new ip agency interoperability showcase 2016...ixia virtual traffic generator nfv orchestrator...
TRANSCRIPT
New IP AgencyInteroperability Showcase
2016
THE
NEW IP AGENCY
A U
NITED STATE OF COM MUNIC
ATION
SNIA
2
New IP Agency Interoperability Showcase 2016
EDITOR’S NOTE
Welcome to the secondpublication of the New IPAgency (NIA) testingprogram!I am very happy (andsomewhat relieved, to behonest) that we havesuccessfully completedthe next round of NIAtesting thanks to theoutstanding support of allparticipants:
This report includes solutions by 12 vendors,having achieved six multi-vendor combinationsof orchestrated service function chains (SFCs)on a range of NFV infrastructure (NFVI)solutions. Vendors successfully interoperated tocreate advanced virtual CPE combinations withvirtualized firewalls, deep packet inspectionfilters and other add-on VNFs.Following our initial evaluation of NFVI tovirtual network function (VNF) interoperabilitysix months ago, a number of NIA’s serviceprovider members urged us to broaden thescope for this showcase. The request was tovalidate a fully functional, multi-vendor, orches-trated use case of SFCs, primarily focusing onvirtualized customer premises equipment(vCPE) and added-value services. There have been a number of proof of concept(PoC) exercises published in this area previ-ously. Taking the presumed industry experienceinto account, we opted for an advanced testplan including SDN interaction and dynamicservice chains. Having entered the fourth yearof NFV, we believed one week of hot-staging(with all vendors in one room) would be suffi-cient to get all tests completed.We were so wrong. The hot-staging turned outto be a challenging experience in terms oflogistics, IT installation,and integration for theNFVIs. It dawned on usthat we had neglectedthree important differencesbetween our interopera-bility test and previouslypublished PoCs: • NIA’s interoperability
program is the first in the industry with openparticipation: Instead of being constrainedto a vendor or open-source ecosystemwhere a lot of integration work takes placeover extended periods of time, weencouraged ad-hoc any-to-any test combina-tions. This creates more uncertainty.
• Hardware and IT installations are far frombeing straightforward yet. OpenStack is
great (without it, NFV would not be what itis today), but not a plug-and-play software.There are still many hardware options,maybe even more than with physicalnetwork functions before, causing interoper-ability issues. The installation requires ITskills for x86 servers, Linux and OpenStack.This is a different skill-set than telecomengineers have traditionally been educatedfor. In any case, we learned that bringingup a commercialized OpenStack instal-lation from scratch takes multiple days.
• Integrating multiple software components ona single NFVI is a time-consuming task. Thistime, vendors which brought their own NFVIto host their NFVO did not have an instal-lation advantage. Integrating an NFVOsoftware to run on a third-party NFVI tookan equivalent time.
Once these challenges had been overcome,onboarding of VNFs via third-party orches-trators and service chaining on arbitrary NFVIsworked well. Clearly, vendors are aligned bothby OpenStack de-facto standards andstandardized service paradigms that havebeen introduced by the ETSI NFV ISG. EANTC will follow-up to all these test areas infuture NIA interoperability testing campaigns.We have achieved a milestone — clearly thereis more work to be done to reach the vision ofan industry-wide, multi-vendor enabled NFVecosystem.
INTRODUCTION
The NIA live interoperability showcaseaddresses Service Function Chaining. It followsthe footsteps of the preceding NIA testcampaign to provide a realistic and vendor-neutral set of tests based on public standards;open-source community developments and
feedback from NIA serviceprovider members. When designing the testplan, the EANTC team tookinto account references fromETSI, IETF and ONF. The testplan got rigorously reviewedby NIA service providermembers and vendors who
signed up for the test.As a result, eight test cases focused on twoverticals: Network Service Orchestration andService Function Chaining. Additionally, thefunctional focus was on virtual CustomerPremises Equipment (CPE) deployment and itsapplicable functions.We kept in mind while developing the tests thatnot all vendor combinations would be ready to
Carsten RossenhövelManaging Director, EANTC
TABLE OF CONTENTS
Participants and Products .......................3Virtual CPE Tests....................................3Service Function Chaining (SFC) Tests ......6
3
Participants and Products
participate in every test. Therefore, the testplan was built around three complexity paths,each consisted of sequential set of test casesthat advance gradually. We collected positiveresults in five of the eight original test casesdescribed later in this report.It is no secret that network virtualization andservice orchestration are still taking shape andface many challenges in the process. Partici-pating in such an extensive test requires, morethan anything else, courage — somethingmarket leaders tend to have plenty of.
PARTICIPANTS AND PRODUCTS
Note that Nokia's CloudBand Virtualized Infra-structure Manager (VIM) software whichincludes OpenStack was installed on Dell'sNFVI hardware. The test combinationsachieved with Dell NFVI and NokiaCloudBand are marked as “Dell NFVI/NokiaCloudBand”.
