Topic: Network Function Virtualization

Introduction
A network architecture concept called Network Function Virtualization (NFV) entails virtualizing
network functions such as firewalls, load balancers, routers, etc. The goal of this research paper is to
explore NFV in detail. NFV is used to enable the deployment of network functions on generalized
hardware instead of dedicated hardware. This will reduce costs while increasing service providers'
flexibility and enabling easier network services management. In this report, the major areas of NFV’s will
be covered. These include the basic architecture and infrastructure, application, the status of the state-of-
the-art research in this field, and security issues and challenges of NFV.
Traditional communication networks rely on physical hardware making them very inflexible and
expensive to operate and manage as the specific required network functions can only be performed by
that specific physical device. The use of such devices which can only cater to one single network function
makes the cost of hardware go up since the networking industry is growing at a very fast pace and new
functions are invented and created every year. As such the cost of hardware is constantly going up, in
addition to long lead times for deployment. This also puts development firms and companies in a bind as
it can become difficult to increase work scale, upgrading and adding new and unique network functions.
In order to cater to this increasing issue for firms in the networking industry as a result the concept of
Network Function Virtualization NFV was developed as a solution to these issues the industry was
facing. The concept of NFV’s is to virtualize network functions using software that can run on
commodity hardware, this idea was originally proposed by the European Telecommunications Standards
Institute (ETSI) in 2012. Since then, research in this field has advanced and solidified. NFV differentiates
itself from traditional communication due to its dependency on software-based implementation rather
than hardware. Network virtualization technologies like Network Function Virtualization (NFV) work in
correlation with Software-Defined Networking (SDN) to separate software from hardware to make
network functionalities independent of hardware. This allows for the deployment of network functions on
demand, making the system more efficient, scalable, and cost-effective. With NFV’s the allocation of
hardware resources is key to achieving high performance rates. In addition, interconnections between
virtualized network functions are managed from a central point. As a result, we can predict that network
virtualization technologies provide a significant lever for transforming traditional communication
networks into more agile, efficient, and resilient infrastructures, further enabling networking firms to
quickly adapt to the changing network requirements and new service offerings of our society, leading it to
be a critical technology for the evolution of modern networking.
Architecture
As discussed before in traditional network architecture, individual hardware devices such as routers,
switches, gateways, firewalls, load balancers intrusion detection systems and etc. all have different
networking tasks. A virtualized network replaces these pieces of equipment with software applications
that run on a virtual machine to perform these networking tasks.
A basic NFV architecture usually consists of three parts which have been described using different names
in different papers, for this research we will be using the Infrastructure layer, the Virtualization layer, and
the Orchestration layer as the most common names used for these three layers:
 Centralized virtual network infrastructure layer: this layer is more focused on the provision of
physical resources which are required for NFV deployment. Resources like storage space,
networking equipment and servers. The implementation of this layer is very much dependent on
 the technology, which can include tradition data centers, cloud or a mixed combination of both
infrastructures.
 Software applications/ virtualization layer: This layer as the name suggests, provides
virtualization capabilities required by NFV. Such as Virtual machines, network virtualization
functions and etc. this layer enables the function to be dynamically installed and configured.
 Framework/ Orchestration layer: Tus layer takes up the rile of management and orchestration for
NFV’s. As the managerial layer it allocates the needed recourse, while service chaining and
management. This also includes the management of the lifecycle management. Like dynamic
configuration of the provided network functions and the specified services.
Efficiency and effectiveness is very important in NFV’s as these factors allow them to differentiate them
from traditional hardware applications. The paper, NFV Infrastructure: A Survey on Design,
Architecture, and Implementation Challenge, discussed the issues which may need attention in each layer
to achieve a point of optimal efficiency and effectiveness in NFVs. In the Infrastructure Layer(hardware),
the main challenges relate to optimization of resource utilization as this will ensuring high availability and
reliability. In the virtualization layer, challenges include efficient VNF deployment, dynamic resource
allocation, and virtual network function forwarding. In the Orchestration layer, service orchestration,
network slicing, and interoperability between different NFV platforms is an issues which can cause
problems which may need to be addressed.
