Embed Size (px)
Citation preview
NETWORK FUNCTION VIRTUALIZATION: PACKETLOGIC VIRTUAL NETWORK FUNCTION
AS A SERVICE FOR ENTERPRISES
FEBRUARY 2014
Leveraging State-of-the-Art Intel and HP platforms to create an Internet intelligence Virtual CPE solution for Enterprise Services
Network Function Virtualization for PacketLogic vCPE©2014 Procera Networks. All Rights Reserved.
WHITE PAPER
Page 2
These network operators see tremendous potential in NFV for telecommunications deployments. The stated benefits from the NFV ISG include:1
• Reduced operator CAPEX and OPEX through reduced equipment costs and reduced power consumption
• Reduced time-to-market to deploy new network services
• Improved return on investment from new services
• Greater flexibility to scale up, scale down or evolve services
• Openness to the virtual appliance market and pure software entrants
• Opportunities to trial and deploy new innovative services at lower risk
The goals from the ETSI NFV Industry Specification Group (ISG) for the standards framework is to address the technical challenges for NFV, which include:2
• Ensuring that virtualized network platforms will be simpler to operate than what exists today.
• Achieving high performance virtualized network appliances, which are portable between different hardware vendors and hypervisors.
• Achieving co-existence with legacy hardware-based network platforms whilst enabling an efficient migration path to fully virtualized network platforms which re-use network operator existing BSS and OSS.
• Management and orchestration of virtual network appliances (particularly alongside legacy management systems) while ensuring security from attacks and misconfiguration.
• Maintaining network stability and service levels without degradation while under load or during relocation.
• Ensuring the appropriate level of resilience to hardware and software failures.
• Enable the creation of virtual network appliances which will run, ideally without recompilation, on any hypervisor and hardware configuration, and integrate “on the fly” into the network operators’ existing EMS, NMS, OSS, BSS and orchestration systems.
• Requirement analysis for future technical specifications and standards in ad hoc standardization organization and groups to be identified or created at ETSI and other relevant standards development organizations.
HP, Intel, and Procera Networks are all members of the ETSI NFV ISG, and have joined together to work on specific NFV use cases that leverage Intel processing, HP hardware platforms, and Procera Networks Internet intelligence solutions.
NETWORK FUNCTION VIRTUALIZATION
Network Functions Virtualization (NFV) is a major strategic initiative for network operators worldwide. In January 2013, the European Telecommunications Standards Institute (ETSI) launched an initiative sponsored by seven of the largest operators in the world: AT&T, BT, Deutsche Telekom, Orange, Telecom Italia, Telefonica and Verizon to establish requirements and an architecture for the virtualization of network functions. In a relatively short time, the number has increased to over 150 operators, vendors, and technology providers. Data center solutions have leveraged virtualization technology for years, but the telecommunications network has not widely adopted the technology for its infrastructure for a number of reasons, but operators wanted to change that through the ETSI process.
1. http://www.etsi.org/index.php/news-events/news/644-2013-01-isg-nfv-created2. http://www.etsi.org/technologies-clusters/technologies/nfv
Network Function Virtualization for PacketLogic vCPE©2014 Procera Networks. All Rights Reserved.
WHITE PAPER
Page 3
The concept of Virtual CPE is very exciting to managed services solution providers, as it provides superior service flexibility and enables the operator to use of best-in-breed solutions as needed to provide specific service functions. The vCPE solution can be deployed either at the customer premise or in the provider’s “cloud” as a managed service. Dedicated, standalone appliances often do not deliver the right combination of capabilities and also tie the enterprise to a specific vendor’s platform until they can depreciate the investment. “Virtual Router” based solutions do exactly the same thing, often with even more limited functionality.
