7 FALLACIES OF NETWORK FUNCTION VIRTUALIZATION
Steven Wright, MBA PhD JD
Chair, ETSI NFV ISG
© ETSI 2015. All rights reserved
The Seven Fallacies* Recast to NFV
The network is reliable. -> VNF Designs assume the NFVI is NOT reliable
Latency is zero. -> Predictable Performance Matters
Bandwidth is infinite. -> Bandwidth Bottlenecks Occur
The network is secure. -> Security by Design is Needed
Topology doesn't change. -> Change is Continuous
There is one administrator. -> Independent Administrations Exist
Transport cost is zero. -> Cost is Complicated
The network is homogeneous. -> NFVI Heterogeneity is normal
© ETSI 2015. All rights reserved
* With apologies to L. Peter Deutsch for the meme “the 7 fallacies of distributed computing”
VNF Designs Assume the NFVI is NOT reliable
REL002: Scalable Architectures for Reliability Management• Goal – Develop an Informative Technical Report that:
• Examines Cloud/Data Center Techniques for Reliability Management for delivery of High Availability
• Develops Scalable Methods for Managing Network Reliability in NFV Environment
• Scope:• Describe various types of conditions where Scalable Methods apply:
• Resource failures
• Bursty Traffic Conditions
• Describe scale-out techniques for instantiating new VNFs for such conditions
• Provide corroborating lab results
Predictable Performance Matters
© ETSI 2015. All rights reserved
Computing
Hardware
Storage
Hardware
Network
Hardware
Hardware resources
Virtualisation LayerVirtualised
Infrastructure
Manager(s)
VNF
Manager(s)
NFV
OrchestratorOSS/BSS
NFVI
VNF 3VNF 1
Execution reference points Main NFV reference pointsOther reference points
Virtual
Computing
Virtual
Storage
Virtual
Network
NFV Management and Orchestration
EM 2 EM 3EM 1
Or-Vi
Or-Vnfm
Vi-Vnfm
Os-Ma
Ve-Vnfm
Nf-Vi
Vn-Nf
Vl-Ha
Service, VNF and
Infrastructure
Description
VNF 2
IFA002
Acceleration
Resources
IFA004
IFA001: overview
IFA003: vSwitch benchmarking / requirements
EVE001
IFA011
IFA006
IFA005
REL: accelerator state migration
SEC: EPD plugins, isolation acceleration
TST: involvement
Hypervisor
virtio
Deployment flavors, VDUs
accelerationCapabilities
SWA VNFC-VNFC
KPI (EVE006:
DMTF? QUEST?)
IFA003
Acceleration & NFV Reference Points
Security by Design is Needed
Problems identified in the NFV Security Problem Statement• Topology Validation and Enforcement
• Availability of Management Support Infrastructure
• Secured Boot
• Secure Crash
• Performance Isolation
• User/Tenant Authentication, Authorization, and Accounting
• Authenticated Time Service
• Private Keys within Cloned Images
• Back-doors via Virtualized Test and Monitoring Functions
• Multi-Administrator Isolation
• Security monitoring across multiple administrative domains (i.e., lawful interception)
http://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/001/01.01.01_60/gs_NFV-SEC001v010101p.pdf
Change is Continuous
© ETSI All rights reserved
“…high-level objectives of NFV are: Rapid service innovation through software-based deployment and operationalization of network functions and end-to-end services...” GS NFV 001
“…Services can be rapidly scaled up/down as required.” Operator NFV Whitepaper #1
“…capabilities needed for the continuous delivery of service in conformance with the service specification…” Operator NFV Whitepaper #2
“Technology-driven innovation, where rapid development, continuous integration, deployment, and experimentation, meet business and service operations agility and enable the migration to next generation operations.” GS NFV MANO 001
Cost is Complicated
© ETSI All rights reserved
Obtain
Install
Maintain
Custom SW
Obtain
Install
Maintain
Custom HW
Existing Network Function
Maintain
Obtain
Install
Maintain
Custom SW #1
Obtain
Install
Maintain
COTS HW
Virtualized Network Functions
Obtain
Install
Maintain
Custom SW #2
Figure 19 GS NFV INF 001
• Lots of TCO Tradeoffs:
• Capex / Opex/ Time to Market
• Compute/Storage/network
• Direct / Indirect costs,
• etc
Scope: Guidelines for NFVI node ARC:
HW resources compute, storage, &
network, to construct & support the
functions of an NFVI node
General Principles & Key Criteria:
• Racks, Processors, Power,
Interconnections, Cooling,
• Hardware Platform Management
• Open Compute Project Illustration
NFVI Heterogenity is normal
EVE003: NFVI Node Architecture
Report
EVE003 Scope
ComputingHardware
StorageHardware
NetworkHardware
Hardware resources
Virtualisation LayerVirtualised
InfrastructureManager(s)
VNFManager(s)
NFV Orchestrator
OSS/BSS
NFVI
VNF 3VNF 1
Virtual Computing
Virtual Storage
Virtual Network
NFV Management and Orchestration
EM 2 EM 3EM 1
Or-Vi
Or-Vnfm
Vi-Vnfm
Os-Ma
Ve-Vnfm
Nf-Vi
Vn-Nf
Vl-Ha
Service, VNF and
Infrastructure
Description
VNF 2
Top Related