Network Functions Virtualization Paves The Way To Improved Cost Efficiencies
The ETSI Network Functions Virtualization Industry Specification Group (NFV ISG) was founded in November 2012 by seven telecom service providers who recognized common requirements for virtualized network functionality: AT&T, BT Group, Deutsche Telekom, Orange, Telecom Italia, Telefonica and Verizon. Over 70 companies (including 6WIND) are now participants in the initiative.
The primary aim of NFV is to leverage standard IT virtualization technology in order to consolidate multiple network functions onto industry-standard high-volume servers, switches and storage subsystems. These can be located in data centers, in network nodes and in the end-user premises.
The outputs of the NFV ISG are architecture definitions and requirements for both network equipment suppliers and software vendors. The NFV ISG is not expected to deliver technical specifications or standards.
The key objective of NFV is to achieve simplified, software-defined, virtualized service provider networks. Within these networks, application-aware routing, together with a separation of packet forwarding from control, enable the rapid introduction of new services and flexible adaptation to changing traffic patterns. Network functions, caching and applications all run in virtualized distributed data centers rather than in dedicated, fixed-function equipment.
NFV promises major business benefits for telecom operators, but also presents significant technical challenges. Virtualizing hundreds of networking functions on a single server requires high performance network bandwidth to be distributed to the virtualized functions. Traditional virtualization environments that are adequate for computing applications are unable to deliver the required network performance, because of the large number of software layers that a packet has to traverse before reaching the application running in a virtual machine.
Critical Data Plane Performance Challenges for NFV
NFV architectures face two significant bottlenecks that potentially constrain data plane performance.
The first bottleneck is the software virtual switch (vSwitch) running on the COTS platform or server. This vSwitch must provide sustained, aggregated high-bandwidth network traffic to the Virtual Network Functions (VNFs).
At the same time, the performance of (secure) VM-to-VM communications must be maximized. Both these factors are necessary to ensure that NFV deployments are cost-effective when compared with traditional network infrastructure based on physical switches.
Unfortunately, standard virtual switches such as the open-source Open vSwitch (OVS) do not deliver adequate performance or scalability to address these needs.
The second bottleneck is the performance of the VNFs themselves. Service providers need their VNFs to deliver cost-performance that is comparable to that achieved by equivalent physical implementations. Otherwise, their NFV deployments are not cost-effective and there’s insufficient ROI justification for a transition to NFV.
VNF performance, though, is constrained by two factors. One is the poor performance and limited scalability of standard Operating System networking stacks. The other is the limitation on bandwidth for communication outside the VM that is imposed by standard hypervisors.
6WINDGate in NFV
The 6WINDGate networking software addresses these two data plane bottlenecks.
First, 6WINDGate accelerates the virtual switch that switches network traffic to the VMs in which the VNFs are instantiated.
When used to accelerate the standard Open vSwitch (OVS), 6WINDGate delivers a 10x improvement in switching performance. This typically results in at least a 3x improvement in VM density (the number of VMs that can be instantiated per blade), with even greater improvements achieved when the VNFs require sustained high-bandwidth traffic. Importantly, these improvements are achieved with no changes required to the OVS code itself.
As part of improving OVS performance, 6WINDGate also accelerates the secure tunneling protocols such as IPsec, GRE, NVGRE, VLAN and VxLAN which are required OVS features for supporting high-bandwidth, secure VM-to-VM traffic.
Second, 6WINDGate accelerates the performance of VNFs. Thanks to its fast path data plane architecture, 6WINDGate typically delivers 10x the performance of a standard Linux networking stack with no changes required to the kernel. This performance scales linearly with the number of cores configured to run the fast path. 6WINDGate includes a comprehensive set of networking protocols, for example PPP (used in a virtual Broadband Access Server or “vBRAS”), firewall and IKE (used in security gateways) and TCP termination (used in WAN Optimization appliances).
As a result of optimizations for virtualized environments, 6WINDGate delivers comparable performance running under a hypervisor to that achieved when running in a physical implementation. This enables service providers to obtain best-in-class cost-performance from their VNFs, such as firewalls and security gateways.
6WINDGate is fully compatible with standard Linux networking APIs (Netfilter, Netlink etc.). This means that no modifications are required to the VNF applications themselves in order to take advantage of these performance improvements.
In both these two environments, 6WINDGate runs within the hypervisor, under the control of an orchestration layer such as OpenStack.