NFV infrastructure components include:
1. Virtualized Network Functions (VNFs): These are software-based implementations of network
functions that run on commodity hardware. It is designed to replace traditional network functions
that run on dedicated hardware devices. VNFs are deployed as VMs, which can be scaled up or
down as needed to meet changing demand.
2. NFV Infrastructure (NFVI): The NFVI comprises the physical compute, storage, and network
resources required to operate VNFs, which can be situated in data centers, edge clouds, or even
on customer premises. It provides a virtualization layer on top of the hardware layer. It abstracts
hardware resources, enabling them to be logically divided and allocated to support VNFs. The
NFVI delivers the physical resources, such as compute, storage, and network infrastructure, and
software required for VNF deployment and management. With NFVI's distributed nature,
organizations can deploy it in various locations, such as data centers, edge clouds, or customer
premises. This allows for enhanced flexibility in building and managing networks.
3. Virtualized Infrastructure Manager (VIM): This component manages infrastructure resources,
such as compute, storage, and networking, used to deploy and operate NFVI, including
provisioning and allocating resources to VNFs.
4. Orchestration / NFV Management and Orchestration (MANO): This component manages the
overall service deployment process, including the selection and chaining of VNFs, as well as the
allocation and management of network resources.
5. Management and Orchestration (MANO): This is a high-level component that includes the VIM
and orchestration functions, as well as additional components for managing the entire NFV
lifecycle, namely service design, service assurance, and service billing. The MANO layer
manages and orchestrates the NFV infrastructure. It includes NFVO, VNFM, and VIM, as well as
 additional components such as the NFV Service Catalog and the NFV Element Management
System (EMS).
Application
Application NFV has various applications, including the provision of virtual private networks (VPNs),
content delivery optimization, and the deployment of virtualized security functions. NFV can also be used
to provide Network as a Service (NaaS), which involves offering customized network services to clients
based on their specific requirements. This allows network operators to offer flexible and dynamic
services, reducing costs and increasing customer satisfaction.
"A Comprehensive Survey of Network Function Virtualization Applications" by A. G. A. Rahman et al.
(2020) is a survey paper that provides a comprehensive overview of the applications of Network Function
Virtualization (NFV). The paper covers various aspects of NFV applications, including network services,
data centers, mobile networks, and the Internet of Things (IoT). As a starting point, the paper explains
what NFV is and what it can do for you. The following section then discusses NFV applications in
network services. This article focuses on the numerous applications in network services, including
virtualized network functions (VNFs) such as firewalls, load balancers, and intrusion detection systems.
With NFV, these network functions can be deployed as software on commodity hardware, making it
easier and more cost-effective to scale and manage them. By using NFV to virtualize network functions,
operators can quickly launch customized services, reduce costs, and increase flexibility. The paper
discusses the use of NFV for various network services, such as virtualized firewalls that dynamically
respond to threats and perform traffic filtering. It also discusses load balancers that distribute traffic
across multiple servers to improve application performance.
In addition to network services, the paper also covers NFV applications in data centers. With NFV,
operators can offload certain network functions from physical devices to virtualized functions running on
servers, leading to more efficient resource utilization. Virtual machine migration is another application of
NFV, where VMs can be migrated between servers in a data center for load balancing or fault tolerance
purposes. Finally, network slicing is another NFV application in data centers. It enables the creation of
isolated network segments for different applications, services, or customers, with different performance
requirements, security policies, and resource allocations.
The paper also highlights the potential applications of Network Function Virtualization (NFV) in the
Internet of Things (IoT). Specifically, the paper discusses NFV for edge computing and the industrial
Internet of Things (IIoT). Edge computing involves processing data closer to the source rather than
sending it to a remote data center. NFV can be used to provide virtualized network functions at the edge
of the network. This allows faster data processing and reduces network latency. This can be particularly
useful in IoT applications where real-time processing and analysis of sensor data is required. In addition,
the paper discusses how NFV can be used in the context of the Industrial Internet of Things (IIoT). IIoT
involves the use of connected devices and sensors in industrial settings to improve efficiency and
productivity. NFV can be used to virtualize network functions in IIoT applications, such as remote
monitoring, predictive maintenance, and process optimization. It can improve IIoT networks' reliability
and security, as well as reduce costs and increase flexibility.
