network function virtualization whitepaper download

PROCERANETWORKS.COM1

NETWORK FUNCTION VIRTUALIZATION Network Functions Virtualization (NFV) is a major strategic initiative for network operators

worldwide. In January 2013, the European Telecommunications Standards Institute (ETSI)

launched an initiative sponsored by seven of the largest operators in the world: AT&T, BT,

Deutsche Telekom, Orange, Telecom Italia, Telefonica and Verizon to establish requirements

and an architecture for the virtualization of network functions. In a relatively short time, the

number has increased to over 150 operators, vendors, and technology providers. Data center

solutions have leveraged virtualization technology for years, but the telecommunications

network has not widely adopted the technology for its infrastructure for a number of reasons,

but operators wanted to change that through the ETSI process. These network operators see

tremendous potential in NFV for telecommunications deployments. The stated benefits from

the NFV ISG include1:

• Reduced operator CAPEX and OPEX through reduced equipment costs and reduced

power consumption

• Reduced time-to-market to deploy new network services

• Improved return on investment from new services

• Greater flexibility to scale up, scale down or evolve services

• Openness to the virtual appliance market and pure software entrants

• Opportunities to trial and deploy new innovative services at lower risk

The goals from the ETSI NFV Industry Specification Group (ISG) for the standards framework

is to address the technical challenges for NFV, which include2:

• Ensuring that virtualized network platforms will be simpler to operate than what

exists today

• Achieving high performance virtualized network appliances, which are portable between

different hardware vendors and hypervisors

• Achieving co-existence with legacy hardware based network platforms whilst enabling an

efficient migration path to fully virtualized network platforms which re-use network operator

existing BSS and OSS

• Management and orchestration of virtual network appliances (particularly alongside legacy

management systems) while ensuring security from attacks and misconfiguration

• Maintaining network stability and service levels without degradation while under load or

during relocation

• Ensuring the appropriate level of resilience to hardware and software failures

Leveraging State-of-the-Art Intel and HP

platforms to create an Internet intelligence Virtual

CPE solution for Enterprise Services

Network Function Virtualization:PacketLogic Virtual Network Function as a Service for Enterprises

WHITEPAPER

1. http://www.etsi.org/index.php/news-events/news /644-2013-01-isg-nfv-created

2. http://www.etsi.org/technologies-clusters /technologies/nfv

PROCERANETWORKS.COM2

WHITEPAPER

• Enable the creation of virtual network appliances which will run, ideally without

recompilation, on any hypervisor and hardware configuration, and integrate “on the fly” into

the network operators’ existing EMS, NMS, OSS, BSS and orchestration systems.

• Requirement analysis for future technical specifications and standards in ad hoc

standardization organization and groups to be identified or created at ETSI and other

relevant standards development organizations.

HP, Intel, and Procera Networks are all members of the ETSI NFV ISG, and have joined

together to work on specific NFV use cases that leverage Intel processing, HP hardware

platforms, and Procera Networks Internet intelligence solutions.

VIRTUAL CPE SOLUTIONSThe ETSI NFV ISG has defined a number of different use cases as part of the expected

deployment of NFV in service provider networks. This white paper describes one of those

use cases, a Virtual CPE implementation of the Procera solutions. The Virtual CPE use case

falls under the Virtual Network Function as a Service (VNFaaS) description in ETSI GS NFV

001 V1.1.1 Network Function Virtualization (NFV) Use Cases. An architecture diagram of the

different NFV use cases (including Virtual CPE) is shown in Figure 13

NFV USE CASES

Figure 1

Virtualisation ofBase Station (cBS)

