Virtualization is a key feature of the new 5G architecture. NFV is the enabling technology that enables the new architecture of 5G to be virtualized, enabling features such as flexibility and resiliency of 5G networks. NFV was initiated by 13 operators in 2013 and defined by ETSI. It adopts virtualization technology and realizes the software of telecom function nodes based on general hardware, breaking the silo-type system of traditional telecom equipment. Its core features are layered decoupling and introduction. The new MANO (Management and Orchestration) management system. fibconet.com wdm in fiber optics wdm in fiber optics
After network virtualization, the traditional network device functions will be replaced by VNF (Virtualized Network Function, virtualized network function) runs on NFVI (Network Function Virtualization Infrastructure, NFV infrastructure). NFVI is composed of general hardware resources, virtualization layer (i.e. hypervisor), and virtual resources (virtual computing, virtual storage and virtual network) to provide computing, storage and network resources for the instantiated VNF. The newly added MANO management system realizes the management of NFVI, including allocating virtual resources to VNFs, monitoring and reporting virtual resources and hardware resource performance and faults. SDN decouples the control plane and data plane of the device, and the control plane realizes centralized control, and the open programmable interface is used by the application layer, realizing a flexible network definition. fibconet.com wdm in fiber optics wdm in fiber optics
NFV Security Requirements (1) Security requirements of NFV: VNF security requirements: including secure management of VNF packages (as above and updated Integrity verification), access control to VNFs, and sensitive data protection. NFV network security requirements: including VNF communication security requirements (that is, VNF communication security needs to be guaranteed) The two sides of the communication authenticate each other, and the communication content needs to be protected by confidentiality, integrity and anti-replay) and networking security requirements (including border protection, security domain division, and traffic isolation). fibconet.com wdm in fiber optics wdm in fiber optics
(2) MANO security requirements: Security requirements common to MANO entities: including the need to strengthen the security of MANO entities, The current principle of minimizing security services, such as closing unnecessary services and ports; installing anti-virus software, and regularly checking, killing viruses, and upgrading virus databases; it is necessary to prevent illegal access and leakage of sensitive information; it is necessary to ensure that the platform where the MANO entity is located credible etc. The unique security requirements of each entity of MANO: NFVO is subject to DDoS/DoS attacks; VNFM and VIM can run on virtual machines, and will face virtualization-related security threats such as virtual machine escape and virtual machine isolation failure. Security requirements for interactions between MANO entities and between MANO systems and other entities: general The content of the letter is subject to confidentiality and integrity protection and anti-replay; mutual authentication between entities. MANO management security: The MANO system needs to reasonably allocate and manage accounts and permissions. management, implement strict access control, and enable strong password policies, etc. fibconet.com wdm in fiber optics wdm in fiber optics
