new ip agency interoperability showcase 2016...ixia virtual traffic generator nfv orchestrator...

New IP AgencyInteroperability Showcase

2016

THE

NEW IP AGENCY

A U

NITED STATE OF COM MUNIC

ATION

SNIA

2

New IP Agency Interoperability Showcase 2016

EDITOR’S NOTE

Welcome to the secondpublication of the New IPAgency (NIA) testingprogram!I am very happy (andsomewhat relieved, to behonest) that we havesuccessfully completedthe next round of NIAtesting thanks to theoutstanding support of allparticipants:

This report includes solutions by 12 vendors,having achieved six multi-vendor combinationsof orchestrated service function chains (SFCs)on a range of NFV infrastructure (NFVI)solutions. Vendors successfully interoperated tocreate advanced virtual CPE combinations withvirtualized firewalls, deep packet inspectionfilters and other add-on VNFs.Following our initial evaluation of NFVI tovirtual network function (VNF) interoperabilitysix months ago, a number of NIA’s serviceprovider members urged us to broaden thescope for this showcase. The request was tovalidate a fully functional, multi-vendor, orches-trated use case of SFCs, primarily focusing onvirtualized customer premises equipment(vCPE) and added-value services. There have been a number of proof of concept(PoC) exercises published in this area previ-ously. Taking the presumed industry experienceinto account, we opted for an advanced testplan including SDN interaction and dynamicservice chains. Having entered the fourth yearof NFV, we believed one week of hot-staging(with all vendors in one room) would be suffi-cient to get all tests completed.We were so wrong. The hot-staging turned outto be a challenging experience in terms oflogistics, IT installation,and integration for theNFVIs. It dawned on usthat we had neglectedthree important differencesbetween our interopera-bility test and previouslypublished PoCs: • NIA’s interoperability

program is the first in the industry with openparticipation: Instead of being constrainedto a vendor or open-source ecosystemwhere a lot of integration work takes placeover extended periods of time, weencouraged ad-hoc any-to-any test combina-tions. This creates more uncertainty.

• Hardware and IT installations are far frombeing straightforward yet. OpenStack is

great (without it, NFV would not be what itis today), but not a plug-and-play software.There are still many hardware options,maybe even more than with physicalnetwork functions before, causing interoper-ability issues. The installation requires ITskills for x86 servers, Linux and OpenStack.This is a different skill-set than telecomengineers have traditionally been educatedfor. In any case, we learned that bringingup a commercialized OpenStack instal-lation from scratch takes multiple days.

• Integrating multiple software components ona single NFVI is a time-consuming task. Thistime, vendors which brought their own NFVIto host their NFVO did not have an instal-lation advantage. Integrating an NFVOsoftware to run on a third-party NFVI tookan equivalent time.

Once these challenges had been overcome,onboarding of VNFs via third-party orches-trators and service chaining on arbitrary NFVIsworked well. Clearly, vendors are aligned bothby OpenStack de-facto standards andstandardized service paradigms that havebeen introduced by the ETSI NFV ISG. EANTC will follow-up to all these test areas infuture NIA interoperability testing campaigns.We have achieved a milestone — clearly thereis more work to be done to reach the vision ofan industry-wide, multi-vendor enabled NFVecosystem.

INTRODUCTION

The NIA live interoperability showcaseaddresses Service Function Chaining. It followsthe footsteps of the preceding NIA testcampaign to provide a realistic and vendor-neutral set of tests based on public standards;open-source community developments and

feedback from NIA serviceprovider members. When designing the testplan, the EANTC team tookinto account references fromETSI, IETF and ONF. The testplan got rigorously reviewedby NIA service providermembers and vendors who

signed up for the test.As a result, eight test cases focused on twoverticals: Network Service Orchestration andService Function Chaining. Additionally, thefunctional focus was on virtual CustomerPremises Equipment (CPE) deployment and itsapplicable functions.We kept in mind while developing the tests thatnot all vendor combinations would be ready to

Carsten RossenhövelManaging Director, EANTC

TABLE OF CONTENTS

Participants and Products .......................3Virtual CPE Tests....................................3Service Function Chaining (SFC) Tests ......6

3

Participants and Products

participate in every test. Therefore, the testplan was built around three complexity paths,each consisted of sequential set of test casesthat advance gradually. We collected positiveresults in five of the eight original test casesdescribed later in this report.It is no secret that network virtualization andservice orchestration are still taking shape andface many challenges in the process. Partici-pating in such an extensive test requires, morethan anything else, courage — somethingmarket leaders tend to have plenty of.

