Network functions virtualization: What it is, and why you need it
All of the operational benefits that virtualization and the cloud have have brought to IT for computing, such as minutes-instead-of-months provisioning, and automated, on-demand capacity, are now becoming available for enterprise IT networks, thanks to the relatively new network functions virtualization (NFV) technology.
That's good news for enterprises that want more deploy-on-demand, affordable, flexible network power, and it's an especially good fit for use in branch offices and other remote locations, where "truck rolls" and on-site IT are rarely a match for today's fast and dynamically changing requirements.
NFV is available not just as software components that a company needs to master, wrangle and build, but also as on-premises or cloud-based services from carriers and other network providers, making it a suitable option even for companies that don't have the IT/telco resources or desire to do all the start-to-finish heavy lifting.
What network functions you can virtualize
The network functions to which NFV refers include the many tasks and activities that are part of a network service, including:
- Firewalls, for network security
- Packet inspection, examining data in motion
- Load balancing, for workload sharing
- Antivirus, anti-malware, antispam, intrusion detection, and other inspection/filtering
It may also include other services, such as domain name service (DNS), network address translation (NAT), WAN acceleration, and wireless LAN control.
Historically, enterprises have purchased separate physical devices that deliver these services. Increasingly, these boxes have functioned as dedicated hardware appliances that have purpose-built hardware, even including application-specific integrated circuitry (ASICs). These may be purchased directly or provisioned through a managed service provider.
There's one big problem with this approach: provisioning delays. When hardware fails or the load grows too great, you have to service or replace the box, a process that takes just a few hours if the right parts and skills are on-site. But more often it can take days, weeks, or months. Even setting up a new site may involve similarly long delays.
In today's business environment, waiting for days, or even hours, is too long, because each minute means lost business and productivity. The business could mitigate the service impacts of these change events by buying excess capacity in the form of redundant hardware, but that adds to the cost of the network.
In response, telecommunications companies have turned to the same methods that revolutionized IT provisioning for servers: virtualization, and cloud architectures.
How network functions get virtualized
Classic server virtualization turned entire applications (and possibly aspects of its hardware environment) into a virtual machine (VM) file image. This has served IT well in terms of hardware consolidation and capacity management and has also helped to improve IT business continuity and disaster recovery, because you no longer need to have exact duplicates of hardware.
NFV, by contrast, virtualizes each network service, or function, as software modules that can run in VMs or containers. For any given application, the appropriate mix of services can be set up in a "chain," a sequence that's similar to what happens with a Unix pipeline.
"NFV takes a network application usually associated with dedicated hardware and runs it on a standard compute platform," says Jennifer P. Clark, vice president for network research at 451 Research. "You can deploy additional instances of the app where they are needed and tear them down where not needed."
The code for each NFV must be able to work in a cloud environment, adds Ian Hood, chief architect for global service providers at Red Hat. "Firewalls, routers, and other network applications need to be redesigned to work in the cloud and to scale elastically," he says. This means that simply virtualizing or repackaging legacy network code associated with firewalls, load balancers, and so on won't consistently and reliably deliver network services in a cloud environment.
"That was done initially, but it doesn't scale as well, since the software of those original network appliances doesn't match the server's underlying hardware, nor does it operate in a cloud-native environment," says Hood.
Key benefits: Where you need NFV, where you don't
For carriers and service providers, NFV, combined with things such as software-defined networking (SDN), enables easier, faster, done-from-afar provisioning and deprovisioning of network services.
For enterprises, the concept of NFV-as-a-service means they can get all of the network functions described above with the same convenience as with cloud computing and cloud storage. "An enterprise can roll out, configure, deploy, and troubleshoot network functions for their branch and regional offices, with easily downloadable instances, to a location in a customer's offices or in a cloud provider," says Clark. "This is much more easily managed than a collection of hardware appliances. And you can make it happen much more quickly."
"NFV lets operators offer new, personalized services faster than before, and to a broader set of customers," says Hood.
NFV also lets carriers price by usage or other metrics, rather than by appliance hardware configuration. For enterprises, this should translate into paying only for what they use, rather than for "just in case" overcapacity—or being forced to buy more performance than they need just because no closer capacity match is available.
