network functions defeats the portability goals and major benefits of NFV such as multi-tenancy and resource isolation. To cope with this, using a virtual software environment to deploy the network function has been presented as a viable solution. Once this is achieved, OS-independence of VNFs can be achieved, and resource isolation is achieved by deploying the VNFs in independent VMs. Here, portability can be allowed via hypervisor layer by separating VNFs from underlying OS .
The challenge with function virtualization is that neither the virtual machine nor the hypervisor is optimized to achieve high performance like high I/O speed, fast packet processing, short transmission delays when processing the middle-boxes from standard servers. As for the need for OS-independent platform, it should be able to host a wide range of VMs and software packages in order for the servers to be able to implement various functionalities. In addition, to cope with the challenge with multi-tenancy, the NFV hardware and software platforms should support multi-tenancy since they are run simultaneously by software belonging to the different operators .
The challenge in the deployment of standard interfaces [130, 155] is concerned with the interface between NFV and underlying infrastructure, as well as the interface between the centralized controller and the VNFs. This is required to help set a smooth link between the NFV and the upper/lower layers. The solution proposed by the authors is to have normalized North/South bound API between these layers .
The challenges under function deployment [24, 33, 125] are mainly related to the algorithmic and system design, which stems from the automated provisioning of resources for network and function processes with respect to the usage to the resources. The challenge of automated placement and allocation of the VNFs has significant impacts on the performance of service chaining. As a solution to this, a usage monitoring system has been proposed to collect and report the behavior of resources. Furthermore, translating higher-level policies generated from the resource allocation and optimization mechanisms into lower level configurations is identified as another issue. The authors in  report the need to develop standards and templates in order to guarantee automated and consistent translation. As the last point under the challenges at the functions level, traffic steering is pointed out. As stated in the reference study, online computing of traffic steering can be achieved only by heuristic algorithms that reduces the computational complexity .
4.4.4 Resource allocation
Efficient algorithms are required to help determine the placement of network functions and migration between servers for objectives such as load balancing or failure recovery . In order to address the challenge of sub-optimal resource utilization, the authors in  propose a function placement model with the objective of reducing the network overhead load imposed by the control plane while mixed integer quadratically constrained program (MIQCP)  has been proposed for mapping VFN forwarding graphs to the physical resources, a binary integer program (BIP)  has been proposed as a greedy heuristics to improve computational efficiency. To overcome the migration challenges where physical server may be placed in various different InP domains, the authors propose the use of ViRUS  allowing runtime system to switch between different blocks of code.
4.4.5 Reliability and stability
The authors in  report the importance of reliability, which allows network operators to offer specific services like video call and video on demand, irrespective of physical, or virtual network appliances. When evolving to NFV, the carriers should guarantee that neither the service level agreement nor the service reliability is affected. This availability requirement is often accompanied by the necessity to provide stability that poses another challenge to NFV, and these typically happen when large number of software based virtual appliances from various different vendors are relocated/reconfigured and run on different hypervisors.
Isolation failure risk: This type of attack is also known as a VM escape attack, and it occurs when an attacker gets access to the hypervisor through compromised VNFs running on the hypervisor. The authors state that these attacks are caused due to the failure of proper isolation between the hypervisors and the VNFs. This attack can also be seen in the scenarios where the network components that are deployed and connected dynamically using NFV can lead to improper separation between the network and its subnet; this can lead to the attacker compromising the virtual firewalls and restrict their functionality only to allow enough access to carry out the attack. This can also lead to the attacks caused by the elastic nature of the NFVI, allowing the attacker to gain knowledge about a multi site network infrastructure. The best practice solution is hypervisor introspection and security zoning in order to prevent against this type of attack as proposed in .
Regulatory compliance failure: Since NFV allows migration of VNFs, it becomes possible to violate regulatory policies, allowing attackers to migrate the VNFs from legal location to an illegal location and resulting in a complete ban of service or exerting a financial penalty at the service provider’s end. Geo-tagging using remote attestation is considered as a possible solution against this type of attacks .
Denial of service protection failure: This attack can be used to exhaust the network resources in order affect service availability. A compromised VNF can be used to generate and send a large number of traffic to other VNFs over the same or different hypervisors. This attack can be used to consume large amount of resources like CPU, storage, and memory. A solution proposed is the enablement of flexible VNF deployment.
In addition to all, the study in  presents further vulnerabilities under the dynamic service scaling and elasticity of NFV, decomposing the services from data plane and control plane, enforcing policies and virtualizing resources from control functions, and managing/controlling the entire network [67, 137]. In order to ensure security in these scenarios, the elasticity control signals must pass through trusted NFV orchestrator, VNF managers, and VIM. As stated by the authors, monitoring and managing NFVI and VNFs for security is challenging due to the dynamic and complex nature of these components in the virtualized environment. In the same study, security challenges associated with the standard interface is also discussed by the authors: this is because various security services can be defined based on user demands through the standard interfaces before using these security functions.
In addition to the challenges stated above, managing trust chains and trustworthiness evaluation of products from various vendors are still open and least tackled issues in NFV security .
4.6 SDN-NFV solutions
Comparison of recent studies / reviews on challenges, solutions and open issues in SDN-NFV integration
Wood et al. 
SDN-NFV security challenges
Integrity of software-based network
Identified as a remaining challenge
Limitation on smart data plane by encrypted payloads
Matias et al. 
SDN-based NFV architecture
Complexity of optimal placement; isolation of shared and virtual resources, traffic steering, stateless processing
Optimal VNF placement under dynamic settings
Mekky et al. 
NFV enabled with SDN data plane
Routing inflexibility, choke points, imbalanced flow
Handling traffic demand uncertainty
Lorenz et al. 
