Kenton Williston, Intel
As network function virtualization (NFV) continues to advance, many telecom equipment manufacturers (TEMs) once again think of the role of deep packet inspection (DPI). On the one hand, NFV brings new opportunities for DPI performance and profit optimization; on the other hand, the complexity of NFV makes it difficult to achieve these advantages.
In this article, I will introduce some of the challenges of deploying DPI in an NFV environment. It also introduces a reference architecture using the Intel Internet of Things Solutions Alliance NFV solution. I will explain how this architecture overcomes key design challenges to achieve the benefits of NFV.
What makes virtualization DPI different?
As I stated in my previous article, NFV has the potential to improve network flexibility and cost structure, enabling operators to quickly and efficiently innovate. But the transition from dedicated hardware to virtual applications requires special attention to availability, performance, and scalability.
The breadth and complexity of these challenges have allowed TEM to seek third-party software to address its virtual design. Heavy Reading recently launched a detailed investigation of the virtual DPI. The results are as follows:
About 90% of the participating investigators said that ETSI NFV will affect the design of next-generation products; more than 50% believe that the availability of standardized virtual network functional components (VNFC) may allow them to seek more third-party components, including this article. Recommended ETSI DPI VNFC.
Two-thirds of suppliers believe that DPI is now a necessary technology.
The number of suppliers who choose to purchase DPIs from third parties continues to grow, and most of them do so because: They prefer to deal with professional suppliers of DPI components.
In response to this trend, IoT Alliance members Wind River, Tieto, and Qosmos recently teamed up with Intel to build a NFV DPI reference architecture. The design shows how to solve common problems related to vDPT. The team wrote a detailed white paper describing its work. I only quote a few points here; I suggest you read this white paper for more information. If you are in contact with this topic for the first time, you can visit Qosmos/Intel NFV backgrounder for details.
Figure 1: This reference structure shows how to implement virtualized DPI.
Carrier-grade availability
Usability is the basis of any telecom solution. Therefore, this reference architecture uses high-reliability components such as telecom-class Wind River* Linux*. These carrier-grade components are also equipped with high-availability design techniques such as redundant virtual machines (VMs) with failover.
Of course, reliability and redundancy are not new concepts in telecommunication design. What people talk about less is the impact of performance on availability. Virtualization design must address issues such as context switching that affect usability. Therefore, the NFV design must maximize performance to achieve sufficient throughput and ensure availability.
Optimize performance
This reference design uses a variety of design techniques to solve performance problems. This is first reflected in the hardware level. The design uses virtualization-optimized hardware such as Intel Xeon® processors, Ethernet controllers, and Ethernet switches. Switches are optimized for virtual networks. The key to this optimization is to minimize the burden on the management process. Context exchanges are computationally expensive and can create annoying time variations. Intel hardware has been equipped with various virtualization accelerators to offload hypervisor tasks and significantly improve performance and decision making.
This reference design is based not only on the above hardware, but also uses the Data Plane Development Kit (DPDK) to accelerate the packet processing speed of various applications and virtual switches. The DPDK uses data direct input and output (DDIO) capabilities on Intel Xeon® processors to directly provide packets to the CPU cache processing, avoiding memory read operation time. I haven't seen performance specifications for this reference architecture yet, but similar designs can achieve 200 Gbps with Open vSwitch, which is a staggering number.
The software stack was moved up and the Tieto IP (TIP) stack was also optimized for the virtual environment. For example, the TIP stack can implement single root I/O virtualization (SR-IOV), providing separate memory, interrupts, and DMA streams for individual virtual machines, without the need for hypervisors to participate in data transfers, and all through Intel Ethernet controllers direct interview.
Let's narrow down the scope. How the system minimizes virtual machines through virtual machines is a bigger problem for virtual machine communication. The importance of DPI in NFV can be seen on this issue. Deploying DPI before entering traffic can mark traffic, transport protocols, and application IDs to other nodes (Figure 2). After pre-determining the data to process, this method eliminates the need to transfer traffic between virtual machines. In addition, this method can make nodes such as traffic detection functions (TDF) stateless, simplifying the design.
Figure 2: DPI can be used to tag incoming traffic This reference architecture implements this traffic classification using Qosmos DPI VNFC.
Based on the universal Qosmos ixEngine*, the VNFC enables more functions including quality of service (OoS) management, traffic shaping, throttling and stroking. DPI VNFC not only supports high availability and performance, but also has scalability. We will talk about this in the last section.
Flexibility and scalability
One of the main selling points of NFV is the ability to rapidly expand and adapt to new demands. DPI is the key to it. The information acquired by DPI VNFC can be transmitted to the coordination/analysis system, which in turn allows the virtual machine to scale up and down as needed. Of course, this requires the DPI engine itself to be scalable. In particular, new VNFC instances can be added without dropping or interrupting existing DPI instances.
One way this reference structure solves these problems is to isolate the DPI and Packet Data Network Gateway (PDN-GW). This approach simplifies the scale and capacity of DPI and has no impact on PDN-GW.
It is also worth noting that each DPI virtual machine can be independently configured to meet specific needs. For example, a specific DPI instance can be configured to classify 100 selected applications at 40 Gbps using a specific delay window. To support this configuration, the coordinator provides the appropriate number of CPU cores and memory. Virtual machines with different requirements can receive more or less resources.
DPI increases NFV
Performance In summary, this reference structure mainly illustrates the following three points:
â— DPI can significantly improve the advantages of NFV.
â— Use third-party software to alleviate the difficulty of deploying DPI in an NFV environment.
â— The cooperation between third-party NFV software vendors is critical to solving NFV complexity.
Lift Elevator,Mrl Passenger Lift,Goods Passenger Lifts,Vvvf Drive Passenger Elevator
XI'AN TYPICAL ELEVATOR CO., LTD , https://www.chinaxiantypical.com