Editor’s Note: In an attempt to broaden our interaction with our readers we have created this Reader Forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but we maintain some editorial control to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: dmeyer@rcrwireless.com.
SNS Research predicts that the software-defined networking, network function virtualization and network virtualization market will account for nearly $10 billion in 2015 alone, and estimates further growth at 37% over the next five years. These options are gaining rapid adoption because they offer flexibility and agility that traditional networks cannot match. Although communication hurdles have been cleared, network engineers now face the hurdle of ensuring high performance at high speeds – up to 100 gigabits per second.
Concerns today, which will continue to be concerns as the network is virtualized, include performance and the ability to assure reliable, real-time data for management and analytics. Network appliances provide the real-time insight needed to continuously monitor, collect and analyze traffic for management and security purposes. Appliances can be virtualized, but the same constraints that affect the performance of physical appliances will also affect virtual ones.
A remedy for this seeming impasse is the use of virtualization-aware appliances, which span the gap between the networks of today and the software-based models of the future. The real-time insight provided by virtualization-aware appliances using analysis acceleration enables event-driven automation of policy decisions and real-time reaction to those events, thereby allowing users to experience the full agility and flexibility of SDN and NFV.
Why managing SDN and NFV is so challenging
The majority of telecoms have made major investments in operation support systems, business support systems and infrastructure, which must be adapted to not only SDN and NFV, but also to Ethernet and IP networks. Part of the management challenge rests in the fact that most of the OSS/BSS systems installed have their grounding in the fault, configuration, accounting, performance and security model of management first introduced by ITU-T in 1996. This concept was simplified in the Enhanced Telecom Operations Map to fault, assurance and billing. Management systems tend to focus on one of these areas and often do so in relation to a specific part of the network or technology, such as optical access fault management.
The foundation of FCAPS and FAB, however, was traditional, voice-centric networks based on plesiochronous digital hierarchy and synchronous digital hierarchy. They were static, engineered, centrally controlled and planned networks in which the protocols involved provided rich management information. This made centralized management possible.
Even so, some have tried to squeeze IP and Ethernet into FCAPS and FAB management models. For example, call detail records have been used for billing of voice services, so the natural extension of this concept is to use IP detail records for IP service billing. A set amount of digital records are typically collected in 15-minute intervals, which are sufficient for billing. This does not, in most cases, need to be real-time. However, DRs also are used by other management systems and solutions as a source of information to make decisions.
This is problematic, because Ethernet and IP networks are completely different from traditional, centrally controlled and engineered telecom networks, which do not change in a 15-minute interval. Ethernet and IP are dynamic and “bursty” by nature. Because the network makes autonomous routing decisions, traffic patterns on a given connection can change from one IP packet or Ethernet frame to the next. When you consider that Ethernet frames in a 100 Gbps network can be transmitted with as little as 6.7 nanoseconds between each frame, you begin to understand a significant distinction when working with a packet network.
In addition, there’s not a lot of management information to be gleaned from Ethernet and IP. If a carrier wants to manage a service provided over Ethernet and IP, they need to collect all the Ethernet frames and IP packets related to that service and reassemble the information to get the full picture. While switches and routers could be used to provide this kind of information, it became obvious that continuous monitoring of traffic in this fashion would impact switching and routing performance. Hence, the introduction of dedicated network appliances that could continuously monitor, collect and analyze network traffic for management and security purposes.
Changes needed for network appliances
Network appliances are needed in the effective management of Ethernet and IP networks for several reasons. First, all Ethernet frames and IP packets need to be collected and reassembled to enable effective management of services. This, in turn, requires continuous monitoring of the network, even at speeds of 100 Gbps, without losing any information. Network appliances provide this capability in real time.
All network information must be captured and collected by network appliances if the analysis is to be reliable. Network appliances receive data either from a switched-port analyzer port on a switch or router that replicates all traffic, or from passive taps that provide a copy of network traffic. They then need to precisely time stamp each Ethernet frame to allow accurate determination of events and latency measurements for quality of experience assurance. Network appliances also recognize the encapsulated protocols, as well as determine flows of traffic that are associated with the same senders and receivers.
Although appliances are broadly used for the effective, high-performance management and security of Ethernet and IP networks, the taxonomy of network appliances has grown outside of the FCAPS and FAB nomenclature. The first appliances were used for troubleshooting performance and security issues, but have gradually become more proactive, predictive and preventive in their functionality. The real-time capabilities that all appliances provide make them essential to effective management of Ethernet and IP networks. For this reason, network appliances need to be encompassed in frameworks for managing and securing SDN and NFV.
New capabilities with analysis acceleration
Appliances are not designed for continuous capture of large amounts of data and tend to lose packets. For guaranteed data capture and delivery for analysis, hardware acceleration solutions are used, such as analysis accelerators, which are intelligent adapters designed for analysis applications.