Security of SDN-NFV
Controller-centric, VNF-centric, hybrid SDN-NFV approaches; PFG appliance, control plane security and performance
Authentication and authorization, FortNox, encryption mechanisms, mutual authentication. control plane firewall placement, hybrid approach
Challenges remain open issues
Ma et al. 
SDN-NFV industry 4.0
Performance, data transmission speed and processing; computation, reliability, design complexity, efficient use network devices
FlowVisor, VTN, SDCRN, ICN, hierarchical construction of multiple controllers
Challenges concerning hierarchical controller design
Duan et al. 
SDN-NFV QoS assurance; VN construction
QoS guarantee; VSF abstract descriptions, available/discoverable VSF, optimal set of VSF
Cooperation of infrastructure provider, VSF supplier, VN operator, composite network-cloud SPs (QoS); centralized broker-based orchestration, distributed policy-based choreograph (VN construction)
E2E QoS, cooperation from diverse functional roles, VSF composition in the SDNV
Reynaud et al. 
SDN-NFV security challenges
NFV vulnerability affects SDN controller, SDN controller vulnerabilities affect NFVI
Survey covering broad range of solutions
Security in 5G
4.6.1 SDN enabled NFV-architecture
The research in  presents the advantages of an SDN-enabled NFV architecture by discussing the progressive advancement from the SDN-agnostic NFV architecture to a fully SDN-enabled one. This approach extends the application domain of NFV with respect to service provisioning. While effective programming the underlying network to build VNFs is the key issue, reducing the cost of operation is reported as one of the main outcomes of the SDN-enabled virtualized infrastructure. The research tackles how to overcome the limitation imposed by the trade-off between flexibility and performance through SDN-enabled NFV solutions.
To test different architectures and show the difference in their analysis, the authors present the use of the FlowNAC solution , which is already deployed over the OpenFlow-based EHU-OEF infrastructure. The idea of using FlowNAC in the service provisioning scenario is to achieve fine-grained control. In the same research , the main challenges introduced in the SDN-enabled NFV architecture are listed as follows: (1) the design of the VNF by splitting the components to be deployed over compute and network resources, and having a network infrastructure that supports the dual role for traffic steering and VFN processing; (2) addressing the complexity of optimal placement based on VFN design employing network elements and the orchestration of additional type of resources; (3) isolation of shared virtual resources from different tenants and the necessary interface that the virtualization layer is supposed to provide for the effective use of the virtual compute and network resources; and (4) guaranteed isolation between the traffic steering and stateless processing of network function by the underlying network infrastructure, along with the isolation between processing of different network functions in both control and data planes.
4.6.2 Enabling NFV within SDN data plane
The authors in  study how SDN benefits from NFV by chaining network function on demand directly on the SDN data plane. Current isolation of network functions from SDN makes the controller unaware of the number, placement, and capacity of the network functions causing challenges such as inflexibility in routing, choke points, and imbalanced flows. The challenge with isolation of the control on the network functions from the SDN is that it becomes difficult to identify a flow at the SDN switch as the network function can modify the packets in transit. It is worth noting that the network functions are capable of dropping packets, changing the packet contents, absorbing and generating new packets, whereas these modification to the packets are unnoticed by the SDN controller. Such challenges can be overcome by the placing the network functions in the SDN data plane and letting the centralized controller have complete knowledge of the network state while it supports the network functions. More specifically, OpenNF proposes a virtualized network function architecture by having a central OpenNF controller that controls the network functions and interacts with the SDN controller  FlowTag is another proposal that tracks the flow by re-defining some packet header fields as tags and uses SDN to support service chaining . This approach also keeps the network functions outside the scope of SDN. The authors in  propose the new enablement within SDN data plane (NEWS), which delegates SDN complete knowledge about the state of the network at the same time, efficiently and scalably supports the network functions, and thus chaining multiple network functions locally on the SDN framework. The framework uses open vSwitch to present the implementation of this architecture and show effective enablement of network functions by populating the SDN data plane with network functions.
4.6.3 SDN-NFV-based security solution for enterprise networks
The authors in  have proposed various architectural designs to integrate SDN-NFV based security solution to enterprise networks in order to reduce the operational costs . Currently, the security system of enterprise networks such as PGF (perimeter gateway firewall) may fail to detect malicious attacks and intrusion from nodes that are compromised, and thus they may lead to installation of additional security systems at each level increasing the acquisition and maintenance expenses. The authors show differences in the application of SDN-NFV stateful/stateless firewall. It was observed that even an SDN controller-centric stateless firewall approach where the handshake is handled by the controller, showed high throughput once the connections between the client and the control plane is established. However, high latency and scalability issues remain. On the other hand, the VNF-centric approach where all the incoming traffic is diverted through the VNF firewall makes application level filtering possible and results in low latency during the connection. Although VNF-centric approach has been shown to be scalable and reliable, limited throughput per instance and high resource consumption in case of an increase in traffic in flow occur as its drawbacks. To cope with the drawbacks of the SDN controller-centric and VNF-centric approaches, the authors finally came up with the hybrid approach that adopts a VNF-centric approach for the connection setup and the SDN controller-centric approach for long lasting data intensive connections. This approach demonstrates high throughput with improved scalability and low latency. However, these benefits come at the expense of increased complexity and the lack of availability in application level filtering for some of the established connections .
It is worthwhile mentioning that there are also challenges to be addressed prior to this hybrid approach being adopted as also reported by the authors. Firstly, ensuring control plane security remains an open issue. Possible solutions that are discussed include using authentication and authorization management, the placement of control plane firewall between the controller and switch to identify rules that are possibly corrupted, and using encrypting the connection for controller and switch against eavesdropping [15, 113].
