37
NetSeminar @ Stanford May 22, 2014 Christos Kolias Orange Silicon Valley Bundling NFV and SDN for Open Networking
NetSeminar @ Stanford
May 22, 2014
Christos Kolias Orange Silicon Valley
Bundling NFV and SDN for Open Networking
NFV
Abstraction of network functions from dedicated hardware
SDN
Abstraction of the control plane from the data plane
BRAS
Firewall DPI
CDN
Tester/QoE
monitor
WAN
Acceleration Message Router
Radio/Fixed Access
Network Nodes
Carrier Grade NAT
PE Router SGSN/GGSN
Classical Network Model:
Hardware Appliances
Network Functions are based on specialized hardware
One physical node per role. Physical install per site
Static. Hard to scale up & out
Inefficient: sized for peak loads or cannot handle spikes
Session Border Controller
standard IT infrastructure
The New Network Model:
Virtual Appliances
Orchestration & Automation
Network Functions are SW-based
Multiple roles over same HW. Remote operation
Dynamic. Extremely easy to scale
Scalable number of VMs
NFV Concept & Vision
4
Fields of Application (examples)
• Mobile networks:
HLR/HSS, MME, SGSN, GGSN/PDN-GW, eNodeB, vEPC
• NGN signalling: SBCs, IMS
• Switching elements: BNG, CG-NAT, routers
• Home environment: home router, set top box, picocell
• Application-level
optimization: CDNs, Cache Servers, Load Balancers,
Application Accelerators
• Security functions Firewalls, virus scanners, intrusion
detection systems, spam protection
• Tunnelling gateway
elements: IPSec/SSL VPN gateways
• Converged and network-
wide functions: AAA servers, policy control and charging
platforms
• Traffic analysis/forensics: DPI, QoE measurement
• Traffic Monitoring: Service Assurance, SLA monitoring, Test
and Diagnostics
5
ETSI NFV Group
• Global operators-initiated Industry Specification Group (ISG) under the
auspices of ETSI
‒ >200 members
‒ 28 Tier-1 carriers (and mobile operators) & service providers, cable industry
• Open membership
‒ ETSI members sign the “Member Agreement”
‒ Non-ETSI members sign the “Participant Agreement”
• Operates by consensus (formal voting only when required)
• Deliverables: requirements specifications, architectural framework, PoCs,
standards liaisons
• Face-to-face meetings quarterly. Currently four (4) WGs, two (2) expert
groups (EGs), 4 root-level work items (WIs)
‒ WG1: Infrastructure Architecture
‒ WG2: Management and Orchestration
‒ WG3: Software Architecture
‒ WG4: Reliability & Availability
• Network Operators Council (NOC): technical advisory body
• Technical Steering Committee (TSC): WG Chairs + EG Leaders, TMs, PMs,
Rapporteurs
‒ EG1: Security
‒ EG2: Performance &
Portability, PoCs
6
EVA principle: elasticity, velocity, agility
‒ Flexibility to easily, rapidly, dynamically provision and instantiate new services in various locations (i.e. no need for new equipment install)
‒ Increased speed of time-to-market by minimising the typical network operator cycle of innovation. More service differentiation & customization. Great for BC/DR situations
‒ Improved operational efficiency by taking advantage of a homogeneous (physical) network platform
Reduced equipment costs through equipment consolidation, leveraging the economies of scale
Reduced operational costs: reduced power, reduced space, improved network monitoring
Software-oriented innovation (including Open Source) to rapidly prototype and test new services
IT-oriented skillset and talent (readily available in global geography, flexible)
NFV: a Value Proposition
7
Network Functions Virtualisation Infrastructure-as-a-Service (NFVIaaS)
‒ Network functions go to the cloud
Virtual Network Function-as-a -Service (VNFaaS)
‒ Ubiquitous, delocalized network functions (eg., vCPE)
Virtual Network Platform-as-a -Service (VNPaaS)
‒ Applying multi-tenancy at the VNF level
VNF Forwarding Graphs ‒ Building E2E services by
composition
An E2E View: Architectural Use Cases
NVFIaaS Example
8
Mobile core network and IMS ‒ Elastic, scalable, more resilient EPC
‒ Specially suitable for a phased approach
Mobile base stations ‒ Evolved Cloud-RAN
‒ Enabler for SON
Home environment ‒ L2 visibility to the home network
‒ Smooth introduction of residential services
CDNs ‒ Better adaptability to traffic surges
‒ New collaborative service models
Fixed access network ‒ Offload computational intensive
optimization
‒ Enable on-demand access services
An E2E View: Service-Oriented Use Cases
9
Computing Hardware
Storage Hardware
Network Hardware
Hardware resources
Virtualisation Layer
Virtualised
Infrastructure
Manager(s)
VNF
Manager(s)
VNF
OSS/BSS
NFVI
VNF
VNF
Execution reference points Main NFV reference points Other reference points
