PROCERANETWORKS.COM1
NETWORK FUNCTION VIRTUALIZATION Network Functions Virtualization (NFV) is a major strategic initiative for network operators
worldwide. In January 2013, the European Telecommunications Standards Institute (ETSI)
launched an initiative sponsored by seven of the largest operators in the world: AT&T, BT,
Deutsche Telekom, Orange, Telecom Italia, Telefonica and Verizon to establish requirements
and an architecture for the virtualization of network functions. In a relatively short time, the
number has increased to over 150 operators, vendors, and technology providers. Data center
solutions have leveraged virtualization technology for years, but the telecommunications
network has not widely adopted the technology for its infrastructure for a number of reasons,
but operators wanted to change that through the ETSI process. These network operators see
tremendous potential in NFV for telecommunications deployments. The stated benefits from
the NFV ISG include1:
• Reduced operator CAPEX and OPEX through reduced equipment costs and reduced
power consumption
• Reduced time-to-market to deploy new network services
• Improved return on investment from new services
• Greater flexibility to scale up, scale down or evolve services
• Openness to the virtual appliance market and pure software entrants
• Opportunities to trial and deploy new innovative services at lower risk
The goals from the ETSI NFV Industry Specification Group (ISG) for the standards framework
is to address the technical challenges for NFV, which include2:
• Ensuring that virtualized network platforms will be simpler to operate than what
exists today
• Achieving high performance virtualized network appliances, which are portable between
different hardware vendors and hypervisors
• Achieving co-existence with legacy hardware based network platforms whilst enabling an
efficient migration path to fully virtualized network platforms which re-use network operator
existing BSS and OSS
• Management and orchestration of virtual network appliances (particularly alongside legacy
management systems) while ensuring security from attacks and misconfiguration
• Maintaining network stability and service levels without degradation while under load or
during relocation
• Ensuring the appropriate level of resilience to hardware and software failures
Leveraging State-of-the-Art Intel and HP
platforms to create an Internet intelligence Virtual
CPE solution for Enterprise Services
Network Function Virtualization:PacketLogic Virtual Network Function as a Service for Enterprises
WHITEPAPER
1. http://www.etsi.org/index.php/news-events/news /644-2013-01-isg-nfv-created
2. http://www.etsi.org/technologies-clusters /technologies/nfv
PROCERANETWORKS.COM2
WHITEPAPER
• Enable the creation of virtual network appliances which will run, ideally without
recompilation, on any hypervisor and hardware configuration, and integrate “on the fly” into
the network operators’ existing EMS, NMS, OSS, BSS and orchestration systems.
• Requirement analysis for future technical specifications and standards in ad hoc
standardization organization and groups to be identified or created at ETSI and other
relevant standards development organizations.
HP, Intel, and Procera Networks are all members of the ETSI NFV ISG, and have joined
together to work on specific NFV use cases that leverage Intel processing, HP hardware
platforms, and Procera Networks Internet intelligence solutions.
VIRTUAL CPE SOLUTIONSThe ETSI NFV ISG has defined a number of different use cases as part of the expected
deployment of NFV in service provider networks. This white paper describes one of those
use cases, a Virtual CPE implementation of the Procera solutions. The Virtual CPE use case
falls under the Virtual Network Function as a Service (VNFaaS) description in ETSI GS NFV
001 V1.1.1 Network Function Virtualization (NFV) Use Cases. An architecture diagram of the
different NFV use cases (including Virtual CPE) is shown in Figure 13
NFV USE CASES
Figure 1
Virtualisation ofBase Station (cBS)
Virtualisation ofMoble CDNs
Virtualisation ofMoble Core/IMS
Virtualisation ofHome and
Enterprise Networks
VNF Forwarding Graph
VBsLTE
VBs3G
vBS2G
vBSWiMax
HW
C-PlaneADSL
C-PlaneVDSL
C-PlaneITU-T/G
HW
DNS
VNF
DHCP SGW Firewall
HW HW HW
HW HW
RGW NAT STB
HW HW
CON 1 CON 2
HW HW
Virtualisation ofFixed Access
FTTB
/C FTTdp
FTTH
HW
CSCF SGW CSCF
HW
HW Hardware resources
VNF
Hardware resource pool
HW HW HW
CSCF AppServer
HW HW HW HW
MME CSCF LB DHCP
HW HW HW HW
AppServer
VNF VNF VNF VNF
PGW AppServerSGW
MME
3. http://portal.etsi.org/NFV/NFV_White_Paper2.pdf
3 PROCERANETWORKS.COM
The concept of Virtual CPE is very exciting to managed services solution providers, as it
provides superior service flexibility and enables the operator to use of best-in-breed solutions
as needed to provide specific service functions. The vCPE solution can be deployed either
at the customer premise or in the provider’s “cloud” as a managed service. Dedicated,
standalone appliances often do not deliver the right combination of capabilities and also tie
the enterprise to a specific vendor’s platform until they can depreciate the investment. “Virtual
Router” based solutions do exactly the same thing, often with even more limited functionality.
