Bundling NFV and SDN for Open Networking

Bundling NFV and SDN for Open Networking Christos Kolias Orange Silicon Valley NetSeminar @ Stanford May 22, 2014

NFV Abstraction of network functions from dedicated hardware SDN Abstraction of the control plane from the data plane

NFV Concept & Vision Classical Network Model: Hardware Appliances The New Network Model: Virtual Appliances Message Router CDN Session Border Controller WAN Acceleration DPI Firewall Carrier Grade NAT Tester/QoE monitor Orchestration & Automation SGSN/GGSN PE Router BRAS Radio/Fixed Access Network Nodes standard IT infrastructure Network Functions are based on specialized hardware One physical node per role. Physical install per site Static. Hard to scale up & out Inefficient: sized for peak loads or cannot handle spikes Network Functions are SW-based Multiple roles over same HW. Remote operation Dynamic. Extremely easy to scale Scalable number of VMs

Fields of Application (examples) Mobile networks: HLR/HSS, MME, SGSN, GGSN/PDN- GW, enodeb, vepc NGN signalling: SBCs, IMS Switching elements: BNG, CG-NAT, routers Home environment: home router, set top box, picocell Application-level optimization: CDNs, Cache Servers, Load Balancers, Application Accelerators Security functions Firewalls, virus scanners, intrusion detection systems, spam protection Tunnelling gateway elements: IPSec/SSL VPN gateways Converged and networkwide functions: AAA servers, policy control and charging platforms Traffic analysis/forensics: DPI, QoE measurement Traffic Monitoring: Service Assurance, SLA monitoring, Test and Diagnostics 4

ETSI NFV Group Global operators-initiated Industry Specification Group (ISG) under the auspices of ETSI >200 members 28 Tier-1 carriers (and mobile operators) & service providers, cable industry Open membership ETSI members sign the Member Agreement Non-ETSI members sign the Participant Agreement Operates by consensus (formal voting only when required) Deliverables: requirements specifications, architectural framework, PoCs, standards liaisons Face-to-face meetings quarterly. Currently four (4) WGs, two (2) expert groups (EGs), 4 root-level work items (WIs) EG1: Security WG1: Infrastructure Architecture EG2: Performance & WG2: Management and Orchestration WG3: Software Architecture Portability, PoCs WG4: Reliability & Availability Network Operators Council (NOC): technical advisory body 5

6 NFV: a Value Proposition EVA principle: elasticity, velocity, agility Flexibility to easily, rapidly, dynamically provision and instantiate new services in various locations (i.e. no need for new equipment install) Increased speed of time-to-market by minimising the typical network operator cycle of innovation. More service differentiation & customization. Great for BC/DR situations Improved operational efficiency by taking advantage of a homogeneous (physical) network platform Reduced equipment costs through equipment consolidation, leveraging the economies of scale Reduced operational costs: reduced power, reduced space, improved network monitoring Software-oriented innovation (including Open Source) to rapidly prototype and test new services IT-oriented skillset and talent (readily available in global geography, flexible)

An E2E View: Architectural Use Cases Network Functions Virtualisation Infrastructureas-a-Service (NFVIaaS) Network functions go to the cloud Virtual Network Function-asa -Service (aas) Ubiquitous, delocalized network functions (eg., vcpe) Virtual Network Platform-asa -Service (VNPaaS) Applying multi-tenancy at the level Forwarding Graphs Building E2E services by composition NVFIaaS Example 7

An E2E View: Service-Oriented Use Cases Mobile core network and IMS Elastic, scalable, more resilient EPC Specially suitable for a phased approach Mobile base stations Evolved Cloud-RAN Enabler for SON Home environment L2 visibility to the home network Smooth introduction of residential services CDNs Better adaptability to traffic surges New collaborative service models Fixed access network Offload computational intensive optimization Enable on-demand access services 8

The E2E Reference Architecture Os-Ma s NFVI EMS Virtual Computing Computing Hardware OSS/BSS Virtual Storage Virtualisation Layer Vl-Ha Service, and Infrastructure Description EMS Vn-Nf Storage Hardware Hardware resources EMS Virtual Network Network Hardware Se-Ma Ve-Vnfm Nf-Vi Orchestrator Or-Vnfm Manager(s) Or-Vi Vi-Vnfm Virtualised Infrastructure Manager(s) NFV MANAGEMENT & ORCHESTRATION Execution reference points Other reference points Main NFV reference points 9

FG Example 1: virtual infrastructure FG: logical description of interconnecting s and traffic flow between them s have metadata associated with them Network Service: set of packet flows 10

FG Example 2: hybrid infrastructure Infrastructure comprises of virtual and physical switches NSP needs to specify mapping that determines selection & configuration of physical & virtual switching elements (& ports) 11

FG Example 3: nested s Disagreggation of current boxes/architectures (eg., vepc) Better flexibility, can remove performance bottlenecks, scale 12

NFV-aware data plane Physical hardware: fixed connections, static equipment s: dynamic connections, can change over time (VM mobility) Forwarding plane needs to handle: Flow forwarding/switching Flow tracking/monitoring Bandwidth requirements Not just at the single switch/router level but network-wide Multi-tenancy and NFV: is there a relationship? Use virtual networks to support multi-tenancy

NFV-aware control plane Hardware (servers) hosts multiple roles Network Service Composition: Firewalls, Load Balancers, VPN gateways, CDN, IMS, EPC, etc Creation of forwarding graphs, in ETSI NFV nomenclature A FG defines the sequence of s a packet traverses Orchestration of services: allocation & management of resources Control plane needs to maintain Traffic Steering QoS, policy rules Handle mix of virtualized and non-virtualized environments Need for an NFV Controller?