Virtual Computing
Virtual Storage
Virtual Network
EMS
EMS
EMS
Service, VNF and Infrastructure Description
Or-Vi
Or-Vnfm
Vi-Vnfm
Os-Ma
Se-Ma
Ve-Vnfm
Nf-Vi
Vn-Nf
Vl-Ha
Orchestrator N
FV M
AN
AG
EMEN
T & O
RC
HESTR
ATIO
N
VNFs
The E2E Reference Architecture
10
• FG: logical description of interconnecting VNFs and traffic flow between
them
• VNFs have metadata associated with them
• Network Service: set of packet flows
VNF FG Example 1: virtual infrastructure
11
VNF FG Example 2: hybrid infrastructure
• Infrastructure comprises of virtual and physical switches
• NSP needs to specify mapping that determines selection &
configuration of physical & virtual switching elements (& ports)
12
VNF FG Example 3: nested VNFs
• Disagreggation of current boxes/architectures (eg., vEPC)
• Better flexibility, can remove performance bottlenecks, scale
• Physical hardware: fixed connections, static equipment
• VNFs: dynamic connections, can change over time (VM
mobility)
• Forwarding plane needs to handle:
– Flow forwarding/switching
– Flow tracking/monitoring
– Bandwidth requirements
• Not just at the single switch/router level but network-wide
• Multi-tenancy and NFV: is there a relationship?
– Use virtual networks to support multi-tenancy
NFV-aware data plane
• Hardware (servers) hosts multiple VNF roles
• Network Service Composition: Firewalls, Load Balancers, VPN
gateways, CDN, IMS, EPC, etc
– Creation of forwarding graphs, in ETSI NFV nomenclature
• A VNF FG defines the sequence of VNFs a packet traverses
– Orchestration of services: allocation & management of resources
• Control plane needs to maintain
– Traffic Steering
– QoS, policy rules
• Handle mix of virtualized and non-virtualized environments
• Need for an NFV Controller?
NFV-aware control plane
• Impact on current applications?
• Adapt existing applications or develop a new class of
applications that take advantage of this new NFV paradigm
• Optimization-oriented: better use of resources
• Perhaps build new Network Functions & Services that take
advantage of a virtualized environment
• What is the role of the Northbound interface (NBI): between the
VNFs and the applications (today it does not exist with the
physical network functions)
• Monetization opportunities (eg, for service providers)
NFV-aware applications
Creates
competitive
supply of
innovative
applications by
third parties
Strategic Networking Paradigms
• NFV and SDN are highly complementary, they are mutually beneficial but not
dependent on each other.
• Software is common denominator
• SDN can significantly enhance NFV
Creates
abstractions to
enable faster
innovation
Software Defined
Networking
Leads to agility, Reduces
CAPEX, OPEX,
Network Functions
Virtualisation
Open Innovation
17
SDN can play a key role in the orchestration of the infrastructure
(physical, virtual)
‒ Provisioning and configuration of VNFs
‒ Allocate and manage resources (e.g., bandwidth)
‒ VM mobility
‒ Automation & programmability
‒ Security & policy control
‒ Unified control & management plane?
Service chaining
‒ Directing traffic flows to VNFs
‒ Traffic flow characterization very important (especially for mobile,
E2E scenarios)
NFV+SDN
18
NFV creates a very dynamic environment
‒ SDN can present an overall logical view, map
Ad-hoc, on-demand, secure virtual tenant networks
Extend M&O to include Network Management
SDN could enable and accelerate the virtualization of the network
and the “cloudification” of the carrier (COs/PoPs become DCs)
Challenges for bundling SDN with NFV
‒ Hybrid virtualized/non virtualized environment
‒ Mixed SDN/non-SDN (legacy) network elements/domiins
‒ SDN across NFV boundaries
‒ NFV across SDN boundaries (this may require some sort of SDN
federation)
SDN can enable, simplify and automate NFV implementation
Cloud, Data Center & Net
Apps/Services/Functions/Utilities
SDN (control, programmability,
management, network virtualization)
APIs
Interfaces, Protocols
Network, Storage
SDN
Computing Hardware
Storage Hardware
Network Hardware
Hardware resources
Virtualisation Layer
NFV Infrastructure (NFVI)
Virtual Computing
Virtual Storage Virtual Network
NFV
MANAGEMENT
&
ORCHESTRATION
Virtual Network Functions (VNFs)
VNF
VNF
VNF
Apps Apps Apps Apps
NFV Apps Apps Apps
APIs
Computing Hardware
Storage Hardware
Network Hardware
Hardware resources
Virtualisation Layer (ODL, NSX, OVX, …)
NFV Infrastructure (NFVI)
Virtual Computing Virtual Storage Virtual Network
SDN-based
MANAGEMENT
&
ORCHESTRATION
Virtual Network Functions (VNFs)
VNF
VNF
VNF
Apps
SDN-based NFV
Interfaces, Protocols SDN Controller
OpenStack
Neutron
20
What should be open?
