It’s easy to see why network functions virtualization (NFV) is so appealing. Just think of the benefits: replacing dedicated hardware appliances across the network with standard servers, general-purpose storage, and standardized software applications – not to mention virtualization to deliver any network function end-to-end. There’s no doubt that NFV can deliver tremendous rewards for network operators in terms of flexibility, scalability, and cost-efficiency.
What service providers can’t afford to overlook, however, is how NFV may affect their connectivity infrastructures and network topologies. There are ramifications for transport networks that must be considered, in order to maximize the benefits and revenue opportunities that NFV promises. One such area is virtual customer premises equipment (vCPE). NFV has the potential to radically disrupt this space. Let’s take a closer look:
With enterprises so highly sensitive to security concerns, communications service providers (CSPs) obviously need to do everything possible to ensure that networks and traffic are fully protected.
This is especially true for service providers that believe firewalls should be virtualized at the customer edge and run as software appliances from a central data center. The shift from dedicated hardware appliances to standard, general-purpose devices and software control has obvious benefits. Enterprises may have concerns, however, as the security perimeter now extends into the network of the CSP.
The CSP will need to ensure privacy and confidentiality of the traffic as it moves along the public network between the enterprise side and operator side of the network. Advanced Layer 2 encryption, which provides uncompromised transparency and runs over any Ethernet access, helps fully address the security challenge by protecting the traffic, as well as the connectivity network, from malicious attacks.
- Operations, Administration, and Maintenance
In most service scenarios today, the communication service provider supplies an Ethernet connectivity service terminating on a demarcation device on the enterprise site, while a co-located customer edge (CE) router performs Layer 2/Layer 3 virtual private network (VPN) and Internet access services.
Virtualizing the CE and running it from a central server is a promising business model. However, this leaves the service provider offering a high-layer network service without being able to monitor the service at those layers, all the way to the enterprise site.
The CSP requires visibility of the end point of its service responsibility. Additional operations, administration, and maintenance (OAM) features at the point-of-service demarcation are needed, in order to guarantee predictable and stable performance of network services, wherever the constituting network functions are located.
As enterprises frequently segment their local area networks (LANs) into different virtual LANs (VLANs), routers are used to forward traffic between those different segments of the enterprise network. As site routers become replaced with virtualized, centralized router appliances, even a business’s local traffic – such as the different VLANs – is needlessly occupying transport capacity back to the operator.
It’s important to eliminate this inefficiency in utilization of transport bandwidth and resources and reduce access to core traffic. That’s why NFV implementation demands a degree of programmability so shortcuts can be identified and created for traffic that does not need to go back and forth to the operator, preventing internal LAN traffic from being backhauled. This will be achieved by a centralized software-defined networking (SDN) controller or virtualized network functions (VNF) appliance, which populates forwarding tables using open protocols such as OpenFlow or some other standardized protocol.
With such a capability for programmability, LAN traffic stays in the enterprise premises, even though full service control is being provided virtually from a centralized location in an NFV-centric network.
Furthermore, the connectivity network must be able to respond to newly instantiated software appliances running on standard services and align the network topology in an automated fashion. This is achievable with the above-outlined programmability of the connectivity network.
- Balancing centralized/decentralized functionality
Probably the most enticing benefit of NFV is the cost efficiency of centralizing the most sophisticated network functionality, as opposed to distributing it at every point of service handoff across the footprint of customers served by a network operator.
Similarly, a balanced mix of centralized and decentralized NFV functionality is needed to optimize scalability and performance and to ensure no latency challenges from economies of scale. Virtualization is needed at the network edge, as well as within the network/cloud, along with some decentralized server capacity.
VNF – software implementations of network functions, such as routers, firewalls, and intrusion detection systems – can be deployed at the edge, at the same location as the previously applied customer-premises hardware. This way, the impact on network and operational processes is minimized. Edge-hosted VNF at the customer site, with integrated server and storage resources, optimizes the employment of all network, server, and storage resources end-to-end and helps avert inefficiency in network capacity and performance.
Getting the most from going virtual
When rolling out NFV, transport considerations are all too often overlooked. But, as you can see, transforming networking into an NFV-centric environment requires additional security at the connectivity network, OAM capabilities beyond Layer 2 in the demarcation device for service assurance, programmability for efficiency, and a balanced mix of centralized/decentralized virtualization functionality. By focusing on these key areas, the substantial benefits of software-controlled infrastructure can be fully realized. This means reduced costs, improved service agility, and total flexibility.