The virtualization capabilities being introduced by NFV offer a huge opportunity for network
operators looking to offer differentiated managed enterprise services with a major reduction
in CAPEX required for service launches. Through the use of common hardware and best-in-
breed VNF capabilities, a managed services solution can be offered to any customer that has
broadband access into the provider “cloud”. The ETSI GS NFV 001 V1.1.1 Network Function
Virtualization (NFV) Use Cases document calls out the different potential locations for the vCPE4
4. http://www.etsi.org/deliver/etsi_gs/NFV/001_099/001/01.01.01_60/gs_NFV001v010101p.pdf
VCPE FROM NFV WHITEPAPER
Figure 2
Branch
BranchBranch
IP BackboneCustomer SiteVirtualisation
Network Edge Virtualisation
Non-virtualized CPE
vE-CPE deployed at various locations
Centralized Corporate IT Infastructure
Branch
vE-CE
vE-CE
vE-CENFVLPoP
PACKETLOGIC VIRTUAL NETWORK FUNCTIONProcera’s PacketLogic solutions are deployed in service provider networks to gain insights into
network and subscriber behavior as well as to take action in order to provide a high quality of
experience for their broadband consumers. These solutions can be deployed in the access
network, aggregation layer, network core, or at the peering point to provide different network
views and services, including virtual and hardware-based solution options.
CASE STUDYWHITEPAPER
Figure 3
PACKETLOGIC DEPLOYMENTS
AC
Access
DSL
WIFI
BRAS
Router
WAN Edge
HIGH-ENDENTERPRISE
FTTHFTTH Aggregation
CABLE
2G/3G/LTE
RNCSGSNSGW
CMTS
PCRF
PSM
PIC
PL20000
OCS AAA/HLR/HSS
Packet Core
Internet
GGSNPGW
Offload
VAS• Optimization• Parental Control• Caching/CDN• URL Filtering• Advertising
Cloud Services
Traditionally PacketLogic solutions have been tied to specific off-the-shelf hardware platforms
based on Intel technology. Although PacketLogic has always been hardware independent,
to achieve the performance and scalability that our customers demanded required tight
integration with whatever hardware platform we were deployed on. However, with the
introduction of the PacketLogic/V solutions, Procera has de-coupled our software from the
underlying hardware platform to deliver on the premise of NFV.
PacketLogic/V platforms offer all of the software capabilities offered on its hardware-based
PacketLogic platforms available on COTS virtual machine environments running on COTS
hardware. All three of the functional components that make up Procera PacketLogic
software – real-time enforcement, subscriber manager, and intelligence center – can be
readily provisioned without the need for purchasing vendor-specific, single-use hardware
configurations or purpose-built hardware that are typically needed by competing systems.
PacketLogic/V platform components run as individual Virtual Network Function Components
(VNFC) that are part of ESTI-defined Virtual Network Function (VNF) environment that a
network operator would need to support a PacketLogic analytics or enforcement solution.
The solution would be managed by a VNF management solution as well as the APIs that
are included as part of the PacketLogic solutions. This provides the ultimate flexibility in
provisioning computing resources and PacketLogic software licenses to gather high-resolution
Internet intelligence in order to provide detailed subscriber-centric analytics and support for
intelligent, real-time policy enforcement.
