SNS Research’s NFV, SDN & Wireless Network Infrastructure Bible: 2014 – 2020 estimates that network-function virtualization (NFV) and software-defined networking (SDN) investments on the RAN segment alone will account for over $5 billion by 2020. The report says that by eliminating reliance on expensive proprietary hardware platforms, NFV and SDN promise to reduce the capex burden on wireless carriers. In addition, both technologies can significantly slash opex owing to a reduction in physical space, labor and power consumption.
This move to a pure software approach will provide greater flexibility and agility than current network configurations have been able to offer. It’s a great step forward in terms of performance, but the issue of ensuring high performance at high speeds—up to 100 Gbps—is a challenge that must be addressed. Network appliances provide the real-time insight needed to continuously monitor, collect and analyze traffic for management and security purposes. Appliances can be virtualized, but the same constraints that affect the performance of physical appliances will also affect virtual ones.
How can these constraints be addressed? Virtualization-aware appliances. These appliances provide the bridge between the networks of today and the software-based models of the future. The real-time insight provided by virtualization-aware appliances using analysis acceleration enables event-driven automation of policy decisions and real-time reaction to those events, thereby allowing the full agility and flexibility of SDN and NFV to unfold.
The Management Minefield
Since significant resources have been sunk into OSS/BSS systems and infrastructure, managing SDN and NFV is difficult for most telecom carriers. This effort must now be adapted not only to SDN and NFV, but also to Ethernet and IP networks.
The fault, configuration, accounting, performance and security (FCAPS) model of management, later simplified to fault, assurance and billing (FAB), formed the foundation for most of the OSS/BSS systems currently installed. This concept was simplified in the enhanced telecom operations map (eTOM) to fault, assurance and billing (FAB). Management systems tend to focus on one of these areas and often do so in relation to a specific part of the network or technology, such as optical access fault management.
FCAPS and FAB were created with traditional voice-centric networks based on plesiochronous digital hierarchy (PDH) and synchronous digital hierarchy (SDH) in mind. They were static, engineered, centrally controlled and planned networks where the protocols involved provided rich management information. This approach made centralized management possible.
Since then, attempts have been made to add IP and Ethernet into these processes. For example, call detail records (CDRs) have been used for billing of voice services, so the natural extension of this concept is to use IP detail records (IPDRs) for billing of IP services. xDRs are typically collected in 15-minute intervals, which are sufficient for billing. This does not, in most cases, need to be real time. But xDRs are also used by other management systems and solutions as a source of information to make decisions.
Because traditional telecom networks are centrally controlled and engineered, they do not change in a 15-minute interval. Ethernet and IP networks, however, are another story; they are dynamic and bursty by nature. Because the network makes autonomous routing decisions, traffic patterns on a given connection can change from one IP packet or Ethernet frame to the next. When you consider that Ethernet frames in a 100 Gbps network can be transmitted with as little as 6.7 nanoseconds between each frame, you begin to understand a significant distinction when working with a packet network.
An additional drawback regarding IP and Ethernet: they do not offer much in the way of management information. If a carrier wants to manage a service provided over Ethernet and IP, it must to collect all the Ethernet frames and IP packets related to that service and reassemble the information to get the full picture. Although switches and routers could provide this kind of information, it became obvious that continuous monitoring of traffic in this fashion would affect switching and routing performance—hence the introduction of dedicated network appliances that could continuously monitor, collect and analyze network traffic for management and security purposes.
A New Approach to Managing IP and Ethernet Networks
All Ethernet frames and IP packets need to be collected and reassembled to enable effective management of services, which means network appliances are necessary to manage Ethernet and IP networks effectively. This approach in turn requires continuous monitoring of the network, even at speeds of 100 Gbps, without losing any information. Network appliances provide this capability in real time.
Network appliances receive data either from a switched port analyzer (SPAN) port on a switch or router that replicates all traffic or from passive taps that provide a copy of network traffic. For analysis to be reliable, network appliances must capture and collect all network information. They then need to precisely time stamp each Ethernet frame to allow accurate determination of events and latency measurements for quality of experience assurance. Network appliances also recognize the encapsulated protocols, as well as determine traffic flows that are associated with the same senders and receivers.
The use of network appliances is widespread for the effective, high-performance management and security of Ethernet and IP networks. The taxonomy of network appliances, however, has grown outside of the FCAPS and FAB nomenclature. The first appliances were used for troubleshooting performance and security issues but have gradually become more proactive, predictive and preventive in their operation. The real-time capabilities that all appliances provide make them essential to effective management of Ethernet and IP networks. For this reason, network appliances need to be encompassed in frameworks for managing and securing SDN and NFV.
If network appliances are built based on commercial off-the-shelf servers with standard network interface cards (NICs), it must be understood that they are not designed for continuous capture of large amounts of data and tend to lose packets. For guaranteed data capture and delivery for analysis, hardware acceleration solutions are used—such as analysis accelerators, which are intelligent adapters designed for analysis applications.
