Modern telecom networks consist of a wide variety of proprietary hardware. However, the launch of a new generation of networks and services often demands network reconfiguration with greater flexibility and dynamism. Virtualisation allows networks to be agile, modular and capable of responding automatically to the traffic needs and services running over them. The key enabling technologies for this are software-defined networking (SDN) and network functions virtualisation (NFV). While both SDN and NFV make networking architectures more flexible and dynamic, they perform different roles in defining the architectures and infrastructure they support. SDN provides the means to dynamically control the network and the provisioning of networks-as-a-service. Meanwhile, NFV allows managing and orchestrating the virtualisation of resources for the provisioning of network functions and their composition into higher-layer network services.
A look at the key benefits and the network testing and security aspects of these technologies…
Benefits to telcos
Vendor neutrality
Legacy vendors typically offer their services on dedicated hardware that is inflexible and hinders innovation. However, with the adoption of SDN and NFV technologies, network functions can be virtualised and run on commercially available off-the-shelf hardware. This approach enables service providers to share hardware across multiple network functions, providing the advantage of software decoupling and the ability to build a flexible virtual infrastructure. By leveraging these technologies, telecom operators can mix and match vendors and functions for different features. This reduces vendor lock-in and provides the freedom to choose hardware and software solutions from different vendors, fostering a more open and competitive network ecosystem. Moreover, the flexibility of NFV technology supports the use of open source tools and software services. This approach allows operators to leverage a wide range of software solutions, including those developed by the open source community. By using open source tools and software, service providers can reduce costs and accelerate innovation while maintaining the flexibility to choose the best solution for their needs.
Centralised network processing
In traditional network architecture, intelligence and decision-making are distributed across the network. Although this eliminates failure, it increases the complexity of the network elements and leads to layers upon layers of protocols. In contrast, SDN provides centralised network management, allowing administrators to manage and configure the entire network from a single point of control. The decision-making intelligence is with the centralised controller; this significantly reduces the complexity of network elements.
Cost savings
Virtualisation offers the capability to automate provisioning which, in turn, reduces human resource requirements, resulting in lower operating expenditure. Additionally, SDN brings together multiple compute, storage and processing functions onto low-cost commodity servers to reduce capital expenditure.
Scalability and rapid deployment of network services
Scalability is a top priority for operators to meet new requirements and increase capacity. However, traditional network equipment can be difficult and expensive to upgrade. The programmable nature of SDN and NFV technologies makes it easier to design, deploy, manage and scale networks. By abstracting the control plane in SDN, adding or removing network resources and scaling the network can be done more easily and without manual configuration on each individual device. NFV also enables operators to deploy new solutions and features into production rapidly by decoupling software functionality from physical hardware. This approach eliminates the need for lengthy change requests or new appliances from legacy vendors, resulting in a faster and more agile deployment process.
Operational efficiency
NFV enables the use of machine-to-machine tools to their fullest potential. These tools automatically detect when a network function requires more memory or other resources, reducing downtime and enhancing network maintenance activities. It allows in-service software upgrades and 24×7 self-healing networks. Thus, it minimises operational losses due to network outages and provides smooth, uninterrupted customer service. SDN also enables the separation of the control plane and data plane, enabling operators to dynamically control and adapt network behaviour according to changing requirements.
Optimal utilisation of network resources
One of the major shortcomings of legacy network architectures is that applications have little to no visibility of resources available at the network layer. Hence, the resource requirements are not precise and network elements are mostly overprovisioned. In SDN architecture, the centralised controller can view the resource requirements of the applications and is able to match them against the resource availability, resulting in optimal utilisation of network resources. It allows for traffic prioritisation, quality of service enforcement, and dynamic allocation of network resources based on real-time requirements.
Lower energy consumption
A critical benefit of SDN and NFV is their ability to reduce energy consumption in network operations. For instance, NFV allows network administrators to focus the workload on fewer servers during off-peak hours so that all other servers can be switched off or put on energy-saving mode. It can considerably reduce energy usage, resulting in lower operational costs and a smaller carbon footprint.
Debate on security
SDN provides a central point of control to distribute security and policy information across the network. It enables the implementation of security policies, access control mechanisms, and traffic monitoring and analysis, enhancing the overall network security. SDN security applications are capable of acting on any anomalies by diverting specific network flows to special enforcement points or security services, such as firewalls and intrusion detection/prevention systems. It also allows operators to selectively block malicious traffic throughout the network on a granular basis.
However, a number of security risks associated with SDN/NFV deployment have been identified. The most obvious downside of SDN is that attackers have to access only a single node in the network, the SDN controller, to breach the entire network security. The SDN controller makes each device in the network more secure, but it makes the network as a whole vulnerable to a single attack against the SDN controller. Moreover, a single server may operate several different tenants’ virtual resources, or a single tenant’s virtual resource might be distributed across several servers. Multitenancy resource sharing introduces the risks of data leaks. The multivendor environment also complicates security problems. Furthermore, NFV environments are inherently complex, with multiple layers that are hard to secure with blanket security policies.
The key to achieving effective end-to-end security across virtualised and highly distributed networks is security automation. This comprises automated real-time monitoring to prevent threats, and protection systems to provide swift responses to threats and attacks. Experts suggest that such an approach to SDN/NFV security needs to consider the current standards and specifications provided by the European Telecommunications Standards Institute (ETSI) and 3rd Generation Partnership Project (3GPP) on 5G and NFV systems. The Department of Telecommunications (DoT) recently initiated an exercise to frame security standards around NFV. The National Centre for Communication Security, a unit under DoT, has started work on framing security standards that will be binding on telecom operators and equipment makers in India.
Network testing
As networks evolve towards NFV, the model of traditional monolithic network functions and single-vendor solutions will transform to virtualised architectures from multiple vendors. As such, traditional testing tools and methodology must also evolve to incorporate the broader scope of configurations. Different types of testing methodologies have been defined by the International Telecommunication Union and ETSI. Broadly, these include interoperability testing, conformance testing and performance testing. According to industry experts, all components of virtualised networks need to be separately tested. Interoperability between these components and the conformance of their interfaces to specified standards should be tested. Additionally, performance testing needs to be executed not only in the design phase to provide infrastructure and resource requirements but also post-deployment to ensure that the virtual network function delivers the expected performance.
The bottom line
NFV and SDN form the backbone of flexible and programmable networks. These solutions allow for the provision of network services from a centralised location, facilitating faster and more economical delivery of bandwidth on demand with minimal disruptions. Today, with the rapid proliferation of 5G networks, SDN and NFV deployments have finally begun to pick up pace.
Although these technologies offer opportunities for security, they also introduce additional security challenges and complexities in some cases. While several standardisation bodies such as ETSI, 3GPP, ITU and GSMA have released guidelines to address these security issues, greater involvement of the security ecosystem including vendors, operators, researchers and regulators is required to fully leverage the benefits of virtualisation.