‒ Open Source (software)
‒ Open Design (hardware)
‒ Open Standards
‒ Open Interfaces, APIs (plugins)
‒ Open SDKs
Open Community (not controlled by single vendor)
Decoupling of software and hardware. Programmable network functions
Benefits
‒ modularization: best of breed, flexibility
‒ customization (mix & match)
‒ reduced costs
‒ easy to upgrade, no vendor lock-in
Open Networking & NFV
Network Operating System
Application / Tools / Services
Hardware (switch/server))
Virtual Switch
API
API API
API
21
Issues:
‒ (harmonious) integration and consistency
‒ for operators: carrier-grade (HA & five 9s, DR/BC, SLAs, reliability)
‒ security, testing & interoperability, certification, licensing, regulation
Creating a sandbox of open source tools would be ideal
Open VNFs
‒ Open-sourced firewalls, load balancers, DPI
Emergence of virtual switches and routers as vital block
elements
Disaggregation of switch hardware/software supports
‒ dynamic/programmable QoS (selective per application/user/virtual
network, etc)
‒ monitoring/analytics tools
‒ run many NOS on same system (group of physical/virtual ports)
22
Mapping to Open Source communities
NFVI NFV M&O
Hardware Resources
Computing Hardware
Storage Hardware
Network Hardware
Virtualization Layer
Virtual Compute Virtual Storage Virtual Network
VNF VNF VNF
EMS EMS EMS
OSS / BSS
Service, VNF &
Infrastructure
Description
Virtualized Infrastructure
Manager
Orchestrator
VNF Managers
VNF
OpenStack
CloudStack
KVM
XEN, LXC
new for generic VNFs
Openstack
Cloudstack
?
Open Daylight
ONOS, ONF
DPDK
ODP (Linaro)
OCP
23
Openstack: Management & Orchestration platform for
‒ Virtualized Infrastructure (Neutron)
‒ VNFs
Create cloud-based, multi-tenant networks for NFV (XaaS)
Resource manager & scheduler
Could become an open solution for service chaining
NaaS
‒ Sliver of network (connectivity) + resources (compute, storage) + apps
‒ VNOs (Virtual Network Operators)
‒ Bandwidth-on-demand (to tenants, users)
‒ New business models (auction/brokering, ephemeral clouds)
Extend OpenStack to include monitoring & analytics tools for NFV
Richness of APIs
OpenStack for NFV
24 ETSI NFV
XaaS for Network Services
NFVI Provider
IaaS NaaS NaaS SaaS
NFVIaaS
Hosting Service Provider VNF
VNF
VNF
VNF
VNF
VNF
VNF
VNF
VNF
VNF Tenants
NSP
VNF VNF
VNF
VNF
VNF
VNF Forwarding Graph
Admin
User
Admin
User VNFaaS
User
PaaS PaaS
VNPaaS
25
Service Chaining & Service Insertion algorithms & protocols. Optimization mechanisms
NFV Orchestration algorithms
NFV Controllers. SDN Controllers for NFV
Abstractions for carrier-grade networks & services (imperative/declarative programming languages)
Traffic steering/dispatching
‒ Pure virtualized environment
‒ Hybrid (virtualized/non-virtualized) environment
Performance studies, e.g.,
‒ Resources requirements ‒ Latency & locality in software implementation ‒ Optimization techniques ‒ System bottlenecks
Cost (Benefit) Analysis studies
NFV Research & Call-for-action
26
Security of NFVI
BC/DR: fault-tolerance, resilience, redundancy
Consolidation of VNFs & Multipurpose VNFs
Nested VNFs algorithms
NFV system configuration patterns
Complexity of NFV systems
Energy Efficient NFV architectures
Service Assurance
‒ Tests & diagnostics (eg, fault isolation, fault-correlation
‒ Predictive analytics (e.g., fault prediction)
New VNFs
More on : portal.etsi.org/nfv
NFV Federation
E2E Architecture
27
Service Chaining & Service Insertion
Policies determine the chain order (eg. OF rules): define your own chain!
