Network Function Virtualisation (NFV) BoF

Network Functions Virtualization (NFV)

Santanu Dasgupta Sr. Consulting Engineer – Service Provider Network Architecture

BOF Meeting – APRICOT 2015

3rd March, 2015

Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

APRICOT 2015 NFV BOF Outline

§  At APRICOT 2014, the NFV BOF meeting that I hosted was focused around some of the basic and introductory concepts of NFV

§  For APRICOT 2015, the focus area would be a few advanced topics §  However, we can go back to some basics too – there is a section at the end of this slide §  Please jump on with your top of the mind issues that you want to discuss

§  Need active participations from everyone


APRICOT 2015 NFV BOF – Topics For Discussion §  The State of Service Provider NFV and Major Use Cases

§  Data Plane Connectivity Models for VNFs / VMs to achieve high performance

§  Overlay Encapsulation in the DC for MPLS Operators

§  NFV Service Assurance

§  Service Chaining in NFV

§  Applicability of Linux Container Technology in NFV

§  The skillset evolution requirement for engineers

§  Other topics you want to discuss

§  NFV Introduction – as a placeholder


The SP NFV Landscape and Major Use Cases §  Top of mind for most / all Service Providers

§  Lot of expectations – §  CAPEX & OPEX reduction §  Agility with end-to-end automation and cloud centric service delivery models §  Faster time to market for new services §  Architecture transformation §  Increased use of generic hardware and open source software, §  Higher openness and standardization §  Lets have a Reality Check Done with the folks in the meeting

§  Overall the state of technology and deployment at still in primitive stage

§  Major areas of focus §  Cloud Centric Managed Services (Managed CPE, Security, VPN, Value Added Services…) §  Virtualized Mobile Packet Core and Virtualized Gi-LAN §  SP Infrastructure NFV (Virtual BRAS/BNG, Virtual RR, Virtual DNS, Virtual PE…) §  Do you guys have any other major use case that is important to you?

Topic #1


Data Plane Connectivity Models for VNFs / VMs

vSwitch

Tenant VM Tenant VM

KVM

NIC

Multi-tenanted vRouter / vSwitch

vSwitch

Tenant VM Tenant VM

KVM

NIC

Tenant VM Tenant VM §  Multi-tenanted vSwitch (such as OVS) in kernel,

may be with additional extension to do routing §  Performance may be typical concern §  Other possible concerns – Fault tolerance,

kernel recertification needs …

§  High performance multi-tenanted vRouter/vSwitch in the user space

§  vSwitch in the kernel as patch panel for tenant VM connectivity

§  Concern – the vSwitch patch panel performance

Topic #2

Multi-tenanted vSwitch

vSwitch (as Patch Panel)


Data Plane Connectivity Models for VNFs / VMs …contd

High Performance Multi-tenanted vRouter/vSwitch

Tenant VM Tenant VM

KVM

NIC

Tenant VM Tenant VM

vSwitch

Tenant VM Tenant VM

KVM

NIC

Multi-tenanted vRouter / vSwitch

vHost User

§  Move that high performance multi-tenanted vRouter / vSwitch in the kernel space

§  Remove the need of additional vSwitch as patch panel

§  But fault tolerance, other kernel related issues are back here in this model

§  Retain the high-performance multi-tenanted vRouter/vSwitch in the user space

§  Use vhost-user process for inter-VM traffic by direct memory copy – no hypervisor involved

§  Need to ensure proper memory copy operation to ensure security, stability etc

Topic #2

vSwitch (as Patch Panel)


