Skip to main content

Advertisement

SpringerLink
Log in

Learning-based dynamic scalable load-balanced firewall as a service in network function-virtualized cloud computing environments

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Network function virtualization (NFV) is a network architecture which tries to provide communication services in clouds through virtualization techniques. Actually, NFV combines server and service and replaces a lot of network devices. NFV deploys software applications instead of hardware devices and therefore reduces network provider’s financial costs and facilities manageability. One of the services that NFVs present is virtualized firewalls in clouds. As other services in clouds, firewalls should be dynamically scaled to the needs of any business and adapt as demands increase. In this paper, a method is proposed for dynamic auto-scalability of the firewall service in cloud environments. The proposed method also balances incoming load among different virtualized firewalls which are installed as a software on virtual machines and are located in one pool. We consider a queuing model for each virtual machine. The goal here is to determine the number of active virtualized firewalls required in different time steps according to the intensity of incoming load and the proportion of total requests that goes to each firewall. Decisions are made regarding the utilization of firewall virtual machines so that QoS requirements can be met; at the same time, the resources will be saved in order to balance the performance with the cost of allocated firewall virtual machines. To solve the problem, we propose a hybrid genetic algorithm and reinforcement learning-based approach, namely GARLAS (genetic algorithm and reinforcement learning-based autonomic scaling), implemented in a cloud manager. The results of simulation with MATLAB on different realistic workloads demonstrate that the approach is able to find an optimal policy in both scalability and load balancing aspects. Also, it leads to 87.91 and 85.15% of lower average response time and 9.93 and 11.77% of improvement in utilization in comparison with static and threshold-based approaches, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25
Fig. 26

Similar content being viewed by others

References

  1. Sosinsky B (2011) Cloud computing bible. Wiley, Indianapolis

    Google Scholar 

  2. Mell P, Grance T (2011) The NIST definition of cloud computing, National Institute of Standards and Technology

  3. Martins J, Ahmed M, Raiciu C, Olteanu V, Honda M, Bifulco R, Huici F (2014) ClickOS and the art of network function virtualization. In: 11th USENIX Conference on Networked Systems Design and Implementation, Berkeley

  4. Li Y, Chen M (2015) Software-defined network function virtualization: a survey. IEEE Access 3:2542–2553

    Article  Google Scholar 

  5. Sekar V, Egi N, Ratnasamy S, Reiter MK, Shi G (2012) Design and implementation of a consolidated middlebox architecture. In: 9th USENIX Conference on Networked Systems Design and Implementation, Berkeley

  6. Khakpour AR, Liu AX (2012) First step toward cloud-based firewalling. In: IEEE 31st Symposium on Reliable Distributed Systems (SRDS), Irvine, CA, pp 8–11

  7. AT&T-Network-Based Firewall. http://www.business.att.com/enterprise/Family/network-security/firewall-endpoint/. Accessed Nov 2016

  8. Salah K, Elbadawi K, Boutaba R (2012) Performance modeling and analysis of network firewalls. IEEE Trans Netw Serv Manag 9(1):12–21

    Article  Google Scholar 

  9. Cheswick WR, Bellovin SM, Rubin AD (2003) Firewalls and internet security: repelling the wily hacker. Addison-Wesley, Boston

    MATH  Google Scholar 

  10. Fuchs C (2012) Implications of deep packet inspection (DPI) internet surveillance for society. The Privacy & Security Research Paper Series, Department of Informatics and Media, Uppsala University, Sweden

  11. Virtual firewall appliances: trust misplaced (2012). http://blog.cloudpassage.com/2012/01/24/virtual-firewall-appliances-trust-misplaced/. Accessed Nov 2016

  12. He X, Chomsiri T, Namda P, Tan Z (2014) Improving cloud network security using the tree-rule firewall. Future Gen Comput Syst J 30:116–126

    Article  Google Scholar 

  13. Kang S, Yoon W (2016) SDN-based resource allocation for heterogeneous LTE and WLAN multi-radio networks. J Supercomput 72(4):1342–1362

