NFV allows for the separation of communication services from dedicated hardware, such as routers and firewalls. This separation means network operations can provide new services dynamically and without installing new hardware. Deploying network components with network functions virtualization takes hours instead of months like with traditional networking. Also, the virtualized services can run on less expensive, generic servers instead of proprietary hardware.
Additional reasons to use network functions virtualization include:
- Pay-as-you-go: Pay-as-you-go NFV models can reduce costs because businesses pay only for what they need.
- Fewer appliances: Because NFV runs on virtual machines instead of physical machines, fewer appliances are necessary and operational costs are lower.
- Scalability: Scaling the network architecture with virtual machines is faster and easier, and it does not require purchasing additional hardware.
Essentially, network functions virtualization replaces the functionality provided by individual hardware networking components. This means that virtual machines run software that accomplishes the same networking functions as the traditional hardware. Load balancing, routing and firewall security are all performed by software instead of hardware components. A hypervisor or software-defined networking controller allows network engineers to program all of the different segments of the virtual network, and even automate the provisioning of the network. IT managers can configure various aspects of the network functionality through one pane of glass, in minutes.
Many service providers feel that the benefits of network functions virtualization outweigh the risks. With traditional hardware-based networks, network managers have to purchase dedicated hardware devices and manually configure and connect them to build a network. This is time-consuming and requires specialized networking expertise.
NFV allows virtual network function to run on a standard generic server, controlled by a hypervisor, which is far less expensive than purchasing proprietary hardware devices. Network configuration and management is much simpler with a virtualized network. Best of all, network functionality can be changed or added on demand because the network runs on virtual machines that are easily provisioned and managed.
NFV makes a network more responsive and flexible, and easily scalable. It can accelerate time to market and significantly reduce equipment costs. However, there are security risks, and network functions virtualization security concerns have proven to be a hurdle for wide adoption among telecommunications providers. Here are some of the risks of implementing network functions virtualization that service providers need to consider:
- Physical security controls are not effective: Virtualizing network components increases their vulnerability to new kinds of attacks compared to physical equipment that is locked in a data center.
- Malware is difficult to isolate and contain: It is easier for malware to travel among virtual components that are all running off of one virtual machine than between hardware components that can be isolated or physically separated.
- Network traffic is less transparent: Traditional traffic monitoring tools have a hard time spotting potentially malicious anomalies within network traffic that is traveling east-west between virtual machines, so NFV requires more fine-grained security solutions.
- Complex layers require multiple forms of security: Network functions virtualization environments are inherently complex, with multiple layers that are hard to secure with blanket security policies.
In a traditional network architecture, individual proprietary hardware devices such as routers, switches, gateways, firewalls, load balancers and intrusion detection systems all carry out different networking tasks. A virtualized network replaces these pieces of equipment with software applications that run on virtual machines to perform networking tasks.
An NFV architecture consists of three parts:
- Centralized virtual network infrastructure: An NFV infrastructure may be based on either a container management platform or a hypervisor thatabstracts the compute, storage and network resources.
- Software applications: Software replaces the hardware components of a traditional network architecture to deliver the different types of network functionality (virtualized network functions).
- Framework: A framework (often known as MANO – management, automation and network orchestration) is needed to manage the infrastructure and provision network functionality.
The European Telecommunications Standards Institute (ETSI), a consortium of service providers including AT&T, China Mobile, BT Group, Deutsche Telekom and many others, first presented the idea of a network functions virtualization standard at the OpenFlow World Congress in 2012. These service providers had been looking for a way to accelerate the deployment of network services.
Launching new network services used to be a cumbersome process that required space and power for additional hardware boxes. As energy and space costs increased and the number of skilled networking hardware engineers decreased, the ETSI committee turned to network functions virtualization to solve both of these problems. NFV eliminates the need for physical space for hardware appliances, and does not require intensive networking experience to configure and manage.
Today, several open source projects are working on developing NFV standards, including ETSI, Open Platform for NFV, Open Network Automation Platform, Open Source MANO and MEF—formerly the Metro Ethernet Forum. So many different organizations with competing proposals for standards have made it challenging for service providers to get comfortable with network functions virtualization. Still, it is growing in popularity because of the quickly expanding complexity and requirements of enterprise networks today.
While NFV separates networking services from dedicated hardware appliances, software-defined networking, or SDN, separates the network control functions such as routing, policy definition and applications from network forwarding functions. With SDN, a virtual network control plane decides where to send traffic, enabling entire networks to be programmed through one pane of glass. SDN allows network control functions to be automated, which makes it possible for the network to respond quickly to dynamic workloads. A software-defined network can sit on top of either a virtual network or a physical network, but a virtual network does not require SDN to operate. Both SDN and NFV rely on virtualization technology to function.