© 2017

Published by

WHITEPAPER

How to Build AutomatedNFV Infrastructure

01 | WHITEPAPER

Executive summary

It’s been nearly five years since Network Functions Virtualization(NFV) was first conceived by a group of leading network operators,but the promise of running more flexible, better performing and

highly cost-efficient communication networks is not yet within theirreach. In fact, there is growing scepticism about the business case forNFV. Part of the reason for this sense of disillusionment is that currentNFV solutions make trade-offs between service agility, performanceand cost savings. Few, if any, solutions can provide all of these benefits,which together forge the fundamental promise of NFV.

In this phase of NFV development, it’s time to get back to basics andrethink how the underlying NFV infrastructure (NFVi) isimplemented. The key to achieving the flexibility, performance andcost savings that operators require is to ensure that the NFVi isinherently designed to enable automation.

But how do operators get there? This paper explores the stepsnetwork operators can take to construct NFVi that will achieve theperformance, flexibility and cost efficiency they need to make theNFV business case work.

How to Build Automated NFV Infrastructure | 02

Introduction

The drivers for network function virtualization(NFV) all come down to flexibility, performanceand cost savings. When a group of the world’slargest network operators launched the NFVinitiative back in 2012, the original goals were toreduce equipment costs and power consumption,improve operational efficiency, accelerate time-to-market for new services, open the market tonew suppliers, configure the network in real-time,enable multiple functions on the same hardware,enable the re-use of infrastructure, and optimizeresource usage through consolidation. While it isunrealistic to expect the telecommunicationsindustry to tick every item on such an all-embracing wish list within five years, confidencein NFV and commercial deployment progressshow signs of wavering.

A recent Heavy Reading survey of 40 leadingcommunication service providers (CSPs)indicated that confidence in NFV deploymentshas dipped over the last year. In November 2016,just 5% of CSPs surveyed said they wereextremely confident in the timelines for deployinghigh-priority network functions, which is downfrom 22% in November 2015. The survey alsofound slow progress in putting high-prioritynetwork functions into production, as thepercentage of CSPs with more than 25% of thistype of network function in production decreasedfrom 17% to 13% over the year.

The growing sense of disillusionment about NFVsuggests that the transition to virtualizednetworks will be more complex and will takelonger than previously hoped. One of the mosthigh-profile hurdles for NFV has been the thornyissue of management and orchestration (MANO).The industry has rallied around orchestrationefforts to find workable solutions. With solutionsnow in sight for lifecycle orchestration, which willenable service agility through automated servicecreation and management, a significanthindrance is likely to be removed from the pathto NFV.

But while service agility will be supported at theorchestration layer, CSPs are still striving foroverall flexibility, performance and costefficiencies. These capabilities are essential notonly for the success of NFV-based services butalso for the long-term success of CSPs’ business.

In this phase of NFV development, it’s time to getback to basics and rethink how the underlyingNFV infrastructure (NFVi) is implemented andconsider whether it is fit for purpose to achievethe flexibility, performance and cost efficiencythat CSPs require. The following makes the casefor automation as the critical requirement forNFVi and explores the steps CSPs can take tobuild automated NFVi in order to realize thepromise of NFV.

This is the challenge that need to be addressed now toenable automation and support service agility

Step 1:Get data

delivery towork

Step 2:Get data delivery

to work withperformance

Step 3:Get data delivery

to work withperformance,flexibility and

acceptable cost

Step 4:Extend performance

improvements toother dataprocessing

Step 5:Provide

insight forcontinuous

optimization

03 | WHITEPAPER

5 Steps to Building Automated NFVi

The NFVi compromises all of the hardware andsoftware components that create the environmentin which virtual network functions (VNFs) aredeployed, according to the EuropeanTelecommunication Standards Institute (ETSI). Itconsists of a physical layer of standard, off-the-shelf servers and network interface cards (NICs),on top of which runs the virtual layer comprising ahypervisor, virtual infrastructure managers (VIMs),virtual machines (VMs), and virtual networkfunctions (VNFs). The NFVi’s role is to provide atechnology platform and the physical resources tosupport the execution and dynamic configurationof the VNFs, which are implemented acrossmultiple distributed servers. The decisions aboutNFVi hardware and software implementations areamong the most important choices CSPs will makein their network virtualization strategies, becausethey will determine the level of performance,reliability and cost of CSP services.