NFV-aware applications Impact on current applications? Adapt existing applications or develop a new class of applications that take advantage of this new NFV paradigm Optimization-oriented: better use of resources Perhaps build new Network Functions & Services that take advantage of a virtualized environment What is the role of the Northbound interface (NBI): between the s and the applications (today it does not exist with the physical network functions) Monetization opportunities (eg, for service providers)

Strategic Networking Paradigms Creates competitive supply of innovative applications by third parties Open Innovation Software Defined Networking Creates abstractions to enable faster innovation Network Functions Virtualisation Leads to agility, Reduces CAPEX, OPEX, NFV and SDN are highly complementary, they are mutually beneficial but not dependent on each other. Software is common denominator SDN can significantly enhance NFV

NFV+SDN SDN can play a key role in the orchestration of the infrastructure (physical, virtual) Provisioning and configuration of s Allocate and manage resources (e.g., bandwidth) VM mobility Automation & programmability Security & policy control Unified control & management plane? Service chaining Directing traffic flows to s Traffic flow characterization very important (especially for mobile, E2E scenarios) 17

NFV creates a very dynamic environment SDN can present an overall logical view, map Ad-hoc, on-demand, secure virtual tenant networks Extend M&O to include Network Management SDN could enable and accelerate the virtualization of the network and the cloudification of the carrier (COs/PoPs become DCs) Challenges for bundling SDN with NFV Hybrid virtualized/non virtualized environment Mixed SDN/non-SDN (legacy) network elements/domiins SDN across NFV boundaries NFV across SDN boundaries (this may require some sort of SDN federation) SDN can enable, simplify and automate NFV implementation 18

SDN Apps Cloud, Data Center & Net Apps/Services/Functions/Utilities APIs SDN (control, programmability, management, network virtualization) Interfaces, Protocols Network, Storage SDN-based NFV NFV Apps Apps Apps Apps Virtual Apps Network Functions Apps (s) Virtual Network Functions (s) Computing Hardware APIs NFV Infrastructure (NFVI) NFV Virtual Infrastructure (NFVI) Virtual Storage Virtual Network Computing Virtual Computing Virtual Storage Virtual Network Virtualisation Layer Virtualisation Layer (ODL, NSX, OVX, ) Storage Hardware Interfaces, Protocols Apps Network Hardware NFV SDN-based MANAGEMENT MANAGEMENT & & ORCHESTRATION ORCHESTRATION SDN Controller Computing Hardware Storage Hardware Hardware resources Hardware resources Network Hardware OpenStack Neutron

Open Networking & NFV What should be open? Open Source (software) Open Design (hardware) Open Standards Open Interfaces, APIs (plugins) Open SDKs Application / Tools / Services Network Operating System API Hardware (switch/server)) API API Virtual Switch API Open Community (not controlled by single vendor) Decoupling of software and hardware. Programmable network functions Benefits modularization: best of breed, flexibility customization (mix & match) reduced costs easy to upgrade, no vendor lock-in 20

Issues: (harmonious) integration and consistency for operators: carrier-grade (HA & five 9s, DR/BC, SLAs, reliability) security, testing & interoperability, certification, licensing, regulation Creating a sandbox of open source tools would be ideal Open s Open-sourced firewalls, load balancers, DPI Emergence of virtual switches and routers as vital block elements Disaggregation of switch hardware/software supports dynamic/programmable QoS (selective per application/user/virtual network, etc) monitoring/analytics tools run many NOS on same system (group of physical/virtual ports) 21

Mapping to Open Source communities OSS / BSS EMS EMS EMS Service, & Infrastructure Description Orchestrator Openstack Cloudstack? Managers NFVI new for generic s Virtual Compute Open Daylight ONOS, ONF Virtual Network Virtual Storage NFV M&O KVM XEN, LXC Hardware Resources Computing Hardware Virtualization Layer Network Hardware DPDK ODP (Linaro) Storage Hardware Virtualized Infrastructure Manager OpenStack CloudStack OCP 22

OpenStack for NFV Openstack: Management & Orchestration platform for Virtualized Infrastructure (Neutron) s Create cloud-based, multi-tenant networks for NFV (XaaS) Resource manager & scheduler Could become an open solution for service chaining NaaS Sliver of network (connectivity) + resources (compute, storage) + apps VNOs (Virtual Network Operators) Bandwidth-on-demand (to tenants, users) New business models (auction/brokering, ephemeral clouds) Extend OpenStack to include monitoring & analytics tools for NFV Richness of APIs 23

