3PROGRAMMABLE NETWORK EDGE

NFV for a Smooth Migration to Value-Added Services

PROGRAMMABLE NETWORK EDGE

2PROGRAMMABLE NETWORK EDGE

Network functions virtualization (NFV) is transforming the way telecommunications providers operate. Traditional infrastruc-tures, with purpose-built hardware appliances spread across complex and unwieldy networks, are making way for fl exible, streamlined, software-defi ned solutions. There’s no doubt that a virtualized software-defi ned network (SDN), built on stan-dard servers, general-purpose storage and standardized soft-ware applications, offers enormous benefi ts for operational simplicity, cost-savings and effi ciency.

Optimizing the Connectivity Network for NFV

In enterprise, fi xed and mobile networks of today, most hard-ware-based network functions can be virtualized by software run on standard servers. These software appliances can be hosted on central servers but also run on processors integrat-ed with demarcation devices at the edge of the network. While central hosting allows resources to be shared among many customers creating benefi ts from economies of scale, it’s more effective to host latency-sensitive appliances at the edge.

As communication service providers (CSPs) move from eval-uating the feasibility of NFV towards analyzing the practical implications of NFV and SDN on their own networks, they’re beginning to look at the impact of agile service creation on their underlying connectivity network. Services need to be rapidly activated and quickly relocated. This means links that are currently static must become dynamic to optimize resource utilization across different data centers.

A major advantage of NFV comes from the freedom to allo-cate virtual appliances on any available server in a network. While physical hardware is located at the site of use, virtual appliances may be provisioned anywhere in a network. This does, however, create issues for service assurance. Service levels need to be confi rmed at the service handoff point rather than at the site where the virtu-al appliance is executed. That’s why network interface devices have an additional, separate role assuring service quality at the service demarcation.

Convergence at the Edge

As communication service providers build data centers and start delivering integrated hosting and communication services, they face the challenge of combining enterprise IT and service provider communication technologies. In the core there’s a natural separation between the data center and the connecting transport network. But at the edge, cost pressure makes such separation prohibitive. The best route towards cost-optimized NFV solutions is to integrate servers and connectivity technol-ogy. This also addresses the need to develop carrier-grade reli-ability for enterprise IT technology. A marriage between enter-prise IT principles and service provider best practices promises a lot. It could be a very fruitful cross-fertilization in what have traditionally been very isolated technology domains.

Innovation in Demarcation

As outlined above, network interface devices (NID) have to respond to architectural and technological change by providing additional features. This allows a service provider to gener-ate the most value from their investment in service-agile net-works. At ADVA Optical Networking we’re building on extensive expertise with service-assured demarcation technology as well as pioneering technology in open and automated network con-trol. Both technologies are vital for the seamless evolution of a service provider’s business edge.

With the introduction of our unique programmable network edge portfolio, we’re paving the way for transforming NFV promises into highly profi table, new service offerings. Our FSP 150 ProNID is a series of demarcation products optimized for service providers initially turning to central hosting of soft-ware appliances. Our FSP 150 ProVM extends the capability of

this proven product family with integrated server and storage resources, enabling a service provider to host virtualized net-work functions right on the cus-tomer premises.

Network Edge Capabilities Are Vital for NFV

The Route to NFV • Replacing dedicated hardware with software appliances• VNFs hosted centrally or at the edge• Demarcation technology supports NFV• Open, programmable networks for agile, innovative services• Integration of demarcation technology with servers and storage devices

Page 2: VNFs can be hosted on customer premise or in central data center

Metro/AccessNetwork

Numerous VNF opportunities: routers, firewalls, IDS/IPS, load balancers, RBS, caching, DPI, WAN optimization, security, SCADA ...