4.6.4 SDN-NFV-integrated architecture for industry 4.0 environment
The software-defined cognitive radio network presented in the same study enables the SDN controller to make the frequency band decision so as to reduce the overhead due to the computation on the equipment below and to separate transmission of the control signals and the payload. The OpenFlow access point (OF-AP), is used to grant control to the administrator from the SDN controller. Hierarchical approaches to construct multiple controllers have also been discussed as possible improvements.
In addition, using information-centric network (ICN) enables a cache mechanism in order to store the message content from the database onto a cache sever thus reducing the delay, and improving the speed to provide high performance and scalability .
4.6.5 Service quality assurance in virtual network environment
In , challenges concerning QoS have been presented by focusing on the concerns of a software-based virtual function being capable of guaranteeing similar quality of service as that guaranteed by the dedicated hardware. The challenge of having cooperation from the infrastructure providers, VNF suppliers, VN operators, and composite network cloud service providers while moving to an integrated SDN-NFV service environment is important in order to be able to provide end-to-end (E2E) QoS guarantees. The authors further mention the challenges posed to the traditional performance evaluation methods such as queuing theory-based modeling and analysis due to the dynamic development of virtual service functions provided by the SDN-NFV.
4.6.6 Virtual network construction
Virtual network construction challenges are discussed in . Some of these challenges are related to the availability and discoverability of the virtual service functions (VSFs). Although the composition of cloud service functions have been extensively studied to provide some useful techniques to use the virtual service function composition , these studies were mainly focused on the computing service and not particularly the network services. Thus, the authors propose further studies to be conducted in the composition of the virtual service functions with respect to SDN by focusing mainly on virtual service function and virtual compute functions across both the computing and networking domains. Centralized broker-based orchestration schemes and distributed policy-based choreograph mechanisms are the solutions that are discussed in this work.
4.6.7 Security challenges in SDN-NFV
The study in  discusses some of the security concerns faced in the SDN-NFV architecture. When SDN is used in the tenant domain, the SDN controller that is deployed as a VNF controls the traffic and instructs other VNFs on the actions to perform. Thus, the NFV vulnerability could compromise and affect the SDN controller and the other VNFs to bring down an entire network service. When SDN is used in infrastructure domain, the security vulnerability of the SDN controller is also capable of affecting the entire NFVI, as the SDN controller is a part of the NFVI when it is used in the infrastructure domain. SDN-NFV is used to support 5G networks to facilitate the convergence of both fixed and mobile access by programmable networks. Multi-tenancy of 5G leads to a slight shift in the confidentiality, integrity, and availability requirements. These security impacts are not negligible in 5G infrastructure.
The research in  aims to find out the affect of software-based networks on the security of data center and wide area networks. Attackers are more likely to target powerful and flexible networks. The packet data can be manipulated and viewed by the network elements, also with no input from endpoints of the flow, the controller redirects the packets. The challenge here is to ensure integrity and maintain level of trust between the control and data planes. The main challenge that is pointed out by the authors is to identify the limitation on the benefits and capabilities of smart data plane when an application encrypts the traffic before it is sent to the network.
5 CloudRAN solutions
With the recent explosion in the volume of mobile data, service providers are challenged with the need to improve the network capacity and offer high speed transmission facilities. A possible solution to cope with the network capacity challenges was the addition of several small cells forming a complex heterogeneous infrastructure. Another approach has been introduced by multiple input multiple output (MIMO) and massive MIMO [45, 54] technologies to provide service to a large number of users through several antennas in the same frequency. The operational and capital costs of achieving this and other challenges (e.g., inter-cell interference) have introduced further challenges for the service providers .
Cloud-radio access network (cloudRAN) is expected to provide various benefits to mobile operators especially for them to cope with the increasing expense of infrastructure and operational costs due to the large volume of the mobile Internet traffic. The high operational costs result in a drastic fall in the average revenue per user when compared to the increasing expenses. In order to support this surge in mobile Internet traffic, the operators will have to spend more to build and operate a new network infrastructure .
Several proposals have been presented to ensure energy efficiency handling of the increasing traffic requirements; however, these approaches were researched for several years but have eventually reached their limitations. Some of the approaches that were researched are (a) advanced transmission techniques such as MIMO and beam forming, which aims to improve the spectrum efficiency; (b) cognitive radio approach to access the spectrum holes using dynamic spectrum access technologies, (however, it lacks reliability and consistency in service provisioning); and (c) introduction of small cells to reuse the frequency (however, this would increase the number of air interfaces and infrastructure operation and management cost) .
Various limitations are present in the current RAN architecture with respect to supporting mobile operators with the increasing demands introduced the move to cloud-based IT platforms to provide the necessary computational power and lower operational costs [29, 150].
CloudRAN is expected to provide strong reliable service, with low cost and improve the revenue of mobile operators. It is expected to support the various air interfaces and provide flexible software upgrades, and also, optimize the mobility, coverage, and operation in broadband cellular wireless systems .
The cloudRAN (also denoted as C-RAN) is an advancement in the RAN architecture that attempts to apply the cloud technology to the host and deploy RAN functions. Traditional RAN network is based on a distributed architecture, and it uses the backhaul network to interconnect the distributed cell sites with the baseband units, where the baseband functions are executed .
The C-RAN architecture aims to centralize the baseband functions at some centralized location that are connected to the cell site with the help of the fronthaul network. C-RAN aggregates all the computation resources in a centralized location and handing-off the simpler functions to the remote radio head (RRH). Thus C-RAN will reduce the expense of operations, enable pooling of processing resources across the cells, and reduce capital expenditure. C-RAN can be virtualized to provide load balancing and scalability and help manage resource utilization .
