1. Network Functions Virtualization
Network Services as a Software
1
AHMAD HIJAZI – 00961 71238330
Lebanese University, Université Toulouse III - Paul Sabatier
Systèmes de Télécommunications & Réseaux Informatiques (STRI)
5 January 2017AHMAD HIJAZI
2. What will be discussed?
Introduction
Definition
Fields of Applications
NFV and SDN
NFV Basic Diagram
NFV Architecture
NFV MANO
Use Cases
Challenges
2AHMAD HIJAZI
9. Introduction
Hardware-based appliances are rapidly reaching end of life.
NFV aims to address the problem of costly hardware by leveraging IT
virtualization technology
Consolidate many network equipment types onto high volume servers, switches and
storage, which could be located in Datacenters and Service Providers.
NFV lead to significant reductions in Operating Expenses (OPEX) and Capital
Expenses (CAPEX).
NFV facilitate the deployment of new services with increased agility and
faster time-to-value.
9AHMAD HIJAZI
11. History
Concept and collaborative work on NFV was born in October 2012.
Number of the world’s leading TSPs authored a white paper calling for
industrial and research action.
In November 2012 seven of these operators (AT&T, BT, Deutsche Telekom,
Orange, Telecom Italia, Telefonica and Verizon) selected the European
Telecommunications Standards Institute (ETSI) to be the home of the Industry
Specification Group for NFV (ETSI ISG NFV).
11AHMAD HIJAZI
12. Who is deploying NFV?
Many of the leading service providers, including:
AT&T
Telefonica
NTT
CenturyLink
Telecom Italia
China Mobile
12AHMAD HIJAZI
13. Definition
NFV involves the implementation of network function in software that can run
on standard server hardware
Traditional CPE Possible CPE Implementation with NFV
13AHMAD HIJAZI
15. Fields of Applications
Switching elements: BNG, CG-NAT, routers.
Mobile network nodes: HLR/HSS, MME, SGSN, GGSN/PDN-GW, RNC, Node B,
eNode B.
Functions contained in home routers and set top boxes to create virtualized
home environments.
Tunnelling gateway elements: IPSec/SSL VPN gateways.
Converged and network-wide functions: AAA servers, policy control and
charging platforms.
Application-level optimisation: CDNs, Cache Servers, Load Balancers,
Application Accelerators.
Security functions: Firewalls, virus scanners, intrusion detection systems,
spam protection.
15AHMAD HIJAZI
16. Enablers for NFV
Cloud Computing
Virtualization (Hypervisors)
Virtual Ethernet Switch (Vswitch)
Availability of open APIs (OpenFlow, OpenStack, OpenNaaS or OGF’s NSI)
Industry Standard High Volume Servers
server built using standardized IT components (for example x86 architecture)
16AHMAD HIJAZI
18. NFV and SDN
NFV is highly complementary to Software Defined Networking (SDN).
Both use controller concepts for Operations and Administration (OAM).
But Not Dependent on each other!
SDN NFV
Born in Campus, Matured in Data Center Created by Service Providers
Is about separating control plane from data
plane.
Is about separating Network Functions (NAT,
DHCP, etc.) from hardware
“Software” DEFINES what the network will
BE
Network functions defines the network
How system will handle traffic How network functions will be handled
Operates the forwarding layer in a network Focused on network appliances
OpenFlow Protocol No Protocol
Targets commodity servers and switches Targets commodity servers and switches 18AHMAD HIJAZI
19. NFV and SDN
Software Defined Network
Networking enabled by software control
Network Functions Virtualization
Network services as a Software
19AHMAD HIJAZI
22. Architecture
Main components of the NFV architecture:
NFVI
Virtualized (compute, storage, and network) and its corresponding physical
(compute, storage, and network) resources. The execution environment for
the VNFs.
VNF domain
The virtualized network functions and their management interface(s).
NFV Management and Orchestration
Lifecycle management of the physical and virtual resources that comprise the
NFV environment.
22AHMAD HIJAZI
24. NFV Infrastructure (NFVI)
Combination of both hardware and software resources.
Physical resources include
• commercial-off the-shelf (COTS) computing hardware
• storage and network (made up of nodes and links)
• Provides processing, storage and connectivity to VNFs
• Presented in one or more Virtual Machines
Virtual resources are abstractions achieved using a virtualization layer (based
on a hypervisor).
