This innovation aims at simultaneously running IoT devices with different levels of criticality and security in the frame of a single edge gateway. With the Secure SmartBox massive IoT can be combined with mission critical IoT!

• Result description

The unique combination of VoSYS’s capabilities to isolate secure element and OS within a standardized (i.e., capable of connecting Lora, SigFox, etc. devices) IoT gateway, and VERTICAL M2M’s skills to build innovative E2E IoT solutions, enables a remote configuration/deployment of the SECURED IOT SMARTBOX features, which provides full management within the same environment of both mission-critical and basic sensors.

Sunlight.io is a hyper-converged infrastructure platform built for resource-intensive workloads in Database, Big Data, 5G and Next Generation PaaSes (NGPaaS). It is centred around an all-new hypervisor – NexVisor – not an update of the same virtualisation technologies that have been around for the last 20 years. This is a new technology which is able to natively connect with NVMe storage and high performance networking without committing you to undue latency and sluggish IOPS. Remove the bloat from your hypervisor stack and get the full performance of your hardware investment.

• Result description
  • Sunlight.io is a spin-out of OnApp, the company powering over 1 in 3 of all the public clouds for MSPs, telcos and large hosting providers around the world. 
  • Sunlight.io is a New Hypervisor technology purpose built for the cognitive workload era. Increase performance and minimize costs for virtualized workloads either on premise or in cloud. A Type 1 Hypervisor, built from the ground-up to support today’s high performance hardware technologies with almost zero overhead. Sunlight can run on your own hardware, in the cloud – including in AWS, and on low-power edge devices.
  • Sunlight’s Software Defined Networking (SDN) embeds fast network switch support in every hypervisor node. It enables the creation of ethernet-based virtual private networks and enables access to direct attached network segments directly from VMs.
  • Sunlight’s Software Defined Storage (SDS) aggregates local storage drives across a cluster (ideally NVMe) into a virtual storage pool which can be provisioned as vDisks – each with their own failover and redundancy policies, and fast repair and resynch times for content repair. Sunlight SDS is designed for easy scaling and low latency – supplying over 1M IOPS per VM.

A network policy framework (NPF) for ONOS, including its design, implementation and operation. The purpose of this NPF is to provide an abstraction layer that hides the technology-specific details of the control and data planes by providing a human-readable interface that simplifies the enforcement of low-level and technology-specific actions to the network (e.g. installation of OpenFlow rules, constraint monitoring, etc.). This prototype is integrated into the ONOS SDN controller and it is responsible for translating generic policies received through a dedicated REST API into OpenFlow (OF) flow rules.

The network policy framework has been tested with ONOS versions 1.13.2 and 1.15.0-rc2

• Result description
  • Design: The NPF was designed to support platform-wide and technology-agnostic policies. To this end, a policy model and a policy life cycle were defined. The former allows defining policies in a generic way regardless of the underlying technologies, while the latter defines the possible states of a policy as well as the logic to move from one state to another. These two concepts are summarized hereafter.
  • Source: The source code of the Network Policy Framework is currently available at:
    • Policy Manager: https://github.com/sdnpdtu/NPFManager
    • Firewall Policy: https://github.com/sdnpdtu/NPF_PT_Firewall
    • Connectivity Policy: https://github.com/sdnpdtu/NPF_PT_Connectivity
    • NAT Policy:  https://github.com/sdnpdtu/NPF_PT_Na
  • The NPF is offered as Open Source through ONFs WiKi pages. More information available at: https://wiki.onosproject.org/display/ONOS/POLICY+FRAMEWORK+FOR+ONOS#POLICYFRAMEWORKFORONOS-Introduction

VARYS enables users to monitor their Cloud systems and applications in a few clicks. VARYS is a technology-agnostic Monitoring as a Service solution that can monitor KPIs at all levels of the Cloud stack, including the application-level. Users can indicate their monitoring goals declaratively, letting the framework to perform the operations necessary to achieve a requested monitoring configuration automatically. Interestingly, the architecture is general and extendable, and can be used to support increasingly more platforms and probing technologies.

