Tuesday, November 18, 2014

OpenStack Series: Part 18 – Network Function Virtualization in OpenStack

NFV (Network Function Virtualization) is gaining traction these days both in the enterprise and in the carrier market.  The main driving force is NFV's ability to reduce CAPEX and OPEX by moving the the network function from purpose-built, expensive and sometimes under utilized hardware to software that can be run in a virtualized form (virtual machine or Linux container).

Open Platform NFV - OPNFV
The Linux Foundation announced the formation of the Open Platform NFV project whose goal is to focused on accelerating the evolution of Network Functions Virtualization (NFV). OPNFV will establish a carrier-grade, integrated, open source reference platform that industry peers will build together to advance the evolution of NFV and to ensure consistency, performance and interoperability among multiple open source components.  

Open Source for NFV is a key element for better integration with the other already blooming open source projects such as OpenDayLight, OpenStack and CloudStack as well as no need for vendor lock-in with hardware and support contract.


On Nov 3, 2014, DreamHost announced launching a new company called Akanda specializing in network virtualization technology.  DreamHost had been using the NFV on their OpenStack platform for over a year in production before spinning out this new company.  Here is a nice write up on Akanda.  According to this article: "Akanda NFV implementation provides OpenStack integrated L3 network virtualization on a VMware NSX L2 overlay. It interfaces with the OpenStack Neutron REST APIs and includes a sophisticated management and orchestration platform to monitor, configure, and manage virtualized routers. In the future, Akanda will be extended to virtualize additional network functions, including load balancing and firewalls, and will feature pluggable backends to alternative L2 overlays."

image source: http://www.convergedigest.com/2014/11/akanda-debuts-open-source-nfv-platform.html

Network Function in a Container

Also as indicated on one of my previous blog post on "Networking options for Dockers" that one networking option for Docket is SDN and there is a new company called SocketPlane bringing SDN into Docker and this will open up ways  using a container for NFV or in this case NFD (Network Function Dockerization) <- a new name that I come up with based on the word "Dockerize".  

When we go to SocketPlane's website we will see "Native to Docker", "Familiar to NetOps" and "Application Friendly".  I think this 3 phases summarize the product direction that this company is heading.  One more thing to note is that the founders of this startup are all veterans of the OpenDayLight projects along with former executive from OpsCode/Chef.

A lots of efforts are being put into integrating containers to work on OpenStack especially in the area of container orchestration where OpenStack Heat can fill in the void. This provides good opportunity for Network Function to be dockerize and being deployed in OpenStack. 

Container orchestration is an important area for container to be deployed in any cloud environment.  In Amazon Web Services Re:Invent, AWS announced EC2 Container Service in addition to its Docker support in AWS Elastic BeanStalk.

When the orchestration puzzle for container is solve, putting network function in a container can provide more cost saving than putting the networking function on a virtual machine.  It can also provide better CAPEX and operational efficiency because of leaner resource utilization.

OpenStack and NFV
In the OpenStack Juno release NFV features are added to Nova to lay the groundwork for large scale providers to further abstract networking capabilities.  A sub team is formed under the Neutron and I think the feature developed under this sub team will be introduce in the Kilo release.

Service provider is looking for a open platform to deliver their services and we can see this trend by the forming of the Open Platform NFV.

OpenStack and NFV is an attractive combination because with the orchestration power of OpenStack NFV is made more powerful to deliver the virtualized network function in a quicker and automated manner.

A lots of works still needs to be done for NFV in OpenStack.

In the press release for the Juno release from OpenStack, the work done is to lay a foundation for OpenStack to be the platform for NFV deployment.  It also mentioned that: NFV represents a massive shift in how networking and telco services are developed and deployed. An NFV development team was formed in May at the OpenStack Summit and has identified nine use cases to run NFV workloads on top of OpenStack environments. Initial features arrived in the Juno release, and additional NFV-related work will continue over coming releases.
The OpenStack NFV development team has put together a good wiki page with a very comprehensive description of OpenStack and NFV including mission statement, definition of NFV, who are working on this project as well as some use cases for NFV in OpenStack.