PARTICIPANTS AND PRODUCTS

Note that Nokia's CloudBand Virtualized Infra-structure Manager (VIM) software whichincludes OpenStack was installed on Dell'sNFVI hardware. The test combinationsachieved with Dell NFVI and NokiaCloudBand are marked as “Dell NFVI/NokiaCloudBand”.

Interoperability Test Results

Similar to previous reports on public interoper-ability tests by EANTC and the NIA, this whitepaper aims to document positive test resultsand successful test combinations. Failed orincomplete tests are intentionally omitted.Instead, we anonymously refer to anychallenges to help the reader sense the currentstate of the industry. Our experience shows thatparticipating vendors quickly proceed to solveinteroperability issues after our test so there isno point in punishing them for their willingnessto learn by testing. Confidentiality is also vitalto encourage manufacturers to participate withtheir latest solutions and enables a safeenvironment in which to test and to learn.

Test Equipment. All of the tests in thiscampaign were verified by generating trafficusing physical and virtual Ixia test equipment.

VIRTUAL CPE TESTS

The virtual CPE application has received a lotof attention from service providers due to itspotential operational and deployment benefits.But many challenges still lie in the interopera-bility between the vCPE and the infrastructurein which the service provider may haveinvested. vCPE interoperability was one of thefocus areas in this test campaign.The vCPE can perform a wide range of virtual-ization layer and application-layer functions.The scope of this test was limited to the interop-erability of vCPE life-cycle management withorchestration solutions and interoperability ofthe virtual network functions with the NFV infra-structure.Initially, we tested pairs of vCPEs from the samevendor on various NFVIs and with variousNFVOs, representing two interconnected sites.We examined two bandwidth provisioningmodes, static and dynamic. The following twosubsections describe each configuration.

Point-to-Point Connectivity. To demon-strate inter-site connectivity, the participatingvCPE vendors created a dedicated connectionbetween two sites. The two sites ran similarvCPE functions, or virtual appliances. Theconfiguration of the tunnel between the vCPEswas left to the participating vendors’ discretion.Understandably, a simple setup with direct IPv4connectivity was the vendors’ choice.Adva, Cisco, Dell, Juniper and Nokia providedthe NFV Infrastructures (NFVI) for this test.Adtran, Allot and Fortinet successfully instan-tiated their vCPE-flavored VNFs. The NFVOrchestrators (NFVO) were used to deploy the [continue on page 6]

Vendor Products

ADTRAN ADTRAN vCPE

ADVA Optical Networking

ADVA Icehouse OpenStackEnsemble OrchestratorEnsemble Connector

Allot Communications

Allot Service Gateway - Virtual Edition (SG-VE)

Ciena Blue Planet

Cisco Systems Cisco NFVIElastic Services Controller (ESC)

Dell Dell NFVI

Fortinet Fortigate

Ixia IxNetworkIxNetwork Virtual Edition (VE)

Juniper Networks

Contrail Cloud Platform (CCP)