Virtualisation ofMoble CDNs

Virtualisation ofMoble Core/IMS

Virtualisation ofHome and

Enterprise Networks

VNF Forwarding Graph

VBsLTE

VBs3G

vBS2G

vBSWiMax

HW

C-PlaneADSL

C-PlaneVDSL

C-PlaneITU-T/G

HW

DNS

VNF

DHCP SGW Firewall

HW HW HW

HW HW

RGW NAT STB

HW HW

CON 1 CON 2

HW HW

Virtualisation ofFixed Access

FTTB

/C FTTdp

FTTH

HW

CSCF SGW CSCF

HW

HW Hardware resources

VNF

Hardware resource pool

HW HW HW

CSCF AppServer

HW HW HW HW

MME CSCF LB DHCP

HW HW HW HW

AppServer

VNF VNF VNF VNF

PGW AppServerSGW

MME

3. http://portal.etsi.org/NFV/NFV_White_Paper2.pdf

3 PROCERANETWORKS.COM

The concept of Virtual CPE is very exciting to managed services solution providers, as it

provides superior service flexibility and enables the operator to use of best-in-breed solutions

as needed to provide specific service functions. The vCPE solution can be deployed either

at the customer premise or in the provider’s “cloud” as a managed service. Dedicated,

standalone appliances often do not deliver the right combination of capabilities and also tie

the enterprise to a specific vendor’s platform until they can depreciate the investment. “Virtual

Router” based solutions do exactly the same thing, often with even more limited functionality.

The virtualization capabilities being introduced by NFV offer a huge opportunity for network

operators looking to offer differentiated managed enterprise services with a major reduction

in CAPEX required for service launches. Through the use of common hardware and best-in-

breed VNF capabilities, a managed services solution can be offered to any customer that has

broadband access into the provider “cloud”. The ETSI GS NFV 001 V1.1.1 Network Function

Virtualization (NFV) Use Cases document calls out the different potential locations for the vCPE4

4. http://www.etsi.org/deliver/etsi_gs/NFV/001_099/001/01.01.01_60/gs_NFV001v010101p.pdf

VCPE FROM NFV WHITEPAPER

Figure 2

Branch

BranchBranch

IP BackboneCustomer SiteVirtualisation

Network Edge Virtualisation

Non-virtualized CPE

vE-CPE deployed at various locations

Centralized Corporate IT Infastructure

Branch

vE-CE

vE-CE

vE-CENFVLPoP

PACKETLOGIC VIRTUAL NETWORK FUNCTIONProcera’s PacketLogic solutions are deployed in service provider networks to gain insights into

network and subscriber behavior as well as to take action in order to provide a high quality of

experience for their broadband consumers. These solutions can be deployed in the access

network, aggregation layer, network core, or at the peering point to provide different network

views and services, including virtual and hardware-based solution options.

CASE STUDYWHITEPAPER

Figure 3

PACKETLOGIC DEPLOYMENTS

AC

Access

DSL

WIFI

BRAS

Router

WAN Edge

HIGH-ENDENTERPRISE

FTTHFTTH Aggregation

CABLE

2G/3G/LTE

RNCSGSNSGW

CMTS

PCRF

PSM

PIC

PL20000

OCS AAA/HLR/HSS

Packet Core

Internet

GGSNPGW

Offload

VAS• Optimization• Parental Control• Caching/CDN• URL Filtering• Advertising

Cloud Services

Traditionally PacketLogic solutions have been tied to specific off-the-shelf hardware platforms

based on Intel technology. Although PacketLogic has always been hardware independent,

to achieve the performance and scalability that our customers demanded required tight

integration with whatever hardware platform we were deployed on. However, with the

introduction of the PacketLogic/V solutions, Procera has de-coupled our software from the

underlying hardware platform to deliver on the premise of NFV.

PacketLogic/V platforms offer all of the software capabilities offered on its hardware-based

PacketLogic platforms available on COTS virtual machine environments running on COTS

hardware. All three of the functional components that make up Procera PacketLogic

software – real-time enforcement, subscriber manager, and intelligence center – can be

readily provisioned without the need for purchasing vendor-specific, single-use hardware

configurations or purpose-built hardware that are typically needed by competing systems.

PacketLogic/V platform components run as individual Virtual Network Function Components

(VNFC) that are part of ESTI-defined Virtual Network Function (VNF) environment that a

network operator would need to support a PacketLogic analytics or enforcement solution.

