Abstract: Considering the fault problem of security service chain (SSC) in a network function virtualization (NFV) environment, this paper proposes a backup and recovery mechanism for SSC based on proportional resource reservation. According to the proactive processing idea, it divides the resource proportionally in a substrate network and constructs a candidate set for each substrate node/link beforehand. When the node fault suddenly occurs, it chooses the fault recovery targets in the candidate set and allocates the reserved backup resources. It solves the node fault remapping problem immediately by using the improved discrete particle swarm optimization (DPSO) algorithm, decreasing the occupancy of resources while increasing the repair rate. When the link fault suddenly occurs, it redirects the affected traffic to the available links in the candidate set by changing the traffic splitting-rate of the substrate path. We design the dynamical path splitting algorithm to solve the link fault redirect problem effectively, maximizing the residual value of the underlying substrate network resources. The simulation experiment verifies the proposed algorithm from two aspects: one is the adaptability under different substrate network environments and the other is the validity under different fault models. In addition, we also make a preliminary explore to the appropriate value of the main proportion for the impact of our proposed backup and recovery mechanism.

Key words: network function virtualization (NFV), security service chain (SSC), fault, backup and recovery, discrete particle swarm optimization (DPSO)