    Article  Google Scholar 

  14. Kim Y-h, Lim H-k, Kim K-h, Han Y-H (2017) A SDN-based distributed mobility management in LTE/EPC network. J Supercomput 73(7):2919–2933. https://doi.org/10.1007/s11227-016-1724-9

  15. Chen N, Rong B, Mouaki A, Li W (2015) Self-organizing scheme based on NFV and SDN architecture for future heterogeneous networks. Mobile Netw Appl 20(4):466–472

    Article  Google Scholar 

  16. Li P, Lia J, Huang Z, Li T, Gao C-Z, Yiu S-M, Chen K (2017) Multi-key privacy-preserving deep learning in cloud computing. Future Gen Comput Syst 74:76–85

    Article  Google Scholar 

  17. Li J, Li J, Chen X, Jia C, Lou W (2015) Identity-based encryption with outsourced revocation in cloud computing. IEEE Trans Comput 64(2):425–437

    Article  MathSciNet  MATH  Google Scholar 

  18. Luo S, Lin Z, Chen X, Yang Z, Chen J (2011) Virtualization security for cloud computing service. In: IEEE International Conference on Cloud and Service Computing

  19. Berthelot C (2011) Evaluation of a virtual firewall in a cloud environment. MSc Thesis, Napier University, Edinburgh

  20. Antonescu AF, Braun T (2016) Simulation of SLA-based VM-scaling algorithms for cloud-distributed applications. Future Gen Comput Syst 54:260–273. https://doi.org/10.1016/j.future.2015.01.015

    Article  Google Scholar 

  21. Kaur PD, Chana I (2014) A resource elasticity framework for QoS-aware execution of cloud applications. Future Gen Comput Syst 37(1):14–25

    Article  Google Scholar 

  22. Lin W, Wang JZ, Liang C, Qi D (2011) A threshold-based dynamic resource allocation scheme for cloud computing. Proc Eng 23:695–703

    Article  Google Scholar 

  23. Beloglazov A, Buyya R (2010) Adaptive threshold-based approach for energy-efficient consolidation of virtual machines in cloud data centers. In: Proceedings of the 8th International Workshop on Middleware for Grids, Clouds and e-Science. ACM, p 4

  24. Dutreilh X, Rivierre N, Moreau A, Malenfant J, Truck I (2010) From data center resource allocation to control theory and back. In: Proceedings of the 3rd IEEE International Conference on Cloud Computing, CLOUD 2010, Application and Industry Track. IEEE, pp 410–417

  25. Rao J, Bu X, Xu C, Wang L, Yin G (2009) VCONF: a reinforcement learning approach to virtual machines auto-configuration. In: ICAC ‘09 Proceedings of the 6th International Conference on Autonomic Computing, pp 137–146

  26. Dutreilh X, Kirgizov S, Melekhova O, Malenfant J, Rivierre N, Truck I (2011) Using reinforcement learning for autonomic resource allocation in clouds: toward a fully automated workflow. In: ICAS 2011: The Seventh International Conference on Autonomic and Autonomous Systems

  27. Barret E, Howley E, Duggan J (2013) Applying reinforcement learning toward automating resource allocation and application scalability in the cloud. Concurr Comput Pract Exp 25(12):1656–1674

    Article  Google Scholar 

  28. Yazdanov L, Fetzer C (2013) VScaler: autonomic virtual machine scaling. In: IEEE Sixth International Conference on Cloud Computing (CLOUD), CA, USA, pp 212–219

  29. Rashidi S, Sharifian S (2017) A hybrid heuristic queue based algorithm for task assignment in mobile cloud. Future Gen Comput Syst 68:31–345

    Article  Google Scholar 

  30. Wu H, Kemme B (2009) A unified framework for load distribution and fault-tolerance of application servers. In: Euro-Par’09: Proceedings of the 15th International Euro-Par Conference on Parallel Processing. Springer, Berlin, pp 178–190

  31. Rashidi S, Sharifian S (2017) Cloudlet dynamic server selection policy for mobile task off-loading in mobile cloud computing using soft computing techniques. J Supercomput. https://doi.org/10.1007/s11227-017-1983-0