State-of-the-art research status
In recent years, several research studies have focused on NFV application to different network scenarios.
For instance, in a survey by A. F. A. Ghaleb, et al. (2022), the authors discussed the use of NFV and SDN
to orchestrate and manage 5G network slices. The survey found that NFV and SDN can provide the
necessary flexibility and programmability to meet the specific needs of different applications and
services. In another study, S. H. Mohammadi, et al. (2022) discussed the concept of dynamic service
function chaining in NFV, which allows network operators to dynamically allocate and chain network
functions to meet network traffic needs. The study found that dynamic service function chaining can
improve network performance, reduce costs, and increase scalability.
In "Machine Learning-Based Network Slicing Optimization for 5G Networks: A Review" by R. Singh, et
al. (2022), the authors discuss the challenges of optimizing network slicing in 5G networks and the
potential of machine learning algorithms to overcome these challenges. The paper provides an overview
of network slicing, machine learning, and their intersections. The authors then review the state-of-the-art
research in this area, covering different machine learning algorithms, data sources, optimization
objectives, and evaluation metrics. Furthermore, this paper discusses the use of machine learning
algorithms to optimize network slicing in 5G networks. This is a key NFV use case. Network slicing
allows service providers to create customized virtual networks that meet the specific needs of different
applications and users. NFV provides the necessary infrastructure and virtualization capabilities to
support network slicing. Therefore, the optimization of network slicing through machine learning can
improve the efficiency and performance of NFV-based networks. The limitations and future research
directions for machine learning for network slicing optimization are also discussed. These directions
include the need for more comprehensive datasets, more efficient algorithms, and more realistic
simulations and experiments. Overall, the authors conclude that machine learning has the potential to
significantly improve network slicing performance and efficiency in 5G networks. However, more
research is needed to fully realize this potential.
Zero-touch service function chaining (ZT-SFC) in network function virtualization (NFV) is also an up-
coming research topic as the idea presents a viable concept reducing the cost of managing function chains
while increasing the efficiency and variety of multiple networking services. The survey paper "Towards
Zero-touch Service Function Chaining in NFV: A Survey" by Y. Zhang et al. (2021) aims to provide a
comprehensive survey of state-of-the-art research). Before we can deep dive into ZT-SFC’s we need to
understand SFC’s which was properly explained in this paper. The author describes Service Function
Chaining (SFC) as the process of linking together network services to provide a specific function to
network traffic as it flows through a network. In NFV, SFC is a crucial concept as it enables the dynamic
chaining of virtualized network functions (VNFs) to create complex network services without physical
devices. SFC's relevance to NFV lies in its ability to enable the creation of network services that can be
quickly and dynamically deployed, scaled, and reconfigured. This is particularly useful in today's rapidly
evolving network environments. Service providers need to quickly adapt to changing network traffic
patterns and customer demands. SFC can also improve network efficiency by allowing service providers
to more effectively utilize network resources. By dynamically linking VNFs, service providers can
optimize network traffic flow and reduce unnecessary network hops. This will improve network services
performance and reliability. The paper introduces the concept of ZT-SFC, which is an automated
approach to service function chaining (SFC) in NFV, where the placement and chaining of network
functions are done automatically without any human intervention. The authors then discuss the challenges
and requirements for ZT-SFC, including network automation, intent-based networking, network slicing,
and resource allocation. ZT-SFC stands for "zero-touch service function chaining" and refers to the
automated deployment, management, and orchestration of service function chains in NFV environments
without human intervention. ZT-SFC aims to improve the efficiency and agility of network service
provisioning by reducing the time and cost required to set up and manage service function chains, as well
as improving the scalability and reliability of NFV-based networks. This is achieved through the use of
advanced automation and machine learning techniques, such as closed-loop control and policy-based
management, to automate the entire service function chain lifecycle, from deployment to scaling to
troubleshooting.
