Network Function Virtualization (NFV): Definition

Network Function Virtualization (NFV) enables IT pros to modernize their networks with modular software running on standard server platforms. Over time, NFV will deliver high-performance networks with greater scalability, elasticity, and adaptability at reduced costs than networks built from traditional networking equipment.  NFV covers many network applications but is driven primarily by new network requirements, including video, SD-WAN, Internet of Things, and 5G.

What is Network Function Virtualization (NFV)?

Network functions virtualization (NFV) is a way to virtualize network services, such as routers, firewalls, and load balancers, that have traditionally been run on proprietary hardware. These services are packaged as virtual machines (VMs) on commodity hardware, which allows service providers to run their networks on standard servers instead of proprietary ones. It is one of the primary components of a telco cloud, which is reshaping the telecommunications industry.

With NFV, you don’t need to have dedicated hardware for each network function. NFV improves scalability and agility by allowing service providers to deliver new network services and applications on-demand, without requiring additional hardware resources.

How does Network Function Virtualization work?

Essentially, network function virtualization replaces the functionality provided by individual hardware networking components. This means that virtual machines run software that accomplishes the same networking functions as traditional hardware. Load balancing, routing, and firewall security are all performed by software instead of hardware components. A hypervisor or software-defined networking controller allows network engineers to program all of the different segments of the virtual network, and even automate the provisioning of the network. IT managers can configure various aspects of the network functionality through one pane of glass, in minutes.

The benefits of using NFV

With Network Functions Virtualization (NFV), service providers can run network functions on standard hardware instead of dedicated hardware. Also, because network functions are virtualized, multiple functions can be run on a single server. This means that less physical hardware is needed, which allows for resource consolidation that results in physical space, power, and overall cost reductions.

NFV gives providers the flexibility to run VNFs across different servers or move them around as needed when demand changes. This flexibility lets service providers deliver services and apps faster.

For example, if a customer requests a new network function, they can spin up a new VM to handle that request. If the function is no longer needed, the VM can be decommissioned. This can also be a low-risk way to test the value of a potential new service.

NFV Use Cases

Network Function Virtualization (NFV) is applicable across a wide range of network functions, including fixed and mobile networks.  Some leading NFV applications include:

• Evolved Packet Core (EPC)
• Software-Defined Branch and SD-WAN
• IP Multi-Media Subsystem (IMS)
• Session Border Control (SBC)
• Video Servers
• Virtual Customer Premises Equipment (vCPE)
• Content Delivery Networks (CDN)
• Network Monitoring
• Network Slicing
• Service Delivery
• A variety of security functions – firewalls, intrusion detection and prevention systems, NAT, etc.

Risks of Network Function Virtualization

NFV makes a network more responsive flexible, and easily scalable. It can accelerate time to market and significantly reduce equipment costs. However, there are security risks, and network functions virtualization security concerns have proven to be a hurdle for wide adoption among telecommunications providers. Here are some of the risks of implementing network functions virtualization that service providers need to consider:

• Physical security controls are not effective: Virtualizing network components increases their vulnerability to new kinds of attacks compared to the physical equipment that is locked in a data center.
• Malware is difficult to isolate and contain: It is easier for malware to travel among virtual components that are all running off of one virtual machine than between hardware components that can be isolated or physically separated.
• Network traffic is less transparent: Traditional traffic monitoring tools have a hard time spotting potentially malicious anomalies within network traffic that is traveling east-west between virtual machines, so NFV requires more fine-grained security solutions.
• Complex layers require multiple forms of security: Network functions virtualization environments are inherently complex, with multiple layers that are hard to secure with blanket security policies.

Challenges

NFV is proving complex and difficult for many operators to deploy at scale.  The breadth of the architecture and the number of distinct components make it challenging to design, build, and support.  NFV must be integrated into existing network architectures and linked to operations systems.  The lack of mature standards and “blueprints” for NFV implementations continues to hinder deployments.  It has taken years to move NFV deployments through the labs, proof of concepts, field trials, and on to full-scale solutions in production networks.