APIs for NFV in OpenStack
On important and yet not so easy job is to define the APIs for NFV in OpenStack.  The main idea for the API for abstraction and yet user of the API will have to provide the detail parameters for deploying NFV based on individual customer's need.

How do we strike the balance between abstraction and the necessity of providing ability to tune the system by changing parameters?

OpenStack Carrier-grade NFV requirement
At this time the integration of NFV in OpenStack is geared toward Service Providers.  There seems to be more use cases for NFV in the Telco space. There are 3 requirements that is specific to carrier-grade NFV (not just for OpenStack):
  • Performance
  • Deterministic
  • Reliability
I work for the enterprise division of Alcatel-Lucent and I can see that carrier-grade does demand more in these 3 areas.  Workload for one customer may not be very high but for service providers they have a lots of average workload customer plus the service providers have to maintain the service according to the SLA (Service Level Agreement).

To satisfy the carrier-grade requirement, the OpenStack development team is working on the following technologies to make sure the OpenStack infrastructure can deliver the best "horse power" or near native performance from the underneath hardware:

SR-IOV (Single Root I/O Virtualization)
  • A PCI-SIG standard to provide native I/O virtualization to PCI Express devices.
  • Good article on this subject here, here and here.
DPDK (Data Plane Development Kit)
  • a set of software libraries and Ethernet drivers (native and virtualized) that run in Linux user space to boost packet processing throughput on Intel® architecture.
  • Works with Intel processors only.
NUMA and L3 Cache 
  • Pinning a vCPU to a physical cpu of a multi-socket processor can help access the processor's local memory (L3 Cache) and thus boosting the processing speed.
Large Page Table size
  • Larger page table size can help the VM running as NFV to keep the data in memory instead of fetching them from storage.
Big Potential for 2015
I am only touching the surface of this subject and there are lot more to it.  In the month of November 2014 both Juniper and Alcatel-Lucent announced that they are offering virtualized high end/performance router catching up with Cisco and Brocade's Vyatta Router for NFV.  Seems like the year of 2015 we will see hot competition in the carrier market NFV platform.

Again, will blog about this again since networking and security is my main subject of interest.

Related Post:
OpenStack Series Part 1: How do you look at OpenStack?
OpenStack Series Part 2: What's new in the Juno Release?
OpenStack Series Part 3: Keystone - Identity Service
OpenStack Series Part 4: Nova - Compute Service
OpenStack Series Part 5: Glance - Image Service
OpenStack Series Part 6: Cinder - Block Storage Service
OpenStack Series Part 7: Swift - Object Storage Service
OpenStack Series Part 8: Neutron - Networking Service
OpenStack Series Part 9: Horizon - a Web Based UI Service
OpenStack Series Part 10: Heat - Orchestration Service
OpenStack Series Part 11: Ceilometer - Monitoring and Metering Service
OpenStack Series Part 12: Trove - Database Service
OpenStack Series Part 13: Docker in OpenStack
OpenStack Series Part 14: Sahara - Data Processing Service
OpenStack Series part 15: Messaging and Queuing System in OpenStack
OpenStack Series Part 16: Ceph in OpenStack

OpenStack Series Part 17: Congress - Policy Service 
OpenStack Series Part 19: Storage Polices for Object Storage
OpenStack Series Part 20: Group-based Policy for Neutron

"About." Home. N.p., n.d. Web. 03 Nov. 2014.
"OpenStack® Juno Release Available Today." Press Release » OpenStack Open Source Cloud Computing Software. N.p., n.d. Web. 05 Nov. 2014.
"01.org." Intel® DPDK. N.p., n.d. Web. 05 Nov. 2014.
"Q: What Is SR-IOV?" Windows IT Pro. N.p., n.d. Web. 05 Nov. 2014. 
"Akanda Debuts Open Source NFV Platform ~ Converge! Network Digest." Akanda Debuts Open Source NFV Platform ~ Converge! Network Digest. N.p., n.d. Web. 17 Nov. 2014.


  1. Very interesting and helpful article about OpenStack. Thanks for sharing such a wonderful article.

  2. Great info. I love all the posts, I really enjoyed, I would like more information about this, because it is very nice., Thanks for sharing...
    AWS Cloud Support in Delhi