• Result description: 

Demonstration available at: https://gitlab.com/learnERC/esec-fse-tool-demo

A Kubernetes (k8s) device plugin has been developed to enable deployment of hardware accelerated applications into Docker containers. The plugin exposes the number of FPGA accelerator units available on a k8s node. In this context, a container can be automatically deployed orchestrated by k8s, loading a Virtual Function (VF) in the FPGA.

• Result description:  
  • k8s-accelerator-devplugin is a device plugin compliant to main FPGA device vendors for Kubernetes to manage Intel/Xilinx FPGA accelerator.
  • In accordance with NGPaaS consortium and internal b<>com Intellectual Property, b<>com finally decided to release this result in Open Source in order to share the potential impact of this innovation with the partners and even beyond the consortium. It has been made available in opensource on b<>com GitHub, see https://github.com/b-com/k8s-accelerator-devplugin.

Move from a 4G EPC to a first Next Generation 5G Core Network by adopting SBA (Service Based Architecture in accordance 3GPP REST APIs definition) and micro-services. The implementation is built on Kubernetes containers orchestrator and docker container technology. The effort to move to a 5G Core Network is done in partnership with the OpenAirInterface Open Source alliance and ecosystem, in which BCOM is a main contributor.

• Result description:  
  • The result is a 5G Core Network implementation based on Kubernetes micro-services, developed in partnership with the OpenAirInterface Open Source alliance. It includes the AMF (Access and Mobility Management Function), SMF (Session Management Function) and NRF (NF Repository Function). Such implementation is then reused in the BCOM product *Wireless Edge Factory*.

The Dev-for-Operations model proposes a new model based in the well-known DevOps concepts, but enabling the DevOps’ continuous workflows in the new multi-party 5G context.

• Result description:  
  • The multi-party environment in 5G networks makes difficult to apply the well-known DevOps model as it is typically used in the IT industry. Telco operators rarely develop themselves the software they deploy on their networks; on the contrary, they delegate on third party SW vendors for this. Also, due to the network slicing paradigm in 5G, operators will also rent their network resources to vertical industries, which probably will participate in the processes of management, monitoring (and perhaps the deployment also) of those value-added services they will run on the operator’s network. So, the breaking down of the barrier between development and operations is much more challenging here than in a typical DevOps context (development and operations teams will be in fact in different companies). To help on this, Dev-for-Operations proposes a new model based in the well-known DevOps concepts, but enabling the DevOps’ continuous workflows in this new multi-party 5G context.

Kubernetes has been initially designed for the web applications and as such is not completely appropriate for telco applications that have strong requirements in terms of performance and networking. This innovation provides a first set of telco grade extensions to Kubernetes to support these specific requirements. It will enable telco operators to benefit from Kubernetes properties in terms of automation and agility for the network functions.

• Result description: 
  • This innovation provides a first set of extensions to Kubernetes in order to support telco applications specific requirements. This includes :
    • NUMA-aware CPU pinning and huge pages support for data plane intensive workloads,
    • DPDK and QoS aware SR-IOV support for network acceleration,
    • Multiple networks per pod feature and SCTP support,
    • Network Service Chaining.
  • Most of these extensions are available in open source:

  • SCTP protocol support source code: https://github.com/kubernetes/kubernetes/pull/64973 

    SRIOV support source code https://github.com/cyr1x/sriov-cni-orange

    NUMA support source code https://github.com/cyr1x/k8s-cpuman-numa

The vFPGAmanager virtualization framework aims to enable VMs, unikernels and container to get access to the FPGA, supporting high performance and accelerators overcommitment (efficiency). With vFPGAmanager, accelerators can be dynamically allocated to a guest, can be shared between multiple guests natively and can be configured with sepcific settings for each guest.

http://www.virtualopensystems.com/en/products/vfpgamanager/ 

• Result description:  
  • vFPGAmanager is a software-hardware framework that enables accelerator mapping and remapping to guest applications through exposed acceleration control APIs. Furthermore, the orchestration of the FPGA hardware resources allows accelerator overcommitment for more than one application to the same accelerator. Fields of application for the vFPGAmanager include Set Top Box streaming servers, big data analytic, high performance computing (HPC), network function virtualization (NFV), internet of things (IoT), Industrial and smart building, automotive and autonomous driving.

