Where are the NFV Moon Shots?

Apollo17 Lunar Rover

It’s been over 50 years since John F. Kennedy famously declared “we choose to go to the moon.” It’s interesting to try and imagine how the last 50+ years would have unfolded if instead he stated “let’s dabble in space, see if we can develop a business case, and see where it leads us”. As a society, would we have the innovations and prosperity that we enjoy today?

A question that we must challenge ourselves to ask is: Where are the NFV moon shots?

“We choose to go to the moon. We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one which we intend to win, and the others, too.” – JFK

In June we participated at both TMFLive and LightReadings Big Telecom Event where we announced our new network security solution. At both events there was a lot of discussion about NFV and SDN are key to enable new revenues, and not about cost savings alone. However, from many aspects, these aspirations were not supported with a lot of details. In fact, at BTE there was a lot of discussion about incremental evolution and making small deliberate investments to prove-in business cases in order to executives and boards of directors. That is, a slow incremental approach.



Virtual CPE was cited most commonly as one of the business drivers. But is this really a new business case, or about delivering existing services cheaper, or about re-capturing business that is being lost today, or all of the above? We are the first the acknowledge that transformation isn’t going to be easy. Service provider networks are inherently complex, they have evolved over generations, incorporate a range of technologies and involve an interwoven fabric of people, systems, and processes. It is this complexity that partially explains why new revenue creating services may be delayed until some of the operational realities are resolved (this is something about we’ve previously written: Until MANO is Solved, Creating New Revenues from NFV will be Delayed).

Big Telecom Event Panel with Procera, Intel and Colt

During BTE we also participated in a panel discussion entitled “Improving Customer Experience: The Critical Role of Service Management in a Virtualized World” moderated by Michael Howard, Senior Research Director at Infonetics/IHS Technology with colleagues from Procera, Intel and Colt.



Infonetics Carrier Network Architecture 2020

Michael shared his view of the Carrier Network Architecture 2020. While a simplified representation, it still illustrates the striking complexity that service providers face. For instance, the combination of highly distributed, multi-technology networks with multiple domain-specific orchestration and control points explicitly highlights some of challenge service providers will face: multiple systems and people each “touching” network, and more importantly affecting the services delivered.

Unlike today’s networks, virtualization blurs the natural delineations that existed when functions were implemented in physical devices, and instead creates more inter-dependencies from a performance and security perspective. On the panel we spoke that a service-oriented view towards management and operations must be adopted. And it is important to recognize that service chains span physical and virtual networks, all of which must be correctly tuned in order to deliver the best possible customer experience. As an industry, these are some of the issues which we must figure out, “not because they are easy, but because they are hard”.

Unquestionably, there has been considerable, and accelerating, progress made over the last few years. But where are the moon shots? The closest is perhaps AT&T’s stated ambition to virtualize 75% of their network functions by 2020.

Do they have all the details in place? Do they understand all the risks? Do they understand all the drivers? Probably not. But they do understand they urgency in that something must be done, because if they wait to understand all the aspects of commercialization first, that perhaps we will never get there. After all, others are working on their own moon shots.

Securing SDN and NFV: are you ready?

Cyber Attack Warning

Mary Meeker’s 2015 Internet trends report contains fascinating, broad reaching data about how the technologies that many of us are involved in developing is used and consumed. Compared to 2014, this year’s report devotes more attention to security: “Cyber Attacks: Growing in Size / Complexity / Risk”. Undoubtedly, the 2016 edition will likely provide even more insights. It’s not surprising considering some recent high profile security breaches.

Some interesting insights from Mary Meeker’s report: insider misuse is a significant source of breaches. It states that over 20% of breaches come directly from insiders with malicious intent. Include well-intentioned insiders, it’s easy to see how the majority of network performance issues or security vulnerabilities can be traced to configuration issues

Service providers have not been immune from cyber attacks either. And the security risks they face are only growing. Service providers are facing an unprecedented set of challenges as billions of IP connected devices are attaching to their networks, from all sorts of locations. New technologies such as SDN and NFV, and DevOps paradigms will create significant disruptions to security and network operations teams.

It’s one of the reasons why Nakina announced NI-DEFENDER, a Secure Network Auditing Platform. The solutions combines network and service configuration scanning, context-aware analytics, with role and attribute based identity access management. It can be used to protect today’s fixed and mobile networks, physical and virtual networks, and help operators support new NFV and SDN implementations.

NI-DEFENDER was recognized with two industry innovation awards this week and we will be showcasing the solution next week at LightReading’s Big Telecom Event . We’ll demonstrate how the solution can provide and assure security integrity across a typical heterogeneous mobile network, which includes the Titanium Server, a carrier-class NFV software platform, from our technology partner Wind River.

