SDN and NFV Security Introduction to Network Function

SDN and NFV Security Introduction to Network Function Virtualization Dr. Dijiang Huang Arizona State University

NFV Objectives… | Have fast standard hardware “Leverage standard IT virtualization technology to consolidate many network equipment types onto industry standard high-volume servers, switches, and storage. ” - White box implementation | Decouple network functions from proprietary hardware appliances - Software implementation of network | Standard API’s between Modules NFV Model Traditional. Network. Model DPI NAT DPI Firewall Load Balancer CDN VIRTUAL APPLIANCES Firewall PE Router Load Balancer NAT CDN PE Router Session Border Controller IDS ORCHESTRATED, AUTOMATIC & REMOTE INSTALL Standard High Volume Servers/ Storages/Switches

Revisiting Layers Applications Operating Systems Applications Network functions Operating systems Hypervisors Network Infrastructure Computer infrastructure Switching infrastructure Rack, cable, power, cooling

NFV Layers End Point Logical Abstractions VNF End Point VNF VNF Logical Links Software Instances VNF VNF VNF: Virtualized Network Function Virtual Resources Virtual Compute Virtual Network Virtualization Layer Virtualization SW HW Resources Virtual Storage Compute Storage Network

NFV Use Cases ETSI Formalized NFV Use Cases Potentially Virtualized Functions Network Functions Virtualization Infrastructure as a Service v. NAT, v. FW, v. LB, v. RR, v. VPN, v. Router Virtual Network Function as a Service (VNFaa. S) v. CPE, v. PE Virtual Network Platform as a Service (VNPaa. S) v. Private. Cloud VNF Forwarding Graphs v. PE-F Virtualization of Mobile Core Networks and IMS v. EPC (v. S/P-GW, v. MME, v. PCRF, v. SGSN, v. Gi. Lan) v. IMS (v. P/S/I-CSCF, v. MGCF, v. AS) Virtualization of Mobile Base Station v. MAC, v. RLC, v. PDCP, v. RRC, v. COMP, v. BBU Virtualization of the Home Environment v. BNG, v. RGW, v. STB Virtualization of CDNs v. CDN Fixed Access Network Functions Virtualizations v. OLT, v. DSLAM, v. ONU, v. ONT, v. MDU, v. DPU ETSI: The European Telecommunications Standards Institute

The Relation Between NFV and SDN | NFV can be achieved using non-SDN mechanisms - Already used in datacenters | NFV supports SDN by providing infrastructure upon which the SDN can be implemented - Aligns closely with SDN objective to use commodity servers and switches

Differences Between NFV and SDN Software Defined Networking (SDN) Comparison Features Network Function Virtualization (NFV) Separate control and data, centralize control and programmability of network Basic Concept Relocate network functions from dedicated appliances to generic servers Campus, data center/cloud Target Location Service provider network Commodity servers and switches Target Devices Commodity servers and switches Cloud Orchestration and networking Initial Application Routers, Firewalls, gateways, CDN, WAN accelerators, SLS assurance Open. Flow New Protocols None Open Networking Foundation (ONF) Formalization European Telecommunications Standards Institute (ETSI) NFV Working Group

Example: Service Chaining

Example: NFV-IAAS | One SP can leverage Iaa. S provided using NFV setup of another service provider | Requirements: - A common automation framework capable of provisioning both physical and virtual infrastructures - A common deployment model that spans service provider and geographical boundaries | Software Defined Wide Area Network (SD-WAN) - A virtual WAN architecture that allows enterprises to leverage any combination of transport services – including MPLS, LTE and broadband internet services – to securely connect users to applications.

Wrap-Up