Data Plane Connectivity Models for VNFs / VMs …contd

vSwitch

Tenant VM Tenant VM

KVM NIC

Tenant VM Tenant VM

TOR Switch

802.1q

VXLAN / MPLSoGRE

SR-IOV

Tenant VM Tenant VM

KVM NIC

Tenant VM Tenant VM

TOR Switch

802.1q

VXLAN / MPLSoGRE

§  No multi-tenanted vRouter/vSwitch anymore §  Use a TOR switch for VXLAN – VLAN mapping §  Appropriate VLANs mapped to the VMs through

the vSwitch in the kernel

§  Scalable Layer 3 service chaining may be a challenge to implement

§  No vSwitch anywhere! §  Use a TOR switch for VXLAN – VLAN mapping §  SR-IOV to map the traffic from PNIC to the

appropriate VMs

§  Scalable Layer 3 service chaining may be a challenge to implement

Topic #2


Encapsulation within the DC / NFV POD for MPLS Operators

vNAT vFW

VXLAN / MPLSoGRE / MPLSoUDP IP IP MPLS

vNAT vFW

MPLS (Segment Routing / LDP)

IP IP MPLS

Current Approaches

Possible Alternate ?

End-to-end common encap, uniform OAM, easy operations and troubleshooting But now, the DC/NFV POD underlay devices need to run label switching

CPE

CPE

PE DCI DCI

DCI DCI PE

Topic #3


NFV Service Assurance A huge topic, but appeared to be on back burner for a long time

Service Level Management

Collection

NFVI

Performance Management Fault Management

Analytics Planning and Optimization

Operator’s Console, Dashboards Key Capabilities:

Key Capabilities:

Key Capabilities:

Key Capabilities:

Topic #4


Service Chaining in NFV §  Many thoughts across the industry and technical communities §  Different solutions emerging –

§  Network Service Header (NSH) – being standardized at IETF §  L3 Routed Service Chain (orchestrated) along with BGP for WAN integration §  Segment Routing based service chaining §  VLAN stitching

§  NSH gaining traction and has a lot of promise §  Extensive metadata capabilities to carry rich set of policies §  In-band OAM becoming a possibility – the IP and Ethernet generation had missed it so far §  However some feedback are coming around its complexity §  True benefit of NSH may require all VNFs to support it across industry

•  There may be some issue with time to market, performance impact etc.

Topic #5


Service Chaining with Remote DC & Across Multiple Sites Layer 3 and BGP Capabilities are Critical (MPLS Environment)

POD 2/DC 2 Underlay

R2 R4

PE2 PE3

2.2.2.0/24 4.4.4.0/24

SDN Controller

RT 2:200 RT 4:400

Import 2:200 Import 4:400

4.4.4.0/24, via PE3

Route Leak with modified NH

Impo

rt 4:

400

VRF_A1 VRF_A2

VRF_A1 VRF_A2

VRF_A VRF_A

For Outgoing traffic from Server: 2.2.2.0/24, via DCI, Label 100 4.4.4.0/24, via DCI, Label 200

For Incoming traffic to Sever: 2.2.2.0/24, via VIF2, Label 300 4.4.4.0/24, via VIF1, Label 400

vSwitch

Out

In

vFW2

VIF1

VIF2

vSwitch

In

Out

vFW1

VIF2

VIF1

POD 1/DC 1 Underlay

SDN Controller

VRF_A1 VRF_A2

VRF_A1 VRF_A2

IP/MPLS

4.4.4.0/24, via vPE-F 2

DCI2 DCI1

4.4.4.0/24, via DCI2

Impo

rt 2:

200

Route Leak with modified NH

4.4.4.0/24, via vSwitch

4.4.4.0/24, via DCI1

2.2.2.0/24, via PE2

2.2.2.0/24, via vPE-F 1 2.2.2.0/24, via DCI1

2.2.2.0/24, via vSwitch

For Outgoing traffic from Server: 2.2.2.0/24, via DCI, Label 100 4.4.4.0/24, via DCI, Label 200

For Incoming traffic to Sever: 2.2.2.0/24, via VIF2, Label 300 4.4.4.0/24, via VIF1, Label 400