If you’re in Chicago, plan to stop by and meet the Nakina team and attend our panel discussion on June 10, hosted by Infonetic’s Michael Howard.

NFV vCPE: Too Good to be True? Round 2

VanillaPlus hosted a second NFV roundtable discussion. It was an opportunity for colleagues from Ericsson, Cirtix, Comptel, and RedKnee along with Analysys Mason to discuss how some of the deployment risks can be mitigated. A key question posed is “Why are CPE services a target for virtualization?”

Managed enterprise services are a lucrative revenue stream for many service providers, particularly those looking to offset declining or flat revenues from consumer mobile and wireline services. Managing the customer premise equipment is the single largest expense for service providers. NFV provides the opportunity to eliminate management complexity and expense of customer located equipment, reduce technology obsolescence at customer premise. NFV also enables a pay-as-you-grow CAPEX, requiring small initial investment in virtual machines to support router functions that scale with service. Because enterprise services are in many cases customized (by region, location, vertical, and even by customer), NFV enables workflow automation and self- service provisioning through user accessible portals. Reducing provisioning times and improving time to service is a key driver.

As we discussed on the panel, there are obviously some major challenges. Enterprises are increasingly distributed; remote branch offices are served by a variety of access networks, each with varying degrees of performance, throughput, latency, etc.. It has been estimated that 80% of application performance issues are blamed on the network. And latency is the biggest source of application performance problems. For example, Unified Communications applications generate small packet sizes and ~10x more packets than other applications. Any packet loss, jitter, or degraded performance will have a significant and measurable impact to user experience. Additionally, services are not always ubiquitous, but rather tailored (i.e. vertical specific, location specific, etc.). This means that there will be more configurations and parameters that need to be accurately set in order to meet SLAs and deliver the appropriate service. All this is possible and achievable with of NFV, but one must not overlook the potential increased operational complexity when it comes to properly configuring these service settings, monitoring and troubleshooting. NFV creates the potential for more configuration-induced performance issues. There are more (and different) parameters that can be tuned, and more inter dependencies in this shared, multi-tenant type architecture.

Latency sensitive applications are partially why we’re seeing the industry introduce distributed or edge NFV and other techniques whereby certain capabilities may be hosted on a virtualized platform at the network edge or customer premise, while others centralized. After all it’s not like every enterprise location (particularly remote branch offices) is connected via 10Gbps fiber-fed connections. In fact, most enterprise locations are connected by a range of access technologies, each with varying performance characteristics.

Edge Virtualization for vCPE

This scenario also creates new, creative business models for service providers including a new suite of ‘micro-cloud’ services. Distributed or edge NFV creates a new and different complexities including, most importantly, new security considerations however including an expanded attack surface. New business models will likely could have the service providers maintaining the platform (i.e. the NFVI) and hosting 3rd party virtual machines (VNFs) which belong to the enterprise or another 3rd party. This added challenge created with multi-tenancy and managing the access control policies from a security perspective, and increases troubleshooting and issue isolation complexity. This is why a new, carrier-scale, Identity Access Management strategy is needed.

Automated network data integrity auditing and analytics will be equally crucial in order to understand the exact configurations of the functions in the service chain, isolate and correct misconfigurations instantly, meet service level agreements and customer experience expectations. Automated analysis of service configuration anomalies can dramatically improve resolution of incidents and visibility into service performance. Data-driven analytics helps prioritize remediation, eliminate hours in troubleshooting time, and proactively refine network configurations (such as QoS and TCP/IP settings, which have a direct impact on application performance.

It remains clear that despite the rapid evolution towards NFV, that we’re only scratching the surface of the many operational considerations that are arising. If you missed the live event, a recording of the session is available.

NFV vCPE: Too Good to be True?

Virtual CPE (or vCPE) is one of the most popular use cased for NFV by service providers. It’s not surprising when you consider that the customer premise location, whether a business or a home, is the most complex and costly aspect for a service provider to manage. If you look at the situation today, often service providers have to deploy multiple discrete devices or appliances to deliver a service. And the range of services are pretty diverse, varying by region, market, vertical and customer. Services span everything including managed router, firewall, security (such as intrusion and malware detection), unified communications, application performance management….you get the idea.


vCPE Extreme Case

In some cases, these capabilities may all reside as virtual appliances or agents in more costly and complex converged multi-service devices like integrated service routers. In any case, service providers have to deal with a lot of complexity. Challenges include navigating a myriad of business process and operational complexities spanning from order management to installation, administration and maintenance. Operational issues range from managing equipment obsolescence to service level agreement monitoring and troubleshooting. Identifying the root causes and remotely re mediating issues can be time consuming and costly. And with the uptake in cloud services there are more business critical (and performance-sensitive) application transactions traversing networks.

