Your Network's Edge®
You are here
The CSP Guide to NFV, Disaggregation and Automation
The virtual customer premises equipment (vCPE) have matured over the years to become a pivotal tool in helping communications service providers (CSPs) address major shifts in the market. Chief among these shifts is the acceleration in enterprises’ digital transformation, which drives major changes in telcos’ business customer needs. By the end of 2021, 80% of enterprises will be on the way to cloud-centric infrastructure and applications1. From SMEs relying on SaaS, enterprises moving to XaaS and all the way to “Born in the Cloud” organizations, these changes drive the transformation of the network and CSP offerings.
In addition to businesses transitioning to the (multi) cloud, other trends are challenging the CSP landscape, including the rise of the mobile worker and the work from home (WFH) boom – especially as COVID-19 work patterns have become the New Normal. Pre-pandemic IP VPN topologies and business network services no longer fit the new “work from anywhere” paradigm. And as if that isn’t enough of a challenge, over the top (OTT) SD-WAN and secure access service edge (SASE) players are cannibalizing traditional telcos’ market share.
As emerging services and applications pose special requirements in terms of performance, latency, resiliency, and local storage, compute infrastructure is increasingly getting closer to the edge. As a result, CSPs are extending compute services and storage closer to users to avoid transmitting large amounts of data to remote data centers and to enable new applications: IoT, software defined branch (SD-Branch), autonomous systems, client/server, device/cloud applications, and more.
This is where vCPE comes into play, allowing CSPs to move their business customers from legacy VPNs to cloud access services, connect new locations and IoT devices, deliver business class networking for WFH employees, and host value added services (VAS) either at the CSP edge or at the customer edge.
1 IDC top 2021 predictions, Dec 2020
Scroll down to read on about vCPE, uCPE, SD-branch and the intelligent edge.
What is vCPE
vCPE is a major example of network disaggregation, i.e., the separation of software from the hardware appliance it runs on. Instead of the inflexible hardware appliances with pre-determined functionalities of days past, virtualized CPE involves separation of the various components with the CSP-operated service delivery platform: Hardware, operating system (which includes the virtualization infrastructure) and software-based virtual functions.
Network disaggregation, network functions virtualization (NFV) and software defined networking (SDN) allow CSPs to choose best-of-breed products and solutions to meet their operational and business needs. They can make their technology validation and procurement cycles more agile and introduce new services faster. This, in turn, makes them less dependent on their traditional network equipment providers and frees them from vendor lock-in.
Such flexibility is also appealing as it allows providers to launch new services, such as a combination of networking, security and IT services, which, in many cases, they were not able to offer before. These can be specifically customized for various market segments and verticals such as hospitality, retail and supply chain management.
The new breed of networks described above follows a model of Disaggregation, Automation and Virtualization:
vCPE deployments for businesses are among the most important revenue-generating segments of virtual network functions (VNFs) and are expected to triple the VNF market by 2025, generating more than US$15 billion in revenue globally. 2
uCPE and pCPE
There are various types of vCPE hardware that serve as the basis of an intelligent edge platform in which VNFs are hosted. These are the major types:
uCPE – The Thick CPE
A universal customer premises equipment, or uCPE, allows CSPs to tailor a multi-function vCPE with a single device hosting virtual machines (VMs) and/or VNFs. This helps users not only to avoid the use of multiple concatenated devices at their premises, but also to augment edge functionality on-demand by remotely downloading new functions onto their vCPEs. uCPE vendors typically design their platforms based on an x86 server.
pCPE – The Thin CPE
The pCPE is a thin, economical and disaggregated CPE in which value-added services are hosted as containers. Thin CPE can run on a range of hardware boxes, from a two-core ARM device to an x86 off-the-shelf hardware. Ideally, the pCPE includes an embedded router and firewall.
The IoT Gateway is a pCPE that is packaged in a ruggedized device to address extreme temperatures and dust. It can also host third-party containers.
Disaggregated vCPE Operating System
In addition to white boxes and VNFs, NFV architecture also requires an operating system that serves as the virtualization infrastructure (NFVI). It is an important part of the wan edge infrastructure in any intelligent edge network and needs to integrate with the SDN controllers, orchestrators and operations/business support systems (OSS/BSS) that are used in the NFV network.
Most vCPE offerings today include a vendor-locked operating system that is typically tied to the specific uCPE or pCPE in use.
vRouter & vFirewall
Among the various NFV VNF applications required in any NFV network the virtual router and virtual firewall are probably the most popular, as these functionalities are staples for business services. Until recently, a typical deployment of a virtual firewall appliance and a disaggregated router required separate vRouter and vFirewall VNFs that need to be licensed separately from their respective vendors to be hosted on the vCPE platform and managed separately. There’s also the issue of performance. In their VNF form, Provider Edge virtual router and firewall vary greatly in their performance and demand quite a lot in terms of CPU resources and network throughput capacity.