Closed-loop control and policy-based management are two key concepts in network management that
aim to improve network automation and efficiency. Closed-loop control involves a continuous feedback
loop where the network's performance is monitored and measured, and any deviations from the desired
state are detected and corrected automatically. This feedback loop is often used in conjunction with
network analytics and machine learning algorithms to predict potential issues and automatically take
corrective action. Policy-based management, on the other hand, involves defining and enforcing policies
that dictate how the network should operate. These policies can be used to automate network operations,
such as configuring network devices or allocating resources, based on pre-defined rules and conditions.
This approach enables administrators to manage networks more efficiently, with less manual intervention
and reduced risk of human error. Together, closed-loop control and policy-oriented management can
improve network performance, reliability, and security, while reducing operational costs and increasing
scalability. These concepts are increasingly relevant in the context of Network Function Virtualization
(NFV), where the dynamic and distributed nature of virtualized network functions requires a high degree
of automation and policy-driven control.
The paper then surveys recent research on ZT-SFC in NFV, including the design and architecture of ZT-
SFC systems, network slicing techniques for ZT-SFC, and machine learning-based approaches for ZT-
SFC. The authors also analyze the benefits and limitations of ZT-SFC, as well as the open research
challenges and future directions in this area. Overall, the paper provides a comprehensive survey of ZT-
SFC research in NFV, including the challenges, requirements, design, and implementation of ZT-SFC
systems. The paper also highlights the potential benefits of ZT-SFC and identifies open research
challenges and future directions in this area.

Security issues and challenges

Security issues and challenges NFV poses several security challenges that need to be addressed to ensure
network services integrity and confidentiality. In a survey by A. Dehghantanha, et al. (2022), the authors
identified several security challenges associated with NFV, including virtualization-specific attacks,
service chain hijacking, and data privacy and protection issues. The authors propose a number of
solutions to mitigate these challenges, including encryption, access control mechanisms, and intrusion
detection and prevention systems.
"Service Function Chaining in Network Function Virtualization: A Comprehensive Survey" by N. Ghazi,
et al. (2020) provides a detailed overview of service function chaining (SFC) in network function
virtualization (NFV). The paper presents the challenges and opportunities associated with SFC and
highlights the latest developments in the field. The authors discuss the challenges associated with SFC in
NFV, including scalability, fault tolerance, security, and performance issues. The paper describes various
approaches to address these challenges, such as dynamic load balancing, backup service instances, and
software-defined networking techniques. Dynamic load balancing involves distributing traffic load among
multiple VNF instances to optimize resource utilization and ensure high availability. The paper discusses
various algorithms and methods for load balancing, such as round-robin, least-connections, and weighted
round-robin. The authors also highlight the importance of load balancing in achieving high scalability and
resilience in NFV-based networks. Backup service instances refer to having additional VNF instances
ready to take over in case of primary instances failure. This can help ensure service continuity and reduce
downtime. The paper discusses several approaches to implementing backup instances, such as active-
standby and active-active configurations. Software-defined networking (SDN) techniques can enhance
service function chaining by providing centralized control and management of network resources. The
paper discusses several SDN-based approaches to service function chaining, such as network slicing and
network function virtualization management and orchestration (NFV-MANO). The authors also highlight
the benefits of SDN in NFV-based networks, such as improved agility, flexibility, and scalability.
In addition, the paper reviews existing SFC standards and frameworks, including the Open Networking
Foundation's SFC architecture and the European Telecommunications Standards Institute's NFV
framework. The authors discuss the compatibility and interoperability issues associated with these
standards and frameworks and provide recommendations for future developments. The authors emphasize
the need for more research in areas such as security, scalability, and performance optimization. They also
emphasize the importance of standardization and interoperability in SFC development in NFV networks.
"A Survey of Security Challenges in Network Function Virtualization" by J. M. Alcaraz Calero, et al.
