Transcription
WhitepaperSimplify Your Network Infrastructure withNetwork Functions VirtualizationAuthor: Krishna Kunapuli
ContentsAbstract .02Introduction .02Exponential Increase in Data Demand .03Network device as a VM – The origin of Enterprise NFV .04Introducing MANO - The need for standardization .04MANO and Service Chains .05NFV use cases .06Branch-in-a-box – virtualized small branches .06Cloud Edge Gateway VNFs .08Elements of an NFV solution .10Choosing the right NFV Solution .10A peek Into Cisco’s NFV .11Conclusion .12
Network Functions VirtualizationAbstractIntroductionWhen it comes to networking equipment,Network Functions Virtualization (NFV) wastraditional hardware architectures are growingoriginally conceptualized in early 2000s throughtoo diverse, making the operation of servicea collective effort of service providers andadditions and upgrades increasingly difficult forequipment manufacturers as a technology forservice providers and data center operators. Thereplacing physical network devices with virtualNFV approach helps service providers simplifydevices that could be deployed on demand.operations by virtualizing network functionsNetworks had a higher number of devices, whichpreviously performed by proprietary hardware.were becoming larger in size with extra spaceThis paper discusses how virtualization ofand power requirements. There was a need fornetwork functions also provides the ability formore ports with higher port speeds with andynamic service chaining, resource allocation,increasing number of IP-enabled endpoints suchand scale-in or scale-out.as peripherals, phones, surveillance cameras, etc.To cater to the service provider transportnetworks, manufacturers had to come up withmulti-chassis devices with terabit throughput. Inaddition, an increase in the number of devicesresulted in more complex cabling le. The growing need to scale outled to the origin of NFV.Even today, global networks are disruptedconstantly to accommodate newer connectivityrequirements, changing application architecturesand data demands of an organization. This isdriven by the increased number of connecteddevices within an enterprise due to BYOD andseamlessmobilityrequirements,ahighernumber of end-user applications and richaudio-visual content, and the collaborationrequirements of the smart workplace. There isalso a greater need for ubiquitous access to SaaS02
Network Functions Virtualizationapplications over Internet due to the globalthe origin of an Enterprise NFV, and how thenature of a flexible and disparate business needs.standards bodies and the industry are working toNetwork Functions Virtualization (NFV) is oneestablish management frameworks that makesuch major disruption that is enabling digitalinteroperability possible. It further introducestransformationconcepts such as Service Chains and givesbyremovingtherigidityassociated with traditional networks.examples of common use-cases for NFV. Finally,it lists out important criteria for choosing an NFVThis whitepaper considers the problems insolution and gives an example of a turn-key NFVtraditional networks and challenges posed bysolution available in the market.ever-increasing data demands. It also looks atExponential Increase in Data DemandAs enterprise users started consuming data ation, the demands put on networkbecamesignificantlyhigher.(100Mbps), which was theFastEthernethighestaccessswitchport speed for a long time, quicklybecame obsolete as networks moved to 1gigabit or higher speeds in the access layer.Multi-gigabitnetworkbackbonesbecamepossible with improvements in silicon packagingdensities and availability of high speed fibers.This bandwidth eventually trickled down to theaccess layer.Today we have 10 gigabit ports availableon almost every shipped networkequipment. With the advent of Wi-Fi6,we can move 1 gigabit per stream. Buthandling such large data volumesrequires more expensive silicon on eachequipment. There needs to be a betterway of segregating this traffic insoftware with fewer interconnectionsbetween the devices to reduce theoverall cost of the infrastructure.03
Network Functions VirtualizationNetwork Device as a VM – the origin of Enterprise NFVHowever, there was the problem ofmanaging these appliances andBy 2005, OEMs started manufacturing softwaresending traffic to and from theseversions, or virtual machines (VMs), of their hardwarevirtual appliances for different flows.devices. These were called Virtual Network FunctionsThis was also a big shift away from(VNFs), and the earliest commercially availablehardwarenetwork functions that gained mainstream attentionforAdoptionwere the Cisco Cloud Services Router 1000v, JunipernetworkwasOEMs.slowasadministrators were not confident ofvirtual SRX and Riverbed virtual Steelhead amongthese experimental appliances withothers. These VNFs could be installed as VMs onunclear management strategies.commodity servers. The opensource community alsoembraced NFV quickly. There were someopensource projects such as the VyattaOS, whichfurthered the development of VNF as a concept.Introducing MANO - The Need for StandardizationTelcos and OEMs were instrumental in thenow isdevelopment of NFV due to their participation,Opensource MANO. MANO is key in choosingalong with ETSI in creating standards that ensuredany NFV architecture and defines what an NFVinteroperability across the industry. ETSI wasdeployment should contain at a minimum, i.e. aninfluential in developing the Management andNFV Orchestrator, a VNF manager and a VirtualOrchestration architecture for NFV (MANO),Infrastructure Manager. MANO compliance is keywhich is widely accepted across the industry andin choosing any NFV architecture.04anopensourceprojectcalled the