• Virtual Links
• Virtual nodes
• Virtual node is a software component
with either hosting or routing
functionality (OS encapsulated in VM)
• Virtual Link is a logical
interconnection of two virtual nodes.
24AHMAD HIJAZI
25. NFV Infrastructure (NFVI)
Compute Domain
• Computational and storage resources
Hypervisor Domain
• Abstracts the physical resources of compute domain
to virtual domain (Virtual Machine)
Network Domain
• VNFC to VNFC communication if they are geographically separated
• Communication of Orch. And Management with VNF/VNFC
• Communication between different VNFs
25AHMAD HIJAZI
26. Virtual Network Functions
Functional block that has external interfaces and
functional behavior.
Residential Gateway, DHCP, Firewalls, NAT …
Deployed on virtual resources such as a VM
Single VNF may be composed of multiple internal
components
• Hence can be deployed over multiple VMs
26AHMAD HIJAZI
28. NFV MANO
Provides the functionality required for the provisioning
of the VNFs
Configuring VNFs and the infrastructure these functions
run on
Includes databases that are used to store the information
and data models which defines
Deployment
Functions
Services
Resources
28AHMAD HIJAZI
31. VIM
Virtualized Infrastructure Manager
Manages life cycle of virtual resources in an NFVI domain
Create
Maintain
Tear down
Virtual machines from physical resources
Resource management of compute, memory, and network
Allocation of virtualization enables. (E.g. VMs to hypervisors)
Increase resource to VMs when needed
Collection of information for capacity planning, monitoring
and optimization
Performance and fault management of hardware, software and virtual
resources.
31AHMAD HIJAZI
32. VIM
NFV architecture may contain more than one VIM
32
NFV
MANO
Compute
VIM
Storage
VIM
Network
VIM
AHMAD HIJAZI
33. VNF Manager (VNFM)
Responsible for VNF lifecycle management
• Instantiation
• Update
• Query
• Scaling
• Termination
Multiple VNF mangers my be deployed
VNF manager may be deployed for each VNF
VNF manager may serve multiple VNFs
scales up/down VNFs which results in scaling up and
scaling down of CPU usage.
33AHMAD HIJAZI
35. VNF Manager (VNFM)
Resource allocation
requests by the VNF
Manager
35
Vi-Vnfm
Exchanging
information
Events
Measurements
Results
Usage Records
Forwarding to
VNFM
AHMAD HIJAZI
36. NFV Management & Orchestrator
There may be multiple VIMs managing respective NFVI domains
Challenge 1
Who manages/coordinates the resources from different VIMs, when there are
multiple VIMs in same or different PoPs (Point of Presence)?
There may be multiple VNFMs managing their respective VNFs
Challenge 2
Who manages/coordinates the creation of an end to end
service that involves VNFs from different VNFMs domains?
36AHMAD HIJAZI
37. NFV Management & Orchestrator
Resource Orchestration
NFVO coordinates, authorizes, releases and engages NFVI resources among
different PoPs or within one PoP.
This does so by engaging with the VIMs directly through their north bound APIs
instead of engaging with the NFVI resources, directly.
This directly overcomes challenge no 1, i.e. resource allocation
from different VIMs.
Service Orchestration
Service Orchestration overcomes the challenge no 2, i.e. creation
of end to end service among different VNFs
It achieves this by coordinating with the respective VNFMs so it
does not need to talk to VNFs directly.
Can instantiate VNFMs, where applicable. 37AHMAD HIJAZI
38. NFV Management & Orchestrator
On-boarding of new network services and VNFs packages
Validation and authorization of NFVI resource requests
Manages resources (compute, storage and networking) to be utilized among
VIMs in case there are multiple VIMs in network
If there are multiple VNFs, orchestrator will enable creation of
end to end service over multiple VNFs.
38AHMAD HIJAZI
41. NFV MANO Repositories
VNF Catalog
VNF Catalog is a repository of all usable VNFDs (VNF Descriptor).
VNFD is a deployment template which describes a VNF in terms of its deployment
and operational behavior requirements.
Primarily used by VNFM in the process of VNF instantiation and
lifecycle management of a VNF instance.
