RadwaRe® and Intel® – VIRtualIzIng applIcatIon delIVeRy contRolleRs In an nFV enVIRonment

Intel® netwoRk BuIldeRssolutIon BRIeF

Radware® and Intel® – Virtualizing Application Delivery Controllers in an NFV EnvironmentThe infrastructure supporting online applications is rap-idly migrating from dedicated, fixed-function appliances to applications running as virtual network functions (VNF) on powerful virtualized servers. Virtualized applications offer substantial benefits over dedicated platforms, including lower costs, easy scalability, and elasticity.

Virtualization offers substantial service elasticity and agility benefits – allowing application providers to quickly scale from thousands to millions of users to accommodate vari-able usage patterns and data surges. The network infra-structure that connects application components, long based on physical appliances, must make the transition to virtual-ization.

Application delivery controllers (ADCs) have a key role in application operation, directing and balancing user requests among application instances running on multiple virtual machines. Modern ADCs, such as those from Radware, perform sophisticated functions while handling large traffic volumes. Radware is the first to offer a high-capacity, virtual-ized ADC based on Intel platforms and software.

ChallengeVirtualization enables extreme application scalability, which must be accompanied by a matching scalability in the net-work infrastructure. Network devices such as switches, rout-ers, and ADCs must be ready to handle large data bursts on a moment’s notice, sometimes in the terabit per second (Tbps) range. With network functions virtualization (NFV) and soft-ware defined networking (SDN) working together, networks can be automated and capacity redirected, enabling the network infrastructure to scale at the same time and in the same manner as the applications they service.

ADCs are the next-generation evolution of the load balancer, classifying service requests and sending them in a balanced way to the right application instance that has the capacity to deliver the best response time. Modern ADCs perform many other functions, including authentication and cryp-tography. ADC scalability and flexibility must match that of the applications that they service. This was a problem with fixed-function ADC appliances because it became prohibi-tively expensive. ADC virtualization, using NFV and SDN techniques, means new ADCs can be spun up when demand rises to achieve the extreme scale required.

2

Figure 1 - Alteon VA for NFV in an SDN Application Architecture

SolutionRadware’s Alteon Virtual Appliance (VA) for NFV environ-ments is the first high-capacity virtualized ADC. Alteon VA performs all of the same traffic classification, control, and forwarding as Radware’s hardware ADC appliances. Alteon VA runs on commercial off the shelf (COTS) hardware that can be used to support other NFV-based networking tasks as well as online applications. Using COTS servers translates to a lower total cost of ownership, both due to cost and to lower OPEX from common maintenance.

Radware offers ADC throughput capacities from 10 Gbps to 100 Gbps on a single Intel Xeon®-based virtualized server. When used with the Intel XL710 Ethernet controllers,1 Rad-ware expects to achieve 160 Gbps in a single server. Multi terabit-per-second configurations can be achieved with Rad-ware’s ElasticScale SDN application that configures a cluster of multiple Alteon VA instances.

As an active contributor in industry NFV and SDN standard-ization working groups, Radware has developed a holistic strategy to enable applications provided by carriers, large enterprises, and e-commerce networks to become smarter, more programmable, flexible, and cost-effective.

Many of the benefits of Alteon VA are due to integration with NFV and SDN life cycle automation frameworks. Alteon VA is compatible with SDN OpenFlow systems as well as NFV-based infrastructure virtualization and orchestration frameworks such as KVM and OpenStack. This allows Alteon VA instances to be instantiated, provisioned, configured, and decommissioned in the same manner as application components and other virtualized network functions. ADC instances and applications can be created and connected in one step, resulting in simplified deployment, capacity elas-ticity, and shorter turn-up time.

1 http://ark.intel.com/products/codename/44140/Fortville

3

Intel hardware and software technologies enable Radware to achieve its extremely high ADC performance. In order to optimize Ethernet traffic, Radware uses the data plane development kit (DPDK), an Intel-supported public-domain software library that routes network packets around the Linux OS kernel directly into applications user space. Rad-ware found Intel’s implementation superior to other public-domain versions, providing support for their multiprocessor architecture.

Alteon VA also uses PCI pass-through, which bypasses the hypervisor’s virtual switch. This enables direct and faster access to physical server NICs.

Key Features• Fully virtualized implementation – operating on COTS

Intel-based servers.

• High capacity – capacities from 10 to 100 Gbps per server. Clusters offer multi-Tbps operation.

• Based on NFV/SDN – compatible with common SDN and NFV infrastructure virtualization and orchestration frameworks.

• Interoperable – with most policy ecosystems.

Alteon VA features a protocol and API-agnostic control-plane plugin that allows seamless interoperation with virtu-ally any policy enforced ecosystem, including HSS, PCRFs, RADIUS, and Diameter based APIs. This facilitates the easy rollout of new network applications, and provides automated user-aware and/or network-aware real-time policy enforce-ment.

ETSI SteerFlow PoC DemoThe ETSI2 has defined proof of concept (PoC) demonstra-tions for a number of NFV technologies. A PoC for SteerFlow: Multi-Layer Traffic Steering for Gi-LAN was conducted in June of 2014 involving products from Radware and HP, and was sponsored by a Tier 1 global telecommunications opera-tor. The Gi-LAN3 is that part of a mobile carrier’s network that interfaces to public and private networks and services. Carriers offer value-added services (VAS) to their customers that can be hosted on the Gi-LAN, including parental control, video optimization, and caching.

The demonstration used physical switches to steer traffic based on layer 2/3 information, while layer 4-7 steering was accomplished with Radware Alteon VA instances. Steer-ing decisions were based on packet headers, payloads, and AAA4 and other data provided through policy enforcement interfaces. Traffic was steered through multiple VAS appli-cations by the steering mechanisms, as show in the figure above.

2 European Telecommunications Standards Institute3 http://nfvwiki.etsi.org/index.php?title=SteerFlow:_Multi-Layered_Traffic_Steering_for_Gi-LAN4 Authentication, authorization, and accounting* Other names and brands may be claimed as the property of others

Figure 2 - SteerFlow PoC Demonstration Intel Technology*

4

Benefits• Lower TCO – through the use of COTS servers.

• Lower OPEX – virtualized ADC instances are handled by existing NFV/SDN automation tools.

• Scalable – can be scaled through clustering to provide any throughput needed in support of applications.

• Short time-to-market – no need to wait for delivery of physical ADC platforms.

• No vendor lock-in – NFV components that are best for the task at hand can be acquired as needed.

ConclusionHigh performance virtualized application delivery controllers are needed to keep up with the explosive growth of virtual-ized applications. Radware’s ADC Virtual Appliance for NFV is a perfect and unique example of this, offering unmatched performance plus all the other benefits associated with SDN and NFV technology.

5

DisclaimersIntel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com.

Intel, the Intel logo and Xeon are trademarks of Intel Corporation in the U.S. and/or other countries.

*Other names and brands may be claimed as the property of others.

© 2015 Intel Corporation

For more information about Intel® solutions for communications infrastructure, visit www.intel.com/go/commsinfrastructure.

6