NFV Home

Time to Rethink SDN and NFV Performance

By Dan Joe Barry November 10, 2014

As Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) enter the commercialization phase, general consensus in the industry is that the move to a pure software model will enable the agility and flexibility that traditional networks have never been able to achieve. While the communication challenge appears to be solved, the next problems facing network engineers are management and ensuring high performance levels at speeds of 10, 40 or even 100 Gbps.

Performance and the ability to assure reliable, real-time data for management and analytics are already a concern today and will be no less of a concern when virtualizing the network. Network appliances provide the real-time insight needed to continuously monitor, collect and analyze traffic for management and security purposes. Appliances can be virtualized, but the same constraints that affect the performance of physical appliances will also affect virtual ones.

Virtualization-aware appliances provide the bridge between the networks of today and the software-based models of the future. The real-time insight provided by virtualization- aware appliances using analysis acceleration enables event-driven automation of policy decisions and real-time reaction to those events, thereby allowing the full agility and flexibility of SDN and NFV to unfold.

The SDN and NFV Management Challenge

Managing SDN and NFV proves a challenge for most telecom carriers given the fact that a considerable investment has been made in OSS/BSS systems and infrastructure. This must now be adapted not only to SDN and NFV, but also to Ethernet and IP networks.

Most of the OSS/BSS systems installed have their grounding in the Fault, Configuration, Accounting, Performance and Security (FCAPS) model of management first introduced by ITU-T in 1996. This concept was simplified in the Enhanced Telecom Operations Map (eTOM) to Fault, Assurance and Billing (FAB). Management systems tend to focus on one of these areas and often do so in relation to a specific part of the network or technology, such as optical access fault management.

One of the issues with using FCAPS and FAB is that the foundation of these models was traditional, voice-centric networks based on Plesiochronous Digital Hierarchy (PDH) and Synchronous Digital Hierarchy (SDH). They were static, engineered, centrally-controlled and planned networks where the protocols involved provided rich management information. This made centralized management possible.

Nevertheless, there have been various attempts to inject Ethernet and IP into these management concepts. For example, Call Detail Records (CDRs) have been used for billing of voice services, so the natural extension of this concept is to use IP Detail Records (IPDRs) for billing of IP services. xDRs are typically collected in 15-minute intervals, which are sufficient for billing. This does not, in most cases, need to be real-time. However, xDRs are also used by other management systems and solutions as a source of information to make decisions.

The issue with this is that while traditional telecom networks do not change in a 15-minute interval, since they are centrally controlled and engineered, Ethernet and IP networks are completely different. Ethernet and IP are dynamic and bursty by nature. Because the network makes autonomous routing decisions, traffic patterns on a given connection can change from one IP packet or Ethernet frame to the next. When you consider that Ethernet frames in a 100 Gbps network can be transmitted with as little as 6.7 nanoseconds between each frame, you begin to understand a significant distinction when working with a packet network.

Another issue with Ethernet and IP is that they do not provide a large amount of management information. If a carrier wants to manage a service provided over Ethernet and IP, they need to collect all the Ethernet frames and IP packets related to that service and reassemble the information to get the full picture. While switches and routers could be used to provide this kind of information, it became obvious that continuous monitoring of traffic in this fashion would impact switching and routing performance. Hence, the introduction of dedicated network appliances that could continuously monitor, collect and analyze network traffic for management and security purposes.

Managing IP and Ethernet Networks With Network Appliances

To manage Ethernet and IP networks effectively, network appliances are necessary. This is because all Ethernet frames and IP packets need to be collected and reassembled to enable effective management of services. This, in turn, requires continuous monitoring of the network, even at speeds of 100 Gbps, without losing any information. Network appliances provide this capability in real time.

In order for the analysis to be reliable, network appliances must capture and collect all network information. Network appliances receive data either from a Switched Port Analyzer (SPAN) port on a switch or router that replicates all traffic, or from passive taps that provide a copy of network traffic. They then need to precisely time stamp each Ethernet frame to allow accurate determination of events and latency measurements for quality of experience assurance. Network appliances also recognize the encapsulated protocols, as well as determine flows of traffic that are associated with the same senders and receivers.