In addition to its functional role as the criticaltechnology platform in virtualized environments,the NFVi is also envisioned by ETSI as thefoundation for fostering an open, innovative NFVecosystem, enabling multi-vendor interoperability

where VNFs from any supplier can run on any NFVi.It’s clear that the NFVi is a pivotal point in the NFVarchitecture for enabling the flexibility, performanceand cost-efficiency that NFV promises. But how?

In short, the answer is automation. Having theability to automate workflows and processes ona common hardware platform enables fasterservice delivery and real-time resourceoptimization. Ultimately, the goal for NFV is toenable flexibility in the deployment and migrationof VNFs while at the same time achieving highperformance throughput with minimal servercapacity resources. To achieve this, theunderlying NFVi needs to be designed from theground up to support automation.

Industry efforts to build automated NFVi arealready underway, but today’s solutions toleratetoo many trade-offs between flexibility,performance and cost-efficiency. The followingsections explore the steps network operators cantake on the path to fully automating their NFViwithout sacrificing service quality or breaking theNFV business case.

NICNICNICNICNIC

FunctionFunctionFunctionFunctionFunctionFunctionFunctionFunctionVirtual Virtual Virtual Virtual Virtual Virtual Virtual Virtual

Standard Server

Standard

Standard Server

Standard

Standard Server

Standard

Standard Server

Standard

Standard Server

Standard

Open Hypervisor and Virtual Switch

How to Build Automated NFV Infrastructure | 04

Step 1. Get Data Delivery to Work

Not long after the publication of the first NFVwhite paper by 13 of the world’s largest networkoperators in late 2012, the Intel Open NetworkPlatform (ONP) emerged as an importantconceptual framework for making the transitionfrom traditional physical appliance-basednetworks to software-based virtualized networks.The ONP server reference architecture provideshardware and software components that areoptimized for NFV and SDN deployments. It hasa common hardware platform that is based onstandard Intel x86 servers and standard NICs, aswell as a hypervisor and virtual switch thatabstract the hardware from the software. Andtrue to the ethos of ETSI’s NFV efforts, the ONPframework is built on open standards and opensource software, including the OpenStack cloudoperating system, OpenDaylight SDN controllerand Open vSwitch (OVS) virtual switch.

With the inclusion of OVS and hypervisor, theONP framework represents the first step inbuilding an automated NFVi. OVS is a virtualizedsoftware implementation of a traditional networkswitch. It provides the connectivity in virtualizedenvironments and can be deployed across

multiple servers. As VNFs are distributed ondifferent servers, the hypervisor and OVS switchtraffic among them wherever they areimplemented. This ability to instantiate and moveVNFs anywhere in the network enables theflexibility and agility in NFV service chain creation.

ONP is a good starting point for automated NFVi,but it does have drawbacks in performance andcost efficiency. Generally, vSwitch performance isa common source of frustration for networkoperators, and it has been a bottleneck in NFVimplementations. While vSwitch performancemay not reach exactly the same levels of hardwareappliances, it does need to be better than what itis today. OVS throughput performance falls belowindustry expectations. In addition, efforts toimprove OVS performance typically result in veryhigh server Central Processing Unit (CPU) coreconsumption, which makes it expensive to run.The more cores that OVS consumes, the less therewill be available for other data processingworkloads including hosted virtual functions.Operators will end up paying for additionalcapacity just to have the same performance andfunctionality as they do today, which defeats thecost-efficiency aims of NFV.

Step 1: Intel Open Network Platform

05 | WHITEPAPER

Step 2. Get Data Delivery to Work withPerformance

To overcome the performance shortcomings ofOVS, the industry looked to an alternativeapproach with Single Root Input/OutputVirtualization (SR-IOV). It’s a familiar networkinterface in enterprise networking, but it isrelatively new to telecom networks. SR-IOV doesimprove throughput performance, but it sacrificesflexibility and adds complexity.