Network Functions VirtualizationMANO and service chainsMANO introduced a simple concept calledswitching layer to carry the VLANs and aService Graphs that are hop by hop connectionsrouter-to-route the traffic to a partner datacenter.between different network functions. These areThis connectivity requires the laying of cables thatanalogous to cables in the physical world. Awill only be required until the activity lasts, i.e. aservice graph delivered a meaningful end-to-endfew weeks. The cost involved can be avoided ifnetwork service by interconnecting differentNFVs were used.network functions, or what we can call a servicechain. With the increase in dynamic on-demandHere is how an NFV implementation of thisapplications and connectivity needs, enterpriserequirement would look like. A VNF oyoneVNFinstance/onefunctions for a given amount of time. Each suchconfiguration item for each for the functions. Itscenario required a service chain, as permanentwould deploy these VNFs on the virtualizedconnectivity and rigid application architecturescompute and storage provided by the Virtualstarted becoming obsolete.Infrastructure Manager. It would also inform theNFV orchestrator about how these VMs can beLet’s look at an example. Users of a specific line ofaccessed such as IP address/authenticationbusiness (LoB) want to test a new partner solutionparameters, etc. The NFV orchestrator would takeand to achieve this, need secure access to thethe necessary VLAN and IP subnets needed forpartner’s datacenter. This access has to bethis service from a dynamic pool of availablerestricted to a particular user group and theaddresses and provision the same on the devicespartner data needs to be stored in redundantafter logging into them. It would present theserver clusters.service with a name and unique identifier to thebusiness user, who can monitor the service usingTo implement this requirement, the LoB needs aAPIs available on the orchestrator.firewall, a load balancer, access to server farm, the05
Network Functions VirtualizationNFV Use CasesUseCase1Branch-in-a-Box –Virtualized Small BranchesA common use-case for Enterprise NFV is plug-&-play branches that can beconfigured in a few minutes and would take not more than 3-4 RU of rackspace for realizing the network functions.Below are the key business and operational driversfor this use case:Lean hardware with COTS serversOn-demand provisioning of network resourcesSingle pane of glass for Network ManagementNetwork functions realized in software reducing power needsSwitching in software for intelligent forwarding decisionsZero-touch deploymentSavings in time, cost and resources for implementing new branchesDynamic scale up and down in functionality in a few clicksBelow is an illustration of a typical Branch-in-a-box solution using NFV. In this example, aCOTS server in the branch is used to implement network functions such as Firewall, SDWANand Wan Optimizer in software.06
Network Functions VirtualizationPublic CloudFunctions inthe Cloud:Office 365SDWANIntuneOneDrivehead-endTransit VNetVirtual FirewallEnd UserworkloadsSDWANVNFservices (O365,One Drive etc.)VDIsvFWVNetGatewayPublic CloudINTERNETSDWAN gatewayWi-FiBranch in A BoxCOTSFunctions inthe tchservices (Router,Firewall, WanOp, SDWAN)virtualized in anX86 boxSwitchingLayerNFVIUsers07
Network Functions VirtualizationUseCase2Cloud EdgeGateway VNFsAnother use-case for Enterprise NFV is deploying VNFs as Cloud Edge Gateways. Thisis becoming a necessity as customers want some flexibility in choosing features thatare not available in native Cloud solutions for VPN connectivity and Security. While itis likely that more features will be added to cloud- native solutions such as the TransitGateway in AWS, there will always be customers with a bespoke need that is satisfiedby a commercially available VNF that can be deployed in a few minutes.Below are the key business and operational drivers for this use case:VNF with the best feature set can be selectedAdditional layer of security on top of native security on CloudUTM and DPI firewall featuresCloud-integrated Enterprise WANConsistent policy across enterprise irrespective of locationReduced need for private WAN connectivity to cloud such as Direct ConnectsQuick deployment timesOn-demand scale out (more VNFs can be added/throughput can be purchased)Below is an illustration of a typical Branch-in-a-box solution using NFV. In this example, aCOTS server in the branch is used to implement network functions such as Firewall, SDWANand Wan Optimizer in software.08
Network Functions pointsWi-FiINTERNETAzure LBSubscription AVNet ATransit VNetActiveAvailability SetSRT, UDRSRT, UDRSubnet ANSGSubnet BvFirewallAzure LBStandbyVNetGatewayOther VNetsvFirewallSRT, UDRNSG09