XaaS for Network Services NSP User Forwarding Graph Admin User VNPaaS aas Admin User Hosting Service Provider Tenants NFVIaaS NFVI Provider IaaS NaaS NaaS PaaS PaaS SaaS ETSI NFV 24

NFV Research & Call-for-action Service Chaining & Service Insertion algorithms & protocols. Optimization mechanisms NFV Orchestration algorithms NFV Controllers. SDN Controllers for NFV Abstractions for carrier-grade networks & services (imperative/declarative programming languages) Traffic steering/dispatching Pure virtualized environment Hybrid (virtualized/non-virtualized) environment Performance studies, e.g., Resources requirements Latency & locality in software implementation Optimization techniques System bottlenecks Cost (Benefit) Analysis studies 25

Security of NFVI BC/DR: fault-tolerance, resilience, redundancy Consolidation of s & Multipurpose s Nested s algorithms NFV system configuration patterns Complexity of NFV systems Energy Efficient NFV architectures Service Assurance Tests & diagnostics (eg, fault isolation, fault-correlation Predictive analytics (e.g., fault prediction) New s More on : portal.etsi.org/nfv 26

Service Chaining & Service Insertion vfw vlb vdpi vcdn vadc vswitch SDN Controller physical switch vdpi vcdn Policies determine the chain order (eg. OF rules): define your own chain! Use of metadata, tags as application/flow descriptors. Use Tunnels/overlays, eg., VxLAN for creating paths SDN controller for directing traffic Virtual networks for multi-tenancy and traffic isolation (virtualizing the virtual appliances ) 27

Programmable Service Chains Branching Loops Parallelism Nests/recursion Pipelined Service Chains Virtual switches are key (in the chain) functional blocks Statefull/stateless Redundancy/DR Performance guarantees (delay, bandwidth) Languages/structures for describing service chains Describing forwarding behaviour Accounting for constraints (e.g., security) Building service chains for NaaS 28

Infrastructure today Firewall WAN Acceleration DPI Load Balancer Switch Firewall WAN Acceleration DPI Load Balancer Switch Firewall WAN Acceleration DPI Collection of heterogeneous networks (with lots of duplication) Load Balancer Switch 29

control plane Virtualized Network Infrastructure FW LB DPI OSV SDN CTR FW LB DPI OSV SDN CTR M&O OVS FW LB DPI OSV SDN CTR NV VM VM VM VM VM VM VM VM VM VM SDN CTR EMS Physical, fixed boundaries and connections are removed Connections and traffic are dynamic L4-L7 SDN 30

Network Virtualization for NFV Network Virtualization important building block for NFV Moving network functions into VMs, that can be scattered, would require setting up virtual networks to ensure traffic isolation and multi-tenancy Can be inter-dc, as applications (eg., vcdn) can span across DCs virtual Network Overlays (vnos) is one solution Virtual switches/gateways can also here a play a key role in delineating VN boundaries Build scalable virtual networks Network Virtualization for E2E connectivity 31

Cloudification of the Telco Network: Cloud 2.0 and NaaS IaaS: providing E2E services Pooled resources across the domains Great for mobile infrastructure applications 32

vepc @ OSV Virtualizing the EPC goes beyond virtualizing a single function Virtualize nodes (MME, SGW, PGW, SecGW), functions (attach/registration, bearer, PCRF, ANDSF, HSS) Benefits: Orange Silicon Valley Elasticity, agility, scalability: launch VMs to handle traffic spikes Remote operations. Eliminates physical distances between nodes Portability: EPC in a briefcase, e.g, deploy next to enodeb Easier to integrate other functions such as IMS, vdpi, caching Complete decoupling of control & data planes Flexible allocation & deployment of resources Challenge: delivering carrier-grade performance 34

EPC Virtualization - verticalized MME VM HSS VM PCRF VM S-GW VM P-GW VM S1 Attach Attach Policy Policy Policy Internet Auth. Auth. Mobility Mobility enb Mobility Bearer Bearer SGi Bearer Context Context Context Data Data A physical box is mapped to a VM Inefficient: still uses many processes and requires encoding/decoding across interfaces Inflexible: high-availability requires duplication Orange Silicon Valley 35

Cloud EPC Management & Orchestration Attach Attach Policy Policy Policy S1 Auth. Auth. enb Mobility Mobility Bearer Bearer Bearer Context Context Context Data Data Consolidation of multiple physical network infrastructures into one Node disaggregation: obscures boundaries between functional boxes can lead to less complexity Achieves better service scalability, flexibility. Multi-tenancy (eg, MVNOs) Orange Silicon Valley 36

SmartEPC: NFV+SDN PoC Evolved Packet Core SDN CTRL ANDSF Easier to integrate SDN-based solutions, such as smart traffic offloading Offload traffic based on various & different criteria (e.g., per customer, traffic) Embed OF agents in s (running on VMs) Better management of EPC. Mobile flow characterization Does not require vendor to make drastic changes Orange Silicon Valley 38

christos.kolias@orange.com