Keith Bromley
Sr. Manager, Product Marketing at Ixia

The ABCs of Network Visibility: Network Function Virtualization (NFV)

April 20, 2017 by Keith Bromley

As a Forrester report declared some years ago, “Hardware is dead — or, more precisely, it has left center stage.” Companies are realizing the benefits of software-based solutions over hardware-based ones. And functions that previously could only be delivered through hardware, can now be achieved through software – all thanks to virtualization.

What is NFV?

Simply put, Network Function Virtualization (NFV) occurs when network functions (e.g. encryption, DNS, firewall services, etc.) once performed by hardware, are instead carried out using software on a Virtual Machine (VM).

NFV was conceived as an answer to the challenges associated with hardware-based network function solutions. Traditionally, companies in need of network function technology have been forced to have the relevant hardware installed on-site. Their network service provider performs this service and results in high costs, is time intensive, and creates an upgrade pain.

But with NFV, the service provider can deliver these functions virtually. Virtual Machines can be used to run network firewalls and other capabilities remotely. This software-based solution incurs lower costs and is easier to deploy and upgrade.

When a network function is executed virtually, it is known as a Virtual Network Function (VNF).

How does NFV work?

Instead of installing various pieces of network function hardware at the customer premises, the service provider simply installs a generic server on site. The server is a commercial off-the-shelf (COTS) product, making it inexpensive:NFV 1

The provider then uses virtualization software (e.g. VMware) to create Virtual Machines (VMs) on the server. Each of these VMs performs the network functions previously delivered via hardware:

NFV 2The server that runs the VMs is called a compute node. Back in the service provider’s datacenter, a Virtualized Infrastructure Manager (VIM) is used to manage several compute nodes at once. The software that ultimately manages customers’ network functions is also run in the service provider’s datacenter:

NFV 3Considerations associated with NFV

There are several considerations, especially challenges, to consider when making an NFV purchase.

The unknown – Cloud and virtualization technology are by no means new, but they’ve not been around as long as hardware systems have. The risks associated with network function hardware are well known and documented. NFV has created a new, unknown environment, bringing with it fresh dangers. Moreover, it’s commonly accepted that software-based solutions are not as stable as hardware-based ones. NFV is inherently more prone to security threats than physical network function solutions.

Make sure to validate your NFV solutions before rollout – Organizations can minimize the risks associated with NFV migration through testing. For instance, Ixia offers a number of testing solutions to help ensure virtualized infrastructures add value – rather than pain, complexity, and security threats.

Technical hurdles – For companies dependent on physical network appliances, the transition to virtual solutions is fraught with complexity. Just a few of the challenges which must be overcome include:

  • Managing the coexistence of hardware and virtualized solutions
  • Managing the deployment and coexistence of virtualized solutions from different vendors
  • Managing multiple virtualized network solutions and keeping them safe from attack
  • Applying automation across the board so that NFV can be scaled up with time

Data Visibility – Network visibility can be another challenge company’s face when transitioning to virtualized environments. Some 80% of “east-west” traffic (traffic that occurs between and within VMs) is invisible to traditional network monitoring tools. Virtual tap visibility solutions help organizations eradicate this virtual blind-spot as they move to NFV.

More Information on NFV

For more information on the NFV implementations, how testing can help mitigate these risks, and how virtual taps can remove blind spots, visit the Ixia website.