High-performance, high-availability enterprise SD-WAN and vCPE

Introduction

Network functions virtualization (NFV) has come a long way from the conceptual whitepaper released in 2011 by the European telecommunications and standards institute (ETSI). Today, leading communication service providers (SK, AT&T, Verizon, Deusche Telecom to name a few) have made steady progress in these 6 years, virtualizing sizeable chunk of their networks, everyday deploying more x86 hardware using network functions virtualization infrastructure (NFVi). While the technology is already in production in dozens of networks, many service providers are still on the fence –waiting for the next-gen network implementation to reach the right level of functionality, performance and/or stability.

Even though NFV needs more time to mature into the complete network solution it aims to be, there are virtualized networking systems today which demonstrate the effectiveness of homogenous x86 hardware deployments. Most importantly their capacity to keep costs down while extending a service providers network flexibility into the next generation, empowering their networks enough to compete with leading service providers and even over the top (OTT) service providers.

 

Problem

Traditional consumer premise equipment (CPE) is often built using a wide array of proprietary embedded processors known as ASICs (Application-specific integrated circuits). Although they offer better performance per watt compared to general computing processors such as x86 and ARM, their closed and limited nature combined with improved power-efficiency and falling costs of computer networking hardware more and more importance is being placed on service agility, truck rolls and scalability.

A crucial component of CPEs is the wide area network (WAN) transport, that is the network connection to the communication service provider. For residential internet service this means DSL, DOCSIS, fiber to the home (FTTH) and other access network technologies, with more robust private business links using more reliable technologies like and MPLS and IP VPN to provide a certain level of service assurance, AKA service level agreements (SLAs).

All of these WAN optimization technologies are implemented on routers and proprietary appliances, both in the service provider edge and the consumer edge. The complexity and time required to deploy and provision these appliances has made private MPLS lines notoriously slow and expensive to deploy, with the time-to-service often measured in weeks and even months. Now take into account the shift to cloud hosted business applications, businesses now more than ever need the capability to leverage inexpensive commodity internet lines alongside more reliable WAN connections in order to optimize price and performance. A load balanced mixed WAN solution is something that is very difficult and expensive requiring various purpose-built or proprietary network appliances.

 

Solution

Virtual CPE is a full-on NFV solution built to tackle these key issues for service providers and enterprise IT. By virtualizing the hardware-based network functions and deploying them on commodity x86 hardware on as-needed basis, issues with new time-to-service, orchestration, scalability and other issues like vendor lock-in can be mitigated if not entirely eliminated.

Software-defined Wide area network (SD-WAN) is one of the most prominent SDN/NFV solutions today, and with good reason. It eliminates many of the issues with traditional WAN optimization solutions, while reducing dependency on expensive proprietary lines through mixed WAN connectivity.

Versa Networks is a leading network solution vendor which provides one of the most comprehensive vCPE and SD-WAN solutions on the market. Versa FlexVNF provides a carrier-grade system offering the following capabilities:

  1. Multi-service VNF with broadest set of networking and security functions – Full routing, MPLS, CGNAT, SD-WAN, NGFW, AV, IPS, SWG and more
  2. Complete multi-tenancy across all components for scalable managed services and true end-to-end segmentation
  3. Native SFC support for Versa and 3rd party services simplifying service integration
  4. Real-time big data analytics engine for 360 degree insights, control, visibility, prediction and feedback loop for adaptability
  5. Integrated KVM hypervisor for 3rd party VNF hosting -enabling greater flexibility in services
  6. Zero-touch provisioning for all Versa IP and security services.
Image Source: Versa Networks

Versa’s software-defines solutions provide a full array of flexibility in deployment options from a full universal CPE capable of running all network functions on-premise, to vCPEs running only basic routing functions instead leveraging cloud hosted VNF’s or VNFaaSS :

SD-router: Essentially a centralized vCPE which implement only the most basic functions (routing) and offload all other VNF’s onto the cloud or service providers network.

SD-Security: Versa’s security-centric offering runs Next generation firewall (NGFW) or a Unified threat management (UTM) solution on premise allowing business branches to harden security and secure access to the internet as a simplified, interoperable software-defines solution.

Secure SD-WAN: Versa’s Secure SD-WAN gives enterprises and service providers the solution they need to quickly deploy a secure hybrid enterprise WAN, used to improve network reliability, performance while keeping costs low.

SD-Branch: A combination of all of Versa’s solutions which include: SD-WAN, SD-security, routing and switching along with the capability to host 3rd party VNF’s inside of a KVM hypervisor. This unified services platform, reduces operational complexity through centralized management and automation.

With this flexibility ingrained at the software level, service providers and enterprises are afforded incredible freedom to choose the ideal hardware deployment platform for their CPE. They can choose to utilized low-power, low-cost appliances like the NCA1020 in extensive branch deployments –relying on service providers or data centers to leverage economies of scale and provide extended functionality through hosted VNF’s. Or in smaller and/or more critical deployments –choose to implement all functions on premise using more powerfull networking hardware such as the FW-8894 for enterprise,  or the HTCA6200 for carrier-grade vCPE/SD-WAN/SD-Security.

High-performance, high-availability enterprise SD-WAN and vCPE was last modified: January 29th, 2020 by James Piedra