The outcomes are as expected: high operational costs, longer times to revenue, and ongoing operational complexity. All impact service profitability. Not surprisingly, virtualizing customer premise equipment (vCPE) has been a key target use case for NFV. A target market is small-to-medium enterprises, which collectively represent a very lucrative segment for service providers, with high recurring revenues. But all this obviously comes with some challenges.

By moving functions (like firewalls, application accelerators, and even routing, from the premise and into a data center) there is now even more critical transactions traversing networks. Incorrect QoS parameter settings, for instance, anywhere along the service chain could cause excessive latency causing some applications, such as interactive video, to experience unacceptable quality. Ensuring network configuration integrity end-to-end is even more crucial.

Partially for these reasons, we’re also seeing different types of virtualization strategies emerge. Virtualization-capable platforms are migrating outside the confines of the data center, all the way to the customer premise. This newer breed of device can host virtualized functions. Some of these functions are maintained and owned by the service provider, or perhaps the service provider is hosting these for the enterprise or another 3rd party. This multi-tenancy scenario requires that security integrity be preserved, and strong identity access management policies be in place.


vCPE NFV Typical Case

Implementations will vary and there will be no single universal vCPE recipe. One thing is for certain, this is a rapidly developing space. We’re only scratching the surface of some of the operational challenges. These will be some of the topics we’re discussing at an April 30th roundtable discussion hosted by VanillaPlus. We’ll be joined with colleagues from Ericsson, Citrix, RedKnee, Comptel and Analysys Mason. Make sure to register.

Until MANO is Solved, Creating New Revenues from NFV will be Delayed

A recently published market research report by Coleman Parkes Research on behalf of HP and reveals the responses from 50 communication service provider CIOs and CTOs regarding their NFV priorities for 2015. There is also great video interview from Mobile World Congress with Julia Ochinero, HP’s Director of NFV Marketing, available from Telecom TV. Importantly, the report provides a comparison of answers to the same questions from the previous year. With emerging technologies such as NFV and SDN, we’re still in such early stages that any ability to monitor progress and spot trends year-over-year is invaluable.

While it’s not surprising that the majority of respondents see migrating from proof-of-concept to trial sometime within the next 3 years, what is surprising is that Opex reduction seems be a more important driver than it was in 2014, while leveraging NFV to enable new revenue received fewer responses than the previous year. The percentage of respondents citing capex reduction as the main driver remained the same as the previous year: “The top business driver for network functions virtualization (NFV) in 2015 is reducing operational expenses (OpEx), selected by 75% of respondents as compared to 59% a year ago—a huge jump.”


HP NFV Survey Responses

The transition from proprietary hardware and software to commercial off-the-shelf (COTS) alternatives makes the business case for Capex reduction relatively straight forward. Opex on the other hand is much more difficult to quantify.

In the video interview, Julia states something that we have been stating for quite some time: there won’t be greenfield opportunities for NFV. Service providers will continue to face the realities of continuing to run and expand traditional physical networks. Initially, a lot of discussions involving NFV management and orchestration (MANO) were really walled-garden in nature. That is, orchestration was focused on a single pool of virtualized network infrastructure and virtual network functions. The reality is that networks will span multiple clouds, and multiple networks both physical and virtual. This implies that MANO must extend between physical and virtual networks, and span next generation as well as legacy networks. Unless a seamless service-oriented view to end-to-end orchestration is achieved, the promises of operational savings will not be realized.

At Nakina, we believe a MANO Enablement platform is required to harmonize service orchestration across any type of network and to extend orchestration across hybrid physical and virtual networks. NI-FRAMEWORK, our MANO enablement platform, mediates, abstracts and offloads complex management utilities, allowing orchestrators to easily connect and manage physical and virtual network functions. It extends orchestration, visibility and control to physical and legacy networks.

Another interesting finding from the survey is that in 2015 driving new revenue was selected by 63% of respondents as a key driver for NFV, a drop from at 78% last year. Does this imply that creating new revenue is not as important as previously believed? Rather, it is likely that service providers have realized that NFV itself does not instantly spawn new revenue opportunities and perhaps the focus should initially be centered on the operational hurdles.

