 | Issue: | Asia-Pacific III 2014 |
| Article no.: | 5 | |
| Topic: | Subscriber aware SDN fabric enabling NFV | |
| Author: | Ms. Anshu Agarwal | |
| Title: | VP Marketing | |
| Organisation: | ConteXtream | |
| PDF size: | 233KB |
About author
Anshu Agarwal, VP Marketing
As VP Marketing, Anshu Agarwal is responsible for all marketing functions including product management, product marketing and marketing communications.
Prior to ConteXtream, she held marketing leadership positions at several networking companies including Juniper Networks, Ankeena (acquired by Juniper), Level 3 Communications where she led successful marketing teams. She also worked Akamai Technologies and Speedera Networks (acquired by Akamai) where she was instrumental in establishing the India office.
Anshu holds a B.S in Electronics from IIT/Roorkee, India; an M.S. in Electrical Engineering from Rutgers; and an MBA from the Kellogg Graduate School of Management, Illinois.
Abstract
Subscriber awareness for service function chaining (SFC) refers to the ability to associate traffic with a customer while making appropriate, traffic-related networking decisions. SFC has gained a lot of interest due to network virtualization and it addresses networking challenges created when middle-boxes like firewalls, spam filters, DPI elements, etc., are virtualized.
Article abstract
Subscriber awareness for service function chaining (SFC) refers to the ability to associate traffic with a customer while making appropriate, traffic-related networking decisions. SFC has gained a lot of interest due to network virtualization and it addresses networking challenges created when middle-boxes like firewalls, spam filters, DPI elements, etc., are virtualized.
Full Article
Subscriber awareness is not a new concept but providing subscriber-level information to every function in a network has been difficult to implement in traditional networks. However, NFV/SDN framework has made it possible to obtain this information more easily. Subscriber awareness in the network layer interconnecting virtual network elements benefits operators by:
• Providing unprecedented visibility into the network across elements interconnected using the SDN fabric
• Enabling delivery of personalized services by leveraging functions in the network
• Improving security and diagnostics by identifying and isolating subscriber flows as needed
In areas of the world where smartphone penetration (and therefore the data usage) is still rapidly growing, such as countries in the Asia Pacific region, these benefits are particularly important as they prepare networks to handle significant increases in traffic effectively. To understand these benefits it is essential to look at this in a context of particular use cases. Subscriber awareness for service function chaining (SFC) refers to the ability to associate traffic with a customer while making appropriate, traffic-related networking decisions. SFC has gained a lot of interest due to network virtualization and it addresses networking challenges created when middle-boxes like firewalls, spam filters, DPI elements, etc., are virtualized.
As a major example of SFC in operator networks, consider the Gi/SGi interface, the ‘reference point’ defined by 3GPP between the mobile packet core and packet data networks (PDN).
Subscriber Aware Service Function Chaining (SFC) in Gi-LAN
A major shortcoming in the IP networking infrastructure is that networks created are relatively static and optimized for traffic forwarding. In today’s largely physical networks, it is very common for operators to deploy middle boxes for advanced services, such as firewalls; content filters and optimization mechanisms; deep packet inspection (DPI); caching; etc. These functions are usually deployed as appliances on proprietary hardware and installed in the data path at fixed locations in or at the edge of the carrier core network. Typically functions deployed at this point do not use the traditional client-server, destination based forwarding paradigm of IP and Ethernet. Rather, traffic flows through them in a sequence and are often implemented as logical or physical “rails” with all bearer traffic going through all of them.
Today, as pointed out by the SFC WG Problem Statement, middle box functions are deployed using network topologies that serve only to “insert” the service function (i.e., a link exists only to ensure that traffic traverses a service function). These “extra” links are not required from a native packet delivery perspective. As more service functions are required (often with strict ordering), topology changes are needed before and after each service function, resulting in complex network changes and device configuration. In such topologies, all traffic, (whether a service function needs to be applied or not), often passes through with the same strict order. The topological coupling limits placement and selection of service functions. Service functions are “fixed” in place by topology and, therefore, placement and service function selection taking into account network topology information is not viable. Moreover, altering the services traversed, or their order, based on flow direction is also not possible.
Further, many middle-box functions such as Firewall, NAT, TCP optimization, are flow state dependent. The flow state, which is derived in the initial traffic direction, such as a TCP SYN, must also be used to apply treatment in the opposite direction. Therefore, the same network element must process the bidirectional traffic for all flows that it is servicing. Maintaining this bidirectional requirement is critical to the functionality of these elements. In other words, several middle box functions have endpoint affinity.
In summary when designing (virtual or physical) networks for interconnection of a chain of middle boxes, two main factors to keep in mind are:
• Order of function traversal
• Bidirectional flows in order to provide service for all functions
These deployment considerations can make middle box networking very complex, especially in service provider networks given both the very large number of endpoints (subscribers) and exploding traffic volumes. In this environment, designing, operating, and maintaining a network for middle boxes with high availability can prove particularly challenging,
These considerations lead to a network design where subscriber endpoints are first “routed/switched” onto manageable “rails” (something the elements and load balancers can accommodate).
In this typical architecture of rails, there is a distribution of networking information (or states) in several points. This becomes a useful consideration when we discuss the transition to NFV.
This has a drawback that it considers the traffic in one direction, however the networking needs to be setup in a bi-directional manner.
In a subscriber-aware architecture, subscriber aware service chaining leverages a mapping service (extension to the Network Virtualization Authority and LISP mapping) to allow subscriber traffic flows to be identified individually. Steering decisions are made based on which function instances (of a middle-box) will process on that particular users’ traffic flow. The mapping layer maintains state (affinity) information, which was previously distributed inside of each physical load balancer in the rails architecture. The Mapping Service nodes serve as a repository of data on endpoints (flows detected at ingress), Virtual Network Functions, policy and management. They are interconnected via the overlay network and serve to federate the Controllers into a single logical entity. At every function hop the mapping service is used to steer traffic on a per-subscriber basis to the next hop.
This architecture helps operators implement policy across the entire service chain with customization leading to better utilization of resources. Subscriber aware service chaining also makes it much easier to introduce new functions, therefore improving the agility of a new service roll-out.
This architecture is not limited to SFC use cases but can be utilized in other NFV use cases such as vCPE, vEPC, vSBC and many more. This unique subscriber/endpoint awareness offered by subscriber-aware SDN fabric at carrier-scale enables network operators to increase revenues as well as reduce cost of operations by:
• Creating a programmable network and enabling new services and applications to roll-out easily and quickly
• Providing customized and personalized services rather than a “one-size-fits-all” approach
• Improving network and resource utilization thus reducing CAPEX and OPEX
The figure below depicts current and predicted smartphone penetration across Asia Pacific through 2018.
With countries like India increasing from 5.5 percent penetration to 21.5 percent expected in 2018, it could be a serious problem for networks if they aren’t designed to accommodate rapid data growth. Countries in this region are expected to experience smartphone penetration increases from 53 to 290 percent over the course of only six years making smartphone penetration as high as 75.3 percent in countries like South Korea. Asia Pacific in particular should be looking to subscriber aware SDN solutions for the most effective way to optimize the networks and making it programmable to be able to add new services quickly.
