TEMPERING EXPECTATIONS AND MAKING NFV A REALITY

WHITEPAPER

The Definitive Guide to vCPE

2

Software-defined networking (SDN) and network functions virtualization (NFV) are consistently lumped together in the information and communication technology community, but in recent years their maturation processes are far from similar. It wasn’t long ago that the hype surrounding SDN reverberated in every corner of the ICT community; but networking professionals have come to the conclusion that centralizing management of software-defined networks is further off than previously expected.

In contrast, NFV often existed in the shadow of SDN; but in recent years NFV has surged ahead as communications service providers search for ways to rebuild their revenue streams in the wake of cloud and OTT success. Physical customer premise equipment (P-CPE) has long supported legacy revenue streams with dedicated appliances deployed at customer premises. However, the industry is realizing that virtualization is necessary for prolonged survival.Virtual customer premise equipment (vCPE) has emerged as a leading application for delivering the NFV promise—to move hardware appliance functionality to software on commercial platforms the way data centers have. However, as the “new kid on the block,” vCPE has been somewhat idealized to the point where its complexities have been overshadowed by its potential benefits.

While vCPE has the potential to deliver the NFV benefits that service providers sorely need, it isn’t without its challenges. Understanding the real implications of vCPE is an essential first step for service providers looking to realize the NFV promise; and even though the challenges seem daunting, there are ways to overcome them.

INTRODUCTION

TWO WAYS TO IMPLEMENT VCPE —ON PREMISES AND IN THE CLOUDWhen considering the vCPE path, service providers must first decide whether they want to virtualize their existing P-CPE on customer premises or shift to a cloud-based model. Each approach has its benefits, but neither is a perfect answer to current service provider challenges.

The customer premises are a natural fit for vCPE deployments. The benefits of this approach are directly related to the virtualization of dedicated appliances into software on x86 servers. This virtualization gives service providers the opportunity to consolidate functionality. Multiple functions can be loaded onto a single server, theoretically simplifying management and facilitating more rapid upgrades.

“Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it. And to make matters worse: complexity sells better.”

Edsger W. Dijkstra

3

At its most basic level, on-premises vCPE enables service providers to avoid buying a whole set of different dedicated appliances—but they don’t get the general benefits of cloud-based virtualization. That is, they do not benefit from pooling of servers and network resources (meaning every increase in server resources at customer premises would still require truck roll deployment).

In the cloud-based vCPE scenario, service providers can run virtualized network functions (VNFs) implemented anywhere rather than being relegated to certain areas of the customer premises. Moving to the cloud provides the same benefits in the communications service provider space as it does in data centers—most notably improved resource allocation management, statistical multiplexing, and the ability to sell outsourced services.

With the ETSI NFV Framework standard driving vCPE organization and management, it’s easy to believe that implementing these NFV delivery mechanisms is a simple task.

However, there are challenges that can diminish these benefits and many industry pundits aren’t talking about them within the vCPE discussion.

ON-PREMISES IN THE CLOUD

There are a number of anticipated vCPE benefits that service providers and customers alike believe will be simple to obtain, including:

Freedom to customize

services to specific customer needs

The ability to shop for

best-of-breed solutions

For Service Providers the ability to offer

leased services for new revenue

streams

For Enterprises

peace-of-mind as upgrades

and security are outsourced

Lower equipment costs

Elimination of truck rolls

4

THE VCPE CHALLENGES NO ONE WANTS TO TALK ABOUTIn theory, vCPE (on-premises and cloud-based) is entirely feasible. But that’s the problem—there are underlying roadblocks to success that the industry hasn’t recognized, even in early implementation. These challenges can be broken down into three key issues: virtualization issues, NFV platform issues, and link issues.

VIRTUALIZATION ISSUESThe first virtualization issue is the challenge of functional distribution. While on-premises vCPE and cloud-based vCPE are two approaches to this NFV mechanism, the reality is that service providers and their customers will have to implement a combination of the two. Carriers are left to choose where to place each VNF. The more functionality built into the cloud, the more control a carrier has over those VNFs. Moreover,

the elasticity of the cloud cannot be applied to all functions.

