NFV: Turning network activities into software

Network functions virtualization promises to save time and money by running components such as firewalls and intrusion detection as virtual machines.

computer network

Federal agencies are just beginning to explore the potential of software-defined networking, and now they have a complementary technology to consider: network functions virtualization.

In essence, SDN provides a software layer that seeks to absorb the complexities of network management. The idea is to make networks centrally programmable via software to make them easier to administer and faster to configure. To date, SDN has had limited impact on the federal space. The Energy Department's Energy Sciences Network (ESnet) and National Science Foundation-funded university projects are among the principal examples of SDN use in government.

NFV, which is also just getting underway, separates network functions such as firewalls, load balancing and intrusion detection and runs them as virtual machines housed on a generic server. Although NFV differs from the sweeping architectural overhaul envisioned for SDN, the two approaches share a common goal: to make networks less complex and costly to manage. Indeed, industry and government executives view the two technologies as intertwined to a significant extent.

Why it matters

Enterprise networks typically rely on large numbers of specialized devices to handle networking functions, which adds to the expense and logistical challenges of running a network. NFV seeks to reduce the glut of devices by performing those activities via software instead.

In other words, network functions once encased in specialized hardware can run on a general-purpose server, said Inder Monga, chief technologist and area lead for network engineering, tools and research for ESnet. The approach has the potential to reduce network costs because it shrinks the device population.

Chris Wright, a principal software engineer at Red Hat, said NFV represents a transition for an industry in which network functionality has traditionally been trapped in hardware. It virtualizes networking functions and runs them as software in a cloud-like infrastructure.

"It is a fairly fundamental architectural shift for how you provide your infrastructure as a service," Wright said.

As a result, organizations can more readily keep pace with network and customer demands. They can quickly offer new services or modifying existing ones because the changes are accomplished in software, which is much easier than deploying a new box, he added.

Sudhir Verma, chief technology officer at IT solutions provider Force 3, said organizations' biggest complaints about providing network services are the time and cost of making changes.

"If I go with NFV and start virtualizing some of the aspects of the network management, I can contain costs and support customers in a better way," Verma said, summarizing the appeal of the technology.

The fundamentals

NFV is expected to work in close association with SDN. Both technologies emphasize using software to perform key networking jobs, but they operate at different levels. SDN removes a network's control plane from its usual home in switches and routers and makes it a software operation. The control plane's job -- determining how traffic will move across a network -- is transferred to a piece of software called an SDN controller, which is used to program network devices and manage the traffic flow to and from devices.

A server or servers running virtualized network functions would fall under the management purview of an SDN controller. The networking functions deployed as virtual machines must work in concert with one another, so they need something to steer traffic between them.

The future of NFV

Here are a few things to keep in mind about network functions virtualization:

  • Its use is growing. The technology might not be soaring in the federal sector, but it is growing rapidly elsewhere. Mind Commerce expects global spending on NFV products to grow at an annual rate of 46 percent through 2019, when the market will see revenue of $1.3 billion.
  • Its vendor universe is expanding. More companies are expected to announce NFV initiatives -- and that activity will extend beyond the networking-centric ones. For instance, Hewlett-Packard recently introduced OpenNFV, a program that virtualizes core networks and network functions.
  • It could benefit from more openness. As vendors seek to make their mark on NFV, there is also a push for open networking. The Linux Foundation's OpenDaylight project, for example, seeks to build an open community of developers and open-source code to encourage widespread adoption of SDN and create a solid foundation for NFV.
  • It will become more secure. As a relatively new technology, NFV will likely generate more discussions about security issues, with the government potentially weighing in. The National Institute of Standards and Technology discussed virtualized networks in its Special Publication 800-125, "Guide to Security for Full Virtualization Technologies," published in January 2011, before the arrival of NFV.

-- John Moore

"That is what the SDN controller does," Wright said. "We see an SDN controller as part and parcel of an NFV solution. In most cases, we see them going hand in hand."

Based on the organization's policy, SDN can route flows to a stack of inexpensive servers that run a firewall or intrusion-detection system, Monga said, with those policy-based decisions taking place on the centralized SDN controller.

"SDN is a new way to manipulate the network, and NFV is a new type of infrastructure to be manipulated," said Kelly Herrell, vice president and general manager of Brocade Communications Systems' software networking business unit.

The "black box" that typifies the traditional network infrastructure is in for a change with network virtualization. Herrell said NFV replaces the black box with industry-standard servers that run enterprise network functions as virtual machines. Both SDN and NFV seek to "increase the agility and increase the cost-efficiency of networks," he added.

Herrell said industry-standard x86 servers cost far less than proprietary networking equipment, and Intel's long-term initiative to make servers better at running networks is a key part of that direction. Brocade's Vyatta vRouter has achieved thousand-fold performance improvements over the past few years, Herrell noted, attributing the improvement to both Intel hardware upgrades and Brocade's software code.

"Intel's force is being brought to bear in the networking world," Herrell said.

Brocade's NFV solutions include both the Vyatta vRouter and the Virtual ADX. Other vendors active in the NFV market include Alcatel-Lucent, Cisco Systems, Hewlett-Packard and Juniper Networks.

NFV solutions were a key focus at the Mobile World Conference in Barcelona in February, and overshadowed SDN to some degree.

In fact, NFV can exist without SDN. For example, an organization might want to virtualize one network function, which can be done without an SDN controller, Wright said.But deployments that involve a more-complex virtual network topology will take advantage of SDN.

"If you virtualize more and more of the infrastructure, SDN does become a requirement," Wright said.

The hurdles

A lack of proven products often slows the adoption of new technology. But Herrell said the first federal deployments of NFV-like solutions happened before the term was coined in October 2012. At that time, a group in the European Telecommunications Standards Institute effectively defined the market when it published an introductory white paper on NFV.

In general, industry watchers view service providers and carriers as the main markets for NFV gear thus far. Greater government influence will probably hinge on wider SDN deployment, which remains in its infancy. Agencies are looking into SDN, but few have gone much further than that.

The Defense Information Systems Agency, for example, "has been examining SDN to determine how it can help in our efforts to modernize DOD networking and deliver the Joint Information Environment," a Defense Department spokesman said.

The spokesman added that DISA is seeking to determine how SDN can best be integrated into its milCloud capability, which operates as an infrastructure-as-a-service and provisioning orchestration system installed in two data centers.

Competing network needs are affecting the rate of adoption. "The major pacing factor for DISA is simply balancing with the numerous other operational priorities that come from providing a global IT network that support the nation's warfighters every day," the spokesman said.

Pending wider SDN deployment, agencies might gain experience with NFV through highly specific use cases. For instance, Herrell said NFV could find a role in tactical networks used in land vehicles such as Humvees. NFV reduces footprint, heat output and weight because it provides the necessary network functions virtually.

"No additional hardware needs to reside inside the vehicle, which is already cramped with equipment and people," he said.

NFV also comes to agencies indirectly via cloud service providers. Herrell said Amazon Web Services and Rackspace started incorporating NFV into their federal cloud offerings in the past 12 months.

Note: This article was updated on March 24 to correct the spelling of Kelly Herrell's name.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.