Network Functions VirtualizationElements ofan NFV SolutionChoosing the right NFVsolutionIt is recommended to select the components ofan NFV solution based on the merits of eachA good NFV solution should have goodfunction rather than a turn-key solution from aintegration between NFVO, VNFM andsingle OEM covering all components. Typically,VIM, with the exception of handlingenterprisesroutines. Each component of the solutionoperational approach are better suited to NFVis managed by its own manager and theydeploymentsshould intercommunicate to handleintegration between the different componentsexceptions and to perform reconciliation.and can also better able to utilize the breadth bilities available via REST API on the productsSome of the important operationalavailable in the market.considerations for any NFV solution are:How will my team be alerted if there isWhen it comes to choosing VNFs, preferencea service disruption?must be given to VNFs that have:What happens when my VNF crashes can I recover its configuration?Can I spin up a new VNF in time withminimal service disruption?High available architecture (redundant cores/redundant design with 2 or more VNFs)Standards-based data-ingestion and modeling(e.g. TOSCA/YANG)Open APIWhat happens when my capacity limitsScalable for high throughputare exhausted on the server hardware?Good logging and reconciliation mechanismsWhat happens if my VNF’s logicalCall home featuresthroughput limit is exhausted?Zero-touch provisioning featuresHow can I ensure that I canSupport for multi-tenant environmentsdynamically increase capacity while mySupport for multiple hypervisorsservice is up and running?Support for containerisationHow can I create a new service chain ordelete an existing one?How can I secure my NFV deployment?Flexible configuration knobs to support varietyof use casesOEM ecosystem for VNF developmentReadily available cross VNF integrations (VNFto VNF compatibility)10
Network Functions VirtualizationA peek Into Cisco’s NFVSome organizations may prefer a turn-key approach to NFV using a single OEM solution. That’s because ithelps bootstrap the operations quickly even with a little knowhow about the technology. Here is adescription of an E2E NFV solution using Cisco’s Enterprise NFV portfolio.Below are the solution components:NFVIVIMVNFMNFV InfrastructureVirtual InfrastructureVNF Manager (Cisco Elastic(hardware-agnostic)Manager (VCenter)Services Controller)ESC will be used as the VNF manager and will integrate into VCenter which acts as the VIM. The solution iscompute-hardware agnostic. ESC will be deployed as a VM (HA supported).The components of ESC are as follows:Core engine: provides the central VNF lifecycle management functions of ESC. In addition, it handles suchduties as applying policy from higher layers in the orchestration stack (VNF placement, start-up order, etc.),coordinating and tracking multistep and/or multi-VNF lifecycle requests, and a database-style ability toimplement, roll back, and resume transactions.MONA: provides sophisticated instrumentation and analytics of VNFs and includes a rules engine thattriggers predefined or customer-defined actions based on metric thresholds and lifecycle stage.Beyond these two key components, ESC also has components to monitor ESC for HA, a logging module,and a ConfD module for northbound NETCONF/YANG clients.11
Network Functions VirtualizationConclusionNFV for Enterprise is geared for big growth, both due to simplifiedarchitectures reducing the number of on-premise network devices anddue to better suitability for dynamic and elastic applications. NFV is oneof the most promising trends in virtualization, freeing enterprises fromthe limitations imposed by their existing infrastructure and hardware.The NFV approach is helping enterprises use virtualization to reducethe costs associated with managing and powering physicalinfrastructure. It is also better suited to cloud deployments as thenetwork functions can easily be deployed as instances in public clouds,giving real flexibility not just in design, but also in consumption models.Though NFV is not a fix-all solution and comes with its own set ofchallenges, such as network stability and security, a lot of these riskscan be mitigated by understanding the technology.A top challenge for service providers is transitioning network devices tosoftware functions. Provisioning resources in these environments is anarea where NFV has a lot to offer as it allows businesses to update andconfigure software on demand without glitches. Ultimately, NFV aimsto transform the way network operators’ architect and operate theirnetworks.Enterprises must have a clear NFV strategy with a view toreducing operations overhead and cost of doing business.12
About the AuthorKrishna KunapuliSr. Solutions Architect, Cloud and Infrastructure Services, LTIKrishna Kunapuli is a Network architect with LTI CIS (Cloud and Infrastructure Services),with 15 years of experience in design consulting and implementation. He has designedand deployed several Service Provider and Enterprise networks worldwide and has alsoparticipated in major technology events such as the SDN and NFV world congress. He isan early enthusiast of NFV and has over 6 years of experience in designing and deployingNFV solutions for Enterprises and Telcos.LTI (NSE: LTI) is a global technology consulting and digital solutions Company helping more than 400 clients succeed in a convergingworld. With operations in 31 countries, we go the extra mile for our clients and accelerate their digital transformation with LTI’s Mosaicplatform enabling their mobile, social, analytics, IoT and cloud journeys. Founded in 1997 as a subsidiary of Larsen & Toubro Limited, ourunique heritage gives us unrivalled real-world expertise to solve the most complex challenges of enterprises across all industries. Eachday, our team of more than 30,000 LTItes enable our clients to improve the effectiveness of their business and technology operationsand deliver value to their customers, employees and shareholders. Find more at http://www.Lntinfotech.com or follow us at@LTI Global.info@Lntinfotech.com
virtual SRX and Riverbed virtual Steelhead among others. These VNFs could be installed as VMs on commodity servers. The opensource community also embraced NFV quickly. There were some . and Wan Optimizer in software. Network Functions Virtualization 09 Branch Printers Users Endpoints Switch
