Do you speak NFV? Time to go back to school and learn

Software – not shelves – is the answer, whatever the other kids may say


Administrators have some growing up to do before they're ready to properly implement Network Functions Virtualisation (NFV), as it not only has to be automated and integrated into extant management systems, it needs to be a lot more lightweight than most administrator believe is possible.

NFV is the ability to stand up, tear down, automate and orchestrate network elements in some easy-to-use manner. Network elements can include switches, routers, firewalls, Intrusion Detection Systems (IDS), monitoring, port mirroring, and even entire clusters of virtual or physical server instances.

In some cases, many of these functions are performed by a single virtual machine. In some cases multiple virtual machines are required. In still other cases, hardware appliances are used.

Depending on how things are set up, NFV could involve spinning up a new VM to perform a single function for every instance where some network functions are required. This is the least efficient way to go about things.

Rationally slicing up our networks

Working with Yottabyte has recently given me an appreciation for how this is balanced. In Yottabyte's world, everything is about "virtual environment". Each virtual environment has its own dedicated slice of storage, storage policy, VMs etc. More critically, each virtual environment has a single NFV VM that provides basic routing, firewall and NAT.

Virtual environments can be used in any number of ways. You can create one for each service you deploy, or – if you really wanted – for each VM. In reality, Yottabyte sees that on-premises customers create virtual environments to encapsulate collections of like VMs and services that typically have to interoperate closely, and use the NFV VM to defend it.

Service providers using Yottabyte, including Yottabyte itself, usually create a virtual environment per customer – though nothing stops a customer from having more than one. This is roughly mirrored by how other cloud providers handle NFV.

I know of several OpenStack cloud providers that slice up their networks in a manner very similar to Yottabyte's virtual environments. Signing up as a customer gets me some storage space and a single NFV VM. I can spin up more NFV elements if I need, but that one VM will probably handle all my needs until I start scaling to several hundred workload instances.

If I go to Microsoft’s Azure and spin up some services, what I am given looks very similar. I am given what appears to be a single NFV VM, unless I explicitly create more. That VM can handle load balancing, firewall NAT and more. Of course, Azure is a lot less transparent.

What appears to me to be a single NFV VM could in fact be my "virtual slice" of an NFV VM that handles multiple customers. Right now, today, I don't think Microsoft is doing this – mostly because Microsoft likes using Windows and Windows doesn't really have the technology for it. Having said that, the multi-tenant capabilities in Windows Server 2012 R2's RRAS could well make a liar out of me here.

In the Linux world, I'm seeing this sort of "multi-tenant NFV" increasingly done with containers. A single NFV VM is stood up with some services operating in a multi-tenant mode (the firewall and load balancer are generally capable of this) while other services (such as IDS and monitoring) are provided via containerised instances.

Multiple users share an NFV VM, largely unaware that they are doing so, until one or more of them place such a strain on the NFV VM that the system (or the cloud admins) decides the "noisy neighbour" needs their own NFV VM.


Other stories you might like

  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading
  • Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

    Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

    Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

    Space is a hazardous environment. Streams of charged particles traveling at very close to the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

    Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

    Continue reading

Biting the hand that feeds IT © 1998–2022