[Search] [txt|pdf|bibtex] [Tracker] [Email] [Nits]

Versions: 00 01                                                         
Internet Research Task Force (IRTF)                            Z. Qiang
Internet Draft                                                 Ericsson
Intended status: Informational                         October 27, 2014
Expires: April 2015

                              Elasticity VNF

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008. The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.  It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

   This Internet-Draft will expire on April 27, 2015.

Z. Qiang                Expires April 27, 2015                 [Page 1]

Internet-Draft              Elasticity VNF                 October 2014

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.


   This draft is an analytic of NFV applications based on the NFV
   architecture, use cases and requirements. The purpose of this
   analytic is to identify any NFV characteristics related issues. The
   analytic is focusing on elasticity VNF with predicable performance,
   reliability and security. Only the issues which are unique to NFV
   are discussed in this document.

Table of Contents

   1. Introduction...................................................3
   2. Conventions used in this document..............................3
   3. Terminology....................................................3
   4. Network Function Virtualization................................5
      4.1. NFV Requirements..........................................5
      4.2. NFV Use Cases.............................................5
         4.2.1. Network Function Virtualization Infrastructure.......6
         4.2.2. Telecom Network Functions Migration..................7
   5. Elasticity in a Distributed Cloud..............................7
      5.1. Elasticity VNF............................................8
      5.2. Elasticity VNF set........................................8
   6. Elasticity with Predicable Performance.........................9
      6.1. Predicable Performance....................................9
      6.2. Hardware virtualization features..........................9
      6.3. Network Overlay..........................................10
   7. Elasticity with Reliability...................................10
   8. Elasticity with Security......................................11
   9. Security Considerations.......................................11

Z. Qiang                Expires April 27, 2015                 [Page 2]

Internet-Draft              Elasticity VNF                 October 2014

   10. IANA Considerations..........................................11
   11. References...................................................11
      11.1. Normative References....................................11
      11.2. Informative References..................................11
   12. Acknowledgments..............................................12

1. Introduction

   Network Functions Virtualization (NFV) is a network architecture
   concept that proposes using IT virtualization related technologies,
   to virtualize entire classes of network node functions into building
   blocks that may be connected, or chained, together to create
   communication services. NFV aims to transform the traditional
   operator architect networks by evolving standard IT virtualization
   technology to consolidate network equipment types onto industry
   standard high volume services, switches and storage, which could be
   located in a variety of NFVI PoPs including DC, network nodes and in
   end user premises. It is also indicated that an important part of
   controlling the NFV environment should be done through automation
   network management and orchestration.

   This draft is an analytic of NFV applications based on the NFV
   architecture, use cases and requirements. The purpose of this
   analytic is to identify any NFV characteristics related issues. The
   analytic is focusing on elasticity VNF with predicable performance,
   reliability and security. Only the issues which are unique to NFV
   are discussed in this document. The intention is to identify what is
   missing, and what is needed to be addressed in terms of protocol /
   solution specifications which may be the potential work for IETF.

   The reader is assumed to be familiar with the terminology as defined
   in the NFV document [nfv-tem].

2. Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in RFC-2119 [RFC2119].

   In this document, these words will appear with that interpretation
   only when in ALL CAPS. Lower case uses of these words are not to be
   interpreted as carrying RFC-2119 significance.

3. Terminology

   This document uses the same terminology as found in the NFV end to
   end architecture [nfv-tem]:

Z. Qiang                Expires April 27, 2015                 [Page 3]

Internet-Draft              Elasticity VNF                 October 2014

   Network Function Consumer: a Network Function Consumer (NFC) is the
   consumer of virtual network functions.  It can be either an
   individual user, home user or the enterprise user.

   NFV: network function virtualization.  NFV technology uses the
   commodity servers to replace the dedicated hardware boxes for the
   network functions, for example, home gateway, enterprise access
   router, carrier grade NAT and etc.  So as to improve the
   reusability, allow more vendors into the market, and reduce time to
   market. NFV architecture includes a NFV Control and Management Plane
   (orchestrator) to manage the virtual network functions and the
   infrastructure resources.

