Future-Proofing the Network with Accelerated SDN and NFV Management
The 2014 Magic Quadrant for Data Center Networking reveals that there has been a significant amount of change in the data center networking market in the past twelve months. For instance, interest in Software-Defined Networking (SDN) technologies is now shifting from more aggressive, early-adopting organizations to those that come aboard once the risks are more secure. Network Functions Virtualization (NFV) is also becoming more widely adopted, lowering IT, energy and real estate costs
Together, SDN and NFV enable the agility and flexibility that traditional hardware-focused networks have not been able to offer. Though this pure software model holds great promise, network managers and engineers must deal with the real challenge of ensuring high performance at today’s high speeds – up to 100 Gbps.
Guest article by Dan Joe Barry, vice president of marketing, Napatech
Performance is already a concern today, as is the ability to assure reliable, real-time data for management and analytics. This concern only increases when virtualizing the network. Network appliances provide the real-time insight needed to continuously monitor, collect and analyze traffic for management and security purposes. Appliances can be virtualized, but the same constraints that affect the performance of physical appliances will also affect virtual ones.
Clearly, the gap between the networks of today and tomorrow must be bridged, and virtualization-aware appliances provide that bridge. The real-time insight provided by virtualization-aware appliances using analysis acceleration enables event-driven automation of policy decisions and real-time reaction to those events, thereby allowing the full agility and flexibility of SDN and NFV to unfold.
Why Managing SDN and NFV is Difficult
Telecoms have heavily invested in Operations Support Systems (OSS)/Business Support Systems (BSS) and infrastructure. This makes managing SDN and NFV a challenge and must now be adapted not only to SDN and NFV, but also to Ethernet and IP networks.
First introduced by ITU-T in 1996, the Fault, Configuration, Accounting, Performance and Security (FCAPS) model of management forms the framework for most of the OSS/BSS systems installed. This concept was simplified in the Enhanced Telecom Operations Map (eTOM) to Fault, Assurance and Billing (FAB). Management systems tend to focus on one of these areas and often do so in relation to a specific part of the network or technology, such as optical access fault management.
FCAPS and FAB have served as industry standards for many years, but recent innovations have rendered them insufficient. The foundation of these models was traditional, voice-centric networks based on Plesiochronous Digital Hierarchy (PDH) and Synchronous Digital Hierarchy (SDH). They were static, engineered, centrally-controlled and planned networks where the protocols involved provided rich management information. This made centralized management possible.
Even so, attempts have been made to place IP and Ethernet within the above management framework. As an example, Call Detail Records (CDRs) have been used for billing of voice services, so the natural extension of this concept is to use IP Detail Records (IPDRs) for billing of IP services. xDRs are typically collected in 15-minute intervals, which are sufficient for billing. This does not, in most cases, need to be real-time. However, xDRs are also used by other management systems and solutions as a source of information to make decisions.
Traditional telecom networks are centrally controlled and engineered, which means that they do not change in a 15-minute interval, but Ethernet and IP networks are completely different. Ethernet and IP are dynamic and bursty by nature. Because the network makes autonomous routing decisions, traffic patterns on a given connection can change from one IP packet or Ethernet frame to the next. When you consider that Ethernet frames in a 100 Gbps network can be transmitted with as little as 6.7 nanoseconds between each frame, you begin to understand a significant distinction when working with a packet network.
A further problem is that there is not a good quantity of management information provided by Ethernet and IP. If a carrier wants to manage a service provided over Ethernet and IP, they need to collect all the Ethernet frames and IP packets related to that service and reassemble the information to get the full picture. While switches and routers could be used to provide this kind of information, it becomes obvious that continuous monitoring of traffic in this fashion would impact switching and routing performance. Hence, the introduction of dedicated network appliances that could continuously monitor, collect and analyze network traffic for management and security purposes.
Network Appliances: The Missing Link
In order for network professionals to effectively manage IP and Ethernet networks, they need to use network appliances. As stated earlier, this is because all Ethernet frames and IP packets need to be collected and reassembled to enable effective management of services. This, in turn, requires continuous monitoring of the network, even at speeds of 100 Gbps, without losing any information. Network appliances provide this capability in real time.
If there is to be any hope of trustworthy analysis, all network information must be gathered by the network appliances. Network appliances receive data either from a Switched Port Analyzer (SPAN) port on a switch or router that replicates all traffic, or from passive taps that provide a copy of network traffic. Then each Ethernet frame needs to be precisely time stamped to allow accurate determination of events and latency measurements for quality of experience assurance. Network appliances also recognize the encapsulated protocols, as well as determine flows of traffic that are associated with the same senders and receivers.
Network managers typically use appliances to effectively manage and secure Ethernet and IP networks. However, the taxonomy of network appliances has grown outside of the FCAPS and FAB nomenclature. The first appliances were used for troubleshooting performance and security issues but have gradually become more proactive, predictive and preventive in their functionality. The real-time capabilities that all appliances provide make them essential to effective management of Ethernet and IP networks. For this reason, network appliances need to be encompassed in frameworks for managing and securing SDN and NFV.
Accelerating Analysis to Generate Real-Time Insight
There are a variety of options for network appliances. For instance, they can be based on commercial off-the-shelf servers with standard Network Interface Cards (NICs). However, this type is not designed for continuous capture of large amounts of data and tend to lose packets. For guaranteed data capture and delivery for analysis, hardware acceleration solutions are used, such as analysis accelerators, which are intelligent adapters designed for analysis applications.