The solution would be managed by a VNF management solution as well as the APIs that

are included as part of the PacketLogic solutions. This provides the ultimate flexibility in

provisioning computing resources and PacketLogic software licenses to gather high-resolution

Internet intelligence in order to provide detailed subscriber-centric analytics and support for

intelligent, real-time policy enforcement.

The Enterprise Service Offerings delivered by the PacketLogic VNF fall into two different

Procera solution families: Gain Insight and Take Action.



Gaining Insights leverages the fine-grained visibility of the PacketLogic Internet Intelligence

solutions, and can be used to provide an enterprise with a greater understanding of their

usage of broadband and Internet bandwidth. Those insights can be turned into Actions using

the real-time policy enforcement capabilities of PacketLogic, and this creates a powerful

solution that offers both real-time and historical perspectives as well as the ability to manage

enterprise network traffic.

CPECPE

CPE CPE

CPEPE

PE

PEService Provider Core

Enterprise

Enterprise Enterprise

VNFVNFVNFVNFVNFVNFVNF

CPECPE

VNFaaSService Utility

Figure 4

vCPE DEPLOYMENT OPTIONS

Some of the services that can be offered to enterprises with this solution include:

• Advanced Usage Reporting and SLA Verification

The Internet Intelligence Center enables operators to deliver customized, detailed real-

time and historical reporting and analytics to the end customer. This information can be

used to provide value-added reports to the customer, or to help verify the billing and SLA

information that is part of the customer’s managed services contract. The information

available in PacketLogic includes not only the bandwidth and volume of data used, but also

application, content, device, quality, latency, and congestion reports (packet drops) for how

the network behaves during times of congestion.

• Regulatory Compliance and Data Retention

Many enterprises have specific regulatory compliance standards (financial institutions for

example) that require them to log specific application traffic or access logs. PacketLogic

includes a number of different high-volume logging technologies that can be used to

selectively retain audit logs for specific policies on the enterprise network. These

policies can be based on specific users, servers, applications, content, or even cloud-

based services.





• Traffic Management

PacketLogic solutions have sophisticated traffic management and fair usage capabilities.

Enterprises can manage users, user groups, applications, content, and even specific

devices based on time of day, day of week, bandwidth, and connection consumption to

ensure that their business critical data is prioritized over recreational traffic or less important

traffic during peak times or during network congestion. Examples might be de-prioritizing

recreational video streaming outside of lunch or break times, removing bandwidth limits

during off hours, or prioritizing access to salesforce.com during quarter close for sales-

oriented businesses. In addition to simply managing the traffic, PacketLogic can provide

detailed reports on which users or applications were affected by traffic management and

how much latency or packet drops were introduced for the affected traffic.

• Application Firewalling and Control

Although PacketLogic is not a traditional firewall, it can use the application and content

signatures to restrict the use of specific applications. These controls can also be based

on users, user groups, users, user groups, applications, content, and even specific

devices based on time of day, day of week. These controls allow finer grained control

than most firewalls, as they are based on true layer 7 capabilities, and can even detect

applications that morph their signatures when confronted with firewall solutions. Common

applications that fall into this category include peer-to-peer, Skype, Tor, and other encrypted

applications, which are hit-and-miss even with more advanced firewalls.

• Content Control

ContentLogic enables the PacketLogic solutions to add content categorization to the

existing application signatures. With ContentLogic, enterprises can manage access to

different categories of content to ensure that inappropriate content in the workplace or

limit recreational content during peak work hours. Categories of content include social

networking, pornography, job hunting, news, and over 100 other classifications.

• Carrier Grade NAT

PacketLogic also includes Network Address Translation functionality to minimize the

number of VNFs needed to transition the enterprise’s private address space into publicly

accessible Internet addresses. This helps both the service provider and enterprise manage

address space consumption while still providing user-level visibility for policy enforcement

and analytics.

• Advanced Traffic Steering

Many enterprises utilize application delivery controllers to load balance or divert specific

applications or services to value added services systems like WAN optimization or caching

appliances. Rather than implementing a separate VNF for this, PacketLogic includes these

functions to simplify network deployments and enable a single point of Layer 7 control and

visibility in a managed service.

