Abstract: In a communication system wherein a first security edge protection proxy (SEPP) element of a first network is operatively coupled to a second SEPP element of a second network, a method includes receiving, at the first SEPP element, a first message from a first network function in the first network addressed to a second network function in the second network, the first message comprising one of a request and a response line comprising a uniform resource identifier (URI) having a plurality of elements. The method also includes forming, at the first SEPP, a second message comprising encrypted and integrity protected portions, the encrypted portion comprising an encryption of at least a subset of the plurality of elements of the URI, the integrity protected portion comprising a structured representation of the URI wherein instances of elements in the subset are replaced with references to the encrypted portion.

Abstract: Systems, methods, apparatuses, and computer program products for a service model management request. The method may include receiving an end-to-end network service model for network services. The method may also includes determining a set of domain services that are required to be able to provide an end-to-end network service defined by the end-to-end network service model. The method may further include checking whether at least one management domain is capable of providing the required set of domain services. The method may also include requesting, when the at least one management domain is not capable of providing the required set of domain services, to prepare the at least one management domain to become able to provide the required set of domain services. In addition, the method may include receiving a notification from the at least one management domain indicating an availability to provide the required set of domain services.

Abstract: A sending security edge proxy SEPP receives a first message sent by a first network function to a second network function. The first message has a plurality of first message parts including: a request line or a response line; at least one header; and payload. Second message parts are formed from the features and optional sub-features of the first message parts. A security structure defines a required security measure individually for each second message part. The SEPP applies, according to the security structure definition, to each second message part by encrypting; integrity protecting; or modification tracking with integrity protecting; and forms a second message that contains the second message parts; and sends the second message towards the second network function. Corresponding methods, structures, computer programs and a system are disclosed for intermediate nodes and receiving SEPP.

Abstract: Systems, methods, apparatuses, and computer program products for a service model management request. The method may include receiving an end-to-end network service model for network services. The method may also includes determining a set of domain services that are required to be able to provide an end-to-end network service defined by the end-to-end network service model. The method may further include checking whether at least one management domain is capable of providing the required set of domain services. The method may also include requesting, when the at least one management domain is not capable of providing the required set of domain services, to prepare the at least one management domain to become able to provide the required set of domain services. In addition, the method may include receiving a notification from the at least one management domain indicating an availability to provide the required set of domain services.

Abstract: Methods and apparatus, including computer program products, are provided for transport method selection of asynchronous notifications. In some example embodiments, there may be provided a method that includes sending, by a client, a hypertext transfer protocol request for at least one asynchronous notification to be sent by a server to the client, the hypertext transfer protocol request including at least one proposed transport method for carrying the at least one asynchronous notification; determining, by the client, whether a first transport method selected by the server from the at least one proposed transport method is successfully established; and when the determination is that the first transport method is not established successfully, sending, by the client, another hypertext transfer protocol request to the server, the other hypertext transfer protocol request including at least one other proposed transport method. Related systems, methods, and articles of manufacture are also described.

Abstract: The Fault Management (FM) in the Network Function Virtualization (NFV) environment may benefit from various methods. For example methods for fault escalation or de-escalation may be beneficial. A method can include requesting a change in a severity of a virtualized resource alarm. The method can also include deciding to change a severity of a virtualized resource alarm. The requesting the change in the severity can be based on the identified reason.

Abstract: There are provided measures for resource placement control in network virtualization scenarios. Such measures exemplarily comprise, in a network virtualization scenario, determining, by a first network entity managing a virtualized network function, constraints related to said virtualized network function, transmitting, by said first network entity, information indicative of said constraints to a second network entity managing resource capacity in said network virtualization scenario, and deciding, by said second network entity, resources or resource capacity to be allocated for said virtualized network function, based on said information indicative of said constraints.

Abstract: In accordance with an example aspect, there is provided an apparatus, the apparatus being a security edge proxy configured to implement application layer security for data exchanged between two core networks, the apparatus being configured at least to: process a protocol message received in the apparatus to generate an inter-network message based on the received protocol message, the inter-network message comprising a first part and a second part, transmit the inter-network message toward a second security edge proxy, wherein the first part is integrity protected but not encrypted and comprises first content elements of the received protocol message, wherein the second part is integrity protected and encrypted and comprises second content elements of the received protocol message as well as corresponding path elements indicating locations in the protocol message where the second content elements are located within the protocol message.

Abstract: In a communication system wherein a first security edge protection proxy (SEPP) element of a first network is operatively coupled to a second SEPP element of a second network, a method includes receiving, at the first SEPP element, a first message from a first network function in the first network addressed to a second network function in the second network, the first message comprising one of a request and a response line comprising a uniform resource identifier (URI) having a plurality of elements. The method also includes forming, at the first SEPP, a second message comprising encrypted and integrity protected portions, the encrypted portion comprising an encryption of at least a subset of the plurality of elements of the URI, the integrity protected portion comprising a structured representation of the URI wherein instances of elements in the subset are replaced with references to the encrypted portion.

