Specification of Self-Management of Network Security and Resilience

In this deliverable we describe the SUPERCLOUD resilient network virtualization platform. We present its main components and the techniques used to improve the dependability, scalability, and security of the platform. The architecture follows a Software-Defined Networking (SDN) approach. The main components are divided into two modules: address and topology virtualization, and virtual network embedding. Our network hypervisor provides address and topology virtualization, allowing each tenant to use the full header space and to define arbitrary topologies. The virtual network embedding module maps virtual network requests to physical resources, taking into account the security and dependability demands by users. To avoid the network hypervisor being a single point of failure, we present the design and implementation of a fault-tolerant SDN controller. Our design guarantees consistent event processing under faults, without requiring changes to current SDN protocols or switches. To allow the system to scale, we propose the design of a distributed SDN controller centered around a consistent data store that allows coordination amongst the different controllers instances. Finally, we describe the autonomic security management framework of the network virtualization platform, a component that offers data plane monitoring and proactive attack detection across the different providers of the SUPERCLOUD.