Open Source Packages for Network Functions Virtualization
In our previous article, we had focused on The Network Platform for Network Functions Virtualization (OPNFV), mainly covering the virtual infrastructure and the corresponding manager that support Network Functions Virtualization (NFV). In this article, we will focus on open source options that are available for building different virtual network functions.
A Virtualized Network Function (VNF) is a network function capable of running on an NFV Infrastructure (NFVI) and being orchestrated by a NFV Orchestrator (NFVO) and VNF Manager. VNF is expected to support well-defined interfaces to other network functions, the VNF Manager, its EMS, and the NFVI, in addition to the well-defined functional behavior.
The network devices that the commodity server and the software aim to replace can range from firewalls and VPN gateways to switches and routers. Researchers have argued that almost any network function can be virtualized.
The NFV focus in the market today includes switching elements, network appliances, network services and applications. The typical network functions that are considered for NFV are switching elements, carrier grade NAT, and routers, mobile network (backhaul and access) nodes, functions in home/small-office routers, traffic analysis elements, IP Multimedia Subsystem (IMS), Application-level optimization functions, and security functions.
Virtual EPC and IP Multimedia System
The 3GPP is the standards developing organization that defines the Network Architecture and specifications for the network functions for mobile and converged networks. LTE evolved from an earlier 3GPP system known as the UniversalMobile Telecommunication System (UMTS), which in turn evolved from the Global System for Mobile Communications (GSM).
The architecture most often used for today’s LTE mobile networks is called Evolved Packet Core (EPC), and it is composed of the UE, Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and the EPC core (LTE-ARCH = UE + EUTRAN + EPC) . The E-UTRAN includes base stations, which are called eNodeBs (eNBs). The EPC consists of four network elements, namely Serving Gateway (SGW), PDN Gateway (PGW), and Mobility Management Entity (MME) [x1]. Mobile networks are populated with a large variety of proprietary hardware appliances.
As NFV and SDN are introduced in the EPC, some components as listed above become virtualized and open APIs are being introduced between the virtualized elements.
In the below table we begin with minimal EPC and add more and more features to the minimal EPC in the subsequent rows. The last column shows the 3GPP Architecture components for each of the functionalities:
|No.||EPC Functionality with Increasing complexity (from 3GPP ref Architecture)||Components (Additional)|
|Minimal EPC – LTE accesses only, no PCC (Policy and Charging control)||MME, PDN-GW, S-GW, E-UTRAN, HSS (home subscriber server), EIR, (Optional IMS)|
|2||+ PCC for LTE accesses only||PCEF, BBERF, PCRF, OCS, OFCS, SPR, AF.|
|3||+ The legacy GPRS Packet Core and its 2G/3G accesses (co-existence)||1. GERAN, CS_MGW, MSCS – PSTN.
2. UTRAN, SGSN, GGSN – PDNs
|4||+ GERAN and UTRAN accesses via legacy SGSN and Gn (during transition to EPC)||(No additional components)|
|5||+ 2G/3G accesses via evolved SGSN and S4 (target EPC, for 2G/3G/4G accesses)||S4-SGSN.|
|6||+ Direct user path via S12, and control via S4 for UTRAN only||(No additional components.)|
|7||+ Voice services: CS FallBack (CSFB) via SGs and SRVCC via IMS and Sv||SCCAS|
|8||+ Trusted non-3GPP accesses via S2a||3GPP-AAA-Proxy/Server|
|9||+ Untrusted non-3GPP accesses via S2b||ePDG|
|10||+ Access Network Discovery Support Functions via S14||ANDSF|
The IP Multimedia Subsystem (IMS) is an architectural framework for delivering IP multimedia services.
|PSTN gateway||BGCF, IMS-MGW, MGCF|
|IMS-Core (Call session management)||S-CSCF, I-CSCF, P-CSCF, ECSCF|
|Application Server||TAS, SCCAS, AS|
|Multimedia Resource Function||MRFP, MRFC|
|Border Control||IBCF, TrGW|
|Others (Media Resource Broker, Location Retrieval and Emergency access transfer)||MRB, LRF, EATF|
A significant number of open source projects exists that implement various components of the EPC-architecture. The table below lists that software. However, understandably, there is no single software that implements complete EPC. To achieve that, one has to work with different pieces of software and develop the ‘glue’ that makes these pieces work together to realize the EPC functionality.
|EPC/IMS Component||Open source Software|
|HSS||OpenIMSCore, OpenHSS, Clearwater IMS|
|IMS Core||OpenIMS core, Clearwater IMS,|
|ANDSF||Libdmclient , Funambol DM Server and Client|
|SS7, SIGTRAN, MGCP, VoIP||OpenSS7|
|Decision Support System||OpenCDS|
Virtual Switching and Routing
There two most important network functions are routing and switching. From the NFV perspective, the goal is to support standard protocols such as BGP & OSPF, by running them on the commodity hardware or as virtual machines. Below, we will look for some popular open source software for both switching and routing.
Linux Bridge: A software-based switch that implement IEEE 802.1D standard, and which comes with Linux distributions as a kernel module. It includes support for FDB (Forwarding DB), STP (Spanning tree), promiscuous mode to receive all packets and filtering and shaping of the traffic — which makes it more powerful than a hardware bridge.
OpenVswitch (OVS): OVS is probably the most popular and widely used software-based switch. It supports OpenFlow, and can be used as a normal switch as well. It includes various features such asVLAN tagging, VXLAN, GRE, bonding, flow based forwarding, user space control plane etc.