Data Centerat PoP

Server

Metro/AccessNetwork

Server

Server

2 3PROGRAMMABLE NETWORK EDGE

The virtual customer premises equipment (vCPE) use case gets a lot of attention, and for good reason. Operators can replace expensive special-purpose hardware operated on a customer site with general purpose servers running software applianc-es. Various service providers implement this business model based on centrally hosting virtual network functions (VNFs), which allows them to benefi t from economies of scale and to maximize resource utilization.

What service providers, however, can’t afford to overlook, is how NFV potentially impacts their connectivity infrastructure and respective network topologies. In key areas, there are ramifi cations for transport networks that must be considered in order to maximize the benefi ts and revenue opportunities that NFV provides.

Understanding the Impact of Customer EdgeRouter Virtualization

Communication service providers connect customer sites through Ethernet services that terminate on a demarcation device. Frequently a co-located customer edge (CE) router creates a Layer 2 / Layer 3 virtual private network (VPN) for multi-site connectivity.

The Ethernet demarcation device monitors service quality and restores connectivity in case of network fail-ures utilizing well-standardized pro-tocols and methods. Hardware-based implementations guarantee excellent scalability at moderate cost.

The complexity of CE routers and the ongoing development of routing protocols favor soft-ware-based implementations, which are mostly implemented on top of supplier-specifi c hardware. That’s why CE routers are a highly promising candidate for network virtualization. How-ever, virtualizing a CE router and locating this network function at a central site leaves the service provider offering a high-lay-er network service without being able to monitor the service at those layers, all the way to the enterprise site.

The CSP requires visibility of the end point of its service re-sponsibility so ADVA Optical Networking’s FSP 150 ProNID comes with additional operations, administration and mainte-nance (OAM) features at the point of service demarcation. This guarantees predictable and stable performance of any network service, wherever the constituting network functions are lo-cated.

Security in NFV-Centric Connectivity Networks

With enterprises so highly sensitive to security concerns, CSPs obviously need to do everything possible to ensure that net-works and traffi c are fully protected.

This is especially true for service providers who suggest that security-related functions such as managed fi rewall services should be virtualized instead of deployed physically at the cus-tomer edge and run as software appliances from a central point of presence (PoP). The shift from dedicated hardware applianc-es to standard, general-purpose servers and software control has obvious benefi ts. Enterprises may have concerns, howev-er, as its security perimeter now extends into the network of the CSP.

The CSP will need to ensure privacy and confi dentiality of the traffi c as it transits along the public network between the en-terprise site and operator site of the network, which might even be provided by a third party wholesale access provider. Our ConnectGuard™ advanced Layer 2 encryption, part of the FSP 150 ProNID product series, addresses the security chal-lenge by protecting the user traffi c. Complete transparency in combination with very low latency assures privacy of the com-munication without compromising the service performance.

Programmability

As enterprises frequently segment their local area networks (LANs) into different virtual LANs (VLANs), routers are used to forward traffi c between those different segments of the enter-prise network. As site routers become replaced with virtualized, centralized

router appliances, even a business’s local traffi c – such as the different VLANs – begins to needlessly occupy transport capac-ity back to the operator.

It’s important to eliminate this ineffi cient use of transport bandwidth and network resources by minimizing the amount of backhaul traffi c to the PoP. That’s why our FSP 150 ProNID provides programmability so that shortcuts can be created for traffi c that doesn’t need to go back and forth to the central offi ce. This programmability means LAN traffi c stays in the enterprise premises, even though full service control is being provided virtually from a centralized location in an NFV-centric network.

FSP 150 ProNID – Demarcation Technology Optimized for Central Hosting of VNFs

ADVA FSP 150–GE110 Pro Series

Metro Network

Main Office

Page 3: ProNID with centrally hosted VNFs

Branch Office ProNID

Metro Network

ProNID

ProNID

Connectivity & Cloud Service Provider

Point ofPresence

4PROGRAMMABLE NETWORK EDGE

There are virtual network functions which should be hosted on the customer’s site at the edge of a network as latency resulting from central hosting would degrade service perfor-mance. In order to balance cost and service quality, the most promising approach for an edge NFV device is to integrate net-work demarcation functions with hardware-based switching and standard processors as well as storage for the hosting of virtual network appliances.

