NFV is Out of Sync with the Cloud-Native Movement. Here’s a Solution

April 23, 2019

Like many other telecommunications companies that provide networking services, the Canadian national telco company Telus has ambitious goals for network functions virtualization (NFV) and digital transformation. However, at the Digital World Transformation 2018 event last year, Telus CTO Ibrahim Gedeon voiced his opinion that network functions virtualization (NFV) had yet to live up to the original expectations and that exorbitant software licensing costs are undermining the NFV business case. 

NFV was supposed to revolutionize the telecom business, allowing operators to separate hardware from software and become more efficient companies. What Telus has learned, according to Gedeon, is that the anticipated cost savings of NFV aren’t there.

He says the high software licensing costs and maintenance charges eat into the expected cost savings. What’s more, NFV has led to increasing complexity for the Telus network, and the company had to increase the size of its operations team to support both the virtualized environment and the legacy appliances. Complexity can stem from having to integrate disparate technologies within the new NFV framework similar to the old model.

Bryce Mitchell, Director of the NFV, Cloud & National Innovation Labs at Telus, echoed Gedeon’s comments at Light Reading’s NFV and carrier SDN conference. In a speech, Mitchell pointed out that  network service providers are spending too much time and effort testing, validating and deploying the third-party VNFs, and none of those tasks are really automatable. He also cited problems of integrating the process of spinning up VNFs with the telco’s back-end billing and provisioning systems or into the company’s OSS management systems. Mitchell believes the full value of NFV won’t be achieved until these services are developed in an API-driven, cloud-native fashion.

The VNF approach is fundamentally flawed

Telus’s experiences aren’t unique. Numerous implementers and industry experts are realizing the limitations of NFV. (For a complete list of NFV problems, see here.)  The approach is fundamentally flawed because NFV is a simply repacking the same paradigm it was trying to displace. We’re still thinking about managing complex services as appliances, albeit as software rather than hardware appliances.

Thus, despite the industry hype, NFV will largely look like the managed or hosted firewalls and other devices of the past, with some incremental benefits from using virtual instead of physical appliances. Customers will end up paying for all the appliance licenses they use, and they will still need to size their environment so they don’t over- or under-budget for their planned traffic growth.

From a managed service perspective, offering to support every single VNF vendor’s proprietary management is an operational nightmare and a costly endeavor. One thing that’s lacking is an effective orchestration framework that manages the deployment of the network functions. As the Telus people acknowledged, more, not fewer, people are needed to simultaneously support the complexity of virtualization along with the legacy technologies.

Ultimately, if NFV doesn’t allow network service providers to reduce their infrastructure, management, and licensing costs, customers will not improve their total cost of ownership (TCO), and adoption will be slow.

Bust the paradigm with cloudification of the functions

How do we bust the appliance paradigm? By hosting the services that have traditionally been appliances as Network Cloud Functions (NCFs) to form a cloud-native software stack.

Unlike VNFs, NCFs are natively built for cloud delivery. These may be any network function, such as SD-WAN, firewalls, IPS/IDS, secure web gateways and routers. Instead of separate “black box” VNF appliances, the functions are converged into a multi-tenant cloud-based software stack. Rather than having separate VNFs for each customer, the NCFs support multiple customers; for example, one firewall for all customers on the cloud, rather than a separate firewall for each customer. However, NCFs are configurable for each customer, either on a self-service basis or as a managed service, through a single cloud-based console.  

The Network Cloud Functions approach is much more manageable than the Network Functions Virtualization approach. When a function like a firewall needs to be updated, it is updated once for the entire network and it’s done. When a firewall is deployed as a separate VNF on numerous customers’ networks, each one needs to be updated individually. This greatly reduces the operational challenges of NFV that are proving to bog down the network service providers.

NCFs promise simplification, speed and cost reduction. In some cases, these benefits come at a reduced vendor choice. It’s for the enterprise to decide if the benefits of NCFs are greater than the cost, complexity, and skills needed to sustain NFV-based, or on-premises networking and security infrastructure.

Dave Greenfield

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.