Network Function Virtualization (NFV)

NFV decouples the software implementation of NFs from their specialized ded-icated hardware and runs the software on virtualized environment (e.g., virtual machines (VMs) or containers). Figure2.1shows NF instances running on virtual-ized environments that are created using different virtualization technologies. The VMs or contrainers running on the same server are interconnected using vSwitches like Open vSwitch (OvS) [7], VALE [102]. The introduction of high performance packet I/O libraries such as DPDK [2], netmap [101] have enabled the software

11

12 Background and Related Work

Server Host OS Hypervisor Guest

OS Libraries &

runtime NF

Guest OS Libraries &

runtime NF

(a)Virtual machine

Server Host OS Libraries & runtime

NF NF

(b)Container

Server Host OS Hypervisor Libraries &

runtime NF

Libraries &

runtime NF

(c)Unikernel Figure 2.1:NF instances running on different virtualizaion technologies [9].

based vSwitches to process packets at the line rate of 10Gbps or higher. Various software dataplane frameworks have been proposed for NFV, based on different virtualization technology and packet I/O [93].

The virtualized environment considered first to be used in NFV is VM [23]. VMs can be created using hypervisor technologies such as KVM [4], Xen [11], VM-ware. The hypervisors provide isolation between the VMs running on the same server. Thus, the failure of a VM will not affect the other VMs running on the server. Dataplane frameworks that are based on VM include softNIC [54] and NetVM [63], which utilize KVM for virtualization and Intel DPDK for packet I/O.

The disadvantage of using VMs to run network functions is their overhead. VMs typically consume large amount of memory in the order of hundreds of megabytes to several gigabytes as they require their own guest OS, so the instantiation of a VM takes time in the order of seconds [79].

Considering this, the usage of container technologies such as dockers [1] and Linux containers [5] is gaining momentum. Containers consume fewer resources (a few MBs or tens of MBs) than virtual machines since they do not include their own operating system, instead relying on the host’s kernel [122]. Frameworks that are based on containers include OpenNetVM [122], GNF [29], Flurries [121].

However, containers do not have a strong isolation mechanism making them the target of an ever increasing number of exploits [79]. In addition, any container that can monopolize or exhaust system resources (e.g., memory) will cause a DoS attack on all other containers on that host [79].

The other virutalization technology being considered is unikernel, which is a light-weight or minimalistic virtual machine that provides the mimimum set of libraries required for running a specific application [79]. Unikernel aims to incorporate the high security feature of VM while having an efficiency close to that of containers.

ClickOS [82] is an NFV dataplane framework that is based on unikernel. ClickOS runs lightweight virtual machines using Xen hypervisor and mini-OS, customized

2.1. Background 13 for network packet processing. It uses netmap [101] and the VALE switch [102] to efficiently move packets between the lightweigth VMs. The downside of ClickOS is its limited flexibility as NFs must be designed within the Click framework’s specification and do not run within a standard Linux environment [122].

Virtual Computing

Virtualisation Layer Virtual

Storage Virtual Network

Computing

Hardware Storage

Hardware Network Hardware NFVI

OSS/BSS

Service, VNF and Infrastructure Description

EMS 1 EMS 2 EMS 3

VNF 1 VNF 2 VNF 3

Orchestrator

VNF Manager(s)

Virtual Infrastructure

Manager(s)

Or-Vi Or-Vnfm

Vi-Vnfm Os-Ma

Se-Ma

Ve-Vnfm

Nf-Vi Vn-Nf

NFV Management and Orchestration

Execution reference

points Execution reference

points

Execution reference points

VI-Ha Hardware resources

Figure 2.2:NFV reference architectural framework [39].

NFV ETSI Architecture

The European Telecommunications Standards Institute (ETSI) is the standardiza-tion body for NFV and defines a reference architecture of an NFV platform [39], which is shown in Fig.2.2. On a high-level, the architecture consists of three main components: NFV Infrastructure (NFVI), Virtualised Network Functions (VNFs) and NFV Management and Orchestration (MANO) [39]. The components are de-scribed briefly below.

NFV Infrastructure (NFVI):NFVI contains all the hardware and software com-ponents required for building up the virtualized environment in which NF instances are deployed. This includes the physical resources (such as compute, network, storage), which can span across several locations, virtualization layer and virtual resources.

Virtualised Network Functions (VNFs): Virtual Network Functions (abbrevi-ated as VNFs, or NFs) are the software components that implement the network

14 Background and Related Work

functions, which will run on a virtualized environment created by the adopted vir-tualization technology.

NFV Management and Orchestration (MANO): MANO is responsible for the overall control and management of an NFV-enabled network. The MANO is made of three modules each of which has a specific functionality [98]. These include Virtual Infrastructure Management (VIM), Virtual Network Function Manager (VNFM) and NFV Orchestrator (NFVO).

NFV Orchestrator: The NFV Orchestrator is responsible for the creation and man-agement of end-to-end services. It has two main components, resource orchestra-tion and service orchestraorchestra-tion. The resource orchestraorchestra-tion is purposed at support-ing the service delivery by managsupport-ing NFVI resources, which in turn are controlled by one or more VIMs. While service orchestration is targeted at life cycle man-agement of network services.

Virtual Network Function Manager (VNFM): The VNFM is responsible for the lifecycle management of NF instances. The specific functions of VNFM include NF instance creation, modification, scaling out/in and up/down, NF configuration (if required), performance and fault management. Each NF instance needs to have a VNFM, which may also manage other NF instances as well.

Virtual Infrastructure Management (VIM): The Virtual Infrastructure Management (VIM) is responsible for managing the resources in the NFVI, including physical resources (compute, storage and network), virtual resources (VMs) and software resources (hypervisors), which are usually within one operator’s infrastructure do-main [98].