NFV Components Being Offered as per ETSI NFV Reference Architectural Model
The proposed solution from Versa Networks is fully aligned with the work done by ETSI’s NVF ISG. Figure 1 depicts the ETSI’s NFV reference architecture model.
Figure 1. ETSI’s NFV reference architectural framework
Figure 2 describes how the proposed Versa Solution aligns with the ETSI’s NFV framework.
Figure 2: Versa Proposed Solution and ETSI’s NFV Framework
Versa Networks proposes the following Virtualized Network Functions (VNFs) as part of the solution (Versa FlexVNF):
vCPE with NAT and L3/L4 FW functionality
vCGNAT
vFW
vADC
vCNG (vFW + vVPN)
vRoute Reflector (vRR)
vMPBGP-PE
vIPSEC VPN Gateway
vSSL VPN Gateway
Versa Solution has a single VNF Manager to manage all the VNFs being proposed. In Versa solution Versa Director acts as a VNF Manger. Versa Director covers the orchestration and lifecycle management of the proposed VNFs. Versa Director interacts with the Versa FlexVNF over NetConf (Ve-Vnfm interface).
Versa Director also interacts with the (NFV external) OSS/BSS landscape thru REST APIs (Or-vnfm), which allows NFV to be integrated into an already existing network-wide management landscape.
Finally, Versa Director interacts with Virtualized Infrastructure Managers (Cloud Managers and Virtual Network Controllers) through Cloud connectors and their exposed APIs.
Detailed Description of Each of the Products/Components Being Proposed
Versa Solution Overview
Versa FlexVNF is a highly available Services Appliance (SA) that can be deployed in various form factors including commodity hardware (i.e. x86 COTS Servers/bare metal) and a VM. Versa FlexVNF is built from ground up for both Multi-Tenancy and Extensibility to address both overload (reactive) and expected overload (predictive).
Figure 3: Versa Solution
The Versa FlexVNF is a purpose built Multi-Tenant platform delivering Software based Network Services (Virtualized Network Functions - VNFs). It has a distributed architecture providing multi-tenancy, high availability through elasticity, built in L3 routing and service chaining all supported ground up. It is configured and managed through the Versa Director over NetConf. Versa director also provides REST based interfaces for integration with existing management applications in the network. It exports a rich variety of Security, Web and Audit logs for compliance and analytics derivation for the services running in the network.
The Versa Services Appliance acts as a platform and supports a rich variety of network services that can be orchestrated on it to build and deliver flexible Virtualized Network Functions, including:
Routing Services: L3 CPE (L3 customer-premises equipment), Route Reflector, Provider Edge, Carrier Grade NAT.
Security Services: L4 Firewall, Next Generation Firewall, Intrusion Detection and Prevention (IDP/IPS), Zero Day Attack Prevention, Network Anti-Virus and URL Filtering
VPN Services: IPSEC VPN, SSL VPN
Application Delivery Controller (ADC)
The Versa Services Appliance supports the following deployment models:
Deployed in a micro mode with the Services Appliance running along with the tenant virtual machines. This deployment model is used for East-West traffic in the Datacenters.
Deployed in a macro mode with the Network Services Engine running in a centralized model (e.g. in a service complex). This deployment model is used for North-South traffic in the Datacenter.
Deployed on any x86 based server without any hypervisor as a Bare Metal deployment
The solution also supports the distribution of the service application point with L4 services running inside the hypervisor with a Distributed Services Engine (DSE) and the L7 services available at the Network Services Engine running either in micro or macro modes. This deployment model is used for East-West traffic in the Datacenter.
Versa Services Appliance
Key highlights of Versa Services Appliance
Multiple-deployment options (Bare Metal server, VM, Gray Box)
A rich set of L3-L7 virtualized network services
Distributed Services Plane
Centralized Control and Management Plane
Multi-tenancy
Policy-based Automated Service Elasticity
User, Application & Content Aware Service Chaining
Open & Programmable Framework
Single Versa OS – Multiple Services Appliances
Versa FlexVNF running in a Virtual Machine (VM) can be configured to host either a single VNF or multiple VNF as required. Versa FlexVNF can be configured as a distributed services appliance with built-in elasticity. On a distributed appliance we can configure multiple service nodes each with one or more virtual machines. Each service node can be scaled independently, so that only the service node group which is overload can be scaled on demand by adding more VMs to that service node. If any VNF is overloaded at any time, elastic expansion will take care of the overload by providing more capacity. The system identifies the overload condition and automatically scales to extend a particular VNF to accept the increased load. The system uses multiple attributes and trends to identify the increased use of critical resources and expands the pool dynamically to prepare for the surge. Therefore, Versa VNFs are fully elastic and can spawn in different servers by virtue of the Versa Services Appliance architecture. Versa VNF elasticity is fully automated through Versa Director and does not require human intervention.
Versa Services Appliance Architecture
Figure 4: Versa Services Appliance Architecture
Versa Solution comprises these elements:
Versa Services Appliance (SA): A Versa Services Appliance includes a Virtual Control and Service Node (VCSN) and a set of Virtual Services Nodes (VSN). It also called a Network Services Engine (NSE). The VCSN and VSNs that are members of a Services Appliance could be hosted on COTS servers which could physically reside on different racks or clusters. A single Services Appliance will have a single VCSN and zero or more instances of VSNs.
Virtual Control and Services Node (VCSN): Each Versa Services Appliance starts out with a single VCSN. This node hosts the control component (Provisioning, Management, Routing and others) as well as services component. VCSN performs control and management functions for a Versa Services Appliance as well as the services functions.
Virtual Services Node (VSN): Every Versa Services Appliance has zero or more VSNs. This is the virtual machine that hosts all of the Versa services and can be scaled-out or scaled-in based on real time demand. The VSNs that are members of a Versa Services Appliance could be hosted on COTS servers that could physically reside on different racks or clusters. This allows the services to be performed proximal to the workload.
Distributed Services Engine (DSE): This is an optional component that is only available in some hypervisors like KVM. A DSE is a high-performance service and offload function that resides in the hypervisor. It provides certain Layer4 services such as Stateful-Firewall and Layer4 ADC, decision-caching for these services as well as flow distribution for traffic that needs to be processed by the Network Services Engine.
Virtual Network Function (VNF): A Virtual Network Function is a Network Service virtualized in Software. A Versa Services Appliance can support one or several VNFs. Within the Versa SA elastic architecture, a VNF is supported either in a VCSN, a VSN, a set of VSNs or a collection of VCSN and VSNs.
Versa Director (VD): The VD provides orchestration, automation, auto-provisioning and analytics for the Versa Services Appliances / VNFs.
Versa Elasticity: The Versa Services Appliance has been built with elasticity as one of its founding principles. The scale-out (and scale-in) is automatically triggered whenever either the compute or I/O (customizable) thresholds are exceeded (or lowered). This results in a completely automated and zero-touch customer experience. From a business standpoint this means that the customer can provision for an average load condition versus the peak load condition which is what most customers need to over provision for today. These results in dramatically lower OPEX and CAPEX spend.