NetNumber TITAN

Nokia CloudBand

UBIqube MSActivator

4


IxiaIxNetwork

IxiaIxNetwork

IxiaIxNetwork

IxiaIxNetwork

Figure 1: Virtual CPE — Point-to-Point Connectivity Test Combinations

IxiaIxNetworkVE

ADVA Ensemble Orchestrator

ADVA Icehouse OpenStack

TG IxiaIxNetworkVE

TGADTRANvCPEvCPE

ADTRAN

IxiaIxNetworkVE

TG IxiaIxNetworkVE

TG

Juniper Contrail Cloud Platform

Dell NFVI/Nokia CloudBand


Ciena Blue Planet

Cisco ESC

UBIqube MSActivator

Cisco NFVI



FortinetFortigate

FortinetFortigate

AllotSG-VE

IxiaIxNetworkVE

TG IxiaIxNetworkVE

TGADTRANvCPEvCPE

ADTRAN

ADTRANvCPEvCPE

ADTRAN

IxiaIxNetworkVE

TG IxiaIxNetworkVE

TGADTRANvCPEvCPE

ADTRAN

AllotSG-VE

Ixia Virtual Traffic Generator Virtual Network FunctionNFV Orchestrator

NFV Infrastructure

Test Traffic

TG

Physical Traffic Generator Test Combination

5

Virtual CPE Tests

IxiaIxNetwork

IxiaIxNetwork

Figure 2: SFC – Static Forwarding Graph Test Combinations

NetNumberTITAN

IxiaIxNetworkVE

IxiaIxNetworkVE

IxiaIxNetworkVE

TG IxiaIxNetworkVE

TG




Cisco NFVI





Ciena Blue Planet

Ciena Blue Planet

Cisco ESC

UBIqube MSActivator

FortinetFortigate

ADTRANvCPE

ADTRANvCPE

AllotSG-VE

ADTRANvCPE

ADTRANvCPE

TG TG

ADTRANvCPE

AllotSG-VE

ADTRANvCPE

IxiaIxNetworkVE

IxiaIxNetworkVE

TG TG

IxiaIxNetworkVE

IxiaIxNetworkVE

FortinetFortigate

ADTRANvCPE

ADTRANvCPE

TG TG

FortinetFortigate

ADTRANvCPE

ADTRANvCPE

Ixia Virtual Traffic Generator Virtual Network FunctionNFV Orchestrator

NFV Infrastructure

Test Traffic

TG

Physical Traffic Generator Test Combination

NetNumberDiameterSim

ADTRANvCPEvCPE

ADTRAN

6


vCPE instances on the NFVI platforms in mostcases. Due to limited time, Allot’s SG-VE wasdeployed using a Heat orchestration plug-in onDell NFVI/Nokia CloudBand. The configu-ration of the instances was applied boththrough Cloudinit and manually using thevCPE's management interface. This was due tothe limited support for Cloudinit on some NFVIplatforms. Figure 1 depicts the successful testcombinations.Unsuccessful vendor combinations faced twomain challenges during this test. The first wascomplexity in setting up some orchestrationtemplates, a time-consuming task that did not fitthe test schedule. The second issue was a moreserious inconsistency between two differentvirtual instances in global VIM settings require-ments. This global parameter specifies how theVIM handles file-system types. That causedthese virtual functions not to run simultaneouslyusing the same global NFVI configuration.

Static Bandwidth Provisioning. It can bedebated how the virtual infrastructure shouldhandle shared resources. Most would agreethat traditional network operations — such asbandwidth control and QoS — must functioncorrectly if virtualization is to be consideredseriously by service providers.Two vendors participated in this test success-fully with their NFVI products, Adva andJuniper. The orchestration of the vCPE wasperformed by Adva, Ciena and Ubiqube(taking turns). The vCPE function was providedby Adtran and Fortinet, respectively.We chose two bandwidth profiles (10 Mbit/sand 20 Mbit/s unidirectional) and asked thevCPE vendors to apply the configuration on thevirtual equipment. We verified the correcttraffic behavior for the first bandwidth profilethen asked the vendors to update the provi-sioned bandwidth to the second profile. Theprofile update process was performedmanually and the result was verified using thetest traffic.Multiple vendors managed to successfullydeploy this service as per Table 1:

Dynamic Bandwidth Provisioning. Service providers are on a constant lookout forinnovative and flexible services to deliver totheir subscribers. Dynamic service provi-sioning can be considered as a tool to managebandwidth plans on demand.In this test case we verify the successful provi-sioning of a dual bandwidth profile that startswith 10 Mbit/s and automatically extends to20 Mbit/s when bandwidth thresholds areexceeded.We observed a traffic throughout temporarilycapped at the 10 Mbit/s limit (for a predefinedduration of one minute) before increasing to20 Mbit/s.Adva and Juniper took part in this test with theirNFVIs. Adva, Ciena and Ubiqube provided theNFVOs and Adtran the vCPEs. Adtran implemented a scripted configurationthat maintained port usage. Once thepredefined bandwidth utilization limit hadbeen reached, the configuration on the AdtranvCPE got updated on the fly. Adtran’s teamexplained that this script can also be expandedto trigger an API call towards the managementtools (such as the NFVO).Table 2 lists the successful NFVI, NFVO andvCPE combinations.When the intended test was completed, Fortinetdemonstrated a bandwidth sharing configu-ration on the Fortigate instance where onetraffic flow can borrow unused bandwidth theother flow.

SERVICE FUNCTION CHAINING (SFC) TESTS

The concept of chaining a series of networkfunctions is a major shift from the traditionalnetworking paradigm. The dynamics of thismodel could simplify the deployment ofnetwork services at the customer premises.Many network services such as firewalls, webfilters or service testers can fit in an SFCdeployment scenario.There are plenty of studies on the pros andcons of SFC, but as service providers search forpotential deployments, interoperabilitybecomes a major concern.We focused on two SFC modes in the scope ofthis showcase: Static and Flow-based. Theresulting Forwarding Graphs (FG) differ in theway they handle and forward matched traffic.

Static Forwarding Graph. When thenetwork service is applied to all the trafficpassing through the customer equipment, staticSFC profiles can be sufficient. This configu-ration does not require the traffic path to beflow-aware.