2.2.2.0/24, via DCI2

Topic #5

BGP RR


NSH May Help Simplify This With Decoupling of Service & Transport Layer

POD 2/DC 2 Underlay

R2 R4

PE2 PE3

2.2.2.0/24 4.4.4.0/24

SDN Controller

RT 2:200 RT 4:400

VRF_A2

VRF_A VRF_A

vSwitch

vFW2 vFW1

vSwitch

POD 1/DC 1 Underlay

SDN Controller

IP/MPLS

DCI2 DCI1

4.4.4.0/24, via PE3 2.2.2.0/24, via PE2

Classifier: If <policy-match> -> PathID 10, SI 3 PathID = 10 -> vFW1, vFW2 vFW1 NH vSwitch

4.4.4.x NSH 10, 3

4.4.4.x NSH 10, 3

4.4.4.x NSH 10, 2

vPE-F1

vPE-F1

vPE-F2 4.4.4.x NSH 10, 2 vPE-F2

4.4.4.x

BGP RR

Topic #5


Linux Container Technology in NFV

§  Linux Container and/or Docker like technologies are gaining a lot of traction in the virtualization space

§  Can help address some performance concerns

§  Security issues associated with Container in a multi-tenanted environment ?

§  How to containerize §  Network Function by Network Function ? §  Or a whole Virtualized Product (OS) ?

Topic #6


NFV – How to build / Augment Operations skillsets

•  Most existing technologies, protocols and associated skills are equally required •  On top of that, there are needs for acquisition of New Skills •  x86 Server Virtualization

•  Virtualization on Linux (and KVM/QEMU) Environment •  Cloud Orchestration Systems – such as OpenStack

•  Virtual Switches – OVS, Netmap/VALE, Snabbswitch, Vendor Specific etc

•  SDN Controllers – OpenDayLight, Vendor Specific •  Device Programmability and APIs – NETCONF, Yang, RESTCONF, REST APIs, OF….

•  Service Function Chaining – specially NSH (Network Service Header)

•  Network based Virtual Overlay transport – VXLAN, MPLSoGRE/UDP, LISP, L2TPv3….. •  Automation Tools – puppet / chef etc.

•  Management, Orchestration, OSS Fundamentals,

•  …..

Topic #7


Open Forum For Other Topics That Are on Top of Your Mind

Topic #8


NFV Introduction Placeholder

Topic #9


“Network Functions” in SP Network Architecture Landscape

LTE

Smartphone

Access

xDSL

WiFi

Smartphone

PC

RNC 2G 3G

Ethernet CE

NodeB

eNodeB

AP

Small Cell FAP

Gateways / Service Edge

OSS/BSS

Subsystems and Control

Data Plane Voice Video Data

Core Network Infrastructure

IMS

xDSL HFC

PGW SGW

2/3G GGSN

2/3G SGSN

MME

ePDG

eWAG

PE

Metro Network Infrastructure

NAT FW IPSec

DPI CGN Caching

Opt

MSC-S MGW

A-SBC I-SBC

BGCF

MGCF

PS / RLS

DRA

Video ingestion

DRM

Video Network

EMS Provisioning Analytics Billing

Radius

DNS

DHCP

S-CSCF

P-CSCF

I-CSCF

Trans- coding

Cache Control

Policy

Parental control

HLR

HSS

ENUM

TAS SMS-C

Services

OCS MMS-C HCS RMS

xDSL DSLAM DSL/ FTTX BNG

Core Routing

Metro Ethernet

Biz CPE

Consumer CPE

Cable Modem CMTS

Capacity Planning

WLC

SecGW

HNB-GW

Policy

SDN Controller

BGP server

Metro Ethernet

Data Center Core and Data Center Network Infrastructure


Virtualization of “Network Functions”

Existing Hardware / Appliance based Network Functions (NFs)

