Lecture 9, NVF

Introduction

Network

A network function (NF) is a functional block within a network infrastructure that has well-defined external interfaces and well-defined functional behaviour

It is an abstract concept, not necessarily about particular software or hardware
Can be any functional block, e.g.:
Firewall
Switch Policies
Physical device
Load balancer

Network

Network Function Virtualisation decouples network functions from propietary hardware and middle-boxes by running them as virtualised software instances on standard servers

Run virtual X instead of physical X
Virtual switch
Virtual router
Virtual firewall
...

"A software implementation of a network function that can be deployed on virtualised infrastructure"

Achieves the following:
Scalability
Programmability (of the whole network, more so than e.g. routing config from SDN)
Reduces cost/increases efficiency
Increased reliability
Increased security
Enables open ecosystems (run on general purpose hardware)

Service Function Chaining (SFC)

A Network Service (NS) is a composition of Network Functions and connectivity services, defined by its functional and behavioural specification

An NS consists of one or more VNFs or Physical Network Functions, interconnected via Virtual Links to provide end-to-end networking capabilities

Chaining implies there is a set order of VNFs that traffic flows through
E.g. Firewall -> DPI -> NAT -> Traffic Optimizer

Network service
Abstract concept
Set of NFs
Order does not matter
In chaining, the order DOES matter

What does SFC provide?
Efficient traffic steering
Optimised resource utilisation
Multi-cloud integration
Network agility & automation
Reduced operational costs

Network Slicing

Enables the co-existence of multiple mutually isolated end-to-end logical (virtual) networks composed by a number of customisable software-defined functions, tailored to a given application or service

Often described as isolated virtual networks on top of existing physical infrastructure
Pasted image 20260303104359.png

Key Components

Network Function Virtualisation Infrastructure (NFVI): provides the physical and virtual resources for Virtual Network Functions (VNFs)
Virtual Network Functions (VNF): software-based network functions running on NFVI
NFV MANO (management and orchestration): manages and orchestrates VNFs and NFVI resources

NFVI

Physical resources
Servers
Storage
Networking
Provides the virtualisation layer for VNFs

VNF

Software based network functions
E.g.
Virtual firewalls
Virtual load-balancers
...
Running on top of NFVI as VMs or containers
Flexible: can be deployed and scaled rapidly
Reduces redundancy on proprietary hardware

NFV MANO

The "Brain" of the NFV

Includes 3 functional blocks:

  1. NFV Orchestrator: Coordinates and manages resources across the NFVI
  2. VNF Manager: Oversees the VNF lifecycle (instantiation, scaling, termination)
  3. Virtual Infrastructure Manager (VIM): Manages the underlying resources
    Ensures automated, policy-driven orchestration and optimal use of resources
    Pasted image 20260303105042.png|400

Service Orchestration

Network Service Orchestration is the process of automating the deployment, management and lifecycle of Network Services (NS) in an NFV environment.

It coordinates the instantiation, scaling, healing and termination of VNFs and their connectivity to ensure the proper functioning of the end-to-end services

  1. Automatically deploy VNFs
  2. Abstract underlying infra
  3. Lifecycle Management (LCM)
  4. Service Function Chaining (ensure correct order and connectivity between parts)
  5. Multi-Domain and Multi-Vendor interoperability

Building a Service Function Chain

  1. Define requirements
  2. Create VNF descriptors (or use pre-made ones)
  3. Create Network Service Descriptors
  4. Deploy the Service Chain
  5. Validate Traffic Flow
  6. Automate and Optimise

VNF Descriptor Example

vnfd:vnfd-catalog: 
	vnfd: 
		- id: firewall_vnf
		  name: FirewallVNF 
		  short-name: fw-vnf 
		  description: "Firewall Virtual Network Function" 
		  mgmt-interface: 
			  cp: mgmt 
		  connection-point: 
			- name: mgmt 
			    type: VPORT 
			- name: data 
			  type: VPORT

Network Service Descriptor Example:

nsd:nsd-catalog: 
	nsd: 
		- id: sfc_nsd 
		  name: SimpleSFC 
		  short-name: sfc 
		  description: "SFC Firewall+NAT" 
		  constituent-vnfd: 
			  - vnfd-id-ref: firewall_vnf 
			    member-vnf-index: "1" 
			  - vnfd-id-ref: nat_vnf 
			    member-vnf-index: “2"
		  vld: 
			  - id: data_network 
			    name: data_network 
			    type: ELAN 
			    vnfd-connection-point-ref: 
				    - vnfd-id-ref: firewall_vnf 
				      member-vnf-index-ref: "1" 
				      vnfd-connection-point-ref: data 
					- vnfd-id-ref: nat_vnf 
					  member-vnf-index-ref: "2" 
					  vnfd-connection-point-ref: data

Real-World Challenges

Interoperability
Different vendors, different protocols: proprietary hell
Performance
VNFs can introduce latency, especially VMs
Security
Ensuring secure communication between VNFs
Scalability
Handling large-scale complex deployments with millions of users