(2019) is a comprehensive survey paper focusing on security challenges connected to Network Function
Virtualization (NFV). The authors identify and analyze the security risks and threats associated with NFV
and explore the solutions proposed in the literature to address these challenges. The paper provides an
overview of NFV, its benefits and challenges. It then focuses on the security challenges associated with
NFV and provides a comprehensive survey of these challenges. One of the main security challenges of
NFV is virtual network functions (VNFs). VNFs are software components that perform network functions
and are susceptible to attacks such as malware injection, denial-of-service attacks, and unauthorized
access. The paper discusses several approaches to securing VNFs, including trusted computing
techniques, intrusion detection and prevention systems, and access control mechanisms. Virtual Network
Functions (VNFs) are an essential component of NFV, but their deployment and management pose a
significant security challenge. Since VNFs are software components, they can be vulnerable to various
cyber-attacks, such as malware injection, denial-of-service attacks, and unauthorized access. One
approach to securing VNFs is to use trusted computing techniques. These techniques involve hardware-
based security mechanisms that ensure VNF integrity and confidentiality. For example, secure boot and
secure execution environments can prevent malicious code from compromising VNFs. Additionally,
hardware-based security mechanisms can provide attestation and provenance, which are crucial for
identifying and tracking VNF origins. Another approach to maintaining security for VNFs is through
intrusion detection and prevention systems. These systems can monitor network traffic and detect any
anomalies or suspicious behavior that may indicate an attack on VNFs. Intrusion prevention systems can
then prevent attacks from compromising VNFs, such as blocking malicious traffic or quarantining
infected VNFs. Access control mechanisms can also be used to secure VNFs. Access control mechanisms
limit access to VNFs and prevent unauthorized users from accessing and modifying VNFs. For example,
access control mechanisms can enforce role-based access control, where access is granted based on the
user's role and level of privilege. Additionally, access control mechanisms can implement strong
authentication and encryption techniques to limit unauthorized access to VNFs.
Another security challenge is the security of the NFV infrastructure itself. This includes securing the
physical infrastructure, such as servers and storage devices, as well as the virtualized infrastructure, such
as hypervisors and virtual switches. The paper discusses various techniques to secure the NFV
infrastructure, such as secure boot, secure virtual machine migration, and virtual network isolation.
Secure Boot is a security feature that ensures only authorized software is executed during boot. It
provides a trusted boot chain by verifying the digital signature of each piece of software before it is
executed. This prevents malware or other unauthorized software from running during the boot process.
Secure virtual machine migration refers to the process of moving a virtual machine (VM) from one
physical host to another in a secure manner. This ensures the integrity and confidentiality of VM data
during migration. In addition, it verifies the destination host's identity before migration. Virtual Network
Isolation is a technique used to isolate VNFs from each other and from the underlying physical network.
This prevents unauthorized access or interference between VNFs and can minimize the impact of security
breaches. The paper also identifies the challenge of safeguarding the NFV management and orchestration
(MANO) layer, which manages and orchestrates the VNFs and the NFV infrastructure. The MANO layer
is vulnerable to attacks such as authentication and authorization attacks, network-based attacks, and
software-based attacks. The paper proposes several security solutions, including reliable communication
protocols, access control mechanisms, and security monitoring systems. Other security challenges
discussed in the paper include the challenge of providing security to the NFV ecosystem, which involves
safeguarding the interactions between the different components of the NFV ecosystem, and the challenge
of maintaining NFV deployment and operation, which involves managing the deployment and operation
of NFV in a multi-tenant environment.
The paper by Dehghantanha et al provides a systematic review which focuses on NFV security. It
identifies the key security challenges and proposes solutions in an organized and organized manner. It
aims to provide a more holistic view of the current state-of-the-art in NFV security. "Network Function
Virtualization and Security: A Systematic Review" by A. Dehghantanha, et al. discusses key security
challenges and proposed solutions (2022):
1. Confidentiality and privacy: One of the main security challenges in NFV is ensuring the
confidentiality and privacy of data transmitted through virtual network functions (VNFs). There
are a number of solutions proposed in the paper to deal with this challenge, including encryption,
access control, and isolation of virtual networks.
2. Authentication and access control: Another security challenge in NFV is ensuring that only
authorized users have access to the VNFs. The paper proposes solutions such as strong
authentication mechanisms, access control policies, and software-defined networking techniques.
3. Availability and resilience: The availability and resilience of VNFs are critical for NFV
infrastructure proper functioning. The proposed solutions include dynamic load balancing,
backup service instances, and fault-tolerant architectures.