The need for on-premises vCPE undermines the idea that this approach to NFV saves on CapEx. The equipment left on premises, in the end, might be as expensive as the equipment used to split functions off into the cloud. The decisions that must be made between physical, virtual on-premises, or virtual cloud implementations for each function are cumbersome enough without even considering the fact that this challenge blocks some of the idealized benefits of vCPE.

When making your distribution decisions, consider the following practical functional allocations:

ON-PREMISES FUNCTIONS CLOUD-LOCATABLE FUNCTIONSTermination points Routing and multicast

Enterprise network monitoring Session border control

Layer 2 forwarding NAT and/or DHCP

Access link encryption Layer 2 and Layer 3 VPN

Ethernet access IPSec

WAN load balancing Security (firewalls, DPI, DDoS, etc.)

WAN optimization Caching

5

This isn’t an exhaustive list of functionality by any means, but might help carriers decide whether to virtualize at the customer premises or within the WAN.

In addition to the issues surrounding functional distribution of VNFs, carriers must also contend with the dramatically increased complexity of function management with vCPE. ETSI may have created the NFV MANO standardization to help carriers frame their vCPE implementation, but that doesn’t mean it’s simple. These are the three key components of the NFV MANO framework:

Following the NFV MANO framework will require an entirely new set of skills for engineers working at communications service providers. In addition to understanding all of the nuances of legacy P-CPE management, vCPE implementation requires new knowledge of cloud management, agile cloud services, cloud security, and more.

NFV PLATFORM ISSUESThe NFV issues surrounding vCPE implementation revolve around the “platform vs. appliance” debate. There is a major gap between the ASICS dedicated appliances that populate traditional P-CPE and commercial x86 servers that support vCPE.

While the commercial servers cost less than ASICS appliances, they consume significantly more power and have a fraction of the throughput. For example, a platform-based firewall might only have 10 Gbps throughput at 600W power consumption (for $5000) while an ASICS firewall would have 60 Gbps throughput at 250W power consumption (but for $50,000). Add to that the murky financials regarding VNF licensing costs and the idealized cost savings of vCPE deployments all but disappear.

The question carriers must answer is “how many commercial servers will it take to equal the performance of a dedicated appliance?”. The answer isn’t always clear, but there is more for carriers to think about than CapEx. With P-CPE, customers would pay for energy costs because the appliances existed on premises. When moving to cloud-based vCPE, carriers must incur the energy costs because they are managing the equipment, presenting an OpEx dilemma that service providers haven’t experienced before.

For example, annual energy costs could reach $500k in a customer environment with 1000 servers—and that’s without factoring in any cooling costs which double the costs of electricity bills.

THE NFV ORCHESTRATOR: This is a kind of “magic box” that determines how services fit together at the application layer. It is responsible for on-boarding new VNFs, and managing global resources, coordinating resource requests from customer portals and service provider OSS.

THE VNF MANAGER:At a lower level, this component monitors VNF instance lifecycles and coordinates configuration reporting and control between the NFVI and E/NMS.

THE NFVI MANAGER:The virtualized infrastructure manager controls compute, storage, and network resources for the network of vCPE network platforms.

5

6

LINK ISSUESSacrifices must be made when distributing VNFs across the cloud and customer premises: double encryption and tromboning/latency just to name a couple.

When all equipment presides on the customer premises, engineers have complete access to pre-encrypted cleartext which is necessary to process data for any services. However, cleartext can’t be sent into the cloud without encryption—unencrypted cleartext is just asking for a cyber attack.

This means that in a vCPE scenario, carriers must install encryption between the customer edge vCPE and the service provider cloud network. Data must then be decrypted in the cloud for processing and encrypted again when returned to the customer vCPE. This double encryption can be tough on computing resources and ultimately drives up OpEx. The problem isn’t that double encryption doesn’t work—it’s that encrypting data twice is inefficient. Thus, putting applications in the cloud is inefficient for typical vCPE implementations.

