OPINION NFV and SDN what does it mean to enterprises? By Clive Hamilton, VP Network Services, NTT Europe
Rethinking the enterprise network The typical enterprise network now comprises hundreds or even thousands of network devices and functions: routers, switches, WAN accelerators, deep packet inspection (DPI) devices, firewalls, email gateways, wireless access points, proxy servers, intrusion/detection/prevention appliances, probes and so on. They are typically proprietary devices running a vendor-specific operating system that is wed to the hardware. They are designed to be resilient and reliable, but they are also inflexible. Furthermore the enterprise has the cost of recruiting skilled staff to operate the devices. The problem is that the enterprise network cannot continue to scale and meet the changing needs of ICT and its users without taking a different approach to how the network is designed, built and administered. Poor application performance, support for mobile workers, 24-7 security threats, long lead times for new hardware and overall complexity are driving CIOs to ask, is there a different way to architect the network? Everyone is suffering: end-users are experiencing poor application performance and a lack of support for flexible working; networking teams are struggling to cope with configuration requests that can take days or weeks to handle and devices can remain unpatched with the latest bug fixes; and security officers are fighting a war against 24-7 security threats. ICT directors frequently have to overprovision, for instance buying a big firewall for the whole of the network when the protection is only needed in certain locations. Two new approaches to network architecture could help to transform networks into something more cloud-centric. They offer improved security, reduced complexity, more agility and support for new ways of working. Virtualising the network Network functions virtualisation (NFV) is a new concept of how a network can be designed and it could dramatically change the way enterprises and service providers build their networks. With NFV the network of the future will be lower cost, flexible, more secure and genuinely on-demand. Think of it as network-as-a-service.
NFV is an initiative by the European standards body, ETSI, to virtualise network functions previously performed by proprietary, dedicated devices, such as firewalls, application accelerators, gateway routers and so on. It began in 2012 when seven leading service providers collectively published a white paper calling upon the telecom equipment industry to take a new approach to how networks are built. The service providers realised that to fulfil the potential of cloud computing, pervasive mobility and machine-to-machine communications (M2M), they needed the network to be more agile and efficient otherwise it would be a bottleneck to service innovation. The working group now has over 200 members from the operator and vendor communities. Some service providers such as NTT Communications are already able to offer NFV services, helping develop a worldwide market that research firm Analysis Mason forecasts will grow to $2.4 billion by 2018. Network moves into the cloud NFV is a virtualisation approach akin to server virtualisation. It removes the operating systems of proprietary hardware like a router, firewall, WAN accelerator or web server, and migrates the intelligence to an array of standardised servers within a cloud. Each of these servers can also be virtualised so service providers can add more processing power and virtual ports at will and the software controlling the data flows is always up-to-date and configurable in a simple web portal. The obvious benefit for enterprises is that NFV technology will mean they no longer need to own and manage thousands of network devices. Network functionality from routing and encoding to encryption and filtering can be delivered, as-a-service from a service provider s cloud. Network administrators would only need to log into a customer portal and click to provision a new network function. It could reduce the administrative time from weeks to minutes. By reducing the capex and opex, the proportion of the ICT budget allocated to keeping the lights on can be reinvested in innovative projects to support business growth. Meanwhile the network will be agile enough to respond rapidly to requests to connect new branch offices or scale up to deal with seasonal demand.
Friendly support from SDN The second major networking initiative is software defined networking (SDN) which is frequently mentioned in the same breath as NFV and is sometimes incorrectly described as a competitor. In reality they are complementary: if NFV is an abstraction of the network services, SDN is an abstraction of the network architecture. SDN breaks a network down to its constituent parts: the network control is decoupled from packet forwarding. Think of the control plane as the brains layer that sees of all the other devices in the network. In a traditional network device, the control layer needs to be constantly updated when there is a change to network paths so that it can direct packets onwards. In an SDN, a centralized controller has a complete view of the entire network and knowledge of all network paths and device capabilities sits in a single, remote application. In other words, all of the network devices can be programmed remotely in a simple administrator s portal. The network device is then dumbed down to forward or inspect or block as instructed by the centralised controller.
SDN gives network administrators unprecedented control over the path of network packets. If there is a bottleneck in network traffic, the flow can be automatically redirected to a different switch without needing to manually change the routing rules. NFV, meanwhile, allows network functions like intrusion prevention or application acceleration to be delivered from a service provider s cloud. The only onsite equipment needed is a router, and this in future may well also move into the service provider s cloud. The key standard in SDN is OpenFlow, an API developed by the Open Networking Foundation and adopted by the majority of leading network equipment manufacturers. To date, it has had most impact within data centers where there is a frequent need to install new equipment and make administration changes. According to a Gartner research note, entitled Mainstream Organizations Should Prepare for SDN Now, over half of network lifecycle costs are operating expenditure related. Our research indicates that opex savings due to production SDN implementation is $35 to $100 per year, per virtual server, write Gartner analysts Andrew Lerner and Ronni J. Colville, adding In SDN, much of the intelligence migrates from the distributed network elements to the central SDN controller. This allows increased use of dumber network devices, potentially driving down switching costs. This approach can reduce capital expenditure (capex) on individual network devices by 50-70%.
Benefit from NFV and SDN today NTT Communications has developed a portfolio of integrated services that are transforming the enterprise network. Arcstar Universal One is a secure private network service for global enterprises offering a broad range of connectivity options with 24x7 support and NFV and SDN at its core. It connects 196 countries, supports multiple access technologies and plugs directly into private and many public clouds. NFV services from NTT Communications allow businesses to become more agile and responsive to user needs by providing self-service activation and real-time change configuration through a customer portal. New services can be provisioned in minutes, meaning that previous onsite deployment scalability challenges are removed. The portal allows the customer to scale resources up and down without the need to purchase additional appliances. These flexible usage based models adapt to business needs. This means that ICT is right-sized, only paying for the resources it uses, while the asset-light approach means less of the ICT budget is spent on acquiring equipment and maintenance. Combined together NFV and SDN are revolutionizing the network in the way SaaS and IaaS is doing for software and server infrastructure. Network as a service from NTT Communications Cloud-Based Application Acceleration - Optimizes application performance over the Arcstar Universal One Network, enabling global ICT consolidation and faster access to cloud-hosted applications by improving application response times and improving throughput Cloud-Based IPSEC VPN Gateway - Establishes quick enterprise network connections from public cloud or any site with Internet access. Connections can be customer-enabled so are ideal for rapid site deployment or third party access Cloud-Based SSL VPN - Enables remote workers or partners using any device to access the enterprise network resources securely, for improved productivity regardless of location Cloud-Based Firewall - offers firewall, intrusion prevention (IPS), and URL filtering options, and enables secure Internet access at branch offices using one the nearest NTT Communications local cloud networking centres. This provides for reduces cost of ownership, customer light touch management and network infrastructure consolidation. To find out more about Arcstar Universal One go here. For enquiries, please email enquiry@ntt.com.sg or call us at +65 6438 3101 NTT Singapore Pte Ltd: 20 West Pasir Panjang Road, #11-28 Mapletree Business City, Singapore 1177439 www.sg.ntt.com Copyright 2015 NTT Communications