Abstract: There are provided measures for resource placement control in network virtualization scenarios. Such measures exemplarily comprise, in a network virtualization scenario, determining, by a first network entity managing a virtualized network function, constraints related to said virtualized network function, transmitting, by said first network entity, information indicative of said constraints to a second network entity managing resource capacity in said network virtualization scenario, and deciding, by said second network entity, resources or resource capacity to be allocated for said virtualized network function, based on said information indicative of said constraints.

Abstract: Systems, methods, apparatuses, and computer program products for virtualized network function (VNF) decomposition are provided. An embodiment of the invention includes to first decompose the Network Function into smaller blocks: application, platform, and resources (i.e., compute, network, and storage), then manage the decomposed application and platform parts by separate entities (e.g., EM/VNFM). This decomposition may be applied to the Network Elements (i.e., the current building blocks of telecommunication networks) and to the VNFs.

Abstract: A sending security edge proxy SEPP receives a first message sent by a first network function to a second network function. The first message has a plurality of first message parts including: a request line or a response line; at least one header; and payload. Second message parts are formed from the features and optional sub-features of the first message parts. A security structure defines a required security measure individually for each second message part. The SEPP applies, according to the security structure definition, to each second message part by encrypting; integrity protecting; or modification tracking with integrity protecting; and forms a second message that contains the second message parts; and sends the second message towards the second network function. Corresponding methods, structures, computer programs and a system are disclosed for intermediate nodes and receiving SEPP.

Abstract: Systems, methods, apparatuses, and computer program products for moving VNF instances between network service instances are provided. One method includes, when a real network service is being instantiated, transmitting or receiving a move virtualized network function (VNF) operation to move at least one virtualized network function (VNF) instance from a source network service to a target network service.

Abstract: The present invention provides apparatuses, methods, computer programs, computer program products and computer-readable media regarding managing the graceful termination of a virtualized network function (VNF) instance. The method comprises receiving a request for a graceful termination of a virtual network function instance, transmitting the request for the graceful termination of the virtual network function instance to an element manager, checking, whether a confirmation that the virtual network function instance to be terminated has been taken out of service, is received, and if the confirmation is received, terminating the virtual network function instance.

Abstract: Methods and apparatus, including computer program products, are provided for transport method selection of asynchronous notifications. In some example embodiments, there may be provided a method that includes sending, by a client, a hypertext transfer protocol request for at least one asynchronous notification to be sent by a server to the client, the hypertext transfer protocol request including at least one proposed transport method for carrying the at least one asynchronous notification; determining, by the client, whether a first transport method selected by the server from the at least one proposed transport method is successfully established; and when the determination is that the first transport method is not established successfully, sending, by the client, another hypertext transfer protocol request to the server, the other hypertext transfer protocol request including at least one other proposed transport method. Related systems, methods, and articles of manufacture are also described.

Abstract: Systems, methods, apparatuses, and computer program products for multi-tiered virtualized network function (VNF) scaling are provided. One method includes detecting a need to scale at least one virtualized network function component (VNFC) implemented as a container, monitoring resource utilization by containers and determining remaining capacity within a current virtual machine hosting the containers, and deciding an allocation of the container to a virtual machine based at least on the resource utilization and the remaining capacity. When it is determined that the remaining capacity is low, the method may further include vertical scaling of the current virtual machine by allocating additional virtualized resources to the current virtual machine, and/or horizontal scaling of the current virtual machine by instantiating a new virtual machine and deploying the container to the newly instantiated virtual machine.

Abstract: The Fault Management (FM) in the Network Function Virtualization (NFV) environment may benefit from various methods. For example methods for fault escalation or de-escalation may be beneficial. A method can include requesting a change in a severity of a virtualized resource alarm. The method can also include deciding to change a severity of a virtualized resource alarm. The requesting the change in the severity can be based on the identified reason.

Abstract: Systems, methods, apparatuses, and computer program products for moving VNF instances between network service instances are provided. One method includes, when a real network service is being instantiated, transmitting or receiving a move virtualized network function (VNF) operation to move at least one virtualized network function (VNF) instance from a source network service to a target network service.

Abstract: Systems, methods, apparatuses, and computer program products for virtualized network function (VNF) decomposition are provided. An embodiment of the invention includes to first decompose the Network Function into smaller blocks: application, platform, and resources (i.e., compute, network, and storage), then manage the decomposed application and platform parts by separate entities (e.g., EM/VNFM). This decomposition may be applied to the Network Elements (i.e., the current building blocks of telecommunication networks) and to the VNFs.

Abstract: The present invention provides apparatuses, methods, computer programs, computer program products and computer-readable media regarding managing the graceful termination of a virtualized network function (VNF) instance. The method comprises receiving a request for a graceful termination of a virtual network function instance, transmitting the request for the graceful termination of the virtual network function instance to an element manager, checking, whether a confirmation that the virtual network function instance to be terminated has been taken out of service, is received, and if the confirmation is received, terminating the virtual network function instance.