Fulfilling the promise of NFV with reconfigurable computing
With so many new technologies vying for attention, it can be difficult for CISOs to know which ones merit attention. Will this solution save time? Will it make our organisation more productive, or enable us to do things we couldn’t otherwise do? These questions need to be considered before adopting software-defined networking (SDN) and network functions virtualisation (NFV).
What makes these technologies appealing is their ability to separate software from hardware, which eschews the vendor lock-in that has been the norm. So then, the main question is not about budget but about an organisation’s ability to overcome the challenges of these methods so organisations can realise their full value.
At the time enterprises, mobile operators and data centers began building their own network infrastructure, they used the typical customised hardware and software offered on the market. Example applications include network gateways, switches, routers, network load balancers, varied mobile applications in the mobile core; radio access network such as vEPC (virtual evolved packet core), vCPE (virtual customer premise equipment) and vRAN (virtual Radio Access Network); and security applications like firewalls, NGFW, IDS/IPS, SSL/IPsec offload appliances, DLP and antivirus applications, to name just a few.
Instead of needing to purchase proprietary appliances to run each networking application, it is much more cost-efficient to support these functions as software applications, called virtualised network functions (VNFs), running on virtual machines or in containers on standard servers. That’s the idea behind NFV. Moving away from discrete, customised architectures to a more consolidated “x86-only architecture” promises to reduce costs, simplify deployment and management of networking infrastructure, widen supplier choice and, ultimately, enable horizontal scale-out in the networking and security market.
It’s not a sure bet that the throughput and latency demands that today’s applications require can be handled by applications in software on standard platforms without allotting significant CPU resources to address the issue. Operators are realising that the cost savings that NFV promises are offset by the need to deploy entire racks of compute resources at a problem that a single appliance could previously support. The CPU and server costs, rack space and power required to meet the same performance footprint of a dedicated solution end up being as expensive as or more than custom-designed alternatives. The vision of operational simplicity and dramatically lower total cost of ownership are still a dream on the horizon.
Along comes 5G
As if the performance and scaling problems that operators face with generic NFV infrastructure (NFVi) weren’t enough to worry about, the presence of 5G networks will make these concerns worse. The move to 5G brings new requirements to mobile networks, creating its own version of hyperscale networking that is needed to meet the performance goals for the technology, but at the right economy of scale. Numerous factors are fundamentally unique to 5G networks when compared to previous 3G/4G instantiations of mobile protocols. The shorter the distance, the higher the frequency – thus, the more bandwidth that can be driven over the wireless network.
But wait – it gets worse. 5G will also mean a huge increase in the number of users/devices (both human and IoT), which fundamentally affects the number of unique flows in the network and necessitates very low latency requirements. 5G also promises lower energy and cost than previous mobile technologies. These 5G goals, when realised, will drive the application of wireless communications to completely new areas never seen before.
If they are going to meet performance goals, network operators now see that they will need data plane acceleration based on FPGA-based SmartNICs in order to scale virtualised networking functions (VNFs). This technique offloads the x86 processors that are hosting the varied VNFs to support the breadth of services promised.
When SmartNIC acceleration supports virtual switching, this set-up has been shown to be the highest-performing and most secure method of deploying VNFs. Virtual machines (VMs) can use accelerated packet I/O and guaranteed traffic isolation via hardware while maintaining vSwitch functionality. FPGA-based SmartNICs specialise in the match/action processing required for vSwitches and can offload critical security processing, freeing up CPU resources for VNF applications.
Functions like filtering, intelligent load balancing, virtual switching, flow classification and encryption/decryption can all be performed in the SmartNIC and offloaded from the x86 processor housing the VNFs while, through technologies like VirtIO, be transparent to the VNF, providing a common management and orchestration layer to the network fabric.
A novel configuration
Network infrastructure has changed so dramatically and so much more is being asked of it that organisations cannot operate with networking and security solutions that are expensive, hardened and fixed-function.
The technique to overcome the challenges that are facing NFV deployments requires reconfigurable computing platforms based on standard servers capable of offloading and accelerating compute-intensive workloads, either in an inline or look-aside model to appropriately distribute workloads between x86 general-purpose processors and software-reconfigurable, FPGA-based SmartNICs optimised for virtualised environments.
The environment that results from combining low-cost server platforms and FPGA-based SmartNICs is one that enables huge throughput and support for many millions of simultaneous flows. CISOs that have struggled to implement NFV now have the option to use this novel framework, with the capabilities and the speed they need.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » Microsoft cites ‘layers’ of Azure and cloud depth in more positive financial results
- » Check Point exposes yet more shared responsibility misunderstandings for cloud security
- » How to tackle the multi-cloud security challenge
- » Understanding Kubernetes today: Misconceptions, challenges and opportunities
- » How a multi-cloud approach works and what it means for your organisation: A guide