Lagopus: Another OpenFlow 1.3 complaint software switch. Similar to OVS, it also works well with Intel DPDK. In their road-map, they plan to integrate with other control-plane programs such as Quagga and GoBGP, which I believe would be very useful in terms of opening up various use-cases.
Vale/Netmap: Similar to Linux Bridge and OVS, Vale interconnects physical or virtual network interfaces. However, it boasts of high performance (High throughput with low CPU usage) and scalability compared to other software switches. The better performance is achieved through the netmap APIs, and in fact, Vale is provided as a part of the netmap distribution.
Quagga: Quagga as a collection of smaller daemons, each with a specific task. This task may be to run a routing protocol like OSPF or BGP. The Zebra daemon is responsible for interacting with the kernel, and provides a simple API (called Zserv) for the other daemons to consume, so they don’t need to make kernel calls directly. The other daemons run their respective protocols. You can configure Quagga so that all of these daemons pull their configuration from the same place, or by individually configuring each daemon.
BIRD: BIRD was developed as a school project at Faculty of Math and Physics, Charles University Prague. Currently, it is developed and supported by CZ.NIC Labs. The BIRD project aims to develop a fully functional dynamic IP routing daemon primarily targeted on (but not limited to) Linux, FreeBSD and other UNIX-like systems and distributed under the GNU General Public License. Both IPv4 and IPv6 (use –enable-ipv6 when configuring). It supports multiple routing tables BGP, RIP, OSPF, Static routes IPv6 Router Advertisements, etc.
VYoS: VyOS is a Linux-based network OS that provides software-based routing functionalities. It includes routing protocols such as OSPF, BGP along with firewall and VPN support. VyOS is a community fork of Vyatta, which was acquired by Brocade Communications.
Virtual Provider Network Elements (PNEs)
Researchers argue that though the virtualization of core routers would not be feasible, at least in the near future, due to high performance (throughput) requirements, the virtualization of the provider edge (PE) Router would be a more viable option.
When virtualized, virtual private network services such as L3 IP VPNs (each PE device acts like a set of virtual routers), L2 VPNs, EVPN, and pseudowires — would support both flexibility and scalability of those functions. This would be a major benefit for the providers, and many providers have considered virtualizing such PE functions by executing the same executed in their cloud.
Similar to PE Router, Broadband Remote Access Server (B-RAS) is a specialized server in the provider network which facilitates the convergence of multiple internet traffic sources such as DSL, cable, broadband wireless, and Ethernet, onto a single network which normally involves routing of the traffic to and from the DSLAMs. It can be a simple router forwarding packet from core to the customer (vice-versa) or a complex router that implement (per-subscriber) IP policy, QoS, packet manipulation, limiters, etc. Virtualization of BRAS functions has also proved to be beneficial — both in terms of cost and the flexibility/scalability — for the service providers.
The majority of the open source software mentioned under the Routing, such as Quagga, VyOS and BIRD, can be used to realize many PE functions. The software such as IPtables (netfilter) and Radius-server (freeRADIUS) that comes part of a standard Linux distribution can be used for virtual firewall and virtual AAA, respectively. The snort software has been used for virtual intrusion detection system in some NFV deployments.
In addition, other software such as mpls-Linux and the xl2tp-daemon could be used to virtualize PE functions. Recently, AT&T and Ericsson jointly presented SDN-based L3VPN via OpenDaylight Controller.
Customer premise equipment or CPE are those that typically reside in any enterprise or residential broadband subscriber’s premises and are used to connect to the service provider’s network. Typically, service providers provide, configure, and manage CPEs, which can be from different hardware vendors, of enterprise customers and residential subscribers.
Without virtualization of CPEs, the service provider may incur significant expenses whenever adopting any new technologies, adding new services, or upgrading security, privacy and metering functionalities.
With virtual CPEs, a majority of the CPE functions are pulled out the customer premises and moved into the operator’s network (possibly in his data center facility). This result in a ‘simplified’ CPE, where CPE acts as a simple Layer-2 forwarding device connected to the service provider network. Typically, services such as DHCP, Firewall, NAT, Routing, VPN, etc. are delivered by Virtual Network Functions (VNFs) running at the Provider’s data center as a Virtual Machine (VM) instance.
Open Source vCPE:
Network services such as DHCP, Firewall, NAT, DNS (vDHCP, vFW, vNAT, vDNS,), are available in open source implementation, and also distributed as part of many standard Linux distributions. For example, DNS and DHCP can be deployed by dnsMasq. Whereas IPtables are used for realizing NATs and Firewalls, there has been no separate open source project targeted towards NFV and dedicated to building virtual CPEs, such as for customer routers, virtual set-top-boxes, and virtual home-routers.
Virtual Access Network Elements
Access network functions that reside in hybrid fibre-DSL ‘remote’ nodes, such as FTTcab and FTTdp, typically located in streets or buildings, are gradually becoming hot candidates for virtualization. In order to be economically viable, these nodes should be compact, have very low power consumption and have very low maintenance cost. Simplification of such remote nodes by virtualizing some of the functions — OLT, DSLAM, ONU, ONT, MDU, and DPU for starters — can help in achieving the economic viability, by moving complex processing to the virtualized environments. The target network functions for the virtualization are. Unfortunately, no open source software exists for any of these virtual functions. Major telcos, such as AT&T, are working towards virtualizing these functions, and hopefully, they may open source the same in near future, so keep your fingers crossed!