   NF: A functional building block within an operator's network
   infrastructure, which has well-defined external interfaces and a
   well-defined functional behavior.  Note that the totality of all
   network functions constitutes the entire network and services
   infrastructure of an operator/service provider.  In practical terms,
   a Network Function is today often a network node or physical

   Network Function Provider: a Network Function Provider (NFP)
   provides virtual network function software.

   Network Service Provider (NSP): a company or organization that
   provides a network service on a commercial basis to third parties. A
   network service is a composition of network functions and defined by
   its functional and behavior specification.  The NSP operates the NFV
   Control Plane.

   NFV Infrastructure (NFVI): NFV Infrastructure indicates the
   computing, storage and network resources to implement the virtual
   network function.  High performance acceleration platform is also
   part of it.

   VNF: virtual network function, an implementation of an executable
   software program that constitutes the whole or a part of an NF that
   can be deployed on a virtualization infrastructure.

   VM: virtual machines, a program and configuration of part of a host
   computer server.  Note that the Virtual Machine inherits the
   properties of its host computer server e.g. location, network

   NFV Control and Management Plane (NFVCMP): a NFV Control and
   Management Plane is operated by a NSP and orchestrates the NFV NFV

Z. Qiang                Expires April 27, 2015                 [Page 4]

Internet-Draft              Elasticity VNF                 October 2014

4. Network Function Virtualization

4.1. NFV Requirements

   There are many virtualization requirements described by NFV in [nfv-
   req]. The followings are highlights of a few NFV requirements which
   are related to this document:

   - Portability: VNF portability is a reasonable generic
     virtualization requirement. It allows VNF mobility across
     different but standard multi-vendor environment. However, moving a
     VNF within the NFV framework with the Service Level Specification
     (SLA) requirements including performance, reliability and security
     could be a challenge.
   - Performance: Virtualization adds additional processing overhead
     and increases the latency. For latency-sensitive VNFs, it is a big
     concern for NFV on how to achieve predictable low-latency
   - Elasticity: NFV elasticity requirement allows the VNF to be scaled
     within NFVI. Within the NFV framework, it is important to support
     VNF scaling with the SLA requirements including performance,
     reliability and security.
   - Resiliency: NFV resiliency is a must requirement for NFV network,
     including both the control plane and data plane. Necessary
     mechanisms must be provided to improve the service availability
     and fault management.
   - Security: The traditional telecom network functions are developed
     in dedicated hardware located in an isolated network. Security is
     provided by underlay network. When moving VNF into a DC network
     with shared Infrastructure, security becomes a big concern.
   - Service Continuity: At VNF failure over, migration, mobility, and
     upgrading, service downtime may not be avoided. In NFV, service
     continuity must be supported which means the provided service must
     be restored at the VNF instance updated / replaced / recovered.
     This procedure includes the restoration of any ongoing data
     sessions. And it shall be transparent to the user of NFV service.
4.2. NFV Use Cases

   Multiple use cases are described by NFV in [nfv-uc]. The followings
   are a highlight of the NFV use cases.

Z. Qiang                Expires April 27, 2015                 [Page 5]

Internet-Draft              Elasticity VNF                 October 2014

4.2.1. Network Function Virtualization Infrastructure

   Network Function Virtualization Infrastructure as a Service
   (NFVIaaS), Virtual Network Function as a Service (VNFaaS) and
   Virtual Network Platform as a Service (VNPaaS) are the NFV use cases
   which describe how the telecom operators would like to build up
   their telecom cloud infrastructure using virtualization.

   Network Function Virtualization Infrastructure (NFVI) is the
   totality of all hardware and software components which build up the
   environment in which VNFs are deployed. The NFVI can span across
   several locations. The network providing connectivity between these
   locations is regarded to be part of the NFVI.

   NFVIaaS is a generic IaaS plus NaaS requirement which allows the
   telecom operator to build up a VNF cloud on top of their own DCs
   Infrastructure and any external DCs Infrastructure. This will allow
   a telecom operator to migrate some of its network functions into a
   3rd party DC when it is needed. Furthermore, a larger telecom
   operator may have multiple DCs in different geography locations. The
   operator may want to setup multiple vDC, where each vDC may cross
   several of its physical DCs geography locations. Each vDC is defined
   for providing one specific function, e.g. Telco Cloud.