For effective, high-performance management and security of Ethernet and IP networks, appliances are broadly used. However, the taxonomy of network appliances has grown outside of the FCAPS and FAB nomenclature. The first appliances were used for troubleshooting performance and security issues but have gradually become more proactive, predictive and preventive in their functionality. The real-time capabilities that all appliances provide make them essential to effective management of Ethernet and IP networks. For this reason, network appliances need to be encompassed in frameworks for managing and securing SDN and NFV.

Real-Time Insight With Analysis Acceleration

Appliances can be based on commercial off-the-shelf servers with standard Network Interface Cards (NICs), but these are not designed for continuous capture of large amounts of data and tend to lose packets. For guaranteed data capture and delivery for analysis, hardware acceleration solutions are used, such as analysis accelerators, which are intelligent adapters designed for analysis applications.

Analysis accelerators meet the nanosecond-precision requirements for real-time monitoring and are designed specifically for analysis. They are similar to NICs for communication but differ in the fact that they are designed specifically for continuous monitoring and analysis of high-speed traffic at maximum capacity. For monitoring of a

10 Gbps bi-directional connection, this means processing of 30 million packets per second. Typically, a NIC is designed for the processing of 5 million packets per second. It is very rare that a communication session between two parties would require more than this amount of data.

In addition, analysis accelerators provide extensive functionality for off-load of data pre-processing tasks from the analysis application. This ensures that as few server CPU cycles as possible are used on data pre-processing and enables more analysis processing to be performed.

By continuously monitoring the network, carriers assess the performance of the network in real time and get an overview of application and network usage. This information can also be stored directly to disk, again in real time, as it is being analyzed. This is typically used in troubleshooting to determine what might have caused a performance issue in the network. It is also used by security systems to detect any abnormal behavior in the past.

However, if these concepts are taken a stage further, there is the possibility to detect performance degradations and security breaches in real time. The network data that is captured to disk can be used to build a profile of normal network behavior. By comparing this profile to real-time captured information, it is possible to detect anomalies and raise a flag.

This kind of capability can be very useful in a policy-driven SDN and NFV network. If performance degradation is flagged, then a policy can automatically take steps to address the issue. If a security breach is detected, a policy can initiate more security measurements and correlation of data with other security systems. It can also go so far as to use SDN and NFV to reroute traffic around the affected area and potentially block traffic from the sender in question.

With the fundamental capabilities that network appliances with hardware acceleration can provide through real-time capture, capture-to-disk and anomaly detection, SDN and NFV performance can be maximized through a policy-driven framework.

Virtualization-Aware Network Appliances

In SDN and NFV environments, network appliances can be used to provide real-time insight for management and security. But a key question remains: can network appliances be fully virtualized and provide high performance at speeds of 10, 40 or even 100 Gbps?

In many ways, network appliances lend themselves very well to virtualization. They are already based on standard server hardware with applications that are designed to run on standard x86 CPU architectures. The issue is performance. Virtual appliances are sufficient for low speed rates and small data volumes, but not for high speeds and large data volumes.

Even for physical network appliances, performance at high speed is an issue. That is why most high-performance appliances use analysis acceleration hardware. While analysis acceleration hardware does free up CPU cycles for more analysis processing, most network appliances still use all the CPU processing power available to perform their tasks.

From a virtualization point of view, this means that virtualization of appliances can only be performed to a certain extent. If the data rate and the amount of data to be processed are low, then a virtual appliance can be used, even on the same server as the clients being monitored.

However, once the data rate and volume of data increase, the CPU processing requirements for the virtual appliance increases. At first, this will mean that the virtual appliance will need exclusive access to all the CPU resources available. But even then, it will run into some of the same performance issues as physical network appliances using standard NIC interfaces with regard to packet loss, precise time-stamping capabilities and efficient load balancing across the multiple CPU cores available.