A similar inefficiency is found in tromboning scenarios. Tromboning occurs when traffic must be sent to a remote location, processed, and then returned. This might happen in small quantities per customer with DHCP, DNS, and AAA—but these small instances can become a burdensome problem for carriers. When enough links have been congested by tromboning, latency occurs and customers experience tens of milliseconds added to response times—especially if data is travelling hundreds of kilometers to a remote data center.

These three key issues regarding vCPE implementation—virtualization issues, NFV platform issues, and link issues—seem to portray a bleak future for the idealized NFV mechanism. However, there are solutions to these challenges that, while not easy, can help vCPE realize its potential and the industry’s expectations for it.

6

7

THREE STEPS TO OVERCOME THE VCPE ROADBLOCKSThere are three steps that carriers can take to mitigate vCPE challenges—NFV acceleration, NFV at the network edge, and the hyper-converged cloud.

NFV ACCELERATIONThe truth is that x86 servers just aren’t efficient for all VNFs. They are particularly well-suited for the cloud because most cloud applications tout a very high ratio of CPU cycles versus input/output cycles. Some VNFs, on the other hand, have many more input/output cycles per CPU cycles, so there is a need for greater efficiency in vCPE.

The solution is to have ASICS working together with carrier CPU to ensure anything based on the data path is offloaded to accelerators while application logic remains in the x86 servers.

1

PUSH NFV TO THE NETWORK EDGE Service providers often put VNFs in the cloud network because doing so creates valuable economies of scale. However, some virtualized functions just don’t work well in a centralized cloud—especially many of the more advanced use cases such as M2M, IoT, and mobile edge computing (MEC), that have a high frequency of

interactions and low latency response requirements. As a result, there is growing necessity to push NFV to the network edge.

By placing VNFs at the network edge rather than anywhere in the cloud network, latency can be significantly reduced for customers, and tromboning can be relegated to the last mile. For the advanced computing demands coming down the communications service provider pipeline, high latency won’t be acceptable.

2

TAKE ADVANTAGE OF THE HYPER-CONVERGED CLOUDThis step ties directly into the push for NFV to exist at the network edge. The goal is to make distributed cloud computing more efficient by converging compute, networking, storage, utilities, and management components into a single node as opposed to existing in separate environments.

When each customer edge node is its own micro-cloud, carriers can create more distributed management under which policy management might be taken care of centrally while appliance management can still be taken care of locally. This capability simplifies the complexities of vCPE management that have been discussed thus far by taking advantage of the benefits of both on-premises equipment and cloud-based equipment.

3

7

Contact ECI today to learn more about ECI’s Mercury NFV solution

ABOUT ECIECI is a global provider of ELASTIC network solutions to CSPs, utilities as well as data center operators. Along with its long-standing, industry-proven packet-optical transport, ECI offers a variety of SDN/NFV applications, end-to-end network management, a comprehensive cyber security solution, and a range of professional services. ECI's ELASTIC solutions ensure open, future-proof, and secure communications. With ECI, customers have the luxury of choosing a network that can be tailor-made to their needs today – while being flexible enough to evolve with the changing needs of tomorrow. For more information, visit us at w w w.e c i t e l e .c o m

DON’T BE FOOLED BY THE PROMISE OF VCPE SIMPLICITYSimplicity is a great virtue, but it requires hard work to achieve it and education to appreciate it. And to make matters worse: complexity sells better.” –Edsger W. Dijkstra

Even though vCPE has been touted as a simple, intuitive NFV solution on the surface, it’s clear that there’s far more to this technology than some vendors would have service providers believe.

vCPE and NFV will no doubt achieve maturity in the next few years. The question is how will your organization adopt this technology? What steps are you taking today to ensure the proper implementation of vCPE and other VNFS? And how can you make the transition from ‘old school’ transport to ‘new age’ virtualization more easily?

ECI would very much like to be part of your decision making process. Whether you are just testing the waters or ready for an “all out” implementation, our experts are ready to share from our experience.