   VNFaaS is more focusing on enterprise network which may have its own
   cloud infrastructure with some specific services / applications
   running. VNFaaS allows the enterprise to merge and/or extend its
   specific services / applications into a 3rd party commercial DC
   provided by a telecom operator. With this VNFaaS, the enterprise
   does not need to manage and control the NFVI or the VNF. However,
   NFV Performance & portability considerations will apply to
   deployments that strive to meet high performance and low latency
   With VNPaaS, the mobile network traffic, including WiFi traffic, is
   routed based on the APN to a specific packet data service server
   over the mobile packet core network. Applications running at the
   packet data service server may be provided by the enterprise. And it
   is possible to have an interface to route the traffic into an
   enterprise network. But the infrastructure hosting the application
   is fully under controlled by the operator. However, the enterprise
   has full admin control of the application and needs to apply all
   configurations on its own, potentially via a vDC like management
   interface with support of the hosting operator.

   All the above use cases need solutions for the operator to share the
   infrastructure resources with 3rd parties. Therefore cross domain

Z. Qiang                Expires April 27, 2015                 [Page 6]

Internet-Draft              Elasticity VNF                 October 2014

   orchestration with access control is needed. Besides, the
   infrastructure resource management needs to provide a mechanism to
   isolate the traffic, not only based on the traffic type, but also
   from different operators and enterprises.

4.2.2. Telecom Network Functions Migration

   Virtualization of telecom network functions, including Mobile Core
   Network functions, IMS functions, Mobile base station functions,
   Content Delivery Networks (CDN) functions, Home Environment
   functions, and Fixed Access Network functions, are described in the
   NFV use case document [nfv-uc]. In additional, VNF forwarding Graphs
   is another use case which describes how the user data packets are
   forwarded by traversing more than one operator service chain
   functions, such as DPI, Firewall, Content Filtering, before reaching
   the service server.
   Migrate the telecom functions includes moving the control plane,
   data plane and service network into a cloud based network and using
   cloud based protocol to control the data plane. Service continuity,
   network security, service availability, resiliency in both control
   plane and data plane must be ensured at this migration.

5. Elasticity in a Distributed Cloud

   Today the usage of personal devices, e.g. smartphones, for internet
   service traffic, telecom specific service access, and accessing the
   corporate network, is increased significantly. At the same time,
   telecom operators are under pressure to accommodate the increased
   service traffic in a fine-grained manner. Services provided by
   telecom network must be done in an environment of increased
   security, compliance, and auditing requirements, along with traffic
   load may be changed dramatically overtime. Providing self-service
   provisioning in telecom cloud requires elastic scaling of the VNF
   based on the dynamic service traffic load and resource management
   e.g. computing, storage, and networking.

   The existing telecom network functions may not be cloud technologies
   ready yet. Most of the NFV functions are stateful and running on
   either specific hardware or a big VM. It is not designed to tolerate
   any system failure in many VMs. The network functions are very
   difficult in term of configuration, scale updating, etc.

   Re-engineering may be needed for virtualization enabling, e.g.
   software adaption for software and hardware decoupling. For cloud
   technologies ready, the telecom network functions need to be re-
   designed as stateless function and able to run on small VMs with

Z. Qiang                Expires April 27, 2015                 [Page 7]

Internet-Draft              Elasticity VNF                 October 2014

   multiple instances which can provide higher application
   availability. The application dynamic scaling can be achieved by
   adding more VMs into the system.

   Virtualization provides the elasticity ability to scale up / down,
   scale out / in with guaranteed computational resources, security
   isolation and API access for provisioning it all, without any of the
   overhead of managing physical servers. However, there are still many
   optimizations which can be used to avoid the increasingly overhead.
5.1. Elasticity VNF

   Virtualized Network Function (VNF) is an implementation of a network
   function that can be deployed on Network Function Virtualization

   For a large telecom operator, multiple vDC may be created crossing
   multiple physic data centers. And each vDC is defined for providing
   one specific function, e.g. Telco Cloud.  As the infrastructure
   resources used by one vDC may locate in different geography
   locations, the network performances may be different if the VM is
   placed at different host within different location.