Real-time monitoring requires precision to the nanosecond, and analysis accelerators meet that requirement. Designed specifically for analysis, they are similar to NICs for communication, but differ in the fact that they are designed specifically for continuous monitoring and analysis of high-speed traffic at maximum capacity. For monitoring a 10 Gbps bidirectional connection, this means processing 30 million packets per second. Typically, an NIC is designed to process 5 million packets per second. It is very rare that a communication session between two parties would require more than that amount of data. In addition, analysis accelerators provide extensive functionality for off-load of data pre-processing tasks from the analysis application. This ensures that as few server CPU cycles as possible are used on data pre-processing and enables more analysis processing to be performed.
As telecoms monitor the network nonstop, they can check network performance in real time and get an overview of application and network usage. This information can also be stored directly to disk, again in real time, as it is being analyzed. This is typically used in troubleshooting to determine what might have caused a performance issue in the network. It is also used by security systems to detect any abnormal behavior in the past.
Along these same lines, the possibility exists to spot performance degradations and security breaches in real time. The network data that is captured to disk can be used to build a profile of normal network behavior. By comparing this profile to real-time captured information, it is possible to detect anomalies and raise a flag.
In a policy-driven SDN and NFV network, abilities of this type can be very useful. If performance degradation is flagged, a policy can automatically take steps to address the issue. If a security breach is detected, a policy can initiate more security measurements and correlation of data with other security systems. It also can go so far as to use SDN and NFV to reroute traffic around the affected area and potentially block traffic from the sender in question.
Acceleration appliances offer new capabilities via anomaly detection, real-time capture and capture-to-disk. In this way, SDN and NFV performance can be maximized through a policy-driven framework.
Overcoming appliance constraints
A key question remains, even though network appliances can be used to provide real-time insight for management and security in SDN and NFV environments: Can they be fully virtualized and provide high performance at speeds of 10, 40 or even 100 Gbps?
Network appliances, which are already based on standard server hardware with applications designed to run on X86 CPU architectures, lend themselves very well to virtualization. The issue, however, is performance. Virtual appliances are sufficient for low-speed rates and small data volumes, but not for high speeds and large data volumes.
Because performance at high speed is difficult, even for physical network appliances, most high-performance appliances use analysis acceleration hardware. While it does free up CPU cycles for more analysis processing, most network appliances still use all the CPU processing power available to perform their tasks. This means that virtualization of appliances can only be performed to a certain extent. If the data rate and the amount of data to be processed are low, a virtual appliance can be used – even on the same server as the clients being monitored.
The CPU processing requirements for the virtual appliance increases as the rate and volume of data increase. Initially, this will mean that the virtual appliance will need exclusive access to all the CPU resources available. But even then, it will run into some of the same performance issues as physical network appliances using standard NIC interfaces with regard to packet loss, precise time-stamping capabilities and efficient load balancing across the multiple CPU cores available.
The same constraints of physical appliances will be an issue in the virtualized world and must be confronted. One way of addressing this issue is to consider the use of physical appliances to monitor and secure virtual networks. Virtualization-aware network appliances can be “service-chained” with virtual clients as part of the service definition. It requires that the appliance can identify virtual networks, typically done using VLAN encapsulation, which is already broadly supported by high-performance appliances and analysis-acceleration hardware. This enables the appliance to provide its analysis functionality in relation to the specific VLAN and virtual network. This can be a very useful solution in a practical phased approach to SDN and NFV migration.
It is broadly accepted that there are certain high-performance functions in the network that will be difficult to virtualize without performance degradation. A pragmatic solution is an SDN and NFV management and orchestration approach that takes account of physical and virtual network elements. This means that policy and configuration does not have to concern itself with whether the resource is virtualized or not, but can use the same mechanisms to “service-chain” the elements as required.
For the purposes of network management and security, the use of SDN and NFV will necessitate both current and new solutions. These should be deployed under a common framework with common interfaces and topology mechanisms. With this in place, functions can be virtualized when and where it makes sense without affecting the overall framework or processes.
Securing network performance for the future
We live in an exciting time of enhanced and expanded capabilities, but each innovation seems to bring with it one or more challenges. Such is the case with SDN and NFV. They offer network agility and flexibility, yet introduce the challenge of ensuring performance at high speeds. Network professionals need reliable, real-time data for management and analytics, but network appliances – physical or virtual – can only go so far before hitting a wall. Here is where virtualization-aware appliances come to the rescue, serving current network needs while anticipating those of the fast-paced future. The functionality of these appliances will enable SDN and NFV to blossom.
Daniel Joseph Barry is VP of marketing at Napatech and has over 20 years experience in the IT and Telecom industries. Prior to joining Napatech in 2009, Barry was marketing director at TPack, a leading supplier of transport-chip solutions to the telecom sector. He has an MBA and a BSc in electronic engineering from Trinity College Dublin.
Photo copyright: / 123RF Stock Photo