Use of metadata, tags as application/flow descriptors.
Use
‒ Tunnels/overlays, eg., VxLAN for creating paths
‒ SDN controller for directing traffic
Virtual networks for multi-tenancy and traffic isolation (virtualizing the virtual appliances…)
vCDN vDPI vLB vFW vADC
vDPI vCDN
physical
switch
vSwitch SDN Controller
28
Programmable Service Chains
‒ Branching
‒ Loops
‒ Parallelism
‒ Nests/recursion
Pipelined Service Chains
Virtual switches are key (in the chain) functional blocks
‒ Statefull/stateless
‒ Redundancy/DR
‒ Performance guarantees (delay, bandwidth)
Languages/structures for describing service chains
‒ Describing forwarding behaviour
‒ Accounting for constraints (e.g., security)
Building service chains for NaaS
29
Load Balancer
WAN
Acceleration
DPI
Switch
Firewall
Load Balancer
WAN
Acceleration
DPI
Switch
Firewall
Load Balancer
WAN
Acceleration
DPI
Switch
Firewall
Infrastructure today
Collection of heterogeneous networks
(with lots of duplication)
30
Physical, fixed boundaries and connections are removed
Connections and traffic are dynamic
L4-L7 SDN
FW
LB
DPI
OSV
SDN CTR
FW
LB
DPI
OSV
SDN CTR
FW
LB
DPI
OSV
SDN CTR
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
M&O
NV
SDN
CTR
EMS
OVS
con
tro
l p
lan
e
Virtualized Network Infrastructure
31
Network Virtualization important building block for NFV
Moving network functions into VMs, that can be scattered, would require setting up virtual networks to ensure traffic isolation and multi-tenancy
‒ Can be inter-DC, as applications (eg., vCDN) can span across DCs
virtual Network Overlays (vNOs) is one solution
‒ Virtual switches/gateways can also here a play a key role in delineating VN boundaries
Build scalable virtual networks
Network Virtualization for E2E connectivity
Network Virtualization for NFV
32
• VNFIaaS: providing E2E services
• Pooled resources across the domains
• Great for mobile infrastructure applications
Cloudification of the Telco Network: Cloud 2.0 and NaaS
34
Orange Silicon Valley
• Virtualizing the EPC goes beyond virtualizing a single function
• Virtualize nodes (MME, SGW, PGW, SecGW), functions (attach/registration, bearer, PCRF, ANDSF, HSS)
• Benefits:
‒ Elasticity, agility, scalability: launch VMs to handle traffic spikes ‒ Remote operations. Eliminates physical distances between nodes ‒ Portability: “EPC in a briefcase”, e.g, deploy next to eNodeB
‒ Easier to integrate other functions such as IMS, vDPI, caching
• Complete decoupling of control & data planes
• Flexible allocation & deployment of resources
• Challenge: delivering carrier-grade performance
vEPC @ OSV
35
EPC Virtualization - verticalized
S1
eNB
MMEVM
HSS VM
PCRF VM
S-GW VM
P-GW VM
Attach
Auth.
Bearer
Context
Mobility
Data
Policy Attach
Auth.
Policy
Bearer
Context
Mobility
Policy
Data
Bearer
Mobility
Context
SGi
Internet
• A physical box is mapped to a VM
• Inefficient: still uses many processes and requires encoding/decoding across interfaces
• Inflexible: high-availability requires duplication
Orange Silicon Valley
36
S1
eNB
Cloud EPC
• Consolidation of multiple physical network infrastructures into one
• Node disaggregation:
‒ obscures boundaries between functional boxes
‒ can lead to less complexity
• Achieves better service scalability, flexibility. Multi-tenancy (eg, MVNOs)
Attach
Auth.
Bearer
Context
Auth.
Data
Policy Policy
Mobility Mobility
Policy Attach
Bearer Bearer
Context Context Data
Management & Orchestration
Orange Silicon Valley
38
SmartEPC: NFV+SDN PoC
• Easier to integrate SDN-based solutions, such as “smart traffic offloading”
‒ Offload traffic based on various & different criteria (e.g., per customer, traffic)
‒ Embed OF agents in VNFs (running on VMs)
• Better management of EPC. Mobile flow characterization
• Does not require vendor to make drastic changes
Orange Silicon Valley
ANDSF
Evolved Packet Core
SDN CTRL
