The need for built-in application intelligence in SDN and NFV
To be effective, future networks based on software-defined networking (SDN) and network functions virtualization (NFV) must have detailed, real-time understanding of traffic, based on technologies like deep packet inspection (DPI). This need is driven by group such as service providers, which must be able to effectively implement and enforce service-level agreements (SLAs) with priority given to time-sensitive traffic (voice, video), or to subscribers with preferred service plans. A new way to build policy-enforcement solutions in an SDN environment is to use a virtual switch that includes a pre-integrated DPI engine.
Leveraging an integrated DPI engine
Let’s look at how developers could easily build policy enforcement solutions thanks to DPI software embedded in virtual switches and running on commercial, off-the-shelf (COTS) server technology. In this case, a DPI engine has been added to a virtual switch, allowing a policy and charging rule function (PCRF) to set policy based on a flow’s application ID and metadata data (e.g., jitter). The hypervisor-hosted solution can run on an x86 platform and can bypass Linux kernel performance bottlenecks by using specific libraries and drivers to accelerate I/O for user-space packet processing. The policy enforcement OEM application is pre-integrated into the standard hypervisor and provides external interfaces to the policy and rules function.
When flows come into the virtual switch, the DPI engine analyzes them, and the service platform stores the results in the flow table, as shown in the diagram below. Next, the software-based policy enforcement function receives the flow and fetches DPI information from the flow table. Based on the policy set by the PCRF, the traffic shaping may perform one of several functions, including:
- Transmitting the flow as soon as possible, if high priority
- Queuing the flow if a higher priority flow needs to be transmitted
- Dropping packets if the network is congested
- Tagging the flow to provide information to a downstream function
- Adding packets, like tokens, used to monitor the latency of a flow.
Example: On a congested network, the DPI engine informs the policy enforcement function that a YouTube flow has a high level of jitter, prompting the flow to be prioritized over email and instant messaging flows, which are subsequently queued. The policy enforcement function makes use of the metadata to enforce SLAs set by external logic (e.g., PCRF, OSS) for the different flow types.
Benefits for developers
Thanks to this integration of a DPI engine in the virtual switch, network equipment providers benefit from a cost-effective software-based networking platform that gives them more advanced traffic steering, monitoring, and QoS features in virtual networks, as well as optimized service chaining for the telco, enterprise and datacenter markets.
Virtual switch developers benefit from rapid time-to-market while service providers and enterprises profit from integrated intelligence to optimize network services.