VIRTUAL CPE SOLUTIONS
The ETSI NFV ISG has defined a number of different use cases as part of the expected deployment of NFV in service provider networks. This white paper describes one of those use cases, a Virtual CPE implementation of the Procera solutions. The Virtual CPE use case falls under the Virtual Network Function as a Service (VNFaaS) description in ETSI GS NFV 001 V1.1.1 Network Function Virtualization (NFV) Use Cases. An architecture diagram of the different NFV use cases (including Virtual CPE) is shown below.3
Figure 1 - NFV Use Cases
3. http://portal.etsi.org/NFV/NFV_White_Paper2.pdf
Virtualisation ofBase Station (cBS)
Virtualisation ofMoble CDNs
Virtualisation of Moble Core/IMS
Virtualisation ofHome and Enterprise Networks
VNF Forwarding Graph
VBsLTE
VBs3G
vBS2G
vBSWiMax
HW
C-PlaneADSL
C-PlaneVDSL
C-PlaneITU-T/G
HW
DNS
VNF
DHCP SGW Firewall SGW
HW HW HW
HW HW
RGW NAT STB
HW HW
CON 1 CON 2
HW HW
CO
Virtualisation ofFixed Access
FTTB
/C
FTTdp
FTTH
HW
CSCF SGW CSCF MME
HW
HW Hardware resources
VNF
Hardware resource pool
HW HW HW
CSCF PGW AppServer
HW HW HW HW
MME CSCF LB DHCP
HW HW HW HW
AppServer
AppServer
VNF VNF VNF VNF
Network Function Virtualization for PacketLogic vCPE©2014 Procera Networks. All Rights Reserved.
WHITE PAPER
Page 4
The virtualization capabilities being introduced by NFV offer a huge opportunity for network operators looking to offer differentiated managed enterprise services with a major reduction in CAPEX required for service launches. Through the use of common hardware and best-in-breed VNF capabilities, a managed services solution can be offered to any customer that has broadband access into the provider “cloud”. The ETSI GS NFV 001 V1.1.1 Network Function Virtualization (NFV) Use Cases document calls out the different potential locations for the vCPE.4
Figure 2 - vCPE from NFV Whitepaper
Branch
BranchBranch
IP Backbone
Customer SiteVirtualisation
Network Edge Virtualisation
Non-virtualized CPE
vE-CPE deployed at various locations
Centralized Corporate IT Infastructure
Branch
vE-CE
vE-CE
vE-CENFVLPoP
In this model, different VNFs can be added to the enterprise customer’s service chain. This paper will explore the offerings that can be created using the PacketLogic solutions as a VNF.
4. http://www.etsi.org/deliver/etsi_gs/NFV/001_099/001/01.01.01_60/gs_NFV001v010101p.pdf
Network Function Virtualization for PacketLogic vCPE©2014 Procera Networks. All Rights Reserved.
WHITE PAPER
Page 5
PACKETLOGIC VIRTUAL NETWORK FUNCTIONProcera’s PacketLogic solutions are deployed in service provider networks to gain insights into network and subscriber behavior as well as to take action in order to provide a high quality of experience for their broadband consumers. These solutions can be deployed in the access network, aggregation layer, network core, or at the peering point to provide different network views and services, including virtual and hardware-based solution options.
Figure 3 - PacketLogic Deployments
Access Packet Core
DSL
FTTH
OCSPCPF AAA/HLR/HSS
Cable
CMTS
HIGH-ENDENTERPRISE
2G/3G/LTE
WiFi
1
2
3
4
5
VAS• Optimization• Parental Control• Caching/CDN• URL Filtering• Advertising
Internet
CLOUD SERVICES
RNCSGSNSGW
AC
GGSN PGW
WAN Edge
Router
FTTH Aggregation
BRAS
DSLAM
Traditionally PacketLogic solutions have been tied to specific off-the-shelf hardware platforms based on Intel technology. Although PacketLogic has always been hardware independent, to achieve the performance and scalability that our customers demanded required tight integration with whatever hardware platform we were deployed on. However, with the introduction of the PacketLogic/V solutions, Procera has de-coupled our software from the underlying hardware platform to deliver on the premise of NFV.
PacketLogic/V platforms offer all of the software capabilities offered on its hardware-based PacketLogic platforms available on COTS virtual machine environments running on COTS hardware. All three of the functional components that make up Procera PacketLogic software – real-time enforcement, subscriber manager, and intelligence center – can be readily provisioned without the need for purchasing vendor-specific, single-use hardware configurations or purpose-built hardware that are typically needed by competing systems.
Network Function Virtualization for PacketLogic vCPE©2014 Procera Networks. All Rights Reserved.
