Quest for a Universal vE-CPE Platform

It’s going to be an interesting year. Is 2017 the tipping point in enterprise networking overhaul? All eyes are on the evolution of virtual Enterprise CPE (vE-CPE) roll-outs and the potential disruption that a Universal CPE box might cause as it eats up multiple hardware appliances to run them as software functions on virtual machines.  The quest for universal boxes that converge functions is nothing new, just like the universal threat management appliances that consolidated multiple network security functions or the soft-switches that replaced the proprietary hardware  switches of the past. More recently, smartphones have eaten the laptop, phone, camera and more just like the system-on-chips that replaced  memory, I/O and storage controllers.

Consolidation and miniaturization are the driving forces that bring the necessary CapEx and OpEx savings to drive the next wave of innovation.

In itself, the replacement of multiple special purpose legacy appliances with a single commercial off-the shelf, “open standard”, x86 white-box device brings some significant cost savings. These are are further augmented by the operational flexibility that a single platform brings by enabling new and scaled-out services without the need for truck rolls. One of the key benefits of which is the reduction of service deployment cycles which can be collapsed into to hours if not, in some cases, minutes. Those are the initial takeaways that are encouraging communication service providers (CSPs) and enterprises alike to deploy vE-CPE technologies faster so they can gain both operational benefits and a clear competitive advantage.
The next key advantage, to some, is potential freedom from vendor lock-in and legacy networking solutions made up of multiple integrated hardware and software solutions from a SINGLE supplier.  vE-CPE embraces the all-new NFV-based model and allows for a logical and flexible separation of hardware and software. The vertical silos with vendor lock-in get transformed into a horizontal mix-and-match approach between hardware and software vendors, however the buck still stops somewhere: with the vendor, integrator or service provider who ultimately bring all the parts together.

Advantech has been supplying network appliances and network compute gear to OEMs for nearly two decades and initially entered the white box arena with switches back at the start of the SDN revolution. Many of our OEM customers have evolved since the advent of Network Function Virtualization and as such are embracing new go-to-market strategies for the new IP Infrastructure. These typically include all or some of the following:

  • Continuation of a branded all-in-one hardware + software solution
  • Co-marketing and co-selling of software solution (NFVI+VNFs) on an Advantech white-box, with customer grey-box options
  • NFVI support of an Advantech whitebox
  • VNF provider
  • Integrator of selected NFBI, VNF, Orchestration and whitebox combonations

There is no common blueprint, but as already mentioned the buck still stops somewhere: with the vendor, integrator or service provider who ultimately bring all the parts together.

The rest of this blog post will cover some of the vE-CPE topologies and discuss two white-box solutions.

vE-CPE Architecture Options

Figure 1 Legacy CPE to Virtualized CPE Transition

Figure 1 essentially depicts the transition to a vE-CPE device connecting a home office or an enterprise or to a carrier network and the Internet via its integrated WAN ports. Depending on the design the WAN ports would ideally support dual media for fiber and copper physical interfaces for quick and simple connection to existing infrastructure. The ports can also be used to provide connectivity to redundant carrier links for high availability. If a wireless modem is integrated for LTE mobile connectivity it can act as both a backup interface or to provide broadband connectivity in remote locations. The advantages here are the flexibility of using any mix of last-mile interfaces.

The univeral vE-CPE devices called out in most of the RFI/RFQs we are aware of are based on standard Intel Architecture server technology,  and support software solutions that are capable of providing not just the basic virtual network functions such as routing and carrier -grade NAT,  but also provide secure connectivity and VPN support via IPsec. The local network also needs to be protected by a virtual stateful firewall. From a sizing perspective an entry level box based on a scalable Intel Atom C2000 processor with upto 8 cores provides sufficient headroom for even more value-added services such as anti-virus or intrusion protection.

SD-WAN, perhaps the most pervasive vE-CPE use case, brings automated and multi-tenant services that can further optimize traffic routing between broadband networks and leased lines.

 

Customer Premises VNF Model

Figure 2 offers a more detailed view of the Customer Premises VNF model where the white-box model just introduced can easily replace multiple devices in small offices. The left hand figure depicts all-in-one integration while the figure on the right hand side demonstrates how to integrate into existing infrastructure in a small to medium office.

Figure 2: Customer Premises VNF Model

Four or more switch-based LAN ports can be used to connect local devices such as computers, printers and network attached storage systems directly.  With an integrated switch in the whitebox, LAN-to-LAN traffic can be separated from LAN-to-WAN traffic and give more headroom to the processor processor as oppose to having to process software-based switching.