Virtualization of appliances cannot escape the constraints that network appliances face in the physical world. These same constraints will be an issue in the virtualized world and must be confronted.

One way of addressing this issue is to consider the use of physical appliances to monitor and secure virtual networks. Virtualization-aware network appliances can be “service- chained” with virtual clients as part of the service definition. It requires that the appliance can identify virtual networks, typically done using VLAN encapsulation today, which is already broadly supported by high-performance appliances and analysis acceleration hardware. This enables the appliance to provide its analysis functionality in relation to the specific VLAN and virtual network.

This can be a very useful solution in a practical phased approach to SDN and NFV migration. It is broadly accepted that there are certain high-performance functions in the network that will be difficult to virtualize at this time without resulting in performance degradation. A pragmatic solution is an SDN and NFV management and orchestration approach that takes account of physical and virtual network elements. This means that policy and configuration does not have to concern itself with whether the resource is virtualized or not, but can use the same mechanisms to “service-chain” the elements as required.

It is clear that the introduction of SDN and NFV will require a mixture of existing and new solutions for management and security. These should be deployed under a common framework with common interfaces and topology mechanisms. With this in place, functions can be virtualized when and where it makes sense without affecting the overall framework or processes.

Ensuring SDN and NFV Performance

As SDN and NFV are increasingly deployed, the high speed, nanosecond precision of tomorrow’s networks presents numerous performance challenges. The ability to ensure reliable, real-time data for management and analytics becomes critical. Network appliances provide the real-time insight needed to monitor, collect and analyze traffic for management and security. Appliances can be virtualized, but the same constraints that affect the performance of physical appliances will also affect virtual ones. A practical approach to SDN management and orchestration is one that takes into account both physical and virtual elements.

Virtualization-aware appliances are the bridge between the networks of today and the software-based model of the future. They provide real-time insight that enables event- driven automation of policy decisions and real-time reaction to those events, thereby allowing the full promise of SDN and NFV to unfold.

Daniel Joseph Barry is VP of Marketing at Napatech and has over 20 years experience in the IT and Telecom industry. Prior to joining Napatech in 2009, Dan Joe was Marketing Director at TPACK, a leading supplier of transport chip solutions to the Telecom sector.  From 2001 to 2005, he was Director of Sales and Business Development at optical component vendor NKT Integration (now Ignis Photonyx) following various positions in product development, business development and product management at Ericsson. Dan Joe joined Ericsson in 1995 from a position in the R&D department of Jutland Telecom (now TDC). He has an MBA and a BSc degree in Electronic Engineering from Trinity College Dublin.

Daniel Joseph Barry is VP of Marketing at Napatech and has over 20 years experience in the IT and Telecom industry. Prior to joining Napatech in 2009, Dan Joe was Marketing Director at TPACK, a leading supplier of transport chip solutions to the Telecom sector.

Edited by Stefania Viscusi

Vice President of Marketing

Related Articles

Winners of the 2018 INTERNET TELEPHONY NFV Innovation Award Announced

By: TMCnet News    6/4/2018

TMC announced the recipients of the 2018 INTERNET TELEPHONY NFV Innovation Award, presented by INTERNET TELEPHONY magazine.

Read More

Harnessing Pervasive Visibility to Unleash the Power of the Cloud

By: Michael Segal    11/9/2017

Cloud computing is having an unprecedented influence on companies throughout the world; according to research from BDO, an overwhelming number (74%) o…

Read More

Nokia Introduces SDAN Solution

By: Paula Bernier    10/10/2017

Nokia has unveiled a Software-Defined Access Network solution. This offering consists of cloud-native software, integration services, open programmabl…

Read More

Stating with Attestation, a Core Foundation of Computer Security for Sensitive Systems

By: Special Guest    10/3/2017

The European Telecommunication Standards Institute (ETSI) held their annual Security Week event and along with a representative from the UK National C…

Read More

Assuring Business Outcomes on Your DX Journey

By: Michael Segal    9/7/2017

When it comes to implementing strategies for digital transformation (DX), there are nearly as many methods as there are companies using them.

Read More