WHITE PAPER
Page 6
PacketLogic/V platform components run as individual Virtual Network Function Components (VNFC) that are part of ESTI-defined Virtual Network Function (VNF) environment that a network operator would need to support a PacketLogic analytics or enforcement solution. The solution would be managed by a VNF management solution as well as the APIs that are included as part of the PacketLogic solutions. This provides the ultimate flexibility in provisioning computing resources and PacketLogic software licenses to gather high-resolution Internet intelligence in order to provide detailed subscriber-centric analytics and support for intelligent, real-time policy enforcement.
The Enterprise Service Offerings delivered by the PacketLogic VNF fall into two different Procera solution families: Gain Insight and Take Action. Gaining Insights leverages the fine-grained visibility of the PacketLogic Internet Intelligence solutions, and can be used to provide an enterprise with a greater understanding of their usage of broadband and Internet bandwidth. Those insights can be turned into Actions using the real-time policy enforcement capabilities of PacketLogic, and this creates a powerful solution that offers both real-time and historical perspectives as well as the ability to manage enterprise network traffic.
Figure 4 - vCPE Deployment Options
CPECPE
CPE CPE
CPE
PEPE
PE Service Provider Core
Enterprise
Enterprise Enterprise
VNFVNFVNFVNFVNFVNFVNF
CPECPE
VNFaaSService Utility
Some of the services that can be offered to enterprises with this solution include:
Advanced Usage Reporting and SLA Verification: The Internet Intelligence Center enables operators to deliver customized, detailed real-time and historical reporting and analytics to the end customer. This information can be used to provide value-added reports to the customer, or to help verify the billing and SLA information that is part of the customer’s managed services contract. The information available in PacketLogic includes not only the bandwidth and volume of data used, but also application, content, device, quality, latency, and congestion reports (packet drops) for how the network behaves during times of congestion.
Network Function Virtualization for PacketLogic vCPE©2014 Procera Networks. All Rights Reserved.
WHITE PAPER
Page 7
Regulatory compliance and data retention: Many enterprises have specific regulatory compliance standards (financial institutions for example) that require them to log specific application traffic or access logs. PacketLogic includes a number of different high-volume logging technologies that can be used to selectively retain audit logs for specific policies on the enterprise network. These policies can be based on specific users, servers, applications, content, or even cloud-based services.
Traffic Management: PacketLogic solutions have sophisticated traffic management and fair usage capabilities. Enterprises can manage users, user groups, applications, content, and even specific devices based on time of day, day of week, bandwidth, and connection consumption to ensure that their business critical data is prioritized over recreational traffic or less important traffic during peak times or during network congestion. Examples might be de-prioritizing recreational video streaming outside of lunch or break times, removing bandwidth limits during off hours, or prioritizing access to salesforce.com during quarter close for sales-oriented businesses. In addition to simply managing the traffic, PacketLogic can provide detailed reports on which users or applications were affected by traffic management and how much latency or packet drops were introduced for the affected traffic.
Application Firewalling and Control: Although PacketLogic is not a traditional firewall, it can use the application and content signatures to restrict the use of specific applications. These controls can also be based on users, user groups, users, user groups, applications, content, and even specific devices based on time of day, day of week. These controls allow finer grained control than most firewalls, as they are based on true layer 7 capabilities, and can even detect applications that morph their signatures when confronted with firewall solutions. Common applications that fall into this category include peer-to-peer, Skype, Tor, and other encrypted applications, which are hit-and-miss even with more advanced firewalls.
Content Control: ContentLogic enables the PacketLogic solutions to add content categorization to the existing application signatures. With ContentLogic, enterprises can manage access to different categories of content to ensure that inappropriate content in the workplace or limit recreational content during peak work hours. Categories of content include social networking, pornography, job hunting, news, and over 100 other classifications.
Carrier Grade NAT: PacketLogic also includes Network Address Translation functionality to minimize the number of VNFs needed to transition the enterprise’s private address space into publicly accessible Internet addresses. This helps both the service provider and enterprise manage address space consumption while still providing user-level visibility for policy enforcement and analytics.
Advanced Traffic Steering: Many enterprises utilize application delivery controllers to load balance or divert specific applications or services to value added services systems like WAN optimization or caching appliances. Rather than implementing a separate VNF for this, PacketLogic includes these functions to simplify network deployments and enable a single point of Layer 7 control and visibility in a managed service.
Through the PacketLogic/V implementation of NFV, these solutions enable an extremely rich service offering with minimal hardware cost and maximum flexibility. Operators offering managed services can now monetize these capabilities without requiring yet another piece of CPE at the customer site.