C-RAN helps improve energy efficiency by freeing the individual base stations from providing round the clock service. The dynamic allocation of processing capability and migration of tasks to the base station pool from remote data centers help reduce the power and load .
Greater spectral efficiency at the cell edge by sharing of channel state information of mobile services among the cooperating base stations leads to increase in the capacity and enabling multiplexing of streams on the same channel, as well as enabling multi-point cooperation. The enablement of multi-point cooperation improves the efficiency, enables faster hardware upgrades, and provides greater spectral efficiency at the cell edge with the help of efficient multi-cell coordination [5, 150].
5.1 C-RAN architecture
5G is envisioned to ensure higher capacity, extremely low network latency, and better energy efficiency allowing to accommodate a greater number of devices and traffic, as well as facilitate a large number of use cases such as machine type communication for IoT, beam forming, hotspots, and small cells along with fronthaul and backhaul .
5.1.1 Cloud-RAN and 5G
The authors in  discuss the need of C-RAN in various scenarios of 5G network, mainly with the user dense network and the multiple radio access technologies. The study focuses on the flexible backhauling, automated network organization, and advanced mobility management. Thanks to the flexibility and scalability of a cloud-based implementation, as well as its inherent centralization nature, C-RAN can facilitate the fifth generation (5G) communication technologies such as full duplex, ultra-dense networks, and large-scale antenna systems. C-RAN allows the spectrum and BBU resources to be shared by various heterogeneous networks. This simplifies the handover in mobile VNs because the virtual BS is located in a centralized BBU .
Large-scale cooperative signal processing in the physical layer is a complex requirement of 5G networks which makes it important to have significant and advanced computation. The advancement in RF and baseband are required to adapt to new air interfaces. In order to enable efficient use of ultra dense radio nodes, advancement in the integrated access, and heterogeneous convergence is required. There should be seamless integration of software-defined air interface technologies into the 5G radio access network architectures . C-RAN has emerged as one of the 5G-oriented solutions to steer the network architecture and control resources. Decoupling of the traffic management operations from the radio access technologies has led to the combination of the virtualized network core and fronthaul architecture .
The authors in  list the following advantages of C-RAN, from which the 5G network can benefit: (1) achieve higher system capacity and lower power consumption by moving RRHs closer to the users, thus eliminating the need to propagate over long distances to reach users; (2) cooperative processing techniques can be leveraged to handle interfaces, because the centralized baseband processing at the BBU pool; and (3) integration of C-RAN architecture with SDN and NFV technologies provides the necessary functionality of scalability and flexibility that are required for the development of future mobile networks under a 5G communications .
Cloud networking has evolved over the years while significant advancements have been witnessed in network planning, design, control, and management. These changes were necessary to meet the ever growing needs of the on demand service requests. In order to allow organizations to take full advantage of benefits like scalability, flexibility, and efficiency, there has been an obvious need for cost-effective transition from vendor-specific hardware-based network functionalities to the deployment of software-defined network functions. This transition enables the reduction in cost of operations and infrastructure, which plays a major role in the future of networking.
In this paper, we have mainly discussed some of the architectural challenges and solutions to overcome these challenges seen in todays leading cloud communication technologies such as software-defined networking (SDN), network function virtualization (NFV), SDN-enabled NFV solutions, and cloud radio access networks (C-RAN).
Some of the concerning challenges such as security, scalability, resilience, high availability, performance, isolation, switch design, controller placement, and manageability are identified along with their corresponding solutions particularly for SDN, NFV, and SDN-NFV integration. Indeed, we have further pointed out and discussed open issues, challenges, and opportunities despite the existing solutions on these concepts. Therefore, the solutions that have been proposed to overcome the reported challenges also introduce unaddressed issues that lead to opportunities for future research. In the end of the paper, we have provided a brief architectural design and understanding of the cloudRAN technology that uses the integrated SDN-NFV that can be enabled to achieve efficient and cost effective means of 5G wireless networks.
We would like to thank the authors of the references in [25, 49, 58, 149] for giving us their consent to redraw the corresponding figures in those references. In addition, we would like to acknowledge ETSI for the specification in  which formed the basis for Fig. 3 in this article.
This work was supported in part by the Natural Sciences and Engineering Research Council of Canada (NSERC) under Grant RGPIN/2017-04032.