Consistent Performance Assurance

As communication service providers extend their business from offering connectivity services towards providing managed network services, they need to assure service performance of the virtual network appliance and service performance of the underlying connecting network. Today, the operation of com-munication networks is supported by a comprehensive set of service OAM functions. Service providers will want to see sim-ilar capabilities from any resource of an NFV infrastructure as standard servers and storage devices become integrated with carrier grade network technology.

At ADVA Optical Networking we’ve addressed the need for service assurance with edge NFV. The FSP 150 ProVM prod-uct series is designed to augment proven network demarcation technology with the latest, high-performance processor tech-nology. The unique combination and tight integration of physi-cal and virtual network functions comes with cost advantages. Even more importantly, this approach combines the fl exibility of software-defi ned networking with the performance and scal-ability of dedicated hardware. As dedicated hardware functions monitor the server and virtual appliances, monitoring is pro-vided even in case of software crashes or congestion resulting from malicious attacks.

A close integration of network and server resources unleashes the full potential of edge NFV as processing power isn’t wast-ed on lower-layer network functions. Even the most stringent

performance and latency requirements of demanding network appliances can be met.

Open Platform

The migration to NFV allows CSPs to introduce new services in a very fast and agile way. A new network function can be add-ed to the services catalog within weeks and provisioning times of additional services might be as low as minutes. Based on open networks applying open source operating and hypervisor systems, software appliances can easily be managed, down-loaded, initiated and terminated by a mouse-click on a central orchestration tool frequently based on open source software.

The integration of our FSP 150 ProVM into open network envi-ronments is supported with device drivers for common virtual infrastructure management solutions such as OpenStack. This simplifi es integration and facilitates a rapid transition towards NFV-enabled service offerings without limiting applicability to a closed vendor domain. Close integration of control and man-agement systems with the underlying hardware creates syner-gies between physical and virtual network functions resulting in the best performance.

Trusted Edge NFV

Today’s network functions are frequently implemented with dedicated, traditionally proprietary technologies. This creates some level of “security by obscurity”. Replacing such hardware with standard general-purpose servers, standard storage and standard network components increases the attack surface and calls for additional monitoring and security controls. Similar-ly, there are key ramifi cations in moving from supplier-specifi c network management and network control toward open-source software, as detailed information about the applied protocols, as well as the supporting tools for those protocols, are publicly available.

That’s why the transition toward NFV-centric networks signifi -cantly impacts the risk profi le. We’ve made sure our FSP 150 ProVM can respond to this change with a variety of additional security features protecting the network but also the user data in a highly secure way. Advanced monitoring schemes identify any malfunction of the service-creating hard- and software. Tamper-resistant storage of customer credentials forms the basis for secure authentication, access control and encryption, thus securing the user data as well as the management and control traffi c. Confi gurable access control lists (ACLs), in com-bination with programmability, are an effi cient means to dy-namically block malicious network traffi c.

FSP 150 ProVM – Assured Multi-Technology Edge NFV Devices

Balancing Central and Edge Hosting• FSP 150 ProNID with central hosting for economies of scale• Edge NFV with FSP 150 ProVM for lowest latency and best scalability• Additional security controls for secure NFV• Open programmability for seamless integration• Comprehensive service and connectivity assurance

Virtual Network Functions

Page 4: ProVM for best performance with edge NFV

NID / CCServer

Hypervisor

Open Sourcemanagement

such as

Open Configuration

NMSProVM

Storage

PROGRAMMABLE NETWORK EDGE 5

Initial NFV and SDN demonstrations have shown the signif-icant value of replacing dedicated hardware-based network functions with standard servers and software appliances. ADVA Optical Networking has proven the feasibility in various joint demonstrations with leading VNF suppliers. The virtualization of a radio base station showed how physical network functions for generating the RF signal and virtual network functions for control plane processing can be advantageously combined. Re-placing physical customer edge routers with software applianc-es operated on central or edge servers provided comprehen-sive insight into the impact of NFV on the network architecture and – more specifi cally – on the connectivity network.