SR-IOV bypasses the vSwitch and hypervisor anddirectly interfaces between VNFs and NICs thatsupport SR-IOV. In other words, physical NICs arelinked directly to specific virtual functions on thesame server, thereby improving throughputperformance. But by tying the NIC hardware tothe VNF software in this way, SR-IOV effectivelyremoves the abstraction layer that separated thehardware from software in the NFVi, which makesmoving VNFs very difficult. The effect can bedescribed as taking the virtualization out of NFV.Also, since there is no standard way to implementthe SR-IOV mechanism, vendor-specific versionscan add further complexity when it comes tointegrating with other elements of the NFVi aswell as legacy telco systems.

VNF mobility is important not only because itenables flexibility and service agility, but alsobecause it is essential to the NFV business case.With the ability to easily move VNFs amongservers within the data center or to different datacenter locations as NFV-based services mature,operators can consolidate virtual functions ontofewer servers and optimize server resourceutilization. In data centers, the biggest costs arepower and cooling. If operators can minimize thenumber of servers needed for NFV by optimizingwhere the VNFs run, then they can reduce datacenter operating costs.

The upshot is that SR-IOV resolves theperformance issue, but it undermines VNFmobility and flexibility. Nonetheless, it is animportant step on the path to NFVi automation.

Step 3. Get Data Delivery to Work withPerformance, Flexibility and Acceptable Cost

The next step to enabling automation on acommon hardware platform is OVS Acceleration,which improves the throughput performance ofthe virtual switch without the need for hypervisorbypass solutions (e.g., SR-IOV), thereby ensuringVNF mobility as well as cost efficiency for network

SRIOVNIC

SRIOVNIC

SRIOVNIC

SRIOVNIC

SRIOVNIC

OpenHypervisorand Virtual

Switch

VirtualFunction

VirtualFunction

VirtualFunction

VirtualFunction

VirtualFunction

VirtualFunction

VirtualFunction

VirtualFunction

Standard Server Standard Server Standard Server Standard Server Standard Server

Step 2: performance improvement based on SR-IOV

How to Build Automated NFV Infrastructure | 06

operators. The technique is similar to Intel’s ONPin that it uses OVS and relies on the data planedevelopment kit (DPDK) as the interface to VNFs.The unique piece in the OVS Acceleration solutionis a Field Programmable Gate Array (FPGA)-basedNIC that is designed specifically for therequirements of NFV. The solution offloads someof the functionality of OVS onto the NFV NIC sothat the virtual switch uses fewer CPU cores andclocks higher overall throughput.

An NFV NIC operates like any standard NIC,providing input and output for traffic coming inand out of standard servers. The way it boostsperformance is by creating Contiguous PacketBatches that allow thousands of Ethernet framesand IP packets to be transferred at once. An NFVNIC with OVS Acceleration reduces the numberof actions that the OVS has to perform andincreases overall throughput. Most of the OVSfunctionality remains running in software, buthaving a smaller workload means that the OVSwill use fewer CPU cores.

By not tying the NIC to specific VNFs (as the SR-IOV mechanism does), OVS Acceleration ensuresthat network operators have the VNF mobility

they need for agile service chain creation whilealso increasing throughput performance. Also, byoffloading some of the OVS workload onto theNFV NIC, OVS Acceleration reduces the numberof CPU cores that OVS consumes. These freed-upserver resources enable operators to increase thedensity of VNFs per server to run more revenue-generating service functions per server as well asuse less server capacity overall, which will lowernetwork operating costs.

A recent case study illustrates the potential costsavings. In a data center with 10,000 servers, it wasfound that OVS Acceleration with DPDK on anNFV NIC would use eight times fewer CPU coresper server than OVS with DPDK on a standard IntelNIC. OVS Acceleration can provide full 40 Gbpsthroughput using just one CPU core. Thiscorresponds to a saving of seven CPU cores perserver, which translates into 3,890 fewer 18-coreCPU chips and 1,945 fewer dual-socket servers.The resulting total capex and opex savings fornetwork operators related to this reductioncorresponds to $8 million over four years. In termsof performance, OVS can be accelerated by up toseven times compared to standard NIC solutionsthat support OVS and DPDK.