Network Function Virtualization for PacketLogic vCPE©2014 Procera Networks. All Rights Reserved.
WHITE PAPER
Page 8
SOLUTION TESTING DETAILS
The test environment used to demonstrate a PacketLogic Virtual CPE deployment was as shown in the diagram and detailed below:
Figure 5 - Virtual CPE Test Environment
CloudStack Apache CloudStack (orchestration)
HP DL380 (COTS)
KVM (Hypervisor)
VNF-M vPIC vPSM vPRE
• HP DL380 server • Intel® Xeon® E5-2697 v2 processors @ 2.70Ghz • KVM virtualization manager • Breaking Point traffic generator
• Procera Solutions:
– PacketLogic Real-Time Enforcement
– PacketLogic Subscriber Manager
– PacketLogic Client
– PacketLogic Element Manager
– Internet Intelligence Center Insights
The test consisted of creating instances of PacketLogic VNFs on the HP hardware and dedicating a specific number of Intel cores and memory to a PacketLogic/V instance. The solution was managed with the PacketLogic Element Manager and the PacketLogic Client, analytics and visualization for the CPE instance performed by the Internet Intelligence Center Insights solution. The Breaking Point traffic generator was used to generate a mix of application traffic that would be classified by the PacketLogic VNF for the enterprise service.
The PacketLogic VNF was configured to use the following parameters for each vCPE instance:
CPU: Intel® Xeon® CPU E5-2697 v2 @ 2.70GHz, 4 CPU cores Memory: 8G of RAM per instance
Network Function Virtualization for PacketLogic vCPE©2014 Procera Networks. All Rights Reserved.
WHITE PAPER
Page 9
Figure 6 - CPU Usage
Figure 7 - Forwarding Rate
If we extrapolate the performance for a full system dedicated to the PacketLogic VNF using the full capabilities of the Intel-powered HP platform, a single DL380 could deliver up to 8 vCPE instances on a single server, providing a huge benefit for an operator looking. This capacity could be subdivided into a large number of VNFs, providing an easy-to-calculate ROI based on the number of equivalent dedicated hardware units that would have needed to be purchased. The ROI would also include the cost of truck rolls that would be required to deploy the solution, which is often more expensive than the cost of the hardware solution itself.
WHITE PAPER
SPECTRUM OVERVIEW
In our increasingly connected world, it has become clear that thoughtful sharing of inspiration and resources accelerates the development and application of technologies that benefit us individually and collectively. It’s on this premise that HP and Intel have created SPECTRUM, a program designed to accelerate the development and application of technologies for Telecommunications Solution Builders.
SPECTRUM enables developers of hardware and software to deliver solutions to meet the challenges of the telecommunica-tions markets. SPECTRUM is also an engine designed to empower developers to address market challenges with cost-effective, power efficient, industry-standard technologies from HP and Intel.
PROCERA NETWORKS OVERVIEW
Procera Networks Inc. (NASDAQ: PKT) delivers Internet Intelligence solutions to service providers and network
equipment manufacturers for analytics and enforcement of broadband traffic worldwide. Procera’s solutions
provide actionable intelligence and policy enforcement to ensure a high quality experience for any Internet and
network connected device. For more information, visit http://www.proceranetworks.com or follow Procera on
Twitter at @ProceraNetworks.
www.proceranetworks.com
Canadian Headquarters
Procera Networks
#302 -1353 Ellis Street
Kelowna, BC V1Y 1Z9, Canada
P. +1 250-448-1925
F. +1 250-412-3558
www.proceranetworks.com Corporate Offices
Procera Networks, Inc.
47448 Fremont Blvd
Fremont, CA 94538
P. +1 510-230-2777
F. +1 510-656-1355
Asia/Pacific Headquarters
Unit B-02-11,
Gateway Corporate Suite,
Gateway Kiaramas
No. 1, Jalan Desa Kiara, Mont Kiara
50480 Kuala Lumpur, Malaysia
European Headquarters
Procera Networks
Birger Svenssons Väg 28D
432 40 Varberg, Sweden
P. +46 (0)340-48 38 00
F. +46 (0)340-48 38 28
Copyright © 2014 Procera Networks. All rights reserved. All other trademarks are property of their respective owners. WP-001 Rev A 03/14