Interoperability Test Results
Similar to previous reports on public interoper-ability tests by EANTC and the NIA, this whitepaper aims to document positive test resultsand successful test combinations. Failed orincomplete tests are intentionally omitted.Instead, we anonymously refer to anychallenges to help the reader sense the currentstate of the industry. Our experience shows thatparticipating vendors quickly proceed to solveinteroperability issues after our test so there isno point in punishing them for their willingnessto learn by testing. Confidentiality is also vitalto encourage manufacturers to participate withtheir latest solutions and enables a safeenvironment in which to test and to learn.
Test Equipment. All of the tests in thiscampaign were verified by generating trafficusing physical and virtual Ixia test equipment.
VIRTUAL CPE TESTS
The virtual CPE application has received a lotof attention from service providers due to itspotential operational and deployment benefits.But many challenges still lie in the interopera-bility between the vCPE and the infrastructurein which the service provider may haveinvested. vCPE interoperability was one of thefocus areas in this test campaign.The vCPE can perform a wide range of virtual-ization layer and application-layer functions.The scope of this test was limited to the interop-erability of vCPE life-cycle management withorchestration solutions and interoperability ofthe virtual network functions with the NFV infra-structure.Initially, we tested pairs of vCPEs from the samevendor on various NFVIs and with variousNFVOs, representing two interconnected sites.We examined two bandwidth provisioningmodes, static and dynamic. The following twosubsections describe each configuration.
Point-to-Point Connectivity. To demon-strate inter-site connectivity, the participatingvCPE vendors created a dedicated connectionbetween two sites. The two sites ran similarvCPE functions, or virtual appliances. Theconfiguration of the tunnel between the vCPEswas left to the participating vendors’ discretion.Understandably, a simple setup with direct IPv4connectivity was the vendors’ choice.Adva, Cisco, Dell, Juniper and Nokia providedthe NFV Infrastructures (NFVI) for this test.Adtran, Allot and Fortinet successfully instan-tiated their vCPE-flavored VNFs. The NFVOrchestrators (NFVO) were used to deploy the [continue on page 6]
Vendor Products
ADTRAN ADTRAN vCPE
ADVA Optical Networking
ADVA Icehouse OpenStackEnsemble OrchestratorEnsemble Connector
Allot Communications
Allot Service Gateway - Virtual Edition (SG-VE)
Ciena Blue Planet
Cisco Systems Cisco NFVIElastic Services Controller (ESC)
Dell Dell NFVI
Fortinet Fortigate
Ixia IxNetworkIxNetwork Virtual Edition (VE)
Juniper Networks
Contrail Cloud Platform (CCP)
NetNumber TITAN
Nokia CloudBand
UBIqube MSActivator
4
New IP Agency Interoperability Showcase 2016
IxiaIxNetwork
IxiaIxNetwork
IxiaIxNetwork
IxiaIxNetwork
Figure 1: Virtual CPE — Point-to-Point Connectivity Test Combinations
IxiaIxNetworkVE
ADVA Ensemble Orchestrator
ADVA Icehouse OpenStack
TG IxiaIxNetworkVE
TGADTRANvCPEvCPE
ADTRAN
IxiaIxNetworkVE
TG IxiaIxNetworkVE
TG
Juniper Contrail Cloud Platform
Dell NFVI/Nokia CloudBand
Juniper Contrail Cloud Platform
Ciena Blue Planet
Cisco ESC
UBIqube MSActivator
Cisco NFVI
ADVA Ensemble Orchestrator
ADVA Icehouse OpenStack
FortinetFortigate
FortinetFortigate
AllotSG-VE
IxiaIxNetworkVE
TG IxiaIxNetworkVE
TGADTRANvCPEvCPE
ADTRAN
ADTRANvCPEvCPE
ADTRAN
IxiaIxNetworkVE
TG IxiaIxNetworkVE
TGADTRANvCPEvCPE
ADTRAN
AllotSG-VE
Ixia Virtual Traffic Generator Virtual Network FunctionNFV Orchestrator
NFV Infrastructure
Test Traffic
TG
Physical Traffic Generator Test Combination
5
Virtual CPE Tests
IxiaIxNetwork
IxiaIxNetwork
Figure 2: SFC – Static Forwarding Graph Test Combinations
NetNumberTITAN
IxiaIxNetworkVE
IxiaIxNetworkVE
IxiaIxNetworkVE
TG IxiaIxNetworkVE
TG
Juniper Contrail Cloud Platform
Juniper Contrail Cloud Platform
ADVA Icehouse OpenStack
Cisco NFVI
ADVA Ensemble Orchestrator
ADVA Ensemble Orchestrator
ADVA Icehouse OpenStack
Juniper Contrail Cloud Platform
Ciena Blue Planet
Ciena Blue Planet
Cisco ESC
UBIqube MSActivator
FortinetFortigate
ADTRANvCPE
ADTRANvCPE
AllotSG-VE
ADTRANvCPE
ADTRANvCPE
TG TG
ADTRANvCPE
AllotSG-VE
ADTRANvCPE
IxiaIxNetworkVE
IxiaIxNetworkVE
TG TG
IxiaIxNetworkVE
IxiaIxNetworkVE
FortinetFortigate
ADTRANvCPE