NICNICNICNICNIC

FunctionFunctionFunctionFunctionFunctionFunctionFunctionFunctionVirtual Virtual Virtual Virtual Virtual Virtual Virtual Virtual

Standard Server

NFV

Standard Server

NFV

Standard Server

NFV

Standard Server

NFV

Standard Server

NFV

Accelerated Open Hypervisor and Virtual Switch

Open Virtual Switch Acceleration providing performance and flexibility with minimal CPU load

07 | WHITEPAPER

Step 4. Extend Performance Improvements toOther Data Processing

OVS Acceleration resolves a major performanceproblem facing operators today while alsomeeting operator requirements for flexibility andcost-efficiency. But the traffic demands oncommunications networks are unrelenting, andCSPs need to be equipped to cope with the costof increasing data loads in the long term as wellas shorter term performance improvements. Asoperating costs typically increase in line withdata traffic load, CSPs need new ways oflowering the cost-per-bit. This market realityleads to the next step in NFVi automation, whichis extending the performance improvementsgained through OVS Acceleration to othercommon data processing functions.

With an FPGA-based NFV NIC, the samecommon hardware platform used for OVSAcceleration can be used to accelerate heavydata processing tasks, such as encryption andcompression. FPGA-based hardware can beprogrammed and upgraded remotely, whichcreates a versatile platform that can serve otherfunctions in an NFV environment. The flexibilityof FPGA technology also allows third-party IP tobe dropped in to the NIC platform to perform avariety of functions. This hardware accelerationapproach is essential for building automatedNFVi especially where software-based solutionsare too costly and resource-intensive.

Data compression and encryption are particularlyheavy data processing functions that consume adisproportionate amount of CPU cores. But CSPsare having to process increasing amounts of bothtraffic types. Encrypted traffic is on the riseworldwide. Network policy control vendorSandvine estimates that 70% of Internet traffic isencrypted across Europe, Latin America andNorth America.

In the case of data compression, higher datatraffic loads and demands for faster data servicedelivery are pressuring CSPs to store more datain the data center and closer to where customersare located. To mitigate storage costs, CSPs arecompressing the data. But processingcompressed data in a virtualized environment isresource intensive and consumes too many CPUcores, which ultimately increases data centeroperating costs.

CSPs can overcome the high cost of processingcompressed and encrypted traffic throughhardware acceleration on an NFV NIC. Forexample, hardware acceleration on an NFV NICuses 40 times less CPU cores compared tosoftware acceleration on server CPUs. In a datacenter with 10,000 servers, assuming 10% ofservers need hardware acceleration, the totalcapex and opex saving corresponds to $4 millionover four years.

YEAR 0Today’s

NFV capability supporte.g. OVS acceleration

FPGA NFV NIC

YEAR 1New

NFV capabilitiese.g. higher speed rate

Cost

Data Load

YEAR 2New

NFV capabilitiese.g. encryption/compression

FPGA NFV NIC FPGA NFV NIC

Step 4: Hardware acceleration enables continuous cost improvement

How to Build Automated NFV Infrastructure | 08

Step 5. Provide insight for continuousoptimization

Once the NFVi is running more cost-efficientlythrough hardware-accelerated data processing, thenext step for the full benefits of automation is toimplement effective network monitoring to enablecontinuous optimization as well as securitysolutions. In traditional physical networks, CSPscould monitor traffic by adding a passive TestAccess Point (TAP) to the connection that neededto be monitored between two network nodes.Based on a mechanical relay or optical splitter, theTAP ensures that a copy of all traffic is sent tonetwork appliances dedicated to networkmonitoring or security. Alternatively, routers andswitches provide a Switch Port Analyser (SPAN)port, which makes a copy of the traffic activity ofone or more switch ports so that it can be analyzed.