CommonSense is a unique distributed IoT platform covering three main aspects of IoT in a single PaaS : management of heterogeneous networks of devices, device management and smooth integration with business applications.

All modules and components rely on a Kubernetes-based architecture, allowing instant deployment on both Edge and Cloud environments and granting the highest scalability for industrial IoT projects.

• Result description:  
  • We re-built and designed the whole architecture of our CommonSense IoT Platform, initially based on VMs to switch to a completely new architecture relying on Kubernetes and microservices, which enables to address the following key issues :
    • Network topology deployment dependence
    • Deployment and update automation
    • Resource orchestration, scalabilty and resiliency
    • Embedded Monitoring of resources
    • Mixed deployments :
    • Hybrid deployment : cloud and on premise uniform platform management and support
    • Centralized Cloud and edge deployment
    • Geographical distribution
    • Role based security

RFB Description and Composition Languages (RDCL) is a web framework for the design of NFV services and components. The framework allows editing, validating, visualizing the descriptors of services and components both textually and graphically. The RDCL framework was extended with additional features. For instance, an enhancement to provide visual real-time feedback to the user about the status of a deployment of the components. Four statuses were introduced 1) Error, 2) Deploying (In progress), 3) Waiting and 4) Deployed. Another enhancement was the development of infrastructure management (bare metal or VM in Openstack or VM in public cloud like AWS) extension to allow an actor to declare their infrastructure available for deployments. The actor could also compose the infrastructure by selecting and connecting available resources (e.g. servers, VMs, etc.). The different classes of RFB (IaaS, PaaS, Service) are now part of the framework.

• Result description:  
  • RDCL is now a framework supporting the NGPaaS design rules in which we are separating, the “what” (i.e., the service delivered), from the “how” (the platform delivering the service) , from the “where” (the execution environment, be it software or hardware). The role based access control also is part of the framework defining the rights for each role in the create, read, update, and delete (CRUD) operations related to the different RFB classes (IaaS, Platform, Service).

Telco Operators aim at fast provisioning times and zero-touch. The work proposes a methodology, termed Build-Ship-Run platform deployment using Central Office Re-architected as a Datacenter (CORD) as an exemplar platform. This is based on the use of compressed Virtual Machine snapshots, which allow preconfigured CORD-flavors to be fetched, uncompressed and deployed on demand. Using the proposed workflow, a deployment time seven times better than the raw installation is demonstrated.

While the initial designs and tried targeted CORD v4.1 the latest results (pending publication) had CORD v6 as base platform.

• Result description:  
  • A way to export CORD VMs of a CiaB 3.0 deployment. The core idea is to use images of the VMs of a running and verified CORD deployment and store them on an online or local repository. These VM images, together with any related configuration files and execution scripts will later be used to bring up a CiaB onto a bare-metal (Linux-based) server. This approach (1) provides faster deployment times and (2) ensures that the deployed CORD components are compliant with a reference installation.
  • Latest results apply equivalent techniques over CORD v6. These are pending publication.
  • https://orbit.dtu.dk/files/169765436/BSR.pdf

With the development of large-scale and high speed networks, monitoring every packet traversing between two measurement points becomes unrealistic. A packet sampling has been suggested as a scalable alternative to address this problem. Compared to SOTA, we propose an innovative adaptive traffic sampling with time stratification approach to circumvent the issues caused by flow dynamics, and most of all, accurately estimate anomalous traffic. Using real packet traffic traces, we demonstrate that the proposed technique indeed produces the desired accuracy estimation of abnormal packets, while at the same time achieving significant reduction in the amount of packet sampled and storage space. This innovation is part of the CloudBand product.