4. Malware and intrusion detection: VNFs are susceptible to malware attacks, which compromise
the NFV infrastructure. The paper proposes solutions such as intrusion detection and prevention
systems, sandboxing, and real-time monitoring.
5. Virtualization-specific threats: Virtualization technology in NFV introduces various security
challenges such as hypervisor attacks and side-channel attacks. The paper proposes solutions such
as secure boot, virtual network isolation, and secure virtual machine migration.
6. Regulatory compliance: NFV deployments must comply with various data privacy and security
regulations and standards. The paper proposes solutions such as auditing, logging, and
compliance monitoring to ensure regulatory compliance.
In summary, the paper presents a comprehensive overview of NFV security challenges and proposes
solutions. Multilayered and holistic approaches are emphasized. The paper also makes the case for further
research into NFV security technologies and architectures in order to ensure secure and reliable network
deployments. Additionally, the authors stress the importance of continuous monitoring and mitigation
measures to ensure the security of NFV networks.

Conclusion
After analyzing the research papers and surveys on NFV, it can be concluded that NFV offers numerous
benefits. These include improved flexibility, scalability, cost-effectiveness, and service agility. NFV
architecture includes the NFV framework, virtualization techniques, and the main components of NFV
infrastructure. The NFV architecture enables the deployment of virtualized network functions (VNFs) and
facilitates network function offloading, virtual machine migration, network slicing, edge computing, and
the industrial Internet of Things (IIoT).
State-of-the-art research on NFV highlights the importance of addressing NFV challenges, such as
security issues, performance, and interoperability. Several research papers and surveys have proposed
solutions to solve these challenges. For instance, some papers have proposed secure boot and virtual
network isolation to enhance VNF security. Other papers focus on improving NFV performance by
addressing virtualization performance issues.
Security issues and challenges are among the main concerns associated with NFV. Security challenges
include VNFs, secure boot, secure virtual machine migration, virtual network isolation, and more To
address these challenges, researchers have proposed solutions such as hardware-assisted security,
intrusion detection systems, and encryption technologies.
In conclusion, NFV can bring significant benefits to various industries by improving flexibility,
scalability, cost-effectiveness, and service agility. However, it is crucial to address NFV security and
performance challenges. Enhancing NFV's security and performance, enabling seamless integration with
existing networks infrastructures, and improving interoperability should be the focus of future research.
 REFERENCES

1. "NFV Infrastructure: A Survey on Design, Architecture, and Implementation Challenges" by

Yasser Morgan, Ahmed El-Mahdy, and Ahmed El-Sherbiny. Published in IEEE
Communications Surveys and Tutorials in 2021
2. "Design and Implementation of an NFV Architecture for a Distributed Edge Cloud" by
Andrea Bianco, Vincenzo Sciancalepore, Roberto Bonafiglia, and Marco Mellia. Published
in IEEE Transactions on Network and Service Management in 2019
3. "A Scalable and Distributed Virtualized Network Function Architecture" by Arun
Vishwanath, Wasiur Rahman, and Aditya Kulkarni. Published in IEEE Transactions on
Network and Service Management in 2018
4. "Automated Deployment of Network Function Virtualization Infrastructures for Service
Providers" by Frank Tietze, Steffen Gebert, and Jochen Reinwand. Published in IEEE
Communications Magazine in 2019
5. "A Comprehensive Survey on the Applications of Network Function Virtualization" by A. G.
A. Rahman et al. (2020)
6. "A Survey of Security Challenges in Network Function Virtualization" by J. M. Alcaraz
Calero, et al. (2019)
7. "Service Function Chaining in Network Function Virtualization: A Comprehensive Survey"
by N. Ghazi, et al. (2020)
8. "Network Function Virtualization and Security: A Systematic Review" by A. Dehghantanha,
et al. (2022)
9. "Network Function Virtualization: State-of-the-Art and Research Challenges" by S. Taleb, et
al. (2018)
10. "Towards Zero-touch Service Function Chaining in NFV: A Survey" by Y. Zhang, et al.
(2021)
11. "Machine Learning-Based Network Slicing Optimization for 5G Networks: A Review" by R.
Singh, et al. (2022)