What does network functions virtualization mean?
Network function virtualization (NFV) is about virtualizing network functions which are normally deployed on dedicated hardware platforms (e.g. routers, load balancers, firewalls, etc.) delivered by specialized telco vendors. The network functions are then run as virtual appliances on commodity hardware (IT servers) instead, often connected with DPDK and SR-IOV. This approach allows telco companies to cut costs. Instead of buying expensive specialized hardware, they can emulate the same hardware functions but in the form of VMs or containers run on much cheaper standard hardware.
NFV architecture
In a conventional network, each proprietary hardware device, such as a router, gateway, firewall, switch or intrusion detection system, carries out specific networking tasks. However, NFV replaces those devices with software applications that can run on virtual machines and perform those networking tasks.
The NFV architecture consists of these main components:
- Network function virtualization infrastructure (NFVI) - a standardized architecture that provides the infrastructure components, like storage or networking, that are needed to run network applications on hardware. It is essentially the environment in which VNFs run, including physical resources, virtual resources and the virtualization layer. The virtualization layer and hardware resources are meant to be independent components providing NFVI with the desired resource.
- Virtual network function (VNF) - software applications that deliver network functions like Edge Devices (BRAS, vCPE, IP Edge), switching, tunneling gateway elements, traffic analysis, and much more. Based on the standardized architecture of NFVI, the VFNs can run on generic hardware.
- Cloud-native network function (CNF) - is a software implementation of a network function, traditionally performed on a physical device (for example a IPv4/v6 router, L2 bridge/switch, VPN gateway, or firewall) but runs inside Linux containers (typically orchestrated by Kubernetes). It is built and deployed in a cloud-native way.
- Management and orchestration (MANO) - provides the framework for managing the NFVI and the life cycle of VNFs. This framework is needed to manage the infrastructure and provision network functionality.
Benefits of NFV
- Efficiency - Using NFV requires much less specialized hardware, which means saving on unnecessary costs. Traditional hardware-based networks require purchasing specific hardware devices and connecting them to build a network. This is time consuming and requires networking expertise.
- Simplicity - network configuration and management is simplified by using a virtualized network. NFV eliminates physical topology changes when network requirements are changing. Basic NFV architecture can be quickly updated, using just software, no need for physical device migration. Additionally, scaling the network architecture with virtual machines is quicker and simpler because it does not require buying additional hardware.
- Flexibility - providers have the flexibility to run VFNs across different servers and move them around virtually as needed. NFV’s flexibility accelerates the delivery of network functions and applications and it improves horizontal and vertical scaling jobs. For example, if there is a network function that needs testing you can just spin up a new VM to perform that function. This creates a faster and more convenient method for testing new functions.
- Network functionality - features can be changed or added on demand thanks to networks running on virtual machines that are easily managed. Overall network configuration is simpler with a virtualized network. Easier management of network functions makes the process faster and more efficient.
Risks of NFV
NFV has a lot of advantages, nevertheless it is important to keep in mind that using network function virtualization comes with a few risks. One of the main concerns can be the fact that security controls are not entirely effective and NFVs are at risk of cyberattacks. By virtualizing network functions we expose them to the dangers of the cyber world, like malware or phishing attacks that do not take place within traditional, physical devices. When using network function virtualization the network traffic can be less transparent, although all of this can be kept under control when managed properly.
NFV vs. SDN
Network function virtualization (NFV) and software-defined networking (SDN) technologies are similar and can easily be mistaken for one another. NFV’s main goal is to decouple hardware from network functions and move those services into virtual network environments. It is supposed to lower implementation and operational costs and simplify management. Whereas SDN’s purpose is to separate the execution of network functions from configuration control and management, meaning it can hide a low-level configuration from the client. A client is only responsible for deciding what things are connected to each other and does not have to worry about the rest. SDN is especially beneficial in environments where network automation is prioritized. It is possible to use one without another but they are complementary so using both of these technologies together can be beneficial.