Preparing Your Network for NFV Success

Ulrich Kohn
Building blocks

Network functions virtualization (NFV) is transforming the way telecommunications providers operate. Traditional infrastructures, with purpose-built hardware appliances spread across complex and unwieldy networks, are making way for flexible, streamlined, software-defined solutions. There's no doubt that a virtualized software-defined network (SDN), built on standard servers, general-purpose storage and standardized software applications, offers enormous benefits for operational simplicity, cost-savings and efficiency.

But while NFV is gathering momentum, how can communication service providers (CSPs) be sure to unleash its full potential to reduce costs and grow revenue opportunities? What impact will it have on connectivity infrastructure and network topologies? And what are the real implications in terms of security, functionality and maintenance in the next generation of packet-data transport networks?

Firstly, one of the key benefits is the freedom NFV delivers to decouple functionality from hardware, allowing software appliances to provide that functionality from any server in a network. Some service providers favor a central hosting model which allows them to benefit from economies of scale and maximize resource utilization while others argue for lowest first-in cost and prefer to host servers at the edge of the network predominantly with virtual customer premise equipment (vCPE) use cases. While initial NFV implementation will be based on either central or edge hosting of NFV, CSPs will want to optimize network efficiency and service performance by combining edge and core hosting in a synergetic way. Hence, CSPs will favour solutions which are equally suited to central as well as decentral hosting of virtual network functions (VNFs).

Today, the CSP frequently supplies a connectivity service that terminates on a demarcation device at the enterprise site, while a co-located customer edge (CE) router performs Layer 2/Layer 3 virtual private network (VPN) and Internet access services. Now, however, NFV is enabling radical new efficiencies as the CE can be virtualized and run from a central server. Of course, this leaves the service provider in the difficult position of offering a high-layer network service without being able to monitor the service at the IP layers, all the way to the enterprise site. To ensure that the CSP has total visibility of the end point of its service responsibility, additional operations, administration and maintenance (OAM) features at the point-of-service demarcation are needed. This way, predictable and stable performance of network services is guaranteed, wherever the constituting network functions are located.

The next issue is programmability. Enterprises apply routers to forward traffic between different segments of the enterprise network. As site routers become replaced with virtualized, centralized router appliances, even a business's local traffic ends up occupying transport capacity and creating bottlenecks. This inefficient use of transport bandwidth and resources can be eliminated by programmable demarcation devices. Central instances identify internal LAN traffic and program the demarcation device by means of open-protocols such as OpenFlow in order to set shortcuts for local traffic, preventing internal LAN traffic from being backhauled. What's more, the connectivity network must be able to respond to newly instantiated software appliances running on standard servers and align the network topology in an automated fashion. This can all be achieved through programmability of the connectivity network, using the same mechanisms as outlined above.

Finally, there's the vital issue of security. With enterprises so highly sensitive to security concerns, CSPs obviously need to do everything possible to ensure that networks and user data are fully protected. This is especially true for service providers who suggest that firewalls should be virtualized at the customer edge and run as software appliances from a central data center. The shift from dedicated hardware appliances to standard, general-purpose devices and software control has obvious benefits. Enterprises may have concerns, however, as the security perimeter now extends into the network of the CSP. That's why they’ll need to ensure privacy and confidentiality of the traffic as it transits along the public network between the enterprise side and operator side of the network. Advanced Layer 2 encryption, which provides uncompromised transparency and runs over any Ethernet access, helps fully address the security challenge by protecting the traffic, as well as the connectivity network, from malicious attacks.

The era of software-centric networking has arrived and it's clear that NFV is set to become the industry standard. As demand for data skyrockets and customers and enterprise applications migrate to the cloud, CSPs need to be clear on the practical steps they need to take in order to make NFV work to its full potential. As we’ve seen, when rolling out NFV, transport considerations are all too often overlooked. But transforming networking into an NFV-centric environment requires additional security at the connectivity network, OAM capabilities beyond Layer 2 in the demarcation device for service assurance, programmability for efficiency, and a balanced mix of centralized/decentralized virtualization functionality. By focusing on these key areas, the substantial benefits of software-controlled infrastructure can be fully realized. This means reduced costs, improved service agility and total flexibility. Taking these practical steps will empower the network to maximize the rewards of NFV in terms of efficiency, security and scalability.

Related articles