Designed specifically for analysis, analysis accelerators meet the nanosecond-precision requirements for real-time monitoring. They are similar to NICs for communication but differ in the fact that they are designed specifically for continuous monitoring and analysis of high-speed traffic at maximum capacity. For monitoring of a 10 Gbps bi-directional connection, this means processing of 30 million packets per second. Typically, a NIC is designed for the processing of 5 million packets per second. It is very rare that a communication session between two parties would require more than this amount of data.
Another feature of analysis accelerators is that they offer extensive functionality for the off-load of data pre-processing tasks from the analysis application. This ensures that as few server CPU cycles as possible are used on data pre-processing and enables more analysis processing to be performed.
Carriers can assess the performance of the network in real time by continuously monitoring the network. This provides them with an overview of application and network usage. This information can also be stored directly to disk, again in real time, as it is being analyzed. This is typically used in troubleshooting to determine what might have caused a performance issue in the network. It is also used by security systems to detect any abnormal behavior in the past.
Performance degradations and security breaches can be discovered in real time, if the above concepts are taken a step further. The network data that is captured to disk can be used to build a profile of normal network behavior. By comparing this profile to real-time captured information, it is possible to detect anomalies and raise a flag.
When operating in a policy-driven SDN and NFV network, this kind of ability can be very useful. If performance degradation is flagged, then a policy can automatically take steps to address the issue. If a security breach is detected, a policy can initiate more security measurements and correlation of data with other security systems. It can also go so far as to use SDN and NFV to reroute traffic around the affected area and potentially block traffic from the sender in question.
SDN and NFV performance can be maximized through a policy-driven framework with the fundamental capabilities that network appliances with hardware acceleration can provide through real-time capture, capture-to-disk and anomaly detection.
Overcoming Challenges with Virtualization-Aware Network Appliances
Network appliances can be used in SDN and NFV environments to give real-time insight for management and security. But a key question remains: can network appliances be fully virtualized and provide high performance at speeds of 10, 40 or even 100 Gbps?
There are multiple ways in which network appliances are well positioned for virtualization. They are already based on standard server hardware with applications that are designed to run on x86 CPU architectures. The issue is performance. Virtual appliances are sufficient for low speed rates and small data volumes, but not for high speeds and large data volumes.
These high speeds cause performance challenges even for physical network appliances. That is why most high-performance appliances use analysis acceleration hardware. While analysis acceleration hardware does free up CPU cycles for more analysis processing, most network appliances still use all the CPU processing power available to perform their tasks. Therefore, virtualization of appliances can only be performed to a certain extent. If the data rate and the amount of data to be processed are low, then a virtual appliance can be used, even on the same server as the clients being monitored.
What needs to be taken into consideration is that the CPU processing requirements for the virtual appliance increases once the data rate and volume of data increase. At first, this will mean that the virtual appliance will need exclusive access to all the CPU resources available. But even then, it will run into some of the same performance issues as physical network appliances using standard NIC interfaces with regard to packet loss, precise time-stamping capabilities and efficient load balancing across the multiple CPU cores available.
The same constraints that affect the performance of physical appliances apply to virtualized ones, and they must be addressed. One way of addressing this issue is to consider the use of physical appliances to monitor and secure virtual networks. Virtualization-aware network appliances can be “service-chained” with virtual clients as part of the service definition. It requires that the appliance can identify virtual networks, typically done using VLAN encapsulation today, which is already broadly supported by high-performance appliances and analysis acceleration hardware. This enables the appliance to provide its analysis functionality in relation to the specific VLAN and virtual network.
In a practical phased approach to SDN and NFV migration, this can be a very useful solution. It is broadly accepted that there are certain high-performance functions in the network that will be difficult to virtualize at this time without resulting in performance degradation. A pragmatic solution is an SDN and NFV management and orchestration approach that takes account of physical and virtual network elements. This means that policy and configuration does not have to concern itself with whether the resource is virtualized or not, but can use the same mechanisms to “service-chain” the elements as required.
SDN and NFV need a conglomeration of current and new solutions to effectively manage and secure the network. These should be deployed under a common framework with common interfaces and topology mechanisms. With this in place, functions can be virtualized when and where it makes sense without affecting the overall framework or processes.
Performance for the Future
SDN and NFV are becoming more popular within data centers across the globe. Their agility and flexibility herald a new era for the network. However, the speed that these solutions enable create performance challenges that must be addressed. Network appliances are here to help, enabling the real-time insight organizations need to monitor, collect and analyze traffic as part of their management and security efforts. Future-focused network management will take the physical and virtual elements of assets into account, understanding their limitations and applying solutions. Virtualization-aware appliances are one such solution, enabling event-driven automation of policy decisions and real-time reaction to any events that occur.
To find out more on real-time monitoring, read the Aberdeen report Network on a Wire Update: Real-Time Live Network Data Boosts Performance and Network Satisfaction
Daniel Joseph Barry is VP of Marketing at Napatech and has over 20 years experience in the IT and Telecom industry. Prior to joining Napatech in 2009, Dan Joe was Marketing Director at TPACK, a leading supplier of transport chip solutions to the Telecom sector. From 2001 to 2005, he was Director of Sales and Business Development at optical component vendor NKT Integration (now Ignis Photonyx) following various positions in product development, business development and product management at Ericsson. Dan Joe joined Ericsson in 1995 from a position in the R&D department of Jutland Telecom (now TDC). He has an MBA and a BSc degree in Electronic Engineering from Trinity College Dublin.