Virtualized NFs running as VM on x86 Server Platform

Step 1: Decouple software from underlying hardware

Step 2: Port it as a VM on

x86 Server platform running as a Network Function

Ethernet Switches

Storage

Hypervisor

FW Routing DPI LB


Telco Service Providers

$$

$$

Service Consumers

Enterprises

Public Sector

Consumer

$$ $$

Cloud / OTT Service Providers

IaaS

PaaS

SaaS

OTT $$

many networks,

technologies and systems

massive growth of IP traffic

$ $$

$$

$$

$$

converged and private networks

PPPoE

IPv4IPv6

MPLS

MPLS-TPOTNDWDMATMSDH xGE

tunnel

VPN

MP-BGP ISIS/OSPF

MPLS-TEDHCP

EOAM IPOAM

LACP

SNMP

CLI XML

t

revenue

cost

$

1.   Lean & Agile OTT players with economies of scale

2.   Highly-‐automated operaEons 3.   Fast-‐paced innovaEon

1.   Complex and silo’d networks 2.   High cost to operate 3.   Lack of agility, huge Eme required to create new services 4.   ExponenEal growth of bandwidth

1.   User Experience 2.   Cloud Centric

ConsumpEon Models / Pay-‐as-‐you-‐go

Need to Understand SP Challenges to realize Why NFV


SP’s Expectations from NFV

§  NFV will help them to reduce cost (TCO)

§  NFV will bring the much needed agility in the Service Creation & delivery process

§  On-boarding a new service will be much easier with NFV

§  SP’s can now afford to go wrong – decommissioning a failed service wont be expensive

§  Services now can be scaled up and down elastically

§  NFV will help drive more Openness and Standardization


§  NFV – It is a Service Provider driven Initiative. §  Initiative announced at “SDN and OpenFlow World Congress”, Darmstadt, Oct 2012 §  Industry Specification Group (ISG) group within ETSI

§  Not defining standards -deliver white papers and liaising with standards bodies

§  First ETSI meeting was held in January, 2013

§  Technically not related to SDN, conceptually different §  But may utilize SDN concepts – Programmability, Orchestration

§  Type of network function mostly determine where virtualization makes sense §  Careful analysis is required on Network Function by Network Function

NFV = Transition of network infrastructure services to run on virtualised compute platforms – typically x86

Network Function Virtualization (NFV) Initiative


Key Factors To Determine Potential Virtualization Targets

Packet / Data Plane Performance Requirements

Control Plane Performance Requirements

Deviation from Standard Server build (e.g. interface type, density)

Economics of On-boarding if Virtualized

Power Efficiency requirement of the System

Development, Ease of Integration, Service Elasticity Needs

1

2

3

4

5

6


The Fundamental Electrical Building Blocks

General Purpose Processors (x86, ARM, PPC) •  Wide range of capabilities (including packet processing) •  Evolving multi-core capability (10+ processors per die) •  Support virtualization and easy to program

Network Processor Units (NPUs) •  Designed for flexible packet processing •  Multi-threaded (100s) / n/w acceleration / integrated memory •  Programmable in high level languages

Fixed function ASICs •  Very low cost •  Integrated s/w, very efficient but relatively inflexible

All based on CMOS technology – All subject to Moore’s Law


Characteristics of Network Elements

High Capacity Plumbing: (L0-3 : e.g. IPv4/v6, MPLS, VPNs, ACLs, optical devices …) •  High throughput / BW •  Many flows needing isolation, significant traffic management needed •  Stateless functions •  Mostly predictable traffic •  Interface-specific functions (2-stage forwarding)

Network Services: (L4+ : e.g. DPI, vFW, CGN, DDOS, BNG, mobility, …) •  Throughput - varies •  # of flows (traffic management) – varies •  Stateful functions •  Unpredictable traffic •  No i/f-specific functions

Low compute + High BW è  Good fit for NPU è  Poor fit for x86/CPU

Poor fit for x86/CPU

Good fit for x86/CPU Yes (%)

No (%)