MANO enablement helps operators more quickly realize the operational savings, allowing focus to shift towards developing new revenue creating services. Watch this short video to learn more and contact us:


Video NI-CONTROLLER

Mobile World Congress Wrap Up

Barcelona Fira

Despite months of planning, it never ceases to amaze me how fast another Mobile World Congress came and went. Despite the long flight, crowded metro, and inflated prices, the event remains one of the most important in our industry.


Anyone here not Zone 1 or Zone 2?

It seems like it is one the of few remaining gatherings where it is possible to meet either by chance or by pre-arrangements with peers, colleagues, influencers, customers and suppliers. Yet the event has grown so large that even scheduling meeting themselves proved to be a logistical challenge. Given the passenger list for my flight alone, United Airlines in fact could have offered a concierge service to arrange in-flight meetings. Note: it is interesting to see the boarding process break down virtually the entire passenger manifest is Zone 1 or Zone 2.



Because it came and went so quickly, I’m feeling a sense of urgency to post the obligatory post-event blog before the memory of #MWC15 fades. Here are some of the notable highlights you may have missed, if like me, you struggled to make it past Hall 5.

Even though we’re still in the process of implementing 4G, the industry talk is now all about 5G. The rate of change in the industry is relentless so it’s not surprising we’re now pushing new boundaries with solutions such as small cells, 5G, Internet of Things, etc..

Speaking of which…at #MWC15, NFV continued its forward progress and included live demonstrations of NFV-based networks. Operators are committing to NFV solutions such as the virtual Evolved Packet Core (vEPC) and virtual Radio Access Network (vRAN) in the pursuit of more cost-effective and more agile networks. The supplier community is wholly onboard as well. VMware announced VMware vCloud for NFV with Integrated OpenStack. Some claims: “VMware vCloud for NFV Helps CSPs Achieve Sustainable Cost Reductions, Improve Time To Market”, “VMware Offers CSPs a Fast, Simple Path to OpenStack Adoption”, and “Multi-Vendor vCloud NFV Platform Supports 40+ Virtual Network Functions from 30+ Vendors”.

The progress is undeniable. What still seems to be missing in these discussions, in my opinion, is a frank recognition of how all this becomes truly operational. Demonstrations, lab trials, proof-of-concepts, and small-scale field trials are all encouraging. But implementing, maintaining, and supporting revenue generating services using these new technologies will create new a whole new set of operational requirements, complexities, and challenges.

In a recently published article we wrote: in order to achieve the commercial promises of SDN and NFV, the industry will have to understand and address the operational considerations of rolling out these technologies in scale, while at the same time dealing with the realities of continuing to run and expand traditional network architectures. Assuring network performance, integrity and security in this dynamic, complex environment is vital, yet it has been overlooked, for the most part, in all discussions to date.


These are the topics we covered at #MWC15 in our in-booth seminars and briefings .

We also released a significant announcement describing how Turk Telekom uses Nakina to enable service orchestration and anticipates saving $25 Million.

After all, Network Integrity is the key to enable NFV, management, and orchestration.


Nakina MWC Booth




If you missed visiting our stand , our presentations and video recordings from #MWC15 available from our resource center.

Fins a la propera vegada Barcelona.




Carrier Class NFV – A Guest Blog by Charlie Ashton, Wind River

Charlie Ashton Wind River

Nakina is pleased to welcome Charlie Ashton, Director of Business Development at Wind River, as a guest blogger:

If 2014 was the year NFV became a leading industry buzzword, 2015 may very well be the year when rubber meets the road and the operational realities of implementing carrier class networks become evident. While virtualization is by no means new (enterprise class data centers have been virtualizing servers for a decade), service provider networks present new challenges and requirements.

For instance a service provider workload, unlike common enterprise workloads, requires critical data plane capabilities which, in most cases, are involved in the delivery of services to hundreds of thousands (or more) subscribers. Examples include elements in the Evolved Packet Core (EPC) of a 4G LTE mobile network. Additionally, telecom networks have critical requirements in terms of availability, performance and security. Many Virtual Network Functions (VNFs) need deterministic, low-latency performance, which must be guaranteed by the NFV Infrastructure (NFVI) software.

Assuring the integrity of the network is critical in order to ensure seamless and continuous operation. Configuration parameters of NFVI and VNF components must be maintained to ensure that their performance supports Service Level Agreements (SLAs) for both business and consumer services, implying a mix of real-time, content-rich and interactive applications. It is easy to see how this becomes more challenging in virtualized networks in in which configurations are more dynamic, workload performance is key and protecting the security integrity of the environment critical.

