NFV Home

Application Identification Meets Network Functions Virtualization

By Special Guest
Mike Kay, Vice President of Business Development at Procera Networks
October 07, 2014

There is a great deal of talk about Network Functions Virtualization (NFV) today.  This article will provide a high-level overview on virtualization, then address several implications of NFV via a question-and-answer format, and how application identification and DPI are needed in the NFV world.

What is Virtualization?

Virtualization, as intended here, allows a single physical server to function as multiple virtual servers. It uses a set of software mechanisms (hypervisors, management tools, and other software components) to carve up a server into virtual slices.  You can think of a hypervisor as a virtual container that includes an operating system and one or more applications – in some ways, very similar to a physical server.

Virtualization gained popularity in the data center world with the advent of cloud computing and its related need for the dynamic provisioning of data center resources.  With the growth of the Internet and data centers to host more and more applications, many data center operators encountered server sprawl, adding more and more servers for more and more apps.  Most of those servers were running at low CPU utilization, often below 20 percent  on average.  In order to stem rising data center admin costs (more servers, more rack space, more power, more cooling, etc.), these providers turned to software for the abstraction  and virtualization of formerly hardware-based resources to help them solve data center resource sprawl as well as the ongoing need for more nimble resource provisioning.

Server virtualization is a reality today for web servers and related applications.  In the data center environment, especially with web services and other hosted applications, it’s been a powerful set of technologies to reclaim idle CPU cycles.  This allows data center operators to do more with fewer physical servers, saving rack space and reducing costs via lower electrical and cooling loads.  Virtualization, combined with automation, has increased the ability to spin up new servers and services in hours instead of days or weeks.  It’s enabled the development of massive cloud data centers.

What is NFV?

As virtualization took off for web data centers, it has matured as a technology.  Network operators and their equipment/software providers have begun to examine virtualization to see if it can also be useful for networking functions. This includes firewalls, load balancers, mobile packet core services and a host of other applications and functions for the networking arena.

When network applications and services are implemented in a virtualized form, they're referred to as Virtualized Network Functions (VNFs).  Each of the applications mentioned above and many others can be implemented as a VNF, and there are a rapidly growing number of Proof of Concept activities being driven by European Telecommunications Standards Institute and other organizations globally.

However, it is important to note that NFV is not the same as Software-Defined Networking (SDN), another important and often overused industry term. In a nutshell, SDN is more about separating the control plane from the data forwarding plane, while NFV is more about turning formerly hardware-only functionality into software-based virtualized functions that can be run on commercial off the shelf servers and other hardware.  There are some important and interesting ties between NFV and SDN, but we’ll defer that discussion to a future article.

What stays the same with Virtualization?

Quite a bit. Applications implemented as VNFs retain their basic functions and features, a firewall is still a firewall, a load balancer is still a load balancer, a PGW is still a PGW and so on. Virtualization shouldn’t take away from the basic services that a given application-as-VNF performs, it’s only a change in how that service is delivered.

The change in how that service is delivered can facilitate some useful advances.

What changes with Virtualization?

This is where things get interesting.

Prior to virtualized environments, it took tremendous effort to roll out a new service. Multiple applications that existed on their respective dedicated hardware platforms had to be sized, procured, installed, tested, and then put into the live network.

In a virtualized world for network services, standardized hardware is used for a wide variety of diverse applications including firewall, PCRF, telephony application servers and many others. Virtualization allows the construction and deployment of virtualized data centers through the use of VNFs and you can even extend that concept to the cloud.  Once the data center and cloud infrastructure is built, it's much easier to deploy the VNFs on that infrastructure, leading to dramatically reduced service provisioning and delivery time for revenue generating services.

This potential is very exciting but there are a couple of important points to note here:

1. It is not trivial to build out large-scale common compute data center and cloud infrastructure for NFV systems. - It takes a certain amount of ground work to be laid first including server build-outs, the adoption of open protocols and APIs with well-developed application ecosystems that, successful testing and integration and much more.

2. Continued progress in individual VNF management and overall NFV orchestration will be needed for the rapid turn-up and resiliency of these network services.

As advances are made in these and related areas, we’ll stand to gain increasing benefits from NFV.

Why is Application Identification needed in Virtualized World?

As virtualization accelerates the pace of change for both fixed and mobile network operators, there are at least two areas where application identification can provide additional benefits:

1. Embedded Intelligence: There are many moving parts to NFV systems.  Having better visibility into the applications that specific subscribers are using will provide intelligence on those subscribers.  Every network operator has room to understand their subscribers better, and do a better job providing the services their customers want.

2. NFV Orchestration: Orchestration is the part of NFV that will be responsible for sending a particular subscriber into a specific chain of services. Embedded application identification is a technology that can help identify what to do with a given subscribers video traffic versus his or her email traffic.

How does Application Identification adapt to Virtualized environments?

Few vendors have successfully and efficiently adapted application identification for virtualized environments. One successful method is through  the adoption and inclusion of embedded traffic signature databases that are frequently updated and capable of monitoring traffic in real time  as part of your host application. Because of that "wrapper" around these signature libraries, little to no work needs to be done to adjust this intelligence to virtualized implementation.  Application identification is now part of your host application and can be implemented as a VNF with little to no extra work required to adapt the application to virtualized delivery.

Do you agree or disagree with my evaluation? Let me know by tweeting me at @MikeKayProcera or @ProceraNetworks.

Mike Kay is Vice President of Business Development at Procera Networks and is responsible for leading Procera's strategic partnerships and virtualization strategy. A startup and large company veteran, he brings more than 20 years of strategic alliance and business development experience to Procera. Prior to Procera Mr. Kay was founder of LayerX Technologies, a big-data analytics and visualization software technology (acquired by Arrow Electronics). Additionally he developed and led the strategic alliance teams for Tasman Networks (acquired by Nortel) and Force10 Networks (acquired by Dell). In addition, he spent 7 years in the Cisco Systems Strategic Alliance organization managing Cisco's strategic partnerships with EDS (acquired by HP), and IBM globally. Mr. Kay is a member of the ETSI NFV Working Group, and conducted his undergraduate studies in Computer Science Engineering at the University of Texas at Arlington.

Edited by Stefania Viscusi

Related Articles

Winners of the 2018 INTERNET TELEPHONY NFV Innovation Award Announced

By: TMCnet News    6/4/2018

TMC announced the recipients of the 2018 INTERNET TELEPHONY NFV Innovation Award, presented by INTERNET TELEPHONY magazine.

Read More

Harnessing Pervasive Visibility to Unleash the Power of the Cloud

By: Michael Segal    11/9/2017

Cloud computing is having an unprecedented influence on companies throughout the world; according to research from BDO, an overwhelming number (74%) o…

Read More

Nokia Introduces SDAN Solution

By: Paula Bernier    10/10/2017

Nokia has unveiled a Software-Defined Access Network solution. This offering consists of cloud-native software, integration services, open programmabl…

Read More

Stating with Attestation, a Core Foundation of Computer Security for Sensitive Systems

By: Special Guest    10/3/2017

The European Telecommunication Standards Institute (ETSI) held their annual Security Week event and along with a representative from the UK National C…

Read More

Assuring Business Outcomes on Your DX Journey

By: Michael Segal    9/7/2017

When it comes to implementing strategies for digital transformation (DX), there are nearly as many methods as there are companies using them.

Read More