   VNF capacity may be limited if it only can be scaled within one
   network zone, e.g. within one DC in a geography location. As a NFVI
   which may be crossing multiple data centers, it is possible to scale
   an elasticity VNF crossing different network zones if it is needed.
   At cross DC scaling, it is a mandatory requirement to provide the
   same level of SLA including performance, reliability and security.

5.2. Elasticity VNF set

   In NFV network, normally the VNFs are working as such that the
   services provided by the VNFs may need to process the user data
   packets with several selected VNF instances before delivering it to
   its destination. VNF set is a NFV specific concept. It is a
   collocation of VNFs with unspecified network connectivity between
   them. When VNF works as VNF set, the service session is setup among
   a group of VNFs. For instance, when mobile users setup a PDN
   connection for IMS services, there are multiple network entities
   involved along the PDN connection, including eNB, Serving GW, PDN
   GW, P-CSCF, S-CSCF, etc. Another example is service function
   chaining, where a service chain is referring to one or more service
   processing functions in a specific order which are chained to
   provide a composite service.

Z. Qiang                Expires April 27, 2015                 [Page 8]

Internet-Draft              Elasticity VNF                 October 2014

   In telecom cloud, a service session may traverse multiple stateful
   and stateless VNF functions of a VNF set. And with distributed NFV,
   it may be crossing multiple DCs. In such cloud, the east-west
   traffic is much heavier comparing to the north-south traffic.
   When placing a VNF application, it is better spread the applications
   in a wide network zone, which may give a better availability.
   However, a wide network zone also increases the network latency
   which can be big. VNF application dependence shall be considered
   when placing VNF into the DC.
   When scaling, VNFs are not scaled only in relation to compute and
   storage domains. The VNF functions may need to be grouped together
   and applying auto-scaling techniques to the entire group. The
   scaling policies, e.g. ratio between the different VNFs, need to be
   applied on the VNF set in aggregate to control the scaling process.
6. Elasticity with Predicable Performance

6.1. Predicable Performance

   High performance with low-latency VNF is expected in the NFV
   framework. The NFVI metrics are related to any kind of metrics
   generated by the NFVI, including not only CPU load on a VM, CPU load
   on a host, but also interrupt rate handled by the hypervisor or
   network latency/packet loss.

   Virtualization adds additional overhead which impacts the
   performance. This additional extra distortion shall be avoided or,
   at least, minimized. It is a big concern for NFV on how to achieve
   predictable and low-latency performance.

   Operator may wish to run standard test and use the result to provide
   KPIs of the VNF. A significant part of a VNF vendor's performance
   guarantees will depend on the choice of the virtualization
6.2. Hardware virtualization features

   Virtualization layer adds minimal overhead and delivers a
   predictable performance between a minimum and maximum threshold for
   latency and jitter which are far more important. Light weight
   virtualization, e.g. container or bare metal, may be considered for
   performance sensitive VNF applications. In additional, hardware
   virtualization features (e.g. SR-IOV) are important to be supported
   in order to provide some performance improvement. Many VNF requires
   direct access to the device hardware so that they can offload
   functionality with throughput rates of millions of packets a second.
   Another alternative, which may be more attractive for latency-

Z. Qiang                Expires April 27, 2015                 [Page 9]

Internet-Draft              Elasticity VNF                 October 2014

   sensitive applications, is using and non-hypervisor virtualization,
   including bare metal and Linux container.
   Optimization to drive high-throughput network workloads associated
   with such functions as traffic filtering, NATing and firewalling.
   Avoiding performance bottleneck, the virtualization layer shall have
   a suitably-architected I/O stack.

6.3. Network Overlay

   Network overlay adds additional overhead when forwarding the data
   packets. Reference [vxlan-p] is a VXLAN performance testing report
   which indicates the overlay performance is a concern. Avoiding
   overlay connections may be one option which is more attractive for
   latency-sensitive applications.