The joint solutions from Wind River and Nakina address many of the looming operational complexities in NFV. Wind River Titanium Server is the industry’s first fully-integrated and feature-complete NFV software platform. It’s the only platform to guarantee six-nines (99.9999%) uptime for NFV infrastructure. No other commercial server solution enables service providers to maintain the rigorous uptime required as networks transition to a virtualized infrastructure. Nakina’s management and orchestration enablement solutions include a suite of orchestratable applications used to assure network and operational data integrity in physical and virtual networks. These applications continuously audit VNFs and NFVIs to ensure that configuration parameters match those expected by orchestrators, inventory and other OSS systems. Nakina also protects the security integrity of networks, enforcing and tracking the appropriate role-based access policies enforced end-to-end for both personnel and processes (like orchestrators, element management and VNF managers).

Wind River and Nakina will jointly present these and other topics from March 2nd through 5th at Mobile World Congress 2015 in Barcelona. Visit Wind River in Hall 7 Stand 7J65 and visit Nakina in Hall 7, Stand 7J11 .

We look forward to seeing you in Barcelona!

Is the Orchestrator the Brain of NFV?

This was the question posed towards at the end of a recent NFV roundtable discussion hosted by VanillaPlus which included colleagues from Ericsson, Cisco, JDSU, TMForum, Analysys Mason and Nakina. At the time, my knee-jerk response was “yes”.

Is an orchestrator really the brain? I’ve been thinking a lot about that question over the last week. On the one hand, an orchestrator is a central controller for NFV. Its main responsibilities are orchestration of NFVI resources and management of network services between VNFs (or service chaining). But how does an orchestrator decide what actions to take? Does it learn and make its own decisions after processing inputs from multiple sources, like analytic engines, or is it instructed by other systems, like policy engines? Is it the master controller (i.e. like a brain) or is a slave (i.e. another system that acts based on instruction from other sources)?

Orchestration is also only part of an overall MANO (management and orchestration) strategy. Orchestrators will be supported and supplemented by other “intelligent” management systems like VNFMs and VIMs. It is also unlikely that there will be only one master orchestrator. Many service providers are discussing domain-specific orchestration, with multiple orchestrators which would then be federated together in some fashion. Does this mean that there are multiple brains?

Unquestionably, the orchestrator plays a crucial role. But policy managers, OSS/BSS, analytic sources, VNF managers, and other orchestrators are some of the pieces that will comprise a complete solution. Physical networks are not disappearing and legacy networks will continue to be involved in end-to-end service delivery so service orchestration will need to span all these environments. We are still in the early days and there will be growing pains. Over time some questions will become clearer and others will emerge.

Is an orchestrator the brain of NFV? I would say “not really”. What do you think?

Visit our resource center to read more about some of our solutions or contact us.

Jumping the Shark

We were a recent guest blogger on SDx Central where we wrote about some emerging operational challenges facing NFV, including maintaining security integrity.

Securing NFV will be a key topic in 2015 as implementations from from labs and small-scale field trials to commercial implementations. There are many hurdles to first understand, and then overcome. In December we also presented some of our thoughts at a IEEE Standards Association study group on this very topic.

We’re entering an exciting phase in our industry. Realizing the commercial benefits of NFV rests on “crossing the chasm”, not “jumping the shark”.

At Nakina we’re excited to be playing a leading role in enabling this transformation. Visit our Resource Center to learn more and read our new whitepaper regarding Achieving Security Integrity in NFV Environments.


Another Security vulnerability…are we safe yet?

Another week, another security vulnerability makes headlines. As the software running in these network functions become more flexible, sophisticated and complex this trend will continue. After all, the data that networks carry is growing in value, and is valued by more 3rd parties in more ways.  Now Network Function Virtualization, (NFV, do we still need to introduce this acronym?), which moves more networking capabilities from hardware to software and provides a wealth of benefits also raises the question: what are the new security risks? Its clearly going to be an important topic as NFV starts to move from labs to the field the coming months and years. Security vulnerabilities may very well be the new normal. The questions in a NFV environment are: how do you perform Identity Access Management to both systems and humans? Are system interactions passing credentials in cleartext or storing cleartext passwords in an XML file? How do you apply service-aware, network wide, role based access policies? And when new vulnerabilities occur (and they will), how do you rapidly contain, isolate, and lock down your virtualized network? Security is one of the many considerations when “operationalizing” NFV. It’s a key area of focus for Nakina whose customers use our NI-GUARDIAN Identity Access Management solution to secure their networks. Nakina will be a speaker on a panel on this topic and an exhibitor at Carrier Network Virtualization, Dec 9-11 in Palo, Alto California.