In this video blog post FISHY shares a video with a presentation about two components developed by UC3M and TID in the FISHY Project: SIA and FRF.
The Secure Infrastructure Abstraction (SIA) module offers a northbound interface to the other blocks and components of the FISHY platform. The SIA northbound interface provides an abstract and technology agnostic view of the NFV infrastructure resources available at an organization domain. It supports the management and orchestration of network services and VNFs making use of that infrastructure resources.
The Secure Infrastructure Abstraction (SIA) is responsible for the provisioning of a data-plane interface to support external and inter-domain communications within the FISHY platform (e.g., between an IoT/edge infrastructure and a cloud infrastructure, or between multiple cloud infrastructures). In addition, it controls the network access to the FISHY domains, protecting data traffic entering and leaving the domains. This functionality is mainly provided by the SIA Network Edge Device (NED) component. The SIA also includes a specific component for monitoring and telemetry information collection (SIA Monitor, MON) associated with the NED operations.
According to the FISHY approach, organizations are structured into different realms, based on the cybersecurity constraints, policies or rules, and realms are divided into domains, where a domain is defined as a group of assets with certain relationships (same network, infrastructure, location, etc.) . The SIA operates at a domain level providing the proper means to interact with the NFV infrastructure resources that are available at every domain, regardless of the particular technologies that are used (OpenStack, Kubernetes, etc.). This functionality is provided by the SIA Northbound interface (NBI) and an Orchestration Function (OF). The OF is deployed at every domain, whereas the SIA NBI is a centralized component that can be used by other modules of the FISHY platform.
The SIA architecture includes the ability to create and delete virtual link-layer networks that connect VNFs running in different domains, independently of the specific management and orchestration software stacks employed in those domains. This way, it supports link-layer inter-domain communications among remote VNFs. This inter-domain connectivity system is enabled by SDN technologies and comprises two main elements: the Network Edge Device (NED) overlay network and the Inter-Domain Connectivity Orchestrator (IDCO).
NEDs are programmable switching functions, implemented using Open Virtual Switches (OvS). They forward traffic between domains. Each domain containing VNFs that require connectivity with other VNFs in different domains must have at least one NED. The NEDs are connected between them through point-to-point protected IP tunnels.
On the other hand, the FISHY Reference Framework (FRF) is a testbed environment able to integrate and support the execution of all the FISHY components and the possible relevant functions that are necessary for the functionality of the FISHY project. In other words, the FRF holds the integrated status of the whole FISHY platform, including all its components and other infrastructures (internal or external). This testbed can be used to showcase the FISHY functionality and to implement the use cases defined for the project.
In this sense the FRF is a virtual environment capable of supporting the execution of FISHY components and other relevant functions, such as VNFs developed during the project lifetime. It is hosted in 5TONIC, which is an Open Research and Innovation Laboratory focusing on 5G technologies, founded by Telefonica and IMDEA Networks and based in Madrid, Spain.
To support inter-domain communications, the FRF will include a functional Network Edge Device (NED) at every domain. NEDs will support all the management communications between FISHY Control Services and other FISHY components, such as VNFs. They will also enable inter-domain data-plane communications between VNFs and/or FISHY components.
The FRF, thanks to its flexible design, can incorporate components and infrastructures that are not directly located in the same premises where the FRF is hosted. By using the SIA module, in charge of the communications between FISHY components, other external infrastructures can be added into the FRF, if there exist IP level communications with one, or several, NEDs inside the FRF.