- 1.Amazon - ELB [online] https://docs.aws.amazon.com/elasticloadbalancing/latest/. Accessed 12 Jan. 2018
- 3.(2004) Data center : Load balancing data center [online] https://docs.aws.amazon.com/elasticloadbalancing/latest/
- 4.Agarwal K, Dixon C, Rozner E, Carter J (2014) Shadow macs: scalable label-switching for commodity ethernet. In: Proceedings of the third workshop on hot topics in software defined networking, hotSDN ’14. ACM, New York, pp 157–162Google Scholar
- 5.Agrawal R, Bedekar A, Kalyanasundaram S, Kolding T, Kroener H, Ram V (2016) Architecture principles for cloud ran. In: IEEE 83Rd vehicular technology conference (VTC spring), pp 1–5Google Scholar
- 7.Al-Dulaimi A, Anpalagan A, Bennis M, Vasilakos AV (2015) 5g green communications: C-ran provisioning of comp and femtocells for power management. In: IEEE International conference on ubiquitous wireless broadband (ICUWB), pp 1–5Google Scholar
- 8.Ali ST, Sivaraman V, Radford A, Jha S (2013) Securing networks using software defined networking: a survey. IEEE Trans Reliab 64(3):1–12Google Scholar
- 9.Appelman M et al Performance analysis of OpenFlow hardware. http://bit.ly/11SnlGt
- 10.Araujo JT, Landa R, Clegg RG, Pavlou G (2014) Software-defined network support for transport resilience. In: IEEE Network operations and management symposium (NOMS), pp 1–8Google Scholar
- 11.Atiewi S, Yussof S (2014) Comparison between cloud SIM and green cloud in measuring energy consumption in a cloud environment. In: 2014 3rd international conference on advanced computer science applications and technologies, pp 9–14Google Scholar
- 12.Bannour F, Souihi S, Mellouk A (2017) Distributed SDN control: survey, taxonomy and challenges. IEEE Commun Surv Tutorials PP(99):1–1Google Scholar
- 13.Banzai T, Koizumi H, Kanbayashi R, Imada T, Hanawa T, Sato M (2010) D-cloud: design of a software testing environment for reliable distributed systems using cloud computing technology. In: 2010 10Th IEEE/ACM international conference on cluster, cloud and grid computing, pp 631–636Google Scholar
- 15.Benton K, Camp LJ, Small C (2013) OpenFlow vulnerability assessment. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking, hotSDN ’13. ACM, New York, pp 151–152Google Scholar
- 16.Berde P, Gerola M, Hart J, Higuchi Y, Kobayashi M, Koide T, Lantz B, O’Connor B, Radoslavov P, Snow W, Parulkar G (2014) ONOS: towards an open, distributed SDN OS. In: Proceedings of the third workshop on hot topics in software defined networking, hotSDN ’14. ACM, New York, pp 1–6Google Scholar
- 17.Bhattacharya B, Das D (2013) SDN based architecture for QoS enabled services across networks with dynamic service level agreement. In: 2013 IEEE International conference on advanced networks and telecommunications systems (ANTS), pp 1–6Google Scholar
- 18.Botelho F, Bessani A, Ramos FMV, Ferreira P (2014) On the design of practical fault-tolerant SDN controllers. In: 2014 Third european workshop on software defined networks, pp 73–78Google Scholar
- 19.Botelho FA, Ramos FMV, Kreutz D, Bessani AN (2013) On the feasibility of a consistent and fault-tolerant data store for SDNs. In: 2013 Second european workshop on software defined networks, pp 38–43Google Scholar
- 21.Braun W, Menth M (2014) Wildcard compression of inter-domain routing tables for OpenFlow-based software-defined networking. In: 2014 Third european workshop on software defined networks, pp 25–30Google Scholar
- 22.Cai Z, Cox AL, Ng TSE Maestro: a system for scalable openflow control. Rice University Technical Report TR10-11Google Scholar
- 24.Cannistra R, Carle B, Johnson M, Kapadia J, Meath Z, Miller M, Young D, DeCusatis C, Bundy T, Zussman G, Bergman K, Carranza A, Sher-DeCusatis C, Pletch A, Ransom R (2014) Enabling autonomic provisioning in SDN cloud networks with NFV service chaining. In: OFC 2014, pp 1–3Google Scholar
- 25.Carapinha J, Jiménez J (2009) Network virtualization: a view from the bottom. In: Proceedings of the 1st ACM workshop on Virtualized infrastructure systems and architectures, pp 73–80Google Scholar
- 28.Chandrasekaran B, Benson T (2014) Tolerating SDN application failures with legosdn. In: Proceedings of the third workshop on hot topics in software defined networking, hotSDN ’14. ACM, New York, pp 235–236Google Scholar
- 30.Chen J, Zheng X, Rong C (2015) Survey on software-defined networking. In: Qiang W, Zheng X, Hsu CH (eds) Cloud computing and big data. Springer International Publishing, Cham, pp 115–124Google Scholar
- 33.Clayman S, Maini E, Galis A, Manzalini A, Mazzocca N (2014) The dynamic placement of virtual network functions. In: IEEE Network operations and management symposium (NOMS), pp 1–9Google Scholar
- 34.Cotroneo D, Simone LD, Iannillo AK, Lanzaro A, Natella R, Fan J, Ping W (2014) Network function virtualization: challenges and directions for reliability assurance. In: IEEE International symposium on software reliability engineering workshops, pp 37–42Google Scholar
- 37.El Ferkouss O, Snaiki I, Mounaouar O, Dahmouni H, Ali RB, Lemieux Y, Omar C (2011) A 100gig network processor platform for openflow. In: Proceedings of the 7th international conference on network and services management, CNSM ’11. International Federation for Information Processing, Laxenburg, pp 286–289Google Scholar
- 38.Emmerich P, Raumer D, Beifuß A, Erlacher L, Wohlfart F, Runge TM, Gallenmüller S, Carle G (2015) Optimizing latency and CPU load in packet processing systems. In: 2015 International symposium on performance evaluation of computer and telecommunication systems (SPECTS), pp 1–8Google Scholar