Information provided in the VNFD is also used by the NFVO to
manage and orchestrate Network Services and virtualized
resources on NFVI.
41AHMAD HIJAZI
42. NFV MANO Repositories
Network Services (NS) Catalog
This is the catalog (list) of the usable Network services.
A set of pre-defined templates, which define how services may be created and
deployed, as well as the functions needed for the service and their connectivity for
future use.
NFV Instances
Holds all details about Network Services instances through their
lifetime
NFVI Resources
A repository of NFVI resources that holds information about
available/allocated NFVI resources
42AHMAD HIJAZI
43. EMS
Element Management System
EM is not part of the MANO but if it is available, it needs to coordinate with
VNFM so it is important to know about it.
Responsible for the FCAPS management of VNF
Fault
Configuration
Accounting
Performance
Security management
Responsible for managing VNFs operations through an
interface
EMS can manage multiple VNFs
EMS itself can be a VNF 43AHMAD HIJAZI
46. Compute, Memory and Network
46
Physical
Part of NFVI
Commodity
servers
AHMAD HIJAZI
47. OSS/BSS
OSS ( Operations Support System )
• Software and hardware apps that support back-office activities which operate in a
telco’s network
BSS ( Business Support System )
• Software apps that supports customer-facing activities (billing, order management,
call center automation …)
47AHMAD HIJAZI
51. Use Case 1 - NFVIaaS
Network Functions Virtualization Infrastructure as a Service
Cloud Computing Services are typically offered to consumers by
SaaS (Software as a Service)
PaaS (Platform as a Service)
IaaS (Software as a Service)
NaaS (Network as a Service)
NFVI provide compute capabilities comparable to an IaaS cloud computing
service as a run time execution environment.
NFVI support the dynamic network connectivity services that is comparable to
NaaS.
51AHMAD HIJAZI
52. Use Case 1 - NFVIaaS
Mapping IaaS and NaaS within the NFV Infrastructure
The resources to be pooled between these services are the physical network,
storage and compute resources.
In NFV model: Compute, Hypervisor, Network domains of NFVI.
In Cloud Computing model: elements supporting IaaS OR NaaS.
52AHMAD HIJAZI
53. Use Case 2 - VNFaaS
Virtual Network Function as a Service
Service Provider without virtualization of the enterprise
Virtualization of the enterprise include:
Virtualization of the CPE functions (vE-CPE) in the service provider cloud
Virtualization of the PE functions (vPE)
53AHMAD HIJAZI
54. Use Case 2 - VNFaaS
Virtualisation of the CPE (vE-CPE)
54AHMAD HIJAZI
55. Use Case 2 - VNFaaS
Result of Virtualisation of the CPE (vE-CPE)
55AHMAD HIJAZI
57. Challenges - Management
Resource Management
NFV PoPs Locations
o VNFs will be hosted in operator network nodes
o Latency to the location of subscribers
o Setup and maintenance costs of multi servers
Dynamic Resource Management
o Many of Cloud Platforms require a manual trigger by the user or resource owner.
Management across the board
Management of entire service lifecycle is still missing out
All providers provide a way to perform configuration, few add performance and
security management.
57AHMAD HIJAZI
58. Challenges - Implementation
Finding common management framework
• Wide range of implementation choices is difficult without a consistent management
framework that covers all the options.
• Replacing virtual functions in cloud and using OpenStack as Cloud software platform
Optimizing commercial servers for NFV implementation
• Must be network-optimized through both hardware and software (Traffic Reliability, …)
• Available performance of the underlying platform needs to be clearly indicated
Many NFV implementations
• Developers have to commit to the new environment, which will results in multiple
platforms with different requirements sets
58AHMAD HIJAZI
59. Challenges - Implementation
Portability/Interoperability
• Ability to load and execute virtual appliances in different but standardized datacenter
environments, provided by different vendors for different operators.
• Define a unified interface which clearly decouples the software instances from the
underlying hardware
Integration
• Different vendors
• Hypervisors from different vendors
• Virtual appliances from different vendors
• There must not be incurring significant integration costs
59AHMAD HIJAZI
60. Challenges - Security
Disperation of VMs that belong to a VNF across racks and cabinets.
