Jérôme Tollet Issue: Europe II 2014
Article no.: 7
Topic: Building future networks based on SDN and NFV: Challenges, benefits and the key role of network intelligence
Author: Jérôme Tollet
Title: CTO
Organisation: Qosmos
PDF size: 245KB

About author

Jerome Tollet is CTO & Co-Founder of Qosmos. He is responsible for research, development and innovation at Qosmos. He has extensive experience of computer systems and network architectures, and strong technical expertise gained from many years’ immersion in Network Intelligence and Deep Packet Inspection technologies. He is the inventor and principal software architect of Qosmos’ ixEngine Software Development Kit.

Mr. Tollet is currently driving SDN and NFV initiatives within Qosmos. He represents Qosmos within the Open Networking Foundation (ONF). He participates in ETSI industry specification group meetings on NFV. He has made several contributions to SDNCentral and has spoken at SDN-related events.

Mr. Tollet, obtained his Master’s degree in Computer Science from a joint degree program at Pierre and Marie Curie – Paris 6 University, and ENST Paris (the French Engineering University for Telecommunications). Mr. Tollet is a frequent speaker at international conferences.

Article abstract

Today, the challenge is how to enforce policy controls, manage traffic and differentiate services when most of the traffic on networks consists of third-party applications and services. Service-awareness and Layer 7 knowledge enhance the effectiveness of SDN and NFV networks, so that traffic can be controlled with greater automation, according to a global network view, including applications. DPI can provide Layer 4-7 information to network controllers so that network management becomes intelligent and programmable. SDN enabled DPI is becoming a contextual, virtualized and standardized resource, with a virtualized DPI engine, plug-ins for controllers and plug-ins for virtualized switches. 

Full Article

Global mobile data traffic has been forecasted to increase 11-fold between 2013 and 20181. This creates a critical business challenge for network operators: how to manage their infrastructure in a way that addresses traffic growth but does not outpace the revenue generated by the services that are deployed on the network. Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) are promising a viable solution by changing the way networks and services are conceived and operated, enabling operators to improve bandwidth management, reduce investment in equipment and deploy new and profitable services more rapidly. In this article, I will consider how attainable these promises are and the key success factors. I will also describe the key role of Deep Packet Inspection (DPI) to ensure that SDN-based networks benefit from built-in network intelligence.

Operators currently have a decentralized, local view of network assets, but with an SDN architecture operators can create a central control point that gives a global view, making it easier to manage bandwidth and operations. This is because SDN physically separates the control plane from the data plane in a network device, allowing traffic to be controlled with greater automation, more intelligence and less support, meaning that operators can manage their networks more easily and efficiently.

NFV is complementary to SDN, and standardizes the architecture design of network functions running on proprietary hardware (today) into virtual networking functions running over a common hardware platform (tomorrow). This simplifies network management, making it easier and faster to launch new services while also optimizing deployment scalability and flexibility. In this way, operators will be able to reduce capital and operating expenses (CapEx/OpEx).

Looking at the bigger picture, SDN and NFV allow the networking industry to adopt IT technologies and principles, such as programmability and automation. This creates a major shift by equipment suppliers toward the use of component technology, linked by Application Programming Interfaces (APIs). By leveraging best-of-breed component technology, they benefit from fast time-to-market and efficient utilization of engineering resources, while service providers and enterprises can boost innovation and also mix and match suppliers thanks to standardization.

Once these new networks are deployed, operators will need to ensure service quality and security, and optimize operations to safeguard profitability. The challenge is
how to enforce policy controls, manage traffic and differentiate services when most of the traffic on networks consists of third-party applications and services. In current approaches to SDN, information on network traffic is limited to Layers 2 to 4. Layers 4 to 7 contain the information that resides between the infrastructure and the applications. Without access to layers 4 to 7, network functions and applications have limited application awareness and are unable to differentiate certain types of traffic. This leads to the inefficient use of both bandwidth and compute resources since each specialized system, like media servers, has to analyze the entire traffic in order to pick out the relevant flows (e.g. streaming video) and process them.

Layers 4 to 7 provide the network application and metadata information that gives network operators the much-needed awareness of traffic flows. Access to this information is provided by DPI. DPI analyzes traffic flows and identifies their various attributes including application ID and metadata (URL, file name, browser type…). The information can be used by the various network devices and applications to control network traffic flows, apply policy, optimize bandwidth and many other real-time activities. In other words, networking becomes intelligent and programmable.