High Compute + Low BW


Business CPE

Service Appliances

(L4-L7)

Core Backbone Routing, CE Access-Aggregation

and DC switching

Wireline GWs

Home CPE

Wireless GWs

Network Functions – Requirements & today’s approaches

CPU Reqs

0 10Mbps 100Mbps 1Gbps 10Gbps 100Gbps 1Tbps 10Tbps 100Tbps 1Pbps

High

Low

Distributed: CPUs + Lots of NPUs

Distributed: Lots of CPUs + NPUs

Centralized: CPU + NPU

CPU

Centralized: CPU or SoC

Variable CPU / FPGA / NPU

OSS/BSS, subsystem and N/W control


Mapping Back to the Service Provider Landscape

LTE

Smartphone

Access

xDSL

WiFi

Smartphone

PC

RNC 2G 3G

Ethernet CE

NodeB

eNodeB

AP

Small Cell FAP

Gateways / Service Edge

OSS/BSS

Subsystems and Control

Data Plane Voice Video Data

Core Network Infrastructure

IMS

xDSL HFC

PGW SGW

2/3G GGSN

2/3G SGSN

MME

ePDG

eWAG

PE

Metro Network Infrastructure

NAT FW IPSec

DPI CGN Caching

Opt

MSC-S MGW

A-SBC I-SBC

BGCF

MGCF

PS / RLS

DRA

Video ingestion

DRM

Video Network

EMS Provisioning Analytics Billing

Radius

DNS

DHCP

S-CSCF

P-CSCF

I-CSCF

Trans- coding

Cache Control

Policy

Parental control

HLR

HSS

ENUM

TAS SMS-C

Services

OCS MMS-C HCS RMS

xDSL DSLAM DSL/ FTTX BNG

Core Routing

Metro Ethernet

Biz CPE

Consumer CPE

Cable Modem CMTS

Capacity Planning

WLC

SecGW

HNB-GW

Policy

SDN Controller

BGP server

Metro Ethernet

Data Center

No Appeal

No Appeal

High

Appeal

High Appeal

Depends

High A

ppeal

Very High Appeal

High Appeal No

Appeal


The Role of SDN and Orchestration Partial list, just a few main ones are mentioned here

Ethernet Switching Network Underlay

Hypervisor Hypervisor Hypervisor

NAT Firewall DPI

Orchestration and SDN Control Function

Storage

Server 1 Server 2 Server 3

Firewall DPI

VM / VNF Lifecycle Management in

End-to-end manner

Network Plumbing to orchestrate

dynamic topologies

Configuration Management of the VNFs

Integration with Other DC/POD And the WAN

OAM, Assurance, Analytics

Standard APIs

NAT


Computing Hardware

Storage Hardware

Network Hardware

Hardware resources

Virtualisation Layer

Virtualised

Infrastructure Manager(s)

VNF Manager(s)

VNF 2

Orchestrator

OSS/BSS

NFVI

VNF 3

VNF 1

Execution reference points Main NFV reference points Other reference points

Virtual Computing

Virtual Storage Virtual Network

NFV Management and Orchestration

EMS 2

EMS 3

EMS 1

Service, VNF and Infrastructure Description

Or-Vi

Or-Vnfm

Vi-Vnfm

Os-Ma

Se-Ma

Ve-Vnfm

Nf-Vi

Vn-Nf

Vl-Ha

NFV Reference Architecture from ETSI NFV ISG


Major Service Providers Driving the ETSI NFV ISG

* Partial List


NFV Use Cases

•  Simple ones – Virtualized Route Reflector •  Virtualized CPE for Business VPN services •  Virtualized Mobile Packet Core •  Virtualized Managed Services (CPE, FW, UTM…..) •  Virtualized Home CPEs •  Virtualized Gateways (BRAS, BNG, mobile gateways, Wi-Fi gateways) •  ….