- 39.Fayazbakhsh SK, Sekar V, Yu M, Mogul JC (2013) FlowTags: enforcing network-wide policies in the presence of dynamic middlebox actions. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking (HotSDN ’13). ACM, New York, pp 19–24Google Scholar
- 40.Fayazbakhsh SK, Chiang L, Sekar V, Yu M, Mogul JC (2014) Enforcing network-wide policies in the presence of dynamic middlebox actions using flowtags. In: Proceedings of the 11th USENIX conference on networked systems design and implementation, NSDI’14. USENIX Association, Berkeley, pp 533–546Google Scholar
- 42.Fonseca P, Bennesby R, Mota E, Passito A (2012) A replication component for resilient OpenFlow-based networking. In: 2012 IEEE Network operations and management symposium, pp 933–939Google Scholar
- 43.Fujita H, Matsuno Y, Hanawa T, Sato M, Kato S, Ishikawa Y (2012) DS-Bench Toolset: tools for dependability benchmarking with simulation and assurance. In: IEEE/IFIP International conference on dependable systems and networks (DSN 2012), pp 1–8Google Scholar
- 44.Gember-Jacobson A, Viswanathan R, Prakash C, Grandl R, Khalid J, Das S, Akella A (2014) OpenNF: enabling innovation in network function control. In: Proceedings of the 2014 ACM conference on SIGCOMM, SIGCOMM ’14. ACM, New York, pp 163–174Google Scholar
- 46.Goguen J (1999) An introduction to algebraic semiotics, with application to user interface design. In: Nehaniv CL (ed) Computation for metaphors, analogy, and agents. Springer Berlin Heidelberg, Berlin, pp 242–291Google Scholar
- 47.Gourov V, Gourova E (2015) Cloud network architecture design patterns. In: Proceedings of the 20th european conference on pattern languages of programs, euroPLop ’15. ACM, New York, pp 1:1–1:11Google Scholar
- 49.Hadzialic M, Dosenovic B, Dzaferagic M, Musovic J (2013) Cloud-RAN: innovative radio access network architecture. In: Proceedings ELMAR-2013, pp 115–120Google Scholar
- 52.Hassas Yeganeh S, Ganjali Y (2012) Kandoo: a framework for efficient and scalable offloading of control applications. In: Proceedings of the first workshop on hot topics in software defined networks, pp 19–24Google Scholar
- 54.Hoydis J, ten Brink S, Debbah M (2011) Massive MIMO: how many antennas do we need? CoRR arXiv:1107.1709
- 55.Hu F, Hao Q, Bao K (2014) A survey on software defined networking (SDN) and OpenFlow: from concept to implementation. IEEE Commun Surv Tutorials 16(c):1–1Google Scholar
- 57.Hwang K (1992) Advanced computer architecture: parallelism, scalability, programmability, 1st edn. McGraw-Hill Higher Education, New YorkGoogle Scholar
- 58.Kreutz D, Ramos FMV, Veríssimo PE, Rothenberg CE, Azodolmolky S, Uhlig S (2015) Software-defined networking: a comprehensive survey. In: Proceedings of the IEEE, vol 103, no. 1, pp 14–76Google Scholar
- 59.Ismail MA, Ismail MF, Ahmed H (2015) Openstack cloud performance optimization using linux services. In: 2015 International conference on cloud computing (ICCC), pp 1–4Google Scholar
- 60.Jafarian JH, Al-Shaer E, Duan Q (2012) OpenFlow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the first workshop on hot topics in software defined networks, hotSDN ’12. ACM, New York, pp 127–132Google Scholar
- 63.Jensen M, Schwenk J, Gruschka N, Iacono LL (2009) On technical security issues in cloud computing. In: 2009 IEEE International conference on cloud computing, pp 109–116Google Scholar
- 67.Keeney J, Meer vdS, Fallon L (2014) Towards real-time management of virtualized telecommunication networks. In: 10Th international conference on network and service management (CNSM) and workshop, pp 388–393Google Scholar
- 72.Koponen T, Amidon K, Balland P, Casado M, Chanda A, Fulton B, Ganichev I, Gross J, Gude N, Ingram P, Jackson E, Lambeth A, Lenglet R, Li SH, Padmanabhan A, Pettit J, Pfaff B, Ramanathan R, Shenker S, Shieh A, Stribling J, Thakkar P, Wendlandt D, Yip A, Zhang R (2014) Network virtualization in multi-tenant datacenters. In: Proceedings of the 11th USENIX conference on networked systems design and implementation, NSDI’14. USENIX Association, Berkeley, pp 203–216Google Scholar
- 73.Koponen T, Casado M, Gude N, Stribling J, Poutievski L, Zhu M, Ramanathan R, Iwata Y, Inoue H, Hama T, Others, Shenker S (2010) Onix: A distributed control platform for large-scale production networks. OSDI, Oct pp 1–6Google Scholar
- 74.Krautheim FJ (2009) Private virtual infrastructure for cloud computing. In: Proceedings of the 2009 conference on Hot topics in cloud computing (HotCloud’09). USENIX Association, BerkeleyGoogle Scholar
- 75.Kreutz D, Esteves-Verissimo P, Magalhaes C, Ramos FMV (2017) The KISS principle in software-defined networking: an architecture for keeping it simple and secureGoogle Scholar
- 77.Lam CF (2010) Optical network technologies for datacenter networks (invited paper). In: 2010 Conference on optical fiber communication (OFC/NFOEC), collocated national fiber optic engineers conference, pp 1–3Google Scholar
- 80.Li Y, Chen MIN, Member S (2015) Software-defined network function virtualization : a survey. IEEE Access 3Google Scholar
- 81.Lombardo A, Manzalini A, Schembra G, Faraci G, Rametta C, Riccobene V (2015) An open framework to enable NetFATE (Network Functions at the edge). In: Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), London, pp 1–6Google Scholar
- 83.Luo Y, Cascon P, Murray E, Ortega J (2009) Accelerating OpenFlow switching with network processors. In: Proceedings of the 5th ACM/IEEE symposium on architectures for networking and communications systems, ANCS ’09. ACM, New York, pp 70–71Google Scholar