Table 1: vCPE – Static Bandwidth Provisioning Test Combinations

NFVI NFVO vCPEADVA Icehouse OpenStack


ADTRAN vCPE



Fortinet Fortigate


Ciena Blue Planet

ADTRAN vCPE


UBIqubeMSActivator

ADTRAN vCPE

7

Acronyms

10 vendors lined up in six combinations toperform the static FG test. Adva, Cisco andJuniper provided the NFVI platforms. Adva,Ciena, Cisco and Ubiqube provided theNFVOs. The different test configurations wereused to create a composite network servicemade out of two back-to-back Adtran vCPEschained to the VNFs provided by Allot,Fortinet, Ixia and NetNumber. Figure 2 onPage 5 illustrates the different product combi-nations that successfully took part.

The VNFs were instantiated by the serviceorchestrators. The configuration was appliedmanually or using a shell script as part of theorchestration process.Test traffic was used to verify the state of theForwarding Graphs. The variance in the natureof VNFs required adaptations to the test verifi-cation process accordingly. In some cases, thisinvolved introducing different types of testtraffic through the two vCPEs and the chainedVNFs. An example is Diameter traffic forNetNumber’s signaling platform, TITAN.From a service testing perspective, we opted touse a combination of physical and virtualtesters by Ixia. This demonstrates how testingcan also become an integral part of the overallservice orchestration process.

Flow-based Forwarding Graph. Virtualenvironments can draw big benefits fromnatively embedding complex SDN propertiesinto their architecture. Of course, this alsorequires the introduction of multi-site and cross-platform SDN capabilities, but we would like to

overlook this challenge for now — largelybecause participating vendors had enough ontheir plates for a single test campaign. We focused on testing the capability of theNFVI’s switching fabric to carry UDP and TCPtraffic over two different service chains.Ciena’s Blue Planet orchestrator instantiated aservice consisting of four VNFs on Juniper’sCCP: Two Adtran vCPE instances, one FortinetFortigate and one Ixia IxNetworkVE instance.Ciena then created the two service chains. Thefirst connected the Adtran vCPEs to theFortigate instance, then on to the IxNetworkVEtester. UDP traffic traversed through thisForwarding Graph.The second chain connected the Adtran vCPEinstances directly to the IxNetworkVEs. TCPtraffic traversed this Forwarding Graph.Figure 3 depicts the successful vendor combi-nations and the traffic flows.Lastly, it is worth mentioning again that othervendor combinations which did not make it tothe tables or diagrams did not necessarily fail.Resources and logistics factors created a majorchallenge for many of the participatingvendors.

ACRONYMS

CPE Customer Premises EquipmentFG Forwarding GraphNFV Network Function VirtualizationNFVI NFV InfrastructureNFVO NFV OrchestratorNIA New IP AgencyONF Open Networking FoundationSDN Software Defined NetworkingSFC Service Function ChainingTCP Transmission Control ProtocolUDP User Datagram ProtocolvCPE Virtual CPEVNF Virtualized Network FunctionWAN Wide Area Network

Table 2: vCPE – Dynamic Bandwidth Provisioning Test Combinations

NFVI NFVO vCPEADVA Icehouse OpenStack


ADTRAN vCPE


Ciena Blue Planet

ADTRAN vCPE


UBIqubeMSActivator

ADTRAN vCPE

IxiaIxNetworkVE

IxiaIxNetworkVE

TG TG

Figure 3: SFC– Flow-based Forwarding Graph Test Combinations

Ixia Virtual Traffic Generator

Virtual Network FunctionNFV Orchestrator

NFV InfrastructureTG

Test Combination

Test Traffic


Ciena Blue Planet

FortinetFortigate

ADTRANvCPE

ADTRANvCPE

Test Traffic

8


EANTC AGEuropean Advanced Networking Test Center

New IP Agency

Salzufer 1410587 Berlin, GermanyTel: +49 30 3180595-0Fax: +49 30 [email protected]://www.eantc.com

PO Box 1953 New York, NY 10156, USATel: +1 301 502 9141

[email protected]://www.newipagency.com

This report is copyright © 2016 EANTC AG and New IP Agency. While every reasonable effort hasbeen made to ensure accuracy and completeness of this publication, the authors assume no responsibilityfor the use of any information contained herein.All brand names and logos mentioned here are registered trademarks of their respective companies inthe United States and other countries.20160520 v5.1

new ip agency interoperability showcase 2016...ixia virtual traffic generator nfv orchestrator...

Documents