Born in the data center, cloud technologies such as network functions virtualization (NFV) and software-defined networking (SDN) have expanded and are now rapidly transforming wide-area networking. As part of this transformation service providers are leveraging NFV to offer managed value-added services (VAS) to their enterprise customers. They are deploying universal customer premises equipment (uCPE) to do this, hosting virtualized VAS on server processor, storage and switching functions that can execute one or more VNFs at once. In this article we explore why SD-WAN will be a key infrastructure element in successfully enabling this shift.
The challenge with dedicated proprietary CPE devices
The traditional CPE device is a router representing the demarcation point between the enterprise premises (e.g., an enterprise branch office) and the service provider’s WAN. Today, the CPE device can refer as well to a dedicated appliance, which is also located on the enterprise premises, that offers a variety of VAS such as SD-WAN, WAN optimization, firewall, intrusion and detection systems (IDS/IPS), session border controllers (SBCs) and many more.
The industry is rapidly shifting away from this approach of offering VAS on dedicated and proprietary CPE appliances. The sprawl of devices is operationally difficult to manage because it requires multiple management systems. It can also create vendor lock-in and lacks unified policy control. The legacy approach creates an environment with an inflexible set of services, very high operational overhead and a fragmented and non-scalable ability to manage and control traffic.
Revolutionizing the delivery of VAS
To overcome these issues, there is a shift occurring to replace these local proprietary CPE appliances with virtualized instantiations (as virtualized network functions, VNFs) of them. These VNFs are called virtualized CPEs (vCPEs) and are being hosted on uCPE platforms, which are general-purpose, open standards, commonly x86 appliances that offer much lower costs. By hosting multiple VNFs on a local uCPE, enterprises benefit with increased agility, increased operational efficiency and better overall quality of service, with lower capex.
This shift is reflected in a recent IHS Markit survey (“IHS Markit Carrier SDN Strategies, 2017 and Carrier NFV Strategies, 2017”), where 100% of service provider respondents, controlling close to two-thirds of global telecom capex, indicated plans to develop some form of uCPE to virtualize and host VNFs. The top two services driving this transformation were SD-WAN (79%) and vCPE managed services (73%). Several of the largest North American and European operators plan to deploy thousands of uCPE this year.
Integration, management and orchestration of uCPE
Challenges exist in massively deploying uCPE for VAS delivery. Locations that support uCPE devices (e.g., kiosks, campus or branch offices, regional HQs) may be spread across wide geographies and can be untrusted without belonging to a unified security model. In addition, there are many autonomous systems that need to be leveraged to manage the lifecycle and configuration of each VNF while orchestrating them as a whole.
SD-WAN can overcome many of these challenges. With full visibility and control of the network and its resources, SD-WAN can provide a holistic approach to securely connect uCPEs and their VAS across all locations using centralized policies. In addition, the network operator can use the existing SD-WAN infrastructure to optimize the operational model of deploying uCPE by providing a number of preconfigured management and policy functions such as:
- provide a comprehensive catalog of VNFs that are available to each enterprise, user and branch
- offer lightweight lifecycle management of each VNF, with the ability to create, bootstrap, delete and upgrade each one
- expand centralized multi-tenant policy control, enabling service providers to configure each VNF, defining what branch site, what enterprises and which users have access to them
- offer traffic policies to define what application should be treated with what VAS and how each packet flow traverses through each configured VNF.
Finally, the SD-WAN infrastructure can be pre-integrated with all peripheral systems that are needed to support these uCPE-hosted VNFs. This approach includes integration with the overall orchestration system as well as the NFV management and orchestration (MANO) environment.
The right infrastructure now and in the future
One key advantage of leveraging SD-WAN is that it provides a platform for deploying a wide variety of VAS on demand, with no truck rolls required. This ability enables much faster service deployment to branches and remote sites and, most importantly, a centralized and highly automated way to manage them.
Using a versatile uCPE as the forwarding plane for an SD-WAN platform provides unmatched flexibility to support advanced services. Some can be hosted on the uCPE like WAN optimization and next-generation firewall; others can be embedded features in the SD-WAN software such as Layer 4 to 7 stateful firewalls, Layer 7 URL filtering, IDS/IPS, Dynamic Host Configuration Protocol (DHCP) and network address translation/port address translation (NAT/PAT). Other VAS can be deployed across the entire enterprise network and service chained. Some of these services may be cloud-based such as Zscaler, where traffic flows can be steered directly to such services.
Service providers need a holistic approach to deliver VAS by providing them in flexible locations, either locally or cloud hosted. Most network operators are following a strategy that also links vCPE into edge and district data centers to potentially deliver further services. Edge data centers, located in central offices, might, for instance, provide extra processing power to support the low-latency requirements of automated processes in the field.
This cloud-based, virtualized approach linking either uCPE and edge data centers or employing pure vCPEs hosted in public clouds, such as AWS or Azure, will be a key architectural shift over the coming years. The flexibility, ease of management and security of these connections between enterprise sites and workloads/applications in the cloud will revolutionize the way cable operator business services are contracted, deployed and managed. Enterprises will welcome this shift, just as they have welcomed the ease with which they can self-manage their cloud services.
This isn’t just a question of convenience, but matches the requirements that the cloud now imposes on the network. It makes no sense to be able to obtain on-demand cloud services (application, platform or infrastructure), if the underlying network resources take weeks and months to arrange. Thus, SD-WAN and uCPE will be in high demand. No wonder service providers are united in their drive to roll these technologies out quickly.
Patrick McCabe is a senior marketing manager at Nokia’s Nuage Networks and is responsible for promoting SDN products and solutions for service providers and enterprises. McCabe has held a number of engineering, sales and marketing roles during his 25 years in the telecommunications industry. He was educated at St Francis Xavier University and Technical University of Nova Scotia (DalTech), and holds Bachelor’s and a Master’s degrees in Engineering.