Our FSP 150 ProNID and ProVM benefi t from the comprehen-sive experience that we’ve gained from ADVA Optical Net-working’s close technology partnerships with leading service providers. The products have been designed and developed specifi cally to manage the transition to NFV while avoiding per-formance limitations or functional defi ciencies of applied net-work interface devices. The diagram shows the feature evolu-tion of demarcation technology towards NFV-centric networks.

Best Demarcation Technology for NFV

We’ve extended the feature set of the ADVA Optical Networking demarcation portfolio in order to comply with the fl ex-ibility, agility, elasticity and increased level of automation of NFV-centric net-works. Proven assurance functions for connectivity have been extended and additional functions now provide server and VM performance assurance. As NFV changes the attack surface, new secu-rity features mitigate emerging risk. Open interfaces allow these advanced demarcation devices to be operated and confi gured with open-source soft-ware for ease of network integration and agile service innovation.

The integration of hardware-accelerated demarcation technol-ogy with servers opens up interesting opportunities for mon-itoring the processors, operating systems and hypervisors by hardware-implemented probes. Hardware-based monitoring systems empower a service provider to remotely monitor, an-alyze and troubleshoot a system even if the server and related software enter into an irregular state from which it cannot re-cover on its own.

Remove Road Blocks to NFV

Based on our proven track record in service-assured demar-cation technology, our FSP 150 ProNID and ProVM provide a seamless path towards NFV-optimized connectivity networks. Communication service providers can embark on the transition towards NFV-centric networks without having to worry about hidden risks arising from inappropriate demarcation technology.

Open interfaces and integration into open-source orchestration solutions break up previous single-vendor dominated networks which proved to have limited scalability, high cost and slow speed of innovation. Our FSP 150 ProNID and ProVM empow-er service providers to leverage optimum value from emerging NFV technology by offering a perfect solution for any VNF host-ing scenario and customer use case.

Relevance of NID features with legacy and NFV networks

Transforming Innovation into Business Value

Optimizing Network Interface Devices (NID) for NFV• Open programming interfaces• Open-source management such as OpenStack• Comprehensive security controls• Hardware-assisted monitoring of VMs• Best performance by hardware acceleration

Ethernet OAM

IP OAM

VM Monitoring

VM Hosting

Programmability AutomatedProvisioning

Encryption

Authentication

Access Control

00.5

1

Page 5: Optimizing edge devices for NFV

Legacy

NFV, central hosting

NFV, edge hosting

5

For More Information

ADVA Optical Networking SECampus MartinsriedFraunhoferstrasse 9 a82152 Martinsried / MunichGermany

ADVA Optical Networking North America, Inc.5755 Peachtree Industrial Blvd.Norcross, Georgia 30092USA

ADVA Optical Networking Singapore Pte. Ltd. 25 International Business Park#05–106 German CentreSingapore 609916

info@advaoptical.comwww.advaoptical.com

About ADVA Optical Networking

At ADVA Optical Networking we’re creating new opportuni-ties for tomorrow’s networks, a new vision for a connected world. Our intelligent telecommunications hardware, software and services have been deployed by several hundred service providers and thousands of enterprises. Over the past twen-ty years, our innovative connectivity solutions have helped to drive our customers’ networks forward, helped to drive their businesses to new levels of success. We forge close working relationships with all our customers. As your trusted partner we ensure that we’re always ready to exceed your networking expectations. For more information on our products and our team, please visit us at: www.advaoptical.com.

ADVA Optical Networking © All rights reserved.

Version 10 / 2015

Optical+Ethernet Innovation • Speed for Customers • Trusted Partner