Physical perimeters of NF becomes blurred
Impossible to manually define and manage security zones
Hypervisor vulnerabilities
Allowing several VMs to share resources of single server
Hyperjacking
A virtual appliance should be as secure as a physical appliance if the
infrastructure, especially the hypervisor and its configuration, is
secure.
60AHMAD HIJAZI
61. Challenges - Security
Network Function-Specific Threats
Attacks on network functions and/or resources (e.g., spoofing, sniffing and denial
of service).
If a third party network entities are malicious, the infrastructure can be disabled
or compromised by using network attacks
Once compromised, the whole network will be down, since the attacker will be
able to access all NFVs
61AHMAD HIJAZI
62. NFV OpenStack
OpenStack is an open source virtualization platform
Enables service providers to deploy VNFs using commercial off-the-shelf
(COTS) server hardware
Apps are hosted in a data center and accessed via the cloud
Standardized interfaces between NFV elements and infrastructure
OPNFV project has implemented OpenStack for the Virtualization
Infrastructure Manager (VIM) components in the first release
62AHMAD HIJAZI
63. NFV with SDN
SDN serve NFV by providing the programmable connectivity between VNFs,
these connections can be managed by the orchestrator of the VNFs
Minimize the role of the SDN controller
NFV serve SDN by implementing its network functions in a software manner on
a COTSs servers. It can virtualize the SDN controller to run on the cloud
63AHMAD HIJAZI
65. Distributed NFV
Although you can technically host VNFs anywhere you have available server
resources, some VNFs simply make sense to be hosted at the network edge, and
often explicitly within a customer premise. There are several reasons for this:
Practicality (Encryption)
Resilience (IP-Based PBX)
Performance (QoS)
65AHMAD HIJAZI
68. Companies Providing NFV
Alcatel-Lucent
Alcatel-Lucent has its CloudBand platform for NFV that can be used for standard IT
needs as well as for CSPs who are moving mobile networks into the cloud
Cisco
Created the Cisco Evolved Services Platform as part of its NFV strategy that
virtualizes functions across a CSPs enterprise architecture
Ericsson
Ericsson SSR 8000 family of Smart Services Routers, provides operators with a
highly scalable, consolidated platforms.
Huawei
Cloud Edge is part of Huawei’s SoftCOM roadmap for introducing advances in Cloud,
NFV and Software-Defined Networking (SDN) technologies into the global telecoms
market over the next ten years.
68AHMAD HIJAZI
Consolidate: دمج
Capital expenditures are the funds that a business uses to purchase major physical goods or services to expand the company's abilities to generate profits. These purchases can include hardware (such as printers or computers), vehicles to transport goods, or the purchase or construction of a new building. An operating expense results from the ongoing costs a company pays to run its basic business. In contrast to capital expenditures, operating expenses are fully tax-deductible in the year they are made. As operational expenses make up the bulk of a company's regular costs, management examines ways to lower operating expenses without causing a critical drop in quality or production output.
Growth is estimated to rise from a $1B market in 2014 at a combined aggregate growth rate north of 60% over the next 5 years leading (in the most optimistic case) to a double-digit billion dollar overall market.
As all of the leading service providers have large operational networks driving millions in monthly revenue, an initial NFV deployment generally focuses on greenfield applications, for new services, or applications that aren't directly involved in transmitting live data (voice/video). Some application examples include: virtual CPE, virtual EPC for machine-to-machine, network analytics, DPI and service assurance.
This way, a given service can be decomposed into a set of Virtual Network Functions (VNFs), which could
then be implemented in software running on one or more industry standard physical servers.
In Figures 1 and 2, we use an example of a CPE to illustrate the economies of scale that may be achieved by NFV. Fig. 1 shows a typical (current) implementation of a CPE which is made up of the functions: Dynamic Host Configuration Protocol (DHCP), Network Address Translation (NAT), routing, Universal Plug and Play (UPnP), Firewall, Modem, radio and switching. In this example, a single service (the CPE) is made up of eight functions.
These functions may have precedence requirements. For example, if the functions are part of a service chain2, it may be required to perform firewall functions before NAT. Currently, it is necessary to have these functions in a physical device located at the premises of each of the customers 1 and 2.
With such an implementation, if there is a need to make changes to the CPE, say, by adding, removing or updating a function, it may be necessary for a technician from the ISP to individually talk to or go to each of the customers. It may even require a complete change of the device in case of additions. This is not only expensive (operationally) for the ISPs, but also for the customers.
In Figure 2, we show a possible implementation based on NFV in which some of the functions of the CPE are transferred to a shared infrastructure at the ISP, which could also be a data center. This makes the changes described above easier since, for example, updating the DHCP for all customers would only involve changes at the ISP. In the same way, adding another function such as parental controls for all or a subset of customers can be done at once. In addition to saving on operational costs for the ISP, this potentially leads to cheaper CPEs if considered on a large scale.
Instead of installing expensive proprietary hardware, service providers can purchase inexpensive switches, storage and servers to run virtual machines that perform network functions. This collapses multiple functions into a single physical server, reducing costs and minimizing truck rolls.If a customer wants to add a new network function, the service provider can simply spin up a new virtual machine to perform that function.
For example, instead of deploying a new hardware appliance across the network to enable network encryption, encryption software can be deployed on a standardized server or switch already in the network.
This virtualization of network functions reduces dependency on dedicated hardware appliances for network operators, and allows for improved scalability and customization across the entire network. Different from a virtualized network, NFV seeks to offload network functions only, rather than the entire network.
Network Functions Virtualization will leverage modern technologies such as those developed for
cloud computing. At the core of these cloud technologies are virtualization mechanisms: hardware
virtualisation by means of hypervisors, as well as the usage of virtual Ethernet switches (e.g. vswitch)
for connecting traffic between virtual machines and physical interfaces.
OpenNaaS is an open source platform for provisioning network resources and services.
OpenStack is a free and open-source software platform for cloud computing.
SDN
some piece of software (usually running on a server) decides what the network for some use case should look like - who can talk to whom, what paths should exist, attributes of handling of packets along paths, load Badani g between oaths, etc. Etc. - and this decision - a result of some algorithm - is then made reality, by programming all the nodes involved to each carry out their part of this grand plan.
These nodes can be switches, virtual switches, NICs - if they are on some path that relevant packets could get to, they need to be programmed what to do. This includes programming them to respond to events, such as link or node failures.
Since the Program (“Software”) DEFINES what the network will BE, you get “SDN”
NFV
the normal network implementation are full of “boxes” - routers, load balances, firewalls, spam filters, Network Address Translators, video encoders/converters, etc. Typically each such box comes from a different vendor, with its own HW to maintain (e.g. Each will have a different model Power supply).
The NFV idea is (grossly simplified) - what if we have a price of software, running on a “standard” server that does the same exact thing to packets it sees? E.g. We can have a piece of software that simulates an F5 load balancer, or a Barracuda Spam filter, or a Palo-Alto Networks firewall etc. Then, if I need 2X the capacity, I just run two copies of this software, and if I need less, I run fewer copies, or run it on a weaker system.
No need to pay for special per-vendor hardware. So, if we call the boxes “Network Functions” as an aggregate name, we get “Network Function Virtualization” with each SW-version-of-a-box called a “VNF” a Virtual NW function.
Software Defined Networking operates the forwarding layer in a network. There are many sub-technologies here such as overlay/encapsulated networking, controllers, APIs and applications that replace the previous generation of forwarding technologies. Networking could be performed directly in hardware using technology like EVPN/MPLS or using overlay like VXLAN/MPLSnoGRE depending on market development over the next few years.
Network Functions Virtualization is focused on network appliances that perform path control, protocol manipulation, logging/monitor/capture, content analysis, security control and similar functions. These functions are in use today as routers, firewalls, IDS/IPS, proxy caching, WAN acceleration, data centre and WAN load balancers. But also include services such as identity & authentication management (IAM) with AAA, data loss prevention, malware/virus inspection/detection, content.
LB, Firewall, Web, all are APIs
commercial off-the-shelf, an adjective that describes software or hardware products that are ready-made and available for sale to the general public.7
Local area network and wide area networks. In local area networks (LANs) and wide area networks (WANs), a network node is a device that performs a specific function. Each node needs to have a MAC address for each network interface card (NIC). Examples include modems with Ethernet interfaces, wireless LAN access points and computers. If a device is offline, its function as a node will be lost.
VNFC: Virtual Network Function Component
The Network Functions Virtualisation Management and Orchestration (NFV-MANO) architectural framework has the role to manage
the NFVI and orchestrate the allocation of resources needed by the NSs and VNFs. Such coordination is necessary now
because of the decoupling of the Network Functions software from the NFVI.
Why it is important for you to know about NFV MANO, in the first place?
Because, MANO acts as the heart and brain of NFV architecture and understanding it will clarify the complete NFV picture to you.
VIM manages NFVI resources in “one domain”. (NFVI is the NFV Infrastructure that includes physical (server, storage etc.), virtual resources (Virtual Machines) and software resources (hypervisor) in an NFV environment).
Note the word “one domain” here. So there may be multiple VIMs in an NFV architecture, each managing its respective NFV Infrastructure (NFVI) domain.
VNFM is to VNFs, what VIM is to NFVI.
That is, VNFM manages VNFs. (Just for review: VNF is the virtualized network element like Router VNF, Switch VNF etc.).
Specifically, VNFM does the following:
VNFM manages life cycle of VNFs. That is it creates, maintains and terminates VNF instances. ( Which are installed on the Virtual Machines (VMs) which the VIM creates and manages)
Vi-Vnfm:
- Exchanges of configuration information between reference point peers, and forwarding to the VNF Manager
such information for which the VNFM has subscribed to (e.g. events, measurement results, and usage records
regarding NFVI resources used by a VNF).
Vi-Vnfm:
- Exchanges of configuration information between reference point peers, and forwarding to the VNF Manager
such information for which the VNFM has subscribed to (e.g. events, measurement results, and usage records
regarding NFVI resources used by a VNF).
These challenges are overcome by the following two functions of NFVO.
Service Orchestration (2) : Example would be creating a service between the base station VNF’s of one vendor and core node VNF’s of another vendor.
It does the topology management of the network services instances (also called VNF Forwarding Graphs).
You may appreciate now that NFVO is like a glue in NFV that binds together different functions and creates an end to end service/ resource coordination in an otherwise dispersed NFV environment.
A northbound interface is an interface that allows a particular component of a network to communicate with a higher-level component.
NFV Orchestrator (NFVO): The NFVO is aimed at combining more than one function so as to create end-to-end services. To this end, the NFVO functionality can be divided into two broad categories: (1) resource orchestration, and (2) service orchestration. The first is used to provide services that support accessing NFVI resources in an abstracted manner independently of any VIMs, as well as governance of VNF instances sharing resources of the NFVI infrastructure. Service orchestration deals with the creation of end-to-end services by composing different VNFs, and the topology management of the network services instances.
Example:
Let’s say there are multiple VNFs which need to be chained to create an end to end service. One example of such case is a virtual Base station and a virtual EPC. They can be from same or different vendors. There will be a need to create an end to end service using both VNFs. This would demand a service orchestrator to talk to both VNFs and create an end to end service.
Or-vnfm:
• NFVI resources authorization/validation/reservation/release for a VNF.
• NFVI resources allocation/release request for a VNF.
• VNF instantiation.
• VNF instance query (e.g. retrieve any run-time information).
• VNF instance update (e.g. update configuration).
• VNF instance scaling out/in, and up/down.
• VNF instance termination.
• VNF package query.
• Forwarding of events, other state information about the VNF that may impact also the Network Service
instance.
Data Repositories: Data repositories are databases that keep different types of information in the NFV MANO.
Four types of repositories can be considered:
It is very important to understand the repositories (like files/lists) that hold different information in NFV MANO. There are four types of repositories
The NS catalog is a set of pre-defined templates, which define how services may be created and deployed, as well as the functions needed for the service and their connectivity;
(3) the NFVI resources repository holds information about available/allocated NFVI resources; and
(4) the NFV instances repository holds information about all function and service instances throughout their lifetime.
A network service is an application running at the network application layer and above, that provides data storage, manipulation, presentation, communication or other capability which is often implemented using a client-server or peer-to-peer architecture
If you recall, VNFM does the same job. But EM can do it through proprietary interface with the VNF in contrast to VNFM. However EM needs to make sure that it exchanges information with VNFM through open reference point (Ve-Vnfm-em)
The EM may be aware of virtualization and collaborate with VNFM to perform those functions that require exchange of information regarding the NFVI resources associated with VNF.
The NFVO performs orchestration functions of NFVI resources across multiple VIMs and lifecycle management of network services. The VNFM performs orchestration and management functions of VNFs. The VIM performs orchestration and management functions of NFVI resources within a domain. The NFVO interacts with the OSS/BSS for provisioning, configuration, capacity management, and policy-based management. The VNFM interacts with the Element Manager (EM) and the VNF for provisioning, configuration, and fault and alarm management.
NF-Vi
• Allocate VM with indication of compute/storage resource.
• Update VM resources allocation.
• Migrate VM.
• Terminate VM.
• Create connection between VMs.
• Configure connection between VMs.
• Remove connection between VMs.
• Forwarding of configuration information, failure events, measurement results, and usage records regarding
NFVI (physical, software, and virtualised resources) to the VIM.
MANO has multiple reference points that are shown as interconnection points between the functional blocks as shown i.e. Or-Vi, NF-Vi, Or-Vnfm etc.
Why MANO calls them reference points and not interfaces?
MANO does not call them interfaces because “interface” relates to allowing two way communication between entities. The reference point is an architectural concept that defines and exposes an external view of a functional block. And since MANO talks about functional blocks so it uses the word “reference point” instead.
Commodity hardware, in an IT context, is a device or device component that is relatively inexpensive, widely available and more or less interchangeable with other hardware of its type.
A commodity server is a commodity computer that is dedicated to running server programs and carrying out associated tasks. In many environments, multiple low-end servers share the workload. Commodity servers are often considered disposable and, as such, are replaced rather than repaired.
#Hadoop #Storage
OSS/BSS include collection of systems/applications that a service provider uses to operate its business.
NFV is supposed to work in coordination with OSS/BSS.
In principle it would be possible to extend the functionalities of existing OSS/BSS to manage VNFs and NFVI directly, but that may be a proprietary implementation of a vendor ( or at least the interfaces between EM and VNFs are not yet defined by ETSI as of now) . As NFV is an open platform, so managing NFV entities through open interfaces (As that in MANO) makes more sense.
The existing OSS/BBS, however, can value add the NFV MANO by offering additional functions if they are not supported by a certain implementation of NFV MANO. This is done through an open reference point (Or-Ma-NFVO) between NFV MANO and existing OSS/BSS.
Scenario 3: Direct Serial Bus Communication
Some literature [i.5] also refers to a capability to offer network connectivity services as Network as a Service (NaaS),
but no reference was found for a standardized definition of this term. One application for NaaS appears to be the on
demand creation of network connectivity between CSPs and CSCs, though it may also refer to the on demand creation
of network connectivity within data centres or between the computing nodes of a CSPs infrastructure.
The computing nodes of the NFV Infrastructure will be located in NFVI-PoPs such as
central offices, outside plant, specialized pods or embedded in other network equipment or mobile devices.
Virtualisation of the PE functions (vPE) where the virtual network services functions and core-facing PE functions can be executed in the service provider cloud.
These two steps are independent and may be deployed separately. PE routers are typically shared by a high number of
customers, whereas a CPE router is used exclusively by a single customer. Thus, economies of scale that can be gained
from CPE virtualisation are significantly greater compared to PE virtualisation. It is likely, therefore, that virtualisation
of the CPE will take place first, providing the largest benefit for both the Enterprise users and the Service providers.
Virtualisation of the PE may be done at a later stage to complete the transition to a fully Virtualised NFV solution.
In some architectures, the vE-CPE and vPE may be controlled by a centralized controller following the SDN
architecture principles and standards (e.g. OpenFlow).
The vE-CPE solution enhances the enterprise network by replacing appliances with NFV compliant Virtualised
solutions located at either the enterprise cloud or the operator of the NFV framework. Services provided by the vE-CPE
may include a router providing QoS and other high-end services such as L7 stateful firewall, intrusion detection and
prevention and more. Application accelerators are also deployed either as standalone appliances or as router integrated
services.
This figure presents the functionality re-distribution as a result of the virtualisation of the CPE. The enterprise local traffic
is handled by a local L2 or L3 switch providing physical connectivity (and possibly further functionality), and the
enterprise LAN is extended to the Operator NFV Network located vE-CPE. Example functionality provided by the vECPE
in Figure 7 includes routing, VPN termination, QoS support, DPI, NG-FW and a WOC (WAN Optimization
Controller). We contrast the case of a non-virtualised customer site served by a non-virtualised CPE, and that of a site
served by a vE-CPE. The dotted purple lines indicate where this vE-CPE functionality may be located.
Finding common management Framework
In theory, NFV could be hosted on anything from dedicated physical servers to virtual servers in the cloud. But in practice, accommodating that wide a range of implementation choices is difficult without a consistent management framework that covers all the options.
The answer to that problem may be in placing virtual functions in the cloud and using OpenStack as the cloud software platform.
OpenStack has wide industry support, and it has a network-as-a-service framework.
Optimizing commercial servers for NFV implementation
The challenge is how to keep the performance degradation as small as possible by using appropriate
hypervisors and modern software technologies, so that the effects on latency, throughput
and processing overhead are minimized. The available performance of the underlying
platform needs to be clearly indicated, so that virtual appliances know what they can get
from the hardware. The authors of the white paper believe that using the right technology
choice will allow virtualisation not only of network control functions but also data/user plane
functions.
Theoretically, NFV is an ideal solution for deploying new network equipment and services because network functions can be dynamically updated via software downloads and updates instead of replacing physical hardware. However, some security and robustness issues still need to be addressed to fully attain the benefits of using NFV.
Due to the dispersion of VMs that belong to a VNF across racks and datacenters, and due to migration of VMs for optimization or maintenance purposes, the physical perimeters of network functions become blurred and fluid, making it practically impossible to manually define and manage security zones.
Hypervisor vulnerabilities are the first security consideration a network administrator should look at when using NFV. In the NFV infrastructure, virtual network functions run on virtual machines. A hypervisor makes this possible by allowing several VMs to share resources of a single computer or server. One vulnerability is hyperjacking, which is a type of attack that allows a hacker to overtake control of a hypervisor and gain access to less secure virtual machines, and possibly to misconfigured SDN controllers and other hypervisors that are not properly secured. For example, a longtime critical flaw in the Xen hypervisor that allowed attackers to gain access to the host operating system was discovered and subsequently patched last fall.
ETSI used openstack for deploying OPNFV
Practicality: For example, if an enterprise is serious about security, its data must be encrypted before it leaves their building - (meaning the encryption VNF is best hosted on a server physically located within the customer premise.)
Resilience: some network functions, such as IP-based PBX, must be available even when the WAN connection is down. If this network function is hosted in a distant data center and the network connection to it fails, the enterprise may not be able to make local phone calls, or even calls between cubicles in the same office!
Performance: certain network functions perform better when hosted at the network edge, such as end-to-end Quality of Service (QoS) management or guaranteed Service Level Agreement (SLA) demarcation.
Economics: although some VNFs can be ported into a centralized location via redundant WAN connections, this incurs additional costs that may counter the benefits of hosting the network function in a web-scale data center.
Corporate Policy / Government Regulations: certain security-related network functions must be hosted within a secure customer premise due to corporate policy or local government regulation, such as encryption.
What do Service Providers actually think about D-NFV?
According to the fourth annual SDN/NFV Global Service Provider Survey directed by respected Senior Research Director and Advisor of Carrier Networks, Michael Howard from IHS Markit, Service Providers see great opportunity with hosting VNFs at the network edge. As shown below, almost 90% of respondents named the most important NFV use case for revenue generation to be Business vE-CPE (virtual Enterprise – Customer Premise Equipment), which is essentially the Distributed NFV (D-NFV) use case discussed above. This makes sense when you consider all of the above-mentioned reasons why hosting some VNFs at the network edge is often the right thing to do.
Hosting certain VNFs at the network edge makes sense, but how big is the market for D-NFV services? Well, that depends on how many VNFs you include in the addressable distributed market space, since some VNFs can be hosted essentially anywhere in the end-to-end network. Internal Ciena estimates put the market size to be upwards of US$60B when network services such as managed IP/VPN, managed security, WAN optimization, SD-WAN, and SIP trunking are combined into an addressable market. No wonder Service Providers are focused on NFV-based services, as it makes good sense from an economic and practicality perspective.