In the classic network appliance approach, different flavors of DPI and network intelligence are embedded in each appliance and each device. With SDN and NFV, DPI will gradually migrate from a product function to become either a virtual function component to provide DPI-as-a-Service or become a distributed resource available via APIs, residing, for example, in standard vSwitches, or used as a service classifier to convey service information across a network.

This new view to DPI as a contextual, virtualized and standardized resource represents a new opportunity for vendors to accelerate development, deployment and adoption of their telco and enterprise solutions using SDN frameworks: First, SDN can lower the total investment since the technology is implemented once and shared by different network functions. Second, interworking is easier thanks to standardized DPI formats. Third, application development is easier, since DPI is provided once and for all. So network operators deploying SDN and NFV-based networks can take advantage of DPI network intelligence and offer new services and better manage bandwidth.
I have witnessed a strong move toward third-party sourcing of DPI components in the past couple of years. This trend was confirmed in a Heavy Reading survey carried out in October/November 2013 where two thirds of solution vendors indicated that DPI is a must-have technology with an increasing proportion of vendors choosing to source DPI from a third party2. I believe this trend will accelerate with the introduction of SDN and NFV, in line with the wider shift of the networking industry, which is adopting principles of the IT industry: more software-focused, more use of COTS hardware and leveraging of standardized components.
This leads to increased demand for DPI component products in different formats, from the existing DPI engines that can be embedded in applications, to new concepts such as a DPI plugin for virtual switch layers or a DPI engine in the form of a generic virtual network function. Equipment makers and software vendors benefit from the general component approach, since they can leverage ready-to-use DPI technology to rapidly build application-aware solutions for service providers and enterprises.
Technically, these DPI components can be implemented at three different points of a SDN architecture (see Figure 1): DPI engine VNF (Virtualized Network Function) component, with an application running in VM (Virtual Machine) and feeding applications through enriched protocols (packet tagging); DPI plugin for virtual switch, which makes virtual switch application-aware, for e.g., efficient service chaining; and DPI plugin for controller, which makes controller application-aware.

Figure1: DPI components in SDN networks
DPI engine virtual network function component (DPI VNFC)
The DPI engine as a VNFC is one of the official use cases specified by the ETSI ISG in July 2013. The product consists of a DPI engine-based component running in a virtual machine and using APIs and/or interfaces to feed protocol information and metadata to other components, together forming virtual networking equipment (VNFs) such as Service Router, GGSN, PCEF, B-RAS, ADC/Load Balancers, Network Analytics, NG Firewall, WAN optimization, etc.

DPI plugin for virtual switch
The objective of this type of infrastructure-based product is to accelerate time-to-market for open virtual switch-based developers, and enable service awareness into the virtualization host, so that service providers and enterprises profit from new solutions with integrated intelligence to optimize network services.
Technically, a DPI engine integrated with the open virtual switch can provide detailed, real-time traffic intelligence to all the guest virtual machines using packet-tagging approaches. The DPI engine classifies flows at the hypervisor level, and the resulting protocol information and metadata are either used directly by the virtual switch function (e.g., for enforcement or intelligent steering) or passed on to the guest (virtual) applications via APIs or ongoing standards. This concept was demonstrated at Mobile World Congress in February 2014.
Standardization of components & APIs
Standardization is key for a wide adoption of DPI as a component technology for SDN and NFV. In addition to the ETSI standard for a DPI VNFC, the ONF is working on how L4-L7 intelligence can be used in an SDN environment. On the API side, the IETF Service Function Chaining (SFC) working group is defining how mechanisms such as Network Service Header (NSH) tagging can be used to create network service paths and convey traffic information.

In all cases, new DPI-based products provide the built-in application intelligence required for service-awareness in SDN and NFV environments. Network operators deploying SDN and NFV-based networks can take advantage of the network intelligence delivered by DPI to offer new services and better manage bandwidth. DPI also gives operators more control over their networks by helping them identify and supervise the wide range of services and applications they carry. This is achievable with new DPI technologies designed to accelerate the development of networking equipment supporting SDN and NFV.

1) Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2013–2018.
“Global mobile data traffic will increase nearly 11-fold between 2013 and 2018”
http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white_paper_c11-520862.html

2) DPI & Traffic Analysis in Networks Based on NFV and SDN by Graham Finnie, Chief Analyst, Heavy Reading; published by Heavy Reading in January 2014.

http://www.qosmos.com/wp-content/uploads/2014/01/Heavy-Reading_Qosmos_DPI-SDN-NFV_White-Paper_Jan2014.pdf