- 84.Ma YW, Chen YC, Chen JL (2017) SDN-enabled network virtualization for industry 4.0 based on IoTs and cloud computing. In: 2017 19Th international conference on advanced communication technology (ICACT), pp 199–202Google Scholar
- 85.Martins J, Ahmed M, Raiciu C, Olteanu V, Honda M, Bifulco R, Huici F (2014) ClickOS and the art of network function virtualization. In: Proceedings of the 11th USENIX conference on networked systems design and implementation, NSDI’14. USENIX Association, Berkeley, pp 459–473Google Scholar
- 88.Matias J, Garay J, Mendiola A, Toledo N, Jacob E (2014) Flownac: flow-based network access control. In: Proceedings of the 2014 third european workshop on software defined networks, EWSDN ’14. IEEE Computer Society, Washington, pp 79–84Google Scholar
- 90.Mattisson S (2017) Overview of 5g requirements and future wireless networks. In: ESSCIRC 2017 - 43Rd IEEE european solid state circuits conference, pp 1–6Google Scholar
- 92.Mehraghdam S, Keller M, Karl H (2014) Specifying and placing chains of virtual network functions. CoRR arXiv:1406.1058
- 93.Mekky H, Hao F, Mukherjee S, Lakshman TV, Zhang ZL (2017) Network function virtualization enablement within SDN data plane. In: IEEE INFOCOM 2017 - IEEE Conference on computer communications, pp 1–9Google Scholar
- 94.Memon G, Varvello M, Laufer R, Lakshman T, Li J, Zhang M (2013) Flashflow: a GPU-based fully programmable OpenFlow switch. Tech. rep., University of OregonGoogle Scholar
- 95.Mijumbi R, Serrat J, Gorricho JL, Bouten N, De Turck F, Boutaba R (2016) Network function virtualization: state-of-the-art and research challenges. In: IEEE communications surveys & tutorials. Firstquarter, vol 18, no. 1, pp 236–262Google Scholar
- 96.Mogul JC, AuYoung A, Banerjee S, Popa L, Lee J, Mudigonda J, Sharma P, Turner Y (2013) Corybantic: towards the modular composition of SDN control programs. In: Proceedings of the twelfth ACM workshop on hot topics in networks, hotnets-XII. ACM, New York, pp 1:1–1:7Google Scholar
- 97.Monsanto C, Reich J, Foster N, Rexford J, Walker D (2013) Composing software-defined networks. In: Proceedings of the 10th USENIX conference on networked systems design and implementation, nsdi’13. USENIX Association, Berkeley, pp 1–14Google Scholar
- 99.Muṅoz R., Vilalta R, Casellas R, Martinez R, Szyrkowiec T, Autenrieth A, Lõpez V, Lõpez D (2015) Integrated SDN/NFV management and orchestration architecture for dynamic deployment of virtual SDN control instances for virtual tenant networks [Invited]. J Opt Commun Networking 7(11):B62CrossRefGoogle Scholar
- 100.Mustafiz S, Palma F, Toeroe M, Khendek F (2016) A network service design and deployment process for NFV systems. In: IEEE 15Th international symposium on network computing and applications (NCA), pp 131–139Google Scholar
- 102.Naous J, Erickson D, Covington GA, Appenzeller G, McKeown N (2008) Implementing an openflow switch on the NetFPGA platform. In: Proceedings of the 4th ACM/IEEE symposium on architectures for networking and communications systems, ANCS ’08. ACM, New York, pp 1–9Google Scholar
- 104.(2013) Open networking foundation: SDN architecture overview. Onf (1), 1–5Google Scholar
- 105.Park SH, Lee B, Shin J, Yang S (2014) A high-performance IO engine for SDN controllers. In: 2014 third european workshop on software defined networks, Budapest, pp 121–122Google Scholar
- 106.Park SH, Lee B, You J, Shin J, Kim T, Yang S (2014) Raon: recursive abstraction of OpenFlow networks. In: 2014 Third european workshop on software defined networks, pp 115–116Google Scholar
- 107.Peleg D (2000) Distributed computing: a Locality-Sensitive approach society for industrial and applied mathematicsGoogle Scholar
- 109.Pham C, Chen D, Kalbarczyk Z, Iyer RK (2011) Cloudval: a framework for validation of virtualization environment in cloud infrastructure. In: 2011 IEEE/IFIP 41St international conference on dependable systems networks (DSN), pp 189–196Google Scholar
- 110.Piraghaj SF, Dastjerdi AV, Calheiros RN, Buyya R (2017) ContainerCloudSim: an environment for modeling and simulation of containers in cloud data centers. Software: Practice and Experience 47(4):505–521Google Scholar
- 111.Pongrácz G, Molnár L, Kis ZL (2013) Removing roadblocks from SDN: OpenFlow software switch performance on intel dpdk. In: Proceedings of the 2013 second european workshop on software defined networks, EWSDN ’13. IEEE Computer Society, Washington, pp 62–67Google Scholar
- 112.Porras P, Cheung S, Fong M, Skinner K, Yegneswaran V (2015) Securing the software-defined network control layer. In: Proceedings of the 2015 network and distributed system security symposium (NDSS)Google Scholar
- 113.Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, Gu G (2012) A security enforcement kernel for OpenFlow networks. In: Proceedings of the first workshop on hot topics in software defined networks, hotSDN ’12. ACM, New York, pp 121–126Google Scholar
- 114.Rad BB, Diaby T, Rana ME (2017) Cloud computing adoption: a short review of issues and challenges. In: Proceedings of the 2017 international conference on e-commerce, e-business and e-government, ICEEG 2017. ACM, New York, pp 51–55Google Scholar
- 115.Ramos RM, Martinello M, Rothenberg CE (2013) Slickflow: resilient source routing in data center networks unlocked by openflow. In: 38Th annual IEEE conference on local computer networks, pp 606–613Google Scholar
- 118.Rehman RU (2003) Introduction to intrusion detection and snortGoogle Scholar