SD-WAN Connectivity and Multi-Cloud Access
Over the last few years, software defined wide area networking (SD-WAN) has had a huge success as a cheaper alternative to costly IP/MPLS VPNs. SD-WAN connectivity has migrated from a WAN product sold by vendors directly to enterprises, to a legitimate element in CSP service mix. Despite growing adoption and a very crowded market, there are still several key challenges that SD-WAN poses to service providers. First, most current SD-WAN architecture is built for legacy systems and traffic patterns — where branch offices must connect to HQ to access applications and data that are stored in a handful of private cloud locations. However, today’s landscape looks very different, with the explosion in public cloud adoption resulting in a pivotal shift in topologies from mesh to hub & spoke or direct branch-cloud connectivity. SD-WAN services have, in many cases, fallen behind.
Then there’s the issue of the role of the CSP. As an over-the-top (OTT) solution, current SD-WAN offerings relegate service providers to the role of resellers, as they can’t use their own network edge assets to add value to their business customers beyond simple connectivity.
In other words, CSP need to find ways to build their SD-WAN architecture with cloud traffic in mind, as well as move up the value chain where it comes to SD-branch service offering.
The main difference between SD-CloudAccess and OTT SD-WAN offerings are summarized in the table below:
The final element in any NFV network is the orchestration layer. An NFV orchestrator (NFVO) is needed to manage NFVI resources and their virtualized infrastructure managers (VIMs), coordinate resource allocation to meet requests from VNF managers and handle policy enforcement issues. In addition, NFV orchestrators are required for the lifecycle management of network services, including VNF service instantiation.
Here are the various elements coming into play in service lifecycle management:
vCPE enables a variety of business connectivity services ranging from VPN to cloud access services. With the right vCPE solution in place, different businesses and even different sites are free to choose their preferred connectivity option based on their current requirements and upgrade it later in time as their needs evolve. Various sites of the same organization may deploy different business edge vCPE options and have them stitched together into a single business VPN.
Key vCPE-based services where CSPs can add value include multi-cloud access, smart branch connectivity/SD-Branch and even VPNs:
Managed Business Router / Customer Edge Replacement
A disaggregated vCPE is an ideal fresh alternative for legacy business routers that are due to be replaced. This would typically include a managed business router that provides MPLS VPN access and can be used to host multiple functions that otherwise may have been implemented using several boxes.
The disaggregated vCPE releases the service provider from vendor lock-in, allowing the hosting of best-of-bread functions and the use of off-the-shelf hardware.
Managed Business Router / Customer Edge Replacement
Overlay VPN over Fixed/Mobile Broadband Network
With VPN over broadband, business sites are not bound to MPLS access links and can instead connect to the organization’s VPN over fixed or mobile broadband access links, either as the primary link or as backup to the MPLS ones. This allows the CSP to expand its L3 VPN services to unserved sites, as well as offer its enterprise customers the ability to connect pop-up business sites to the corporate VPN.
Such connectivity services use a secure overlay either over the service provider’s own broadband access links or over third-party provider networks.
Overlay VPN over Fixed/Mobile Broadband Network
SD-CloudAccess is designed for “cloud-first” enterprises, or business customers that are transforming to the cloud. CSPs can introduce application-aware traffic steering across multiple links, so that businesses can benefit from SLA guarantees for their cloud access services.
Business traffic is forwarded in overlay tunnels, ideally over a single set of overlay tunnels that are terminated at a virtual cloud gateway, typically deployed at the service provider’s edge. By landing all traffic at their network’s edge, service providers can use their own footprint to host value-added cloud and cloud on-ramp services, such as hosted SASE. For a local internet breakout, predefined application traffic is forwarded directly to the internet and excluded from the traffic sent towards the cloud gateway. This requires a next-generation firewall to protect against malicious attacks from the internet.
Policy-Based Traffic Distribution
The Essential vCPE Checklist
Carrier-grade NFV/vCPE implementation requires a holistic view that takes into account every phase within the service lifecycle. Below is a list of best practices and agile tools to accelerate the adoption of NFV and vCPE:
Must provide true openness to prevent vendor lock-in and ensure high performance of all vCPE aspects, including third-party VNF hosting, yet remain slim and agile.
Backup and redundancy of the network, connections, vCPE system uptime, NFV infrastructure (NFVI) stability and VNF performance, including service chained VNFs.
A range of security measures, from TPM to secure tunneling/VPN and management channels over public networks to allow direct and secure connection to data centers.
Zero-touch provisioning, VNF