Be sure to check out the full, accompanying article, "Virtualizing Everything On The Network."
1. Design for the future, beware of today
One key advantage of network function virtualization (NFV) is the ability to utilize generic hardware. Whether using new hardware or existing infrastructure, the cost savings can be tempting. But before committing to a vanilla approach to your NFV deployment, future applications may require special features to run efficiently, including SR-IOV, hardware encryption assistance, interrupt distribution, and TCAM resources.
2. Plan for scaling, traffic is exploding
One NFV instance may be able to handle your network load today, but what happens when traffic load swells? The easiest scaling method involves allocating more CPU cores and memory to the NFV virtual machine… but not all NFV software can run more threads with additional CPU cores. Instead, implement more instances of the virtual machine with a load balancer to distribute packets between the virtual machines to handle higher loads.
3. Prepare to manage your management
In addition to the NFV platform itself, each NFV application includes its own management interface complete with authentication and security protocols. They can be browser-based, command-line-based, OpenFlow-based, or even custom GUI applications. The NFV operator must be prepared for the complex task of managing all passwords and access tools that come with a complete NFV system.
4. How open is your OpenFlow?
Interest in the OpenFlow standard has been intense, but many NFV platform vendors offer legacy NFV management interfaces not based on OpenFlow. They may be planning for an OpenFlow controlled version in the future. In the interim, the NFV operator needs to manage the NFV platform with the available interface and prepare for a possible future migration to OpenFlow.
5. Enhanced security needs enhanced performance
Although the Internet service uplink speed might not be large compared to the processing capability of the NFV platform, many NFV applications will be implemented between regions within a LAN. Inter-departmental firewalls are common in this type of environment, and each firewall requires a processing resource. Even though the NFV can be instantiated and configured, if may not be able to handle the load if there aren’t enough cores or memory available. Provisioning the NFV platform is essential to boost performance adequately to maintain high security standards.
6. Remember your storage
Consider your environment closely. Although some NFV platforms only pass traffic, others may need to save and backup a database, and maintain security logs as well as legally required audit trails. If these actions are necessary, the NFV platform must provide a secure storage facility with backup.
7. Leverage advanced standards
SR-IOV is a standardized technology that can enhance NFV throughput by allowing network traffic to be transmitted directly to the virtual machine, rather than switched in hypervisor software. This technology requires the support of the NFV platform, as well as the NFV software kernel, to have the appropriate device drivers.
8. Develop fault-tolerant strategies
IT must plan for the worst-case scenario—even system crashes. The degree of acceptable risk to your enterprise determines whether to implement a cold/warm spare, or a complete disaster recovery solution with automatic failover capabilities. Executing an effective fault-tolerant strategy requires careful coordination between the routers, NFV platform, and all of the NFV software being used.
9. Manage the license soup carefully
Licensing fees and conditions can be complex with any software solution. Each NFV provider will set its own license terms; there is no industry standard. Before committing to an NFV software download, be sure you completely understand the fee structure. Is it a one-time purchase or a periodic subscription fee? Is technical support provided with the fee? Are updates available for future versions? Plan accordingly.
10. The best VARs add value
The large number of NFV applications available today provides greater selection and functionalities. However, when several NFVs are connected in a service chain, and a problem crops up, it may be difficult to isolate the issue. The first line of support is critical, but it may not be clear which application caused the failure, and that requires multi-vendor technical support. Many times, it’s better to choose a VAR that offers the NFV service instead of purchasing NFV software individually from the Web.
Alan Deikman, Chief Technology Officer and co-founder of ZNYX Networks, previously worked at Mylex Corp. (acquired by IBM) in several management capacities, including R&D, sales, and product marketing. Prior to Mylex, he co-founded a VAR business and published a technical book on UNIX, and has been published in trade magazines.