On the other hand, NFV is not currently intended for, or competing with, high-end, high-performance routers and switches at the enterprise network's core. "If you've got a router, a firewall, or a load balancer, these are all in-line applications," says Clark. "The data stream is going through those devices. You can use virtualized apps and instances in your branch offices, but to maintain high packet throughput today, enterprises and carriers are retaining their mission-specific devices. So, for example, you won't see carriers turning their Cisco and Juniper core routers into virtualized instances over the near term—for the next 18 to 24 months, at least."
NFV use case scenarios
In addition to simply offering faster, simpler (and hopefully less expensive) provisioning compared to using a bunch of network appliance boxes, NFV is potentially a good match for growing network scenarios.
"Most of us have become mobile users and telecommuters, often using virtual private network (VPN) connections," says Hood. "If I'm an enterprise with lots of remote users, I need to control their access to my environment, to be able to change access and security rules on the fly.
"Or, consider a mining company with no network in sight, and you want to support Wi-Fi, mobile phones, and other activity," suggests Hood. "To do that, I would like a virtualized mobile network, delivered on premises, that connects to the central office, that can be automated and controlled remotely."
Hood offers another example of how to put NFV to work: For companies such as Netflix that want to deliver content with the right quality, the network delivering it must be able to change constantly. "NFV helps those environments scale and adapt. Looking ahead to IoT, to monitor and control factories, vineyards, cities, mines, and other facilities, you will need to distribute and scale NFV network services out to those locations at an even larger scale."
Start with an NFV service
Many vendors and carriers currently offer NFV products and services. You can buy NFV as a service today from networking service operators such as AT&T, Deutsche Telekom, NTT, Telestra, Telefonica, and Verizon or buy the software components from Cisco, Dell, Ericcson, HPE, IBM, Nokia, and Red Hat.
Some enterprises may decide to deploy NFV rather than go through carriers or network providers. "An enterprise with a big organization and footprint, like financial, automotive, and insurance companies, who want to automate their businesses while offering services to their internal customers or external partners, may decide to add these capabilities within their own private cloud," Hood says.
But, he cautions, building it yourself is a major undertaking. "You are adding complexity. You need automation tools for the configuration of your entire system, not just for NFV, but also for the orchestration or how resources and tools are used, so you can do changes with a few button-clicks, rather than six weeks of software installation, recabling, and validation."
You could do this within a six-month window, just as you could build your own private cloud. "But you have to not only build it, but test it, and make sure you can control and secure it," he says.
"The automation and control of services you want to offer take a lot of time and new skills that have to be learned by your IT and operations teams, and you have to integrate it with your existing systems." Unless you have a fairly strong IT team, Hood adds, consider buying NFV as a service initially. "Then use those learnings to apply to other aspects of your operations and business tools."
Growing pains: Where NFV gets complicated
"NFV becomes more complex as you span geographies, vendors, and network domains, meaning going on and off the network," Clark says. It's the management of this that gets complicated. For example, if you receive virtualized network functions from several vendors, how do you manage and maintain them and string them together in service chains? Or, if a branch office needs load balancing, VPN, firewall, DNS, and NAT and you source those VNFs from four different vendors, will those VNFs be able to cohabit in the same VM without conflict or loss of performance? Do they work in a common ecosystem? "Interoperability, management, and the overall NFV infrastructure design all have to be resolved," he says.
But once your NFV services are up and running, whether within the enterprise or through a service provider, "you can go to a portal, start clicking, and have those new services available in 20 minutes," says Hood.
As with all new technologies, it's important for IT to come up to speed with a basic understanding of what NFV can do and what's involved. For great resources where you can learn more about NFV, check out the European Telecommunications Standards Institute (ETSI), SDX Central, Wikibon, and the Linux Foundation Collaborative Project's Open Platform for NFV (OPNFV) site.
The OPNFV site will help you understand how open source is fueling and accelerating development of the various software components and their surrounding ecosystem, along with how NFV fits into the larger networking picture for provisioning, monitoring, and analytics.
Along with getting a handle on the technology side of things, business managers and IT should work together to identify where NFV could be beneficial and whether to replace existing network hardware or to enable new services, locations, and activities.
"The key economic driver isn't getting rid of expensive hardware," says Hood. "It's reducing the spinup time for new services from months to minutes."
Image credit: Flickr