- 119.Reynaud F, Aguessy FX, Bettan O, Bouet M, Conan V (2016) Attacks against network functions virtualization and software-defined networking: state-of-the-art. In: 2016 IEEE NetSoft Conference and Workshops (NetSoft), Seoul, pp 471–476Google Scholar
- 120.Rostami A, Jungel T, Koepsel A, Woesner H, Wolisz A (2012) Oran: OpenFlow routers for academic networks. In: 2012 IEEE 13Th international conference on high performance switching and routing, pp 216–222Google Scholar
- 122.Santos N, Gummadi KP, Rodrigues R (2009) Towards trusted cloud computing. In: Proceedings of the 2009 conference on hot topics in cloud computing, hotcloud’09. USENIX association, BerkeleyGoogle Scholar
- 123.Schehlmann L, Baier H (2013) COFFEE: a concept based on OpenFlow to filter and erase events of botnet activity at high-speed nodes. GI-Jahrestagung pp 2225–2239Google Scholar
- 124.Schmid S, Suomela J (2013) Exploiting locality in distributed SDN control. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking (HotSDN ’13). ACM, New York, pp 121–126Google Scholar
- 125.Schöller M, Stiemerling M, Ripke A, Bless R (2013) Resilient deployment of virtual network functions. In: 2013 5Th international congress on ultra modern telecommunications and control systems and workshops (ICUMT), pp 208–214Google Scholar
- 127.Seeber S, Rodosek GD (2015) Towards an adaptive and effective IDS using OpenFlow. Springer International Publishing, Switzerland, pp 134–139Google Scholar
- 128.Shah H, Wankhede P, Borkar A (2013) Challenges in cloud environment. In: Patnaik S, Tripathy P, Naik S (eds) New paradigms in internet computing. Advances in intelligent systems and computing, vol 203. Springer, BerlinGoogle Scholar
- 130.Shen W, Yoshida M, Kawabata T, Minato K, Imajuku W (2014) vConductor: an NFV management solution for realizing end-to-end virtual network services. In: The 16th asia-pacific network operations and management symposium, pp 1–6Google Scholar
- 131.Shin S, Song Y, Lee T, Lee S, Chung J, Porras P, Yegneswaran V, Noh J, Kang BB (2014) Rosemary: a robust, secure, and high-performance network operating system. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, CCS ’14. ACM, New York, pp 78–89Google Scholar
- 132.Shin S, Yegneswaran V, Porras P, Gu G (2013) Avant-guard: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the ACM SIGSAC conference on computer & communications security, CCS ’13. ACM, New York, pp 413–424Google Scholar
- 133.Shirali-Shahreza S, Ganjali Y (2013) Efficient implementation of security applications in Openflow controller with FleXam. In: 2013 IEEE 21st annual symposium on high-performance interconnects, San Jose, CA, pp 49–54Google Scholar
- 134.Soares J, Dias M, Carapinha J, Parreira B, Sargento S (2014) Cloud4nfv: a platform for virtual network functions. In: 2014 IEEE 3Rd international conference on cloud networking (cloudnet), pp 288–293Google Scholar
- 138.Tootoonchian A, Gorbunov S, Ganjali Y, Casado M, Sherwood R (2012) On controller performance in software-defined networks. In: Proceedings of the 2nd USENIX conference on hot topics in management of internet, cloud, and enterprise networks and services, hot-ICE’12. USENIX Association, Berkeley, pp 10–10Google Scholar
- 139.Tseitlin A (2013) The antifragile organization embracing failure to improve resilience and maximize availability. ACM Queue 11(6):1–7Google Scholar
- 143.Wang R, Butnariu D, Rexford J (2011) Openflow-based server load balancing gone wild. In: Proceedings of the 11th USENIX conference on hot topics in management of internet, cloud, and enterprise networks and services, hot-ICE’11. USENIX Association, Berkeley, pp 12–12Google Scholar
- 144.Wang R, Hu H, Yang X (2014) Potentials and challenges of c-RAN supporting multi-RATs toward 5G mobile networks. IEEE Access 2:1200–1208Google Scholar
- 145.Wanner L, Srivastava M (2014) Virus: Virtual function replacement under stress. In: Proceedings of the 6th USENIX conference on power-aware computing and systems, hotpower’14. USENIX Association, Berkeley, pp 2–2Google Scholar
- 146.Wen X, Chen Y, Hu C, Shi C, Wang Y (2013) Towards a secure controller platform for openflow applications. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking, hotSDN ’13. ACM, New York, pp 171–172Google Scholar
- 147.Wippel H (2014) Dpdk-based implementation of application-tailored networks on end user nodes. In: 2014 International conference and workshop on the network of the future (NOF), pp 1–5Google Scholar
- 148.Wood T, Gerber A, Ramakrishnan KK, Shenoy P, Van der Merwe J (2009) The case for enterprise-ready virtual private clouds. In: Proceedings of the 2009 conference on hot topics in cloud computing, hotcloud’09. USENIX association, BerkeleyGoogle Scholar
- 152.Yang W, Fung C (2016) A survey on security in network functions virtualization. In: IEEE NETSOFT 2016 - 2016 IEEE NetSoft conference and workshops: Software-defined infrastructure for networks, clouds, IoT and services, pp 15–19Google Scholar
- 153.Yao G, Bi J, Xiao P (2011) Source address validation solution with openflow/nox architecture. In: 2011 19Th IEEE international conference on network protocols, pp 7–12Google Scholar
- 155.Yoshida M, Shen W, Kawabata T, Minato K, Imajuku W (2014) Morsa: a multi-objective resource scheduling algorithm for nfv infrastructure. In: The 16th asia-pacific network operations and management symposium, pp 1–6Google Scholar
- 156.Yu M, Rexford J, Freedman MJ, Wang J (2010) Scalable flow-based networking with DIFANE. SIGCOMM Comput Commun Rev 41(4)Google Scholar