ADTRANvCPE
TG TG
FortinetFortigate
ADTRANvCPE
ADTRANvCPE
Ixia Virtual Traffic Generator Virtual Network FunctionNFV Orchestrator
NFV Infrastructure
Test Traffic
TG
Physical Traffic Generator Test Combination
NetNumberDiameterSim
ADTRANvCPEvCPE
ADTRAN
6
New IP Agency Interoperability Showcase 2016
vCPE instances on the NFVI platforms in mostcases. Due to limited time, Allot’s SG-VE wasdeployed using a Heat orchestration plug-in onDell NFVI/Nokia CloudBand. The configu-ration of the instances was applied boththrough Cloudinit and manually using thevCPE's management interface. This was due tothe limited support for Cloudinit on some NFVIplatforms. Figure 1 depicts the successful testcombinations.Unsuccessful vendor combinations faced twomain challenges during this test. The first wascomplexity in setting up some orchestrationtemplates, a time-consuming task that did not fitthe test schedule. The second issue was a moreserious inconsistency between two differentvirtual instances in global VIM settings require-ments. This global parameter specifies how theVIM handles file-system types. That causedthese virtual functions not to run simultaneouslyusing the same global NFVI configuration.
Static Bandwidth Provisioning. It can bedebated how the virtual infrastructure shouldhandle shared resources. Most would agreethat traditional network operations — such asbandwidth control and QoS — must functioncorrectly if virtualization is to be consideredseriously by service providers.Two vendors participated in this test success-fully with their NFVI products, Adva andJuniper. The orchestration of the vCPE wasperformed by Adva, Ciena and Ubiqube(taking turns). The vCPE function was providedby Adtran and Fortinet, respectively.We chose two bandwidth profiles (10 Mbit/sand 20 Mbit/s unidirectional) and asked thevCPE vendors to apply the configuration on thevirtual equipment. We verified the correcttraffic behavior for the first bandwidth profilethen asked the vendors to update the provi-sioned bandwidth to the second profile. Theprofile update process was performedmanually and the result was verified using thetest traffic.Multiple vendors managed to successfullydeploy this service as per Table 1:
Dynamic Bandwidth Provisioning. Service providers are on a constant lookout forinnovative and flexible services to deliver totheir subscribers. Dynamic service provi-sioning can be considered as a tool to managebandwidth plans on demand.In this test case we verify the successful provi-sioning of a dual bandwidth profile that startswith 10 Mbit/s and automatically extends to20 Mbit/s when bandwidth thresholds areexceeded.We observed a traffic throughout temporarilycapped at the 10 Mbit/s limit (for a predefinedduration of one minute) before increasing to20 Mbit/s.Adva and Juniper took part in this test with theirNFVIs. Adva, Ciena and Ubiqube provided theNFVOs and Adtran the vCPEs. Adtran implemented a scripted configurationthat maintained port usage. Once thepredefined bandwidth utilization limit hadbeen reached, the configuration on the AdtranvCPE got updated on the fly. Adtran’s teamexplained that this script can also be expandedto trigger an API call towards the managementtools (such as the NFVO).Table 2 lists the successful NFVI, NFVO andvCPE combinations.When the intended test was completed, Fortinetdemonstrated a bandwidth sharing configu-ration on the Fortigate instance where onetraffic flow can borrow unused bandwidth theother flow.
SERVICE FUNCTION CHAINING (SFC) TESTS
The concept of chaining a series of networkfunctions is a major shift from the traditionalnetworking paradigm. The dynamics of thismodel could simplify the deployment ofnetwork services at the customer premises.Many network services such as firewalls, webfilters or service testers can fit in an SFCdeployment scenario.There are plenty of studies on the pros andcons of SFC, but as service providers search forpotential deployments, interoperabilitybecomes a major concern.We focused on two SFC modes in the scope ofthis showcase: Static and Flow-based. Theresulting Forwarding Graphs (FG) differ in theway they handle and forward matched traffic.
Static Forwarding Graph. When thenetwork service is applied to all the trafficpassing through the customer equipment, staticSFC profiles can be sufficient. This configu-ration does not require the traffic path to beflow-aware.