    Google Scholar 

  32. Ajit M, Vidya G (2013) VM level load balancing in cloud environment. In: Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT)

  33. Geethu Gopinath PP, Vasudevan SK (2015) An in-depth analysis and study of load balancing techniques in the cloud computing environment. Big Data Cloud Comput Chall 50:427–432

    Google Scholar 

  34. Fu H, Zhang M (2006) Online adaptive firewall allocation in internet data center. J Comput Commun 29(10):1858–1867

    Article  Google Scholar 

  35. Trag D, Tran N, Nguyen G, Nguyen BM (2017) A proactive cloud scaling model based on fuzzy time series and SLA awareness. Proc Comput Sci 108:365–374

    Article  Google Scholar 

  36. Salah K, Calyam P, Boutaba R (2017) Analytical model for elastic scaling of cloud-based firewalls. IEEE Trans Netw Serv Manag 14(1):136–146

    Article  Google Scholar 

  37. Vondra T, Šedivý J (2017) Cloud autoscaling simulation based on queueing network model. Simul Model Pract Theory 70:83–100

    Article  Google Scholar 

  38. Arlitt MF, Williamson CL (1996) Web server workload characterization: the search for invariants. ACM SIGMETRICS Perform Eval Rev 24(1):126–137

    Article  Google Scholar 

  39. Downey AB (2001) Evidence for long-tailed distributions in the Internet. In 1st ACM SIGCOMM Workshop on Internet Measurement, NY, USA

  40. Jin X, Min G (2008) QoS analysis of queuing systems with self-similar traffic and heavy-tailed packet sizes. In: IEEE International Conference on Communications, Beijing

  41. Downey AB (2001) The structural cause of file size. In: Ninth International Symposium on Distributions, Modeling, Analysis and Simulation of Computer and Telecommunication Systems, Cincinnati, OH

  42. Johnson NL, Kotz S, Balakrishnan N (1994) Lognormal distributions. Continuous univariate distributions. Wiley series in probability and mathematical statistics: applied probability and statistics, 2nd edn. New York, USA

  43. Duda RO, Hart PE, Stork DG (2001) Pattern classification, 2nd edn. Wiley, Hoboken

    MATH  Google Scholar 

  44. Sutton RS, Barto AG (1998) Reinforcement learning: an introduction. MIT Press, Cambridge

    Google Scholar 

  45. Sigaud O, Buffet O (2010) Markov decision process in artificial intelligence. Wiley, Hoboken

    MATH  Google Scholar 

  46. Littman ML (1996) Algorithms for sequential decision making. Ph.D. thesis, Department of Computer Science, Brown University, Rhode Island, USA

  47. Bolch G, Greiner S, de Meer H, Trivedi KS (2006) Queueing networks and markov chain, modeling and performance evaluation with computer science application. Wiley, Hoboken

    Book  MATH  Google Scholar 

  48. Yegenoglu F, Faris F, Qadan O (2000) A model for representing wide area internet packet behavior. In: IEEE International Conference on Performance, Computing, and Communications

  49. Elbeltagi E, Hegazy T, Grierson D (2005) Comparison among five evolutionary-based optimization algorithms. J Adv Eng Inform 19(1):43–53

    Article  Google Scholar 

  50. Goldberg D (1989) Genetic algorithms in search, optimization and machine learning. Addison-Wesley, Boston

    MATH  Google Scholar 

  51. Monge DA, Pacini E, Mateos C, Garino CG (2017) Meta-heuristic based autoscaling of cloud-based parameter sweep experiments with unreliable virtual machines instances. Comput Electr Eng. https://doi.org/10.1016/j.compeleceng.2017.12.007

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, Amirkabir University of Technology, Tehran, Iran

    Naghmeh Dezhabad & Saeed Sharifian

Authors
  1. Naghmeh Dezhabad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Saeed Sharifian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saeed Sharifian.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dezhabad, N., Sharifian, S. Learning-based dynamic scalable load-balanced firewall as a service in network function-virtualized cloud computing environments. J Supercomput 74, 3329–3358 (2018). https://doi.org/10.1007/s11227-018-2387-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-018-2387-5

Keywords

Search

Navigation