為了改善現有網路服務架構高成本與缺乏彈性配置的問題，網路功能虛擬化的概念日漸成熟，透過軟體化的方式實現不同需求的網路服務，讓這些不同形式的網路功能，得以部署在當前的商用伺服器上。雖然網路功能虛擬化的技術，得以緩解過去在網路服務部署上，缺乏彈性及成本昂貴的缺點，但部署這些網路服務的設備，並非是為了特地目標而設計的硬體架構，因此在性能表現顯得較為弱勢，甚至對整體網路性能帶來劇烈的衝擊。

　　本研究試圖解決軟體型網路服務，在處理封包時效能低落的問題，因此，本系統會透過核心任務排程的技術，動態調整網路服務的工作實例數量，將所有的工作實例部署在獨立的核心上，獲取整顆核心的工作資源，而系統也會在適當的時間釋放佔據且未使用的系統資源；在網路功能服務鏈的規劃上，本研究設計封包平行化處理之方法，透過服務鏈規劃與排程，使封包得以在結果正確的前提下，進行多種網路服務的平行處理，壓縮服務鏈在封包處理時，所需耗費的額外時間；除此之外，本研究亦對服務品質的問題加以考量，當系統進入瓶頸時，不同服務等級的網路封包所造成的影響程度也有所差異。

　　實驗結果驗證了本研究所設計之機制皆能有效提升虛擬化網路功能平台的網路性能表現，網路功能動態縮放的策略使系統得以用少量的系統資源，應對網路流量的變化；網路功能平行化大幅降低封包處理造成的網路延遲；而將服務品質加以考量的背壓機制，更能確保具品質要求封包傳輸之穩定性。

To solve the problems of high cost and lack of flexible configuration of the existing network service deployment, the concept of network function virtualization is becoming more and more mature. Network functions with different needs are implemented through software, so that these different forms of network functions can be deployed on commercial servers. Although network function virtualization can address the inflexibility and high cost of deploying network equipment in the past, the equipment that deploys these network functions is not a hardware architecture designed for a specific purpose, so the performance of NFV is relatively weak, which affects network operation.

This study attempts to solve the problem of low performance of software-based network functions when processing packets. The system dynamically adjusts the number of network function instances through core scheduling and deploys all instances on distinct cores. In addition, the system will release unused system resources when appropriate. In the management of the network function service chain, this study designs a method for parallel processing of packets to reduce the time overhead required for packet processing. This study also considers the issue of service quality. When the system enters a bottleneck, the degree of impact caused by network packets of different service levels is also different.

The experimental results show that the mechanisms designed in this study can effectively improve the network performance of the virtualized network functions. The strategy of network functions dynamic scaling enables the system to use a small amount of system resources to respond to changes in network traffic, network functions parallelism greatly reduces network latency caused by packet processing, and QoS-aware backpressure can better ensure the stability of packet transmission with quality requirements.

