Is NFV ready for containers?

Network Functions Virtualization (NFV) is in full swing at telcos and large enterprises. The idea is simple: to virtualize network capabilities previously run on appliances or dedicated devices on to general-purpose server hardware. The economies of scale using general purpose compute infrastructure seem to, at least in principle, far outweigh the deployment on appliances or dedicated proprietary devices.

Most of the NFV deployment conversation to date has been network functions running in a virtual machine such as a Virtual Network Function (VNF) on a Kernel-based virtual machine (KVM) or ESXi, and to a lesser degree on the Hyper-V virtualization layers. Virtual machines (VMs) provide complete isolation from host operating systems, but not without the performance penalty associated with virtualization. Although newer techniques such as Data Plane Development Kit (DPDK) and Single Root Input/Output Virtualization (SR-IOV) allow some offload from the host kernel, there is still a limit to the number of VMs that can be supported with decent packet throughput performance for an Enterprise Mix (EMIX or IMIX) of packet sizes on a server.

The question then is can these network functions be containerized to fit a micro-services model? Will containerization of the same network functions be better or worse than their VM performance? Will those network functions scale better in the containerization model? The questions are many.

Briefly, let’s recap what containerization is. Containerization is a lightweight mechanism for isolating running processes so that they are limited to interacting with only their designated resources. Containers have existed in Linux for some time but recently become popular because of the open-source project Docker. Typically each container provides a single service. For example, in the NFV context this can be thought of as a Dynamic Host Configuration protocol (DHCP) server or a Network Address Translation (NAT) function running in a container – you can have many NAT containers – one per customer/tenant that provides NAT capability to devices inside the Virtual Private Network (VPN).

Some proof-of-concepts done in the industry to date demonstrate that it is definitely advantageous to containerize network functions and run them as Linux Containers (LXC), Docker or Rocket (another Linux container) rather than VMs. However, initial results are far from promising when it comes to scale. One provider, for example, was looking to deploy more than 1000 virtual Customer Premises Equipment (vCPE) containers per server but in testing could barely touch 100.

I believe some network functions lend themselves better to containerization while others work better with virtual machines. When it comes to containers, we have just begun the journey, while the VM journey began at least two years ago. There is a huge amount of interest in containerization for specific network functions such as vCPE, NAT, Personal Firewall, Application Firewall, IP Address Management (IPAM) and even control plane functions such as Call Session Control Function (CSCF) for IP Multi-Media Subsystem (IMS)/Voice over LTE (VoLTE). Some of this is work in progress, and it is likely that more and more vendors will begin to containerize first and then tune the performance of containers to achieve better results.

Red Hat has supported Linux containers since Red Hat Enterprise Linux 6.0, almost six years. OpenShift, Red Hat’s Platform as a Service (PaaS), is the default container management engine.  Most recently with OpenShift 3.0, Red Hat has added support for Docker containers. Red Hat is also working with some large service providers to trial and run proof-of-concept (POC) containerized NFV use cases such as IMS VoLTE and vCPE.

As this evolves I hope to keep readers posted on the progress of NFV and containers and perhaps provide a detailed article on VNF performance on containers in the future.

For now containerization is an interesting concept for NFV. It is still in experimental stages. Over the next 12 months there will be more POCs and trials that will provide valuable feedback to improve the performance of NFV containers. It is not the containerization of network functions itself that is holding back the micro-services wave in NFV but the performance and scale of containers. As the performance and scale improves, there will be wider adoption of VNF containers.

In the meantime you can learn a lot about containers, NFV and VM performance by attending Red Hat Summit 2016 in San Francisco this week.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.