Copper LAN access ports can be used to connect an IP Phone via a separate subnet – that way QoS management for voice services can also be simplified.

Additional computers and portable devices such as smartphones and tablets can connect via an integrated WiFi access point.

In small to medium offices a universal vE-CPE device can connect to the LAN via an existing external switch and one port can interface to a local admin console via a management LANs or DMZ.

What’s interesting in this high level of integration or consolidation into a single device is not only the  substantial CAPEX benefits, but also the optimization of operating expenses by reducing the number of on-premise devices to just one. This simplifies the approach to managed services as well as the provisioning of infrastructure and network as a service applications.

White box and Cloud Model

Figure 3:  White box and Cloud Model – “Slim vE-CPE”

The previous examples covered the customer premise VNF model. In essence it delivers a simpler, premises hosted virtual device model that’s easy to manage and less demanding on fault correlation across networked resources than an elastic cloud model.

While the motivation for connecting a vE-CPE white box to the cloud is the greater flexibility and elasticity for service and application offload, it is clear that cloud elasticity also reduces the compute, offload, memory and throughput needs as more VNFs and services are run in the cloud.

In a topology for vE-CPE and SD-WAN deployment like the one in Figure 3, the on-premises device can be much slimmer from a hardware payload perspective and as a minimum only needs to essentially provide routing and secure connectivity to the carrier network.

As shown in figure 3,  those additional network functions are then hosted in the carrier network on scale-out platforms optimized for edge deployments.

Here we’ve added several Carrier Grade Blade server platforms providing the NFV infrastructure such as Advantech’s Packetarium XLc PAC-6009.

 

Branch Security and XaaS Gateway

Figure 4: Branch Security and XaaS Gateway

Figure 4 is similar to the previous White box and Cloud Model – “Slim vE-CPE” but depicts a network where Enterprises requiring higher performance branch connectivity at lower cost can engage with multiple operators for direct connection to the internet and/or cloud networks.  Legacy routers can be used to connect to the carrier network for MPLS

This and the previous cloud model cloud essentially enable more flexible and scalable service deployments, where new services can be deployed faster and provisioned for higher levels of availability and performance. In addition,  centralized network automation tools ensure overall network optimization and guarantee of service levels.

From an Opex standpoint, the greater use of cloud-based applications means more efficient use of bandwidth and reduced connectivity costs while centralized cloud management and automation simplifies service delivery.

On the Capex side, Lower compute performance is required on initial vE-CPE deployment and of course elasticity reduces the need for performance hardware upgrades.

And cloud multi-tenancy means Capex is much lower at scale and absolutely no additional infrastructure is required to bring up a new branch or customer.

 

 

Advantech Whitebox Appliances for vE-CPE

Advantech’s open white-box vCPE approach, using standard Intel processors in feature-flexible appliances, provides the range of bare-metal server platforms needed by CSPs and system integrators to transform conventional deployment models in the enterprise WAN. Advantech’s initial white box vCPE range consists of 4 platforms that cover a broad set of configurations and price points:

The FWA-1320 and new FWA-1010VC table top appliances, along with the 1U rack mountable FWA-2320 are all based on the Intel Atom Processor C2000 system-on-chip formerly codenamed ‘Rangeley’. Intel QuickAssist and DPDK support provide the technology needed for up to 10x accelerated packet handling as well as encryption and compression offload. Ranging from 2 to 8 Atom cores the two platforms offer 500 to 1500Mbps of IPSec encrypted traffic throughput, depending on their configuration and target entry-level to mid-range vCPE deployment.

The FWA-3260 is a server class 1U- rackmount compute and network appliance based on the Intel® Xeon® Processor D with up to 16 cores and up to 128GB of memory ensuring that the right performance level can be matched to the workload at hand. Integrated Intel® QuickAssist Technology accelerates execution of crypto algorithms including IPSec without burdening the CPU. As a result, secure branch connectivity including end-to-end encryption can be provided without compromising VNF performance or increasing cost. The system offers flexible connectivity with four 1GbE ports and two 10GbE SFP+ ports for WAN or additional LAN connectivity. A Network Mezzanine Card bay provides the ability to add additional I/O including handling a variety of 1GbE and 10GbE copper and fiber options. A PCIe gen.3 slot provides further expansion for IPsec acceleration and offload using the PCIE-3020 Intel® QuickAssist PCIe adapter.

For more information on Advantech’s vE-CPE White box appliances and software partners, please visit: http://www.vecpe.com

 

Paul Stevens – Telecom Sector Marketing Director

 

Leave a Reply

Your email address will not be published. Required fields are marked *

eight + 16 =