The Enterprise Service Offerings delivered by the PacketLogic VNF fall into two different
Procera solution families: Gain Insight and Take Action.
4 PROCERANETWORKS.COM
CASE STUDYWHITEPAPER
Gaining Insights leverages the fine-grained visibility of the PacketLogic Internet Intelligence
solutions, and can be used to provide an enterprise with a greater understanding of their
usage of broadband and Internet bandwidth. Those insights can be turned into Actions using
the real-time policy enforcement capabilities of PacketLogic, and this creates a powerful
solution that offers both real-time and historical perspectives as well as the ability to manage
enterprise network traffic.
CPECPE
CPE CPE
CPEPE
PE
PEService Provider Core
Enterprise
Enterprise Enterprise
VNFVNFVNFVNFVNFVNFVNF
CPECPE
VNFaaSService Utility
Figure 4
vCPE DEPLOYMENT OPTIONS
Some of the services that can be offered to enterprises with this solution include:
• Advanced Usage Reporting and SLA Verification
The Internet Intelligence Center enables operators to deliver customized, detailed real-
time and historical reporting and analytics to the end customer. This information can be
used to provide value-added reports to the customer, or to help verify the billing and SLA
information that is part of the customer’s managed services contract. The information
available in PacketLogic includes not only the bandwidth and volume of data used, but also
application, content, device, quality, latency, and congestion reports (packet drops) for how
the network behaves during times of congestion.
• Regulatory Compliance and Data Retention
Many enterprises have specific regulatory compliance standards (financial institutions for
example) that require them to log specific application traffic or access logs. PacketLogic
includes a number of different high-volume logging technologies that can be used to
selectively retain audit logs for specific policies on the enterprise network. These
policies can be based on specific users, servers, applications, content, or even cloud-
based services.
5 PROCERANETWORKS.COM
CASE STUDYWHITEPAPER
6 PROCERANETWORKS.COM
CASE STUDYWHITEPAPER
• Traffic Management
PacketLogic solutions have sophisticated traffic management and fair usage capabilities.
Enterprises can manage users, user groups, applications, content, and even specific
devices based on time of day, day of week, bandwidth, and connection consumption to
ensure that their business critical data is prioritized over recreational traffic or less important
traffic during peak times or during network congestion. Examples might be de-prioritizing
recreational video streaming outside of lunch or break times, removing bandwidth limits
during off hours, or prioritizing access to salesforce.com during quarter close for sales-
oriented businesses. In addition to simply managing the traffic, PacketLogic can provide
detailed reports on which users or applications were affected by traffic management and
how much latency or packet drops were introduced for the affected traffic.
• Application Firewalling and Control
Although PacketLogic is not a traditional firewall, it can use the application and content
signatures to restrict the use of specific applications. These controls can also be based
on users, user groups, users, user groups, applications, content, and even specific
devices based on time of day, day of week. These controls allow finer grained control
than most firewalls, as they are based on true layer 7 capabilities, and can even detect
applications that morph their signatures when confronted with firewall solutions. Common
applications that fall into this category include peer-to-peer, Skype, Tor, and other encrypted
applications, which are hit-and-miss even with more advanced firewalls.
• Content Control
ContentLogic enables the PacketLogic solutions to add content categorization to the
existing application signatures. With ContentLogic, enterprises can manage access to
different categories of content to ensure that inappropriate content in the workplace or
limit recreational content during peak work hours. Categories of content include social
networking, pornography, job hunting, news, and over 100 other classifications.
• Carrier Grade NAT
PacketLogic also includes Network Address Translation functionality to minimize the
number of VNFs needed to transition the enterprise’s private address space into publicly
accessible Internet addresses. This helps both the service provider and enterprise manage
address space consumption while still providing user-level visibility for policy enforcement
and analytics.
• Advanced Traffic Steering
Many enterprises utilize application delivery controllers to load balance or divert specific
applications or services to value added services systems like WAN optimization or caching
appliances. Rather than implementing a separate VNF for this, PacketLogic includes these
functions to simplify network deployments and enable a single point of Layer 7 control and
visibility in a managed service.