[1] McAfee, “Formerly known as McAfee Associates, Inc.”, https://www.mcafee.com/
[2] “Information security threats hit the economy with losses amounting to US$600 billion” 2020. [Online]. Available: https://www.cio.com.tw/security-threats-hit-600-billion-in-economic-losses/. [Accessed March 2022]
[3] Check Point, “Check Point Software: Leader in Cyber Security Solutions”, https://www.checkpoint.com/
[4] “50% increase in weekly cyberattacks on corporate networks last year” 2022. [Online]. Available: https://www.ithome.com.tw/news/148848. [Accessed March 2022]
[5] K. Ingham and S. Forrest, "A history and survey of network firewalls. University of New Mexico, Tech.," University of New Mexico, Tech, 2002
[6] Sukwong, Orathai, Hyong Kim, and James Hoe. "Commercial antivirus software effectiveness: an empirical study." Computer 44.03 (2011): 63-70.
[7] C. H. Rowland, "Intrusion detection system". United States Patent US 6,405,318 B1, 11 Jun 2002.
[8] G. M. Jackson, "Intrusion prevention system". United States Patent Patent US 7.458,094 B2, 25 Nov 2008.
[9] Wurzinger, Peter, et al. "SWAP: Mitigating XSS attacks using a reverse proxy." 2009 ICSE Workshop on Software Engineering for Secure Systems. IEEE, 2009.
[10]HERRERA, Juliver Gil; BOTERO, Juan Felipe. “Resource allocation in NFV: A comprehensive survey.” IEEE Transactions on Network and Service Management, 2016, 13.3: 518-532.
[11]Gepner, Pawel, and Michal Filip Kowalik. "Multi-core processors: New way to achieve high system performance." International Symposium on Parallel Computing in Electrical Engineering (PARELEC'06). IEEE, 2006.
[12]CAMPBELL, Andrew; COULSON, Geoff; HUTCHISON, David. A quality of service architecture. ACM SIGCOMM Computer Communication Review, 1994, 24.2: 6-27.
[13]“5-Tuple” 2014. [Online]. Available:https://www.techopedia.com/definition/28190/5-tuple. [Accessed March 2022]
[14]“Differentiated services” 2022. [Online]. Available:https://en.wikipedia.org/wiki/Differentiated_services. [Accessed March 2022]
[15]“Encyclopedia knowledge: QoS” [Online]. Available:https://www.easyatm.com.tw/wiki/qos. [Accessed March 2022]
[16]POSTEL, Jon, et al. “Internet protocol.” 1981.
[17]“Understanding IP Precedence, ToS, and DSCP” 2012. [Online]. Available:https://blogs.manageengine.com/network/netflowanalyzer/2012/04/24/understanding-ip-precedence-tos-dscp.html. [Accessed March 2022]
[18]INTEL, "Data plane development kit," 2022. [Online]. Available:https://www.dpdk.org/. [Accessed March 2022].
[19]Carpenter, Brian, and Scott Brim. Middleboxes: Taxonomy and issues. RFC 3234, February, 2002.
[20]Uhlig, Rich, et al. "Intel virtualization technology." Computer 38.5 (2005): 48-56.
[21]“European Telecommunications Standards Institute” 2022. [Online]. Available:https://www.etsi.org/. [Accessed March 2022]
[22]“Network Functions Virtualization - ETSI” 2012. [Online]. Available:https://www.etsi.org/technologies/nfv. [Accessed March 2022]
[23]W. Zhang et al., “Opennetvm: A Platform for High Performance Network Service Chains,” Proc. 2016 Workshop on Hot Topics in Middleboxes and Network Function Virtualization, ser. HotMIddlebox ’16, New York, NY, USA: ACM, 2016, pp. 26–31.
[24]KULKARNI, Sameer G., et al. “NFVnice: Dynamic backpressure and scheduling for NFV service chains.” IEEE/ACM Transactions on Networking, 2020, 28.2: 639-652.
[25]FEI, Xincai, et al. “FlexNFV: Flexible network service chaining with dynamic scaling.” IEEE Network, 2020, 34.4: 203-209.
[26]SUN, Chen, et al. “NFP: Enabling network function parallelism in NFV.” In: Proceedings of the Conference of the ACM Special Interest Group on Data Communication. 2017. p. 43-56.
[27]WANG, Yang, et al. “Transparent flow migration for NFV.” In: 2016 IEEE 24th International Conference on Network Protocols (ICNP). IEEE, 2016. p. 1-10.
[28]Microsoft, “Introduction to Receive Side Scaling” 2022. [Online]. Available:https://docs.microsoft.com/en-us/windows-hardware/drivers/network/introduction-to-receive-side-scaling. [Accessed March 2022]
[29]“epoll — Linux manual page”, 2021. [Online]. Available:https://man7.org/linux/man-pages/man7/epoll.7.html. [Accessed March 2022]
[30]K. Wiles, “Pktgen-DPDK — Traffic Generator Powered by DPDK”, 2018. [Online]. Available: https://git.dpdk.org/apps/pktgen-dpdk/. [Accessed March 2022]
[31]INTEL, “What Is Hyper-Threading?” [Online]. Available:https://www.intel.com/content/www/us/en/gaming/resources/hyper-threading.html. [Accessed March 2022]
[32]INTEL, “DPDK rte_cycles.h File Reference”. [Online]. Available:https://doc.dpdk.org/api/rte__cycles_8h.html. [Accessed March 2022]