Optimized NFVI-ready Network Platform for Carrier-grade Virtual Network Security

Background

Network Function Virtualization (NFV) is a new network architecture concept that uses IT virtualization technologies to decouple network functions, such as router, firewall, network address transition (NAT), and domain name service (DNS), from proprietary hardware appliances so that they can run as software on general purpose network platform. NFV aims to help telecom service providers obtain operation agility, OPEX efficiency and scale-on-demand network services.

Requirements

The concept of carrier-grade network security for NFV networks requires the total integration of hardware and software platform to build the virtual network environment for VNF to be deployed. There are specified technological requirements for the NFVI-ready network platform as defined in the following:

High CPU core counts

The number of CPU cores determines how many VNF security virtual machines can be run on the platform.

High-throughput

High-throughput for switching capacity and deep packet inspection are crucial in NFV serviceability and agility. In addition, the platform must be DPDK compatible for optimal efficiency.

Carrier-grade Reliability

NEBS compliant design, full-redundancy, and carrier-grade high-availability are critical to ensure 99.9999% uptimes (the six-nine).

Scalability

Future-proof is included in the design of the platform for future upgrades in CPU, network I/O and swappable modules.

NFVI-ready Network Platform: Lanner HTCA-6200 and Wind River Titanium Sever

 

Lanner’s HTCA-6200 is a NEBS-compliant network security platform featuring dual Intel Xeon®-grade CPU blades, dual network I/O blades with high-speed switching capacity and full redundancy system design To ensure the carrier-grade up-time and strict reliabilities mandated by telecom networks. HTCA-6200 is built with 2 CPU blades, each of them featuring dual Intel® Xeon® processor E5-2690 v3/v4 CPUs (24 cores per blade, a total of 48 cores across 2 blades) and 16x DDR4 R-DIMMs, optimized for high-performance in NFV applications.

To efficiently control and allocate packet load-balance, the dual, swappable network I/O blades can be configured with 1/10/40/100 GbE network ports in an array of QSFP, SFP+ or copper combinations. Each network I/O blade can support either BCM StrataXGS™ Trident-II BCM56854 Switch Fabric with a maximum of 720Gbps throughput or the Trident-II+ BCM 56860 with up to 1,280Gbps throughput. HTCA-6200 also comes with full redundancy design for its switch blades, CPU blades, cooling fans and power systems, which offer backup operation in case downtime occurs to one of these components.

Lanner’s HTCA-6200 platform has undergone a comprehensive testing and validation process with the Wind River Titanium Server NFV infrastructure (NFVI) software solution, a carrier grade NFV software infrastructure solution designed to meet the stringent “always on” requirements by the telecom industry.

Titanium Server is based on open software standards including carrier grade Wind River Linux, real-time Kernel-based Virtual Machine (KVM), carrier grade plug-in for OpenStack®, Data Plane Development Kit (DPDK), and accelerated virtual switching, all of which are optimized for Intel architecture platforms.

Trend Micro’s Virtual Network Function Suite

Running on top of Lanner’s HTCA-6200 and Wind River’s Titanium Server, Trend Micro’s Virtual Network Function Suite offers flexible, reliable, and high-performance virtual network security functions for CSPs from premise, edge, to core network. The core of Virtual Network Function Suite is innovative deep packet inspection (DPI) technology, which checks network packets and performs select functions, such as intrusion prevention, application controls, or URL filtering, in one single scan, eliminating the performance bottlenecks introduced by checking the same network packets in repetitive cycles with multiple engines. In addition, it leverages Intel® DPDK, a program library designed specifically for packet processing, to achieve maximum throughput in UDP & HTTP traffic.

Trend Micro’s Virtual Network Function Suite comprises two types of components: virtual network functions (VNFs) and element management system (EMS). The VNFs scan network traffic and performs designated inspection functions, such as intrusion detection and prevention, URL filtering, and application and device identifications. The EMS manages logs, updates, and policy configurations of multiple VNFs and integrates with the management and orchestration (MANO) systems to manage VNF life cycle.

Future Implications of Lanner NFVI-ready Network Platform

The collaboration between Lanner, Wind River and Trend Micro has proved the well-blended integration of hardware and software components into a constructive NFVI structure optimal for telecommunication industry. This also indicates the possibilities of Lanner NFVI-ready network platform running other VNF virtual machines such as virtual routing, virtual EPC, vRAN, vCDN and mobile edge computing.

Optimized NFVI-ready Network Platform for Carrier-grade Virtual Network Security was last modified: January 14th, 2020 by LEI Technology