But in virtualized networks, these techniques aredifficult to replicate. Virtual TAPs are challengedby VNF mobility whereby virtual functions can bemoved around and instantiated on differentvirtual machines. In addition, virtual TAPs orSPAN ports require the duplication of all traffic inthe virtual switch so that it can be analyzed byanother virtual function. As virtual switchingtoday is performed in software, this effectivelymeans that double the amount of server CPUcores are required when a virtual switch needs toprovide TAP or SPAN port functionality.

A more cost-efficient way to monitor virtualizednetworks is to take advantage of the fact that theOVS Acceleration solution implemented on theNFV NIC already sees all the traffic in the virtualswitch and can replicate this traffic efficientlywithout using any server CPU cores. This allowsa copy of all traffic to be delivered to anotherlocation, whether that is another virtualappliance or function on the same server or onanother server.

By offloading the traffic monitoring functionalityonto a common hardware platform, CSPs will notonly reduce operating costs through minimizedCPU core use but they will also have constantinsight into how the network is performing thatwill enable further optimization of the NFVi aswell as the services and applications they aredelivering to customers.

and Virtual Switch

NIC

ProbeFunctionFunctionVirtual Virtual Virtual

Standard Server

Standard

Accelerated Open Hypervisor

Copy ALL

Implementing SPAN or TAP port in software effectively doubles CPU load

and Virtual Switch

NIC

ProbeFunctionFunction

Virtual Virtual Virtual

Standard Server

NFV

Accelerated Open Hypervisor

SPAN

Step 5: Enabling efficient and cost-effective insight for automation

Conclusion

Despite the current sense of disillusionment, thetelecommunications industry has made great strides in thedevelopment of NFV. Specifically, industry efforts to overcome

the complexities of MANO will help to enable service agility inmanagement and service creation functions. As this major hurdle iscleared, the time is right to move the spotlight onto the NFVi andreconsider whether it can match the level of service agility that will beenabled by the MANO layer.

CSPs need more flexibility, better performance and cost savings fromtheir NFV deployments, and the way to achieve these goals is byenabling automation in the NFVi. By adding smarter functionality tothe common hardware platform, CSPs can significantly improve theperformance of the NFVi while also ensuring flexibility and costefficiency even as data traffic continues to increase and workloadssurge. CSPs will be prepared to cope with future traffic demands thatrequire intensive data processing. Building an automated NFVi is thesurest way for CSPs to realize the promise of NFV.

09 | WHITEPAPER

© 2017

Produced by the mobile industry for the mobile industry, MobileWorld Live is the leading multimedia resource that keeps mobileprofessionals on top of the news and issues shaping the market. Itoffers daily breaking news from around the globe. Exclusive videointerviews with business leaders and event reports providecomprehensive insight into the latest developments and key issues.All enhanced by incisive analysis from our team of expertcommentators. Our responsive website design ensures the bestreading experience on any device so readers can keep up-to-datewherever they are.

We also publish five regular eNewsletters to keep the mobileindustry up-to-speed: The Mobile World Live Daily, plus weeklynewsletters on Mobile Apps, Asia, Mobile Devices and Mobile Money.

What’s more, Mobile World Live produces webinars, the Show Dailypublications for all GSMA events and Mobile World Live TV – theaward-winning broadcast service of Mobile World Congress andexclusive home to all GSMA event keynote presentations.

Find out more www.mobileworldlive.com

Napatech is the world leader in smarter data delivery solutions fornetwork management and security applications. As data volume andcomplexity grow, organizations must monitor, compile and analyzeall the information flowing through their networks.

Our products use patented technology to capture and process dataat high speed and high volume with guaranteed performance,enabling real-time visibility. We deliver data faster, more efficientlyand on demand for the most advanced enterprise, cloud andgovernment networks.

Now and in the future, we enable our customers’ applications to besmarter than the networks they need to manage and protect.

Disclaimer: The views and opinions expressed in this whitepaper are those of the authorsand do not necessarily reflect the official policy or position of the GSMA or its subsidiaries.