Similar to NICs for communication, analysis accelerators differ in that they are designed specifically for continuous monitoring and analysis of high-speed traffic at maximum capacity. They meet the nanosecond-precision requirements for real-time monitoring and are designed specifically for analysis. For monitoring of a 10 Gbps bidirectional connection, this means processing 30 million packets per second. Typically, a NIC is designed to process 5 million packets per second. It is very rare that a communication session between two parties would require more than this amount of data.
To ensure that as few server CPU cycles as possible are used on data preprocessing and to enable more analysis processing to be performed, analysis accelerators can provide extensive capability for offload of data preprocessing tasks from the analysis application.
Carriers can check network performance in real time and gain visibility into application and network usage by continuously monitoring the network. This information can also be stored directly to disk, again in real time, as it is being analyzed. This approach is typically used in troubleshooting to determine what might have caused a performance issue in the network. It is also used by security systems to detect any abnormal behavior in the past.
Going a step further, it is possible to detect performance degradations and security breaches in real time. The network data that is captured to disk can be used to build a profile of normal network behavior. By comparing this profile to real-time captured information, it is possible to detect anomalies and raise a flag.
How is this capability useful in a policy-driven SDN and NFV network? In several ways. If performance degradation is flagged, then a policy can automatically take steps to address the issue. If a security breach is detected, a policy can initiate more security measurements and correlation of data with other security systems. It can also go so far as to use SDN and NFV to reroute traffic around the affected area and potentially block traffic from the sender in question.
Network appliances with hardware acceleration can provide real-time capture, capture-to-disk and anomaly detection. Accordingly, SDN and NFV performance can be maximized through a policy-driven framework.
Bringing Awareness to Network Appliances
An important question remains when using network appliances to provide real-time insight for management and security in SDN and NFV environments: can network appliances be fully virtualized and provide high performance at speeds of 10, 40 or even 100 Gbps?
Network appliances are already based on standard server hardware with applications that are designed to run on standard x86 CPU architectures, which lends them very well to virtualization. Performance is the issue. Virtual appliances are sufficient for low speed rates and small data volumes, but not for high speeds and large data volumes.
At today’s increasingly high speeds, performance is a challenge—even for physical network appliances. That is why most high-performance appliances use analysis acceleration hardware. While analysis acceleration hardware does free up CPU cycles for more analysis processing, most network appliances still use all the CPU processing power available to perform their tasks.
So, just as with physical appliances, virtualization of appliances can only be taken so far. If the data rate and the amount of data to be processed are low, then a virtual appliance can be used, even on the same server as the clients being monitored. Once the data rate and volume of data increase, however, the CPU processing requirements for the virtual appliance increase. At first, this will mean the virtual appliance will need exclusive access to all the CPU resources available. But even then, it will run into some of the same performance issues as physical network appliances using standard NIC interfaces with regard to packet loss, precise time-stamping capabilities and efficient load balancing across the multiple CPU cores available.
One way of addressing this issue of virtual appliance constraints is to consider the use of physical appliances to monitor and secure virtual networks. Virtualization-aware network appliances can be “service-chained” with virtual clients as part of the service definition. It requires that the appliance can identify virtual networks—typically done today using VLAN encapsulation, which is already broadly supported by high-performance appliances and analysis acceleration hardware. This approach enables the appliance to provide its analysis function in relation to the specific VLAN and virtual network.
Using physical appliances in this way can be a highly useful solution in a practical phased approach to SDN and NFV transition. It is broadly accepted that there are certain high-performance functions in the network that will be difficult to virtualize without performance degradation. A pragmatic solution is an SDN and NFV management and orchestration approach that takes account of physical and virtual network elements. This means that policy and configuration does not have to concern itself with whether the resource is virtualized, but can use the same mechanisms to “service-chain” the elements as required.
Bringing SDN and NFV into the mix shakes up existing paradigms; it necessitates using a mixture of current and new solutions for management and security. These solutions should be deployed under a common framework with common interfaces and topology mechanisms. With this framework in place, functions can be virtualized when and where they make sense without affecting the overall framework or processes.
The Best of Both Worlds
There is no doubt that the adoption of NFV and SDN is on the rise, with their reductions in cost, space and labor. As technology tries to keep up with the 100 Gbps era, however, multiple performance challenges will have to be overcome—including ensuring real-time, reliable data for analytics and management. Network appliances are helpful here, but they have limitations. They can be virtualized, but the same limitations will apply. An effective strategy for managing SDN is using virtualization-aware appliances. This approach takes both physical and virtual elements into consideration and provides the real-time insight organizations need.
Leading article image courtesy of BobMical
About the Author
Daniel Joseph Barry is VP of Marketing at Napatech and has over 20 years experience in the IT and telecom industry. Before joining Napatech in 2009, Dan Joe was marketing director at TPack, a leading supplier of transport-chip solutions to the telecom sector. From 2001 to 2005, he was director of sales and business development at optical component vendor NKT Integration (now Ignis Photonyx) following various positions in product development, business development and product management at Ericsson. Dan Joe joined Ericsson in 1995 from a position in the R&D department of Jutland Telecom (now TDC). He has an MBA and a BSc degree in electronic engineering from Trinity College Dublin.