Through the PacketLogic/V implementation of NFV, these solutions enable an extremely
rich service offering with minimal hardware cost and maximum flexibility. Operators offering
managed services can now monetize these capabilities without requiring yet another piece of
CPE at the customer site.
SOLUTION TESTING DETAILSThe test environment used to demonstrate a PacketLogic Virtual CPE deployment was as
shown in the diagram and detailed in Figure 5.
Figure 5
VIRTUAL CPE TEST ENVIRONMENT
VNF-M vPIC vPSM vPRE
HP DL380 server
Intel® Xeon® E5-2697 v2
processors @ 2.70Ghz
KVM virtualization manager
Breaking Point traffic generator
Procera Solutions:
PacketLogic Real-Time Enforcement
PacketLogic Subscriber Manager
PacketLogic Client
PacketLogic Element Manager
Internet Intelligence Center Insights
The test consisted of creating instances of PacketLogic VNFs on the HP hardware and
dedicating a specific number of Intel cores and memory to a PacketLogic/V instance. The
solution was managed with the PacketLogic Element Manager and the PacketLogic Client,
analytics and visualization for the CPE instance performed by the Internet Intelligence
Center Insights solution. The Breaking Point traffic generator was used to generate a mix of
application traffic that would be classified by the PacketLogic VNF for the enterprise service.
The PacketLogic VNF was configured to use the following parameters for each vCPE instance:
CPU: Intel® Xeon® CPU E5-2697 v2 @ 2.70GHz, 4 CPU cores
Memory: 8G of RAM per instance
7 PROCERANETWORKS.COM
CASE STUDYWHITEPAPER
Copyright © 2015 Procera Networks. All rights reserved. All other trademarks are property of their respective owners. PROCERANETWORKS.COM
ABOUT PROCERA NETWORKSProcera Networks, the global Subscriber Experience company, is revolutionizing the way operators and vendors monitor, manage and monetize their network traffic. Elevate your business value and improve customer experience with Procera’s sophisticated intelligence solutions. For more information, visit proceranetworks.com or follow Procera on Twitter at @ProceraNetworks.
CORPORATE OFFICES Procera Networks, Inc. 47448 Fremont Blvd Fremont, CA 94538P. +1 510.230.2777F. +1 510.656.1355
CORPORATE OFFICES Procera NetworksBirger Svenssons Väg 28D 432 40 Varberg, Sweden P. +46 (0)340.48 38 00F. +46 (0)340.48 38 28
ASIA/PACIFIC HEADQUARTERS Unit B-02-11, Gateway Corporate Suite, Gateway KiaramasNo. 1, Jalan Desa Kiara, Mont Kiara 50480 Kuala Lumpur, Malaysia
Copyright © 2015 Procera Networks. All rights reserved. All other trademarks are property of their respective owners. PROCERANETWORKS.COM
If we extrapolate the performance for a full system dedicated to the PacketLogic VNF using
the full capabilities of the Intel-powered HP platform, a single DL380 could deliver up to 8
vCPE instances on a single server, providing a huge benefit for an operator looking. This
capacity could be subdivided into a large number of VNFs, providing an easy-to-calculate
ROI based on the number of equivalent dedicated hardware units that would have needed
to be purchased. The ROI would also include the cost of truck rolls that would be required to
deploy the solution, which is often more expensive than the cost of the hardware
solution itself.
SPECTRUM OVERVIEWIn our increasingly connected world, it has become clear that thoughtful sharing of inspiration
and resources accelerates the development and application of technologies that benefit us
individually and collectively. It’s on this premise that HP and Intel have created SPECTRUM,
a program designed to accelerate the development and application of technologies for
Telecommunications Solution Builders.
SPECTRUM enables developers of hardware and software to deliver solutions to meet
the challenges of the telecommunica-tions markets. SPECTRUM is also an engine
designed to empower developers to address market challenges with cost-effective,
power efficient, industry-standard technologies from HP and Intel.
v20161115
CASE STUDYWHITEPAPER