Table 1: vCPE – Static Bandwidth Provisioning Test Combinations
NFVI NFVO vCPEADVA Icehouse OpenStack
ADVA Ensemble Orchestrator
ADTRAN vCPE
ADVA Icehouse OpenStack
ADVA Ensemble Orchestrator
Fortinet Fortigate
Juniper Contrail Cloud Platform
Ciena Blue Planet
ADTRAN vCPE
Juniper Contrail Cloud Platform
UBIqubeMSActivator
ADTRAN vCPE
7
Acronyms
10 vendors lined up in six combinations toperform the static FG test. Adva, Cisco andJuniper provided the NFVI platforms. Adva,Ciena, Cisco and Ubiqube provided theNFVOs. The different test configurations wereused to create a composite network servicemade out of two back-to-back Adtran vCPEschained to the VNFs provided by Allot,Fortinet, Ixia and NetNumber. Figure 2 onPage 5 illustrates the different product combi-nations that successfully took part.
The VNFs were instantiated by the serviceorchestrators. The configuration was appliedmanually or using a shell script as part of theorchestration process.Test traffic was used to verify the state of theForwarding Graphs. The variance in the natureof VNFs required adaptations to the test verifi-cation process accordingly. In some cases, thisinvolved introducing different types of testtraffic through the two vCPEs and the chainedVNFs. An example is Diameter traffic forNetNumber’s signaling platform, TITAN.From a service testing perspective, we opted touse a combination of physical and virtualtesters by Ixia. This demonstrates how testingcan also become an integral part of the overallservice orchestration process.
Flow-based Forwarding Graph. Virtualenvironments can draw big benefits fromnatively embedding complex SDN propertiesinto their architecture. Of course, this alsorequires the introduction of multi-site and cross-platform SDN capabilities, but we would like to
overlook this challenge for now — largelybecause participating vendors had enough ontheir plates for a single test campaign. We focused on testing the capability of theNFVI’s switching fabric to carry UDP and TCPtraffic over two different service chains.Ciena’s Blue Planet orchestrator instantiated aservice consisting of four VNFs on Juniper’sCCP: Two Adtran vCPE instances, one FortinetFortigate and one Ixia IxNetworkVE instance.Ciena then created the two service chains. Thefirst connected the Adtran vCPEs to theFortigate instance, then on to the IxNetworkVEtester. UDP traffic traversed through thisForwarding Graph.The second chain connected the Adtran vCPEinstances directly to the IxNetworkVEs. TCPtraffic traversed this Forwarding Graph.Figure 3 depicts the successful vendor combi-nations and the traffic flows.Lastly, it is worth mentioning again that othervendor combinations which did not make it tothe tables or diagrams did not necessarily fail.Resources and logistics factors created a majorchallenge for many of the participatingvendors.
ACRONYMS
CPE Customer Premises EquipmentFG Forwarding GraphNFV Network Function VirtualizationNFVI NFV InfrastructureNFVO NFV OrchestratorNIA New IP AgencyONF Open Networking FoundationSDN Software Defined NetworkingSFC Service Function ChainingTCP Transmission Control ProtocolUDP User Datagram ProtocolvCPE Virtual CPEVNF Virtualized Network FunctionWAN Wide Area Network
Table 2: vCPE – Dynamic Bandwidth Provisioning Test Combinations
NFVI NFVO vCPEADVA Icehouse OpenStack
ADVA Ensemble Orchestrator
ADTRAN vCPE
Juniper Contrail Cloud Platform
Ciena Blue Planet
ADTRAN vCPE
Juniper Contrail Cloud Platform
UBIqubeMSActivator
ADTRAN vCPE
IxiaIxNetworkVE
IxiaIxNetworkVE
TG TG
Figure 3: SFC– Flow-based Forwarding Graph Test Combinations
Ixia Virtual Traffic Generator
Virtual Network FunctionNFV Orchestrator
NFV InfrastructureTG
Test Combination
Test Traffic
Juniper Contrail Cloud Platform
Ciena Blue Planet
FortinetFortigate
ADTRANvCPE
ADTRANvCPE
Test Traffic
8
New IP Agency Interoperability Showcase 2016
EANTC AGEuropean Advanced Networking Test Center
New IP Agency
Salzufer 1410587 Berlin, GermanyTel: +49 30 3180595-0Fax: +49 30 [email protected]://www.eantc.com
PO Box 1953 New York, NY 10156, USATel: +1 301 502 9141
[email protected]://www.newipagency.com
This report is copyright © 2016 EANTC AG and New IP Agency. While every reasonable effort hasbeen made to ensure accuracy and completeness of this publication, the authors assume no responsibilityfor the use of any information contained herein.All brand names and logos mentioned here are registered trademarks of their respective companies inthe United States and other countries.20160520 v5.1