Metro&and&Access& Core&&&Edge&&CPE& Data&Centers&

vPE-F

VNF Instances

vPE-F

VNF Instances

VNF VNF VNF VNF

DCI

DCI

Servers Storage

Bare Metal Workload

PE

DCI

DCI PE

Web VM DB VM

FW WAAS

vCPE

vFW

vWAAS L2 NID Backhaul

End-to-End Orchestration


vPE-F

VNF Instances

vPE-F

VNF Instances

VNF VNF VNF VNF

DCI

DCI

Servers Storage

Bare Metal Workload

PE

DCI

DCI PE

Web VM DB VM

FW WAAS

vFW

vESA

vWAAS L3 CPE /

vCPE

Backhaul

End-to-End Orchestration


Business VPN CPE in a Overlay Transport Model

Cloud IPVPN with FW and Remote Access to Internet §  vFW with NAT and Policy §  vFW with IPSec/SSL Remote Access

including Remote End-Host posture verification

CPE

CPE

CPE

Internet Router vFW

SP CLOUD Internet

Cloud-Hosted Management Scalable, elastic, on-demand

Overlay Packet Tunnels §  Keyed IPv6 tunnels - mesh, hub&spoke; §  IPSec tunnels – mesh, hub&spoke if

keyed IPv6 tunnels not supported;

VR


Where to Place the VNFs ?

§  Candidate location types in the network – §  Centralized Data Centers à Easier to manage

§  Fully Distributed – POP’s, Edge / Anchor Points / Peering locations à Higher scale & performance §  Hybrid – Mix of the above

§  Some factors that may need to be considered here – §  The Use Case to deploy the VNFs §  Cost of transporting traffic across core §  Network Architecture / design §  Chance of Sub-optimal routing, impact on SLA (e.g. delay) §  Management Ease vs. Scalability


vPE-F

VNF Instances

vPE-F

VNF Instances

VNF VNF VNF VNF

DCI

DCI

Servers Storage

Bare Metal Workload

PE



vPE-F

VNF Instances

vPE-F

VNF Instances

VNF VNF VNF VNF

DCI

DCI

Servers Storage

Bare Metal Workload

PE

DCI

DCI PE L2 Backhaul

vCPE

vCPE


vPE-F

VNF Instances

vPE-F

VNF Instances

VNF VNF VNF VNF

DCI

DCI

Servers Storage

Bare Metal Workload

PE

DCI

DCI Web VM DB VM

FW WAAS

L2 Backhaul

Web VM DB VM

FW WAAS

vCPE

vCPE


vPE-F

VNF Instances

vPE-F

VNF Instances

VNF VNF VNF VNF

DCI

DCI

Servers Storage

Bare Metal Workload

PE

DCI

DCI PE

vCPE

vFW

vWAAS L2 NID / L2 Backhaul

Web VM DB VM

FW WAAS

Cen

traliz

ed

Higher Traffic Across Core Sub-optimal routing Higher e2e delay

Better performance / scale More Complex to manage

Better performance / scale More Complex to manage

Dis

tribu

ted

Dis

tribu

ted

with

S

ervi

ce C

hain


NFV – How to build / Augment Operations skillsets

•  Most existing technologies, protocols and associated skills are equally required •  On top of that, there are needs for acquisition of New Skills •  x86 Server Virtualization

•  Virtualization on Linux (and KVM/QEMU) Environment •  Cloud Orchestration Systems – such as OpenStack

•  Virtual Switches – OVS, Snabbswitch, Netmap/VALE, Vendor Specific etc

•  SDN Controllers – OpenDayLight, Vendor Specific •  Device Programmability and APIs – NETCONF, Yang, RESTCONF, REST APIs, OF….

•  Service Function Chaining – specially NSH (Network Service Header)

•  Network based Virtual Overlay transport – VXLAN, MPLSoGRE/UDP, LISP, L2TPv3….. •  Management, Orchestration, OSS Fundamentals

•  …..

Thank you.