   Furthermore, additional network latency may be added when traversing
   the cross-DC overlay connections. To avoid any additional network
   latency, all the functions of a VNF set may be placed in the same
   low-latency network zone, e.g. same host or same DC. However, when
   the capacity limitation the network zone is reached, scaling-out one
   VNF into another network zone may be needed. In this case, as the
   service session has to traverse the same path, the Ping-Pong traffic
   between the network zones cannot be avoided. Depends on the network
   overlay technologies used for the cross network zone connection, the
   overhead network latency can be various. In another words, the
   network performance may become unpredictable.
7. Elasticity with Reliability

   NFV resiliency is a must requirement for NFV network, including both
   the control plane and data plane. Necessary mechanisms must be
   provided to improve the service availability and fault management.

   With virtualization, the use of VNFs can pose additional challenges
   on the reliability of the provided services. For a VNF instance, it
   typically would not have built-in reliability mechanisms on its host
   (i.e., a general purpose server).  Instead, there are more factors
   of risk such as software failure at various levels including
   hypervisors and virtual machines, hardware failure, and instance
   migration that may make a VNF instance unreliable. Even for cloud
   ready NFV applications, a HA may still be needed as the storage,
   load balancer may be failure. Service restoration solution is still

   One alternative to improve the VNF resiliency is to take snapshot of
   the VM periodically. At VNF failure, the network can restore the VM
   at same or different host using the stored snapshot. However, there

Z. Qiang                Expires April 27, 2015                [Page 10]

Internet-Draft              Elasticity VNF                 October 2014

   is a downtime of the provided service due to the snapshot
   recovering. And the downtime is much longer than the expected value
   which could be tolerated by NFV. NFV has a completely different
   level of reliability requirements, e.g. recovering time, comparing
   to enterprise cloud applications.

   To improve the network function resiliency, some kind high
   availability (HA) solutions may be needed for NFV network, which has
   the potential to minimize the service downtime at failure.

   The VNF reliability can be achieved by eliminating any single points
   of failure by creating a redundancy of resources, normally,
   including enough excess capacity in the design to compensate for the
   performance decline and even failure of individual resources; that
   is, a group of VNF instances providing the same function works as a
   network function cluster or pool, which provides protection (e.g.
   failover) for the applications and therefore an increased

8. Elasticity with Security


9. Security Considerations

   This is a discussion paper which provides inputs for NFV related
   discussions and in itself does not introduce any new security
10. IANA Considerations

   No actions are required from IANA for this informational document.
11. References

11.1. Normative References

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2234] Crocker, D. and Overell, P.(Editors), "Augmented BNF for
             Syntax Specifications: ABNF", RFC 2234, Internet Mail
             Consortium and Demon Internet Ltd., November 1997.

11.2. Informative References

   [nfv-arch] Network Functions Virtualization Infrastructure
             Architecture Overview; GS NFV INF 001.

Z. Qiang                Expires April 27, 2015                [Page 11]

Internet-Draft              Elasticity VNF                 October 2014

   [nfv-rel] Network Function Virtualization (NFV) Resiliency
             Requirements; ETSI GS NFV-REL 001.

   [nfv-uc]  Network Function Virtualization (NFV) Use Cases; ETSI GS
             NFV 001

   [nfv-req] Network Function Virtualization (NFV) Virtualization
             Requirements; ETSI GS NFV 004

   [nfv-sec] Network Function Virtualization (NFV) NFV Security Problem
             Statement; ETSI NFV-SEC 001

   [nfv-tem] Network Function Virtualization (NFV) Terminology for Main
             Concepts in NFV; ETSI GS NFV 003

   [vxlan-p] Problem Statement for VxLAN Performance Test, draft-liu-
             nvo3-ps-vxlan-perfomance, (working in progress)

12. Acknowledgments

   Many people have contributed to the development of this document and
   many more will probably do so before we are done with it.  While we
   cannot thank all contributors, some have played an especially
   prominent role. The following have provided essential input: Suresh

Authors' Addresses
   Zu Qiang
   8400, boul. Decarie
   Ville Mont-Royal, QC,

   Email: Zu.Qiang@Ericsson.com

Z. Qiang                Expires April 27, 2015                [Page 12]