Through the PacketLogic/V implementation of NFV, these solutions enable an extremely

rich service offering with minimal hardware cost and maximum flexibility. Operators offering

managed services can now monetize these capabilities without requiring yet another piece of

CPE at the customer site.

SOLUTION TESTING DETAILSThe test environment used to demonstrate a PacketLogic Virtual CPE deployment was as

shown in the diagram and detailed in Figure 5.

Figure 5

VIRTUAL CPE TEST ENVIRONMENT

VNF-M vPIC vPSM vPRE

HP DL380 server

Intel® Xeon® E5-2697 v2

processors @ 2.70Ghz

KVM virtualization manager

Breaking Point traffic generator

Procera Solutions:

PacketLogic Real-Time Enforcement

PacketLogic Subscriber Manager

PacketLogic Client

PacketLogic Element Manager

Internet Intelligence Center Insights

The test consisted of creating instances of PacketLogic VNFs on the HP hardware and

dedicating a specific number of Intel cores and memory to a PacketLogic/V instance. The

solution was managed with the PacketLogic Element Manager and the PacketLogic Client,

analytics and visualization for the CPE instance performed by the Internet Intelligence

Center Insights solution. The Breaking Point traffic generator was used to generate a mix of

application traffic that would be classified by the PacketLogic VNF for the enterprise service.

The PacketLogic VNF was configured to use the following parameters for each vCPE instance:

CPU: Intel® Xeon® CPU E5-2697 v2 @ 2.70GHz, 4 CPU cores

Memory: 8G of RAM per instance



Figure 6

CPU USAGE

Figure7

FORWARDING RATE



Copyright © 2015 Procera Networks. All rights reserved. All other trademarks are property of their respective owners. PROCERANETWORKS.COM

ABOUT PROCERA NETWORKSProcera Networks, the global Subscriber Experience company, is revolutionizing the way operators and vendors monitor, manage and monetize their network traffic. Elevate your business value and improve customer experience with Procera’s sophisticated intelligence solutions. For more information, visit proceranetworks.com or follow Procera on Twitter at @ProceraNetworks.

CORPORATE OFFICES Procera Networks, Inc. 47448 Fremont Blvd Fremont, CA 94538P. +1 510.230.2777F. +1 510.656.1355

CORPORATE OFFICES Procera NetworksBirger Svenssons Väg 28D 432 40 Varberg, Sweden P. +46 (0)340.48 38 00F. +46 (0)340.48 38 28

ASIA/PACIFIC HEADQUARTERS Unit B-02-11, Gateway Corporate Suite, Gateway KiaramasNo. 1, Jalan Desa Kiara, Mont Kiara 50480 Kuala Lumpur, Malaysia

Copyright © 2015 Procera Networks. All rights reserved. All other trademarks are property of their respective owners. PROCERANETWORKS.COM

If we extrapolate the performance for a full system dedicated to the PacketLogic VNF using

the full capabilities of the Intel-powered HP platform, a single DL380 could deliver up to 8

vCPE instances on a single server, providing a huge benefit for an operator looking. This

capacity could be subdivided into a large number of VNFs, providing an easy-to-calculate

ROI based on the number of equivalent dedicated hardware units that would have needed

to be purchased. The ROI would also include the cost of truck rolls that would be required to

deploy the solution, which is often more expensive than the cost of the hardware

solution itself.

SPECTRUM OVERVIEWIn our increasingly connected world, it has become clear that thoughtful sharing of inspiration

and resources accelerates the development and application of technologies that benefit us

individually and collectively. It’s on this premise that HP and Intel have created SPECTRUM,

a program designed to accelerate the development and application of technologies for

Telecommunications Solution Builders.

SPECTRUM enables developers of hardware and software to deliver solutions to meet

the challenges of the telecommunica-tions markets. SPECTRUM is also an engine

designed to empower developers to address market challenges with cost-effective,

power efficient, industry-standard technologies from HP and Intel.

v20161115


network function virtualization whitepaper download

Documents