Usable Orchestration for Customer Edge Switching

Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Security and Cloud Computing
Degree programme
Master’s Programme in Computer, Communication and Information Sciences
Customer Edge Switching (CES) is a network solution that sits at the network edge and addresses the issue of NAT traversal. To do so without sacrificing security, it provides cooperative firewalling between the connected customer networks and the served hosts. The CES solution comprises of three network functions, namely, NAT, Cooperative firewall and Realm gateway. To test the working of CES, a containerised single-shot network orchestration environment was implemented using LXC containers and published with the CES repository. To prepare CES for the challenges of future networks, we propose to develop a system that allows it to offload the tasks to remote servers through cloud computing. This way it will be able to scale up or down depending on the changing resource demand. As a first step towards total cloudification of CES, in this thesis, we intend to develop a user interface (UI) that will allow to quickly set up any kind of test network configuration with the required number of CES and RGW nodes (and other elements) needed in the test scenario. In this thesis, we present the architecture and implementation of our web-based test network orchestration. We implemented an easy-to-use web interface for the end user and located all the major complexity related to network orchestration to the backend. The frontend and backend systems interact with each other via a well-established REST interface, to serve the requests of a frontend user. The user interface presents a dashboard giving an overview of the test network and allows the user to manage the containers and services running on them via click of a button. The thesis also presents an evaluation of our implementation and reveals that our web-based orchestration solution has significantly reduced the launch time of containers as well as the launch time of the whole test network. Towards the end, we have also identified bottlenecks to fully automating CES deployment at network edge and recommend that these should be addressed in a future work.
Kantola, Raimo
Thesis advisor
Riaz, Maria
CES, web frontend, backend, NAT, orchestration, LXC containers
Other note