NFV: Turning network activities into software
Network functions virtualization promises to save time and money by running components such as firewalls and intrusion detection as virtual machines.
Federal agencies are just beginning to explore the potential of software-defined networking, and now they have a complementary technology to consider: network functions virtualization.
In essence, SDN provides a software layer that seeks to absorb the complexities of network management. The idea is to make networks centrally programmable via software to make them easier to administer and faster to configure. To date, SDN has had limited impact on the federal space. The Energy Department's Energy Sciences Network (ESnet) and National Science Foundation-funded university projects are among the principal examples of SDN use in government.
NFV, which is also just getting underway, separates network functions such as firewalls, load balancing and intrusion detection and runs them as virtual machines housed on a generic server. Although NFV differs from the sweeping architectural overhaul envisioned for SDN, the two approaches share a common goal: to make networks less complex and costly to manage. Indeed, industry and government executives view the two technologies as intertwined to a significant extent.
Why it matters
Enterprise networks typically rely on large numbers of specialized devices to handle networking functions, which adds to the expense and logistical challenges of running a network. NFV seeks to reduce the glut of devices by performing those activities via software instead.
In other words, network functions once encased in specialized hardware can run on a general-purpose server, said Inder Monga, chief technologist and area lead for network engineering, tools and research for ESnet. The approach has the potential to reduce network costs because it shrinks the device population.
Chris Wright, a principal software engineer at Red Hat, said NFV represents a transition for an industry in which network functionality has traditionally been trapped in hardware. It virtualizes networking functions and runs them as software in a cloud-like infrastructure.
"It is a fairly fundamental architectural shift for how you provide your infrastructure as a service," Wright said.
As a result, organizations can more readily keep pace with network and customer demands. They can quickly offer new services or modifying existing ones because the changes are accomplished in software, which is much easier than deploying a new box, he added.
Sudhir Verma, chief technology officer at IT solutions provider Force 3, said organizations' biggest complaints about providing network services are the time and cost of making changes.
"If I go with NFV and start virtualizing some of the aspects of the network management, I can contain costs and support customers in a better way," Verma said, summarizing the appeal of the technology.
The fundamentals
NFV is expected to work in close association with SDN. Both technologies emphasize using software to perform key networking jobs, but they operate at different levels. SDN removes a network's control plane from its usual home in switches and routers and makes it a software operation. The control plane's job -- determining how traffic will move across a network -- is transferred to a piece of software called an SDN controller, which is used to program network devices and manage the traffic flow to and from devices.
A server or servers running virtualized network functions would fall under the management purview of an SDN controller. The networking functions deployed as virtual machines must work in concert with one another, so they need something to steer traffic between them.
"That is what the SDN controller does," Wright said. "We see an SDN controller as part and parcel of an NFV solution. In most cases, we see them going hand in hand."
Based on the organization's policy, SDN can route flows to a stack of inexpensive servers that run a firewall or intrusion-detection system, Monga said, with those policy-based decisions taking place on the centralized SDN controller.
"SDN is a new way to manipulate the network, and NFV is a new type of infrastructure to be manipulated," said Kelly Herrell, vice president and general manager of Brocade Communications Systems' software networking business unit.
The "black box" that typifies the traditional network infrastructure is in for a change with network virtualization. Herrell said NFV replaces the black box with industry-standard servers that run enterprise network functions as virtual machines. Both SDN and NFV seek to "increase the agility and increase the cost-efficiency of networks," he added.
Herrell said industry-standard x86 servers cost far less than proprietary networking equipment, and Intel's long-term initiative to make servers better at running networks is a key part of that direction. Brocade's Vyatta vRouter has achieved thousand-fold performance improvements over the past few years, Herrell noted, attributing the improvement to both Intel hardware upgrades and Brocade's software code.
"Intel's force is being brought to bear in the networking world," Herrell said.
Brocade's NFV solutions include both the Vyatta vRouter and the Virtual ADX. Other vendors active in the NFV market include Alcatel-Lucent, Cisco Systems, Hewlett-Packard and Juniper Networks.
NFV solutions were a key focus at the Mobile World Conference in Barcelona in February, and overshadowed SDN to some degree.
In fact, NFV can exist without SDN. For example, an organization might want to virtualize one network function, which can be done without an SDN controller, Wright said.But deployments that involve a more-complex virtual network topology will take advantage of SDN.
"If you virtualize more and more of the infrastructure, SDN does become a requirement," Wright said.
The hurdles
A lack of proven products often slows the adoption of new technology. But Herrell said the first federal deployments of NFV-like solutions happened before the term was coined in October 2012. At that time, a group in the European Telecommunications Standards Institute effectively defined the market when it published an introductory white paper on NFV.
In general, industry watchers view service providers and carriers as the main markets for NFV gear thus far. Greater government influence will probably hinge on wider SDN deployment, which remains in its infancy. Agencies are looking into SDN, but few have gone much further than that.
The Defense Information Systems Agency, for example, "has been examining SDN to determine how it can help in our efforts to modernize DOD networking and deliver the Joint Information Environment," a Defense Department spokesman said.
The spokesman added that DISA is seeking to determine how SDN can best be integrated into its milCloud capability, which operates as an infrastructure-as-a-service and provisioning orchestration system installed in two data centers.
Competing network needs are affecting the rate of adoption. "The major pacing factor for DISA is simply balancing with the numerous other operational priorities that come from providing a global IT network that support the nation's warfighters every day," the spokesman said.
Pending wider SDN deployment, agencies might gain experience with NFV through highly specific use cases. For instance, Herrell said NFV could find a role in tactical networks used in land vehicles such as Humvees. NFV reduces footprint, heat output and weight because it provides the necessary network functions virtually.
"No additional hardware needs to reside inside the vehicle, which is already cramped with equipment and people," he said.
NFV also comes to agencies indirectly via cloud service providers. Herrell said Amazon Web Services and Rackspace started incorporating NFV into their federal cloud offerings in the past 12 months.
Note: This article was updated on March 24 to correct the spelling of Kelly Herrell's name.
NEXT STORY: Even Barack Obama May Get Rid of His BlackBerry