Network functions virtualization primer: Software devices take over

With network functions virtualization (NFV), engineers replace network devices with software on basic servers for flexibility and cost reduction.

Network functions virtualization (NFV) allows engineers to replace traditional network devices with software that...

lives on commodity servers. This software performs the network functions previously provided by dedicated hardware.

This combination of server and software can replace a wide range of network devices, from switches and routers to firewalls and VPN gateways. These new software devices may run on physical servers, virtual machines controlled by hypervisors or a combination of the two.

[With NFV] new concepts in network software can come from the open software community, from academia or from minimally funded startups. .

NFV was initiated by a group of network service providers, including ATT, BT, Deutsche Telecom and Verizon, and was first presented at the SDN and OpenFlow World Congress in October 2012. The technology takes advantage of developments in virtualization technology and hardware optimizations built into the latest generation of processor chips and network interfaces to reduce or eliminate the need for traditional, dedicated network devices.

While software-based routers and switches have been available for many years, moving network functions to servers in high throughput networks was not possible with previous generations of processors and network interfaces. For example, a PC loaded with router software was limited by the fact that all packet processing was performed in the machine's CPU, with no hardware assist built into the interface card or onto the PC motherboard.

Now, processors and network adapters provide greatly increased throughput and processing capability because they've been optimized to support virtualization. Newer processors contain multiple cores to spread the load across multiple virtual machines (VMs) and applications. Additionally, adapters include hardware features that support multiple 10 GbE interfaces, while offloading tasks previously done on the processor. Per core packet queues and adapters in virtual networks support offload functions from the virtual switch. Meanwhile, network controller chips include support for features, including link-level encryption, IPsec, TCP packet partitioning and checksum calculation.

NFV reduces costs and improves resource usage

Carriers and service providers began working on NFV to better use resources in complicated networks in order to reduce cost and complexity. Though carriers and service providers have led NFV efforts, the technology helps any enterprise with a vast network and a wide diversity of functions.

Very large networks have massive inventory of different device types, including PE or CE routers, firewalls, session border controllers, VPN gateways and a variety of other device types. These devices are constantly being developed and acquired, so equipment rapidly becomes obsolete and must be replaced. What's more, lots of this equipment spends plenty of time unused. For example, if a small network change requires fewer firewalls but more VPN gateways, these already purchased firewalls would lay idle. With network functions virtualization, a server that is a firewall today can be a VPN gateway tomorrow with just a shift in software.

Network functions virtualization for flexibility in hardware … and ideas

NFV's ability to spin up an additional virtual server or update the software on a physical server reduces the need to move devices from rack to rack, move cables and recompute power and cooling requirements when the network grows or is reconfigured. This decreases the possibility of network downtime that generally exists when changes are made in a traditional network.

Finally, relying on software for network functions opens the door to a new level of input and innovation by software developers or third parties as opposed to depending on innovation from traditional hardware vendors that can be slow moving. New concepts in network software can come from the open software community, from academia or from minimally funded startups. Newly developed software can be quickly evaluated since testing does not require waiting for the next network vendor software update.

NFV and SDN: Complementary, but not the same

Softwaredefined networking (SDN) is not a requirement for NFV, but the two technologies are complementary.

More on virtual network functions and devices

What to consider before buying a virtual firewall

Evaluating virtual firewalls

Virtualized network services for the cloud

Best practices for Virtual switch architecture

Engineers can implement NFV, choosing to rely on traditional networking algorithms such as spanning tree or IGRP instead of moving to an SDN architecture.

Yet SDN can improve performance and simplify operations in a network functions virtualization environment. With SDN engineers decouple the control plane from the physical network, monitoring and directing the entire network from a centralized controller. This controller functions on a server and generates directives to each data plane device. While SDN was originally conceived to control the operation of network hardware devices, it can just as easily integrate into an NFV environment, communicating with software-based components on commodity servers. What's more, these servers and software can be designed to be OpenFlow-friendly, unlike many existing hardware switches.

Challenges in network features virtualization are plentiful

Multiple challenges must be resolved for the NFV concept to be widely adopted:

  1. A standardized interface must be developed between virtual appliances and the underlying hardware and hypervisor to make appliances portable across different operators' or enterprise networks.
  2. Testing is still required to determine the performance penalty that occurs due to replacing specialized devices with commodity servers. (The penalty can be minimized by choosing appropriate software, according to the proposal's authors.)
  3. A migration path must be developed to enable NFV implementations to coexist with existing management infrastructure and with legacy network equipment.
  4. A standard set of management interfaces must be developed to provide a consistent view across NFV components and remaining hardware-based network components.
  5. Automation services must be developed for NFV implementations to scale.
  6. Security, network resiliency and stability cannot be compromised by the transition to NFV. New security strategies may need to be developed to work in an NFV environment.
  7. Network operations must be simplified. Today's network complexity is because of multiple devices and management methods developed over past generations. NFV must provide simpler, more uniform management.
  8. Network operators must be able to integrate any vendor's server hardware, hypervisor, and any appliance.

As for the future of NFV, several industry initiatives are underway. An Industry Specification Group (ISG) has been formed within the auspices of the European Telecommunications Standards Institute (ETSI) to address existing challenges. Several computer and network equipment vendors have joined with the service providers to advance this initiative. Plans also call for working closely with the Open Networking Foundation as it continues to accelerate the adoption of SDN technologies and standards.

About the author:
David B. Jacobs of The Jacobs Group has more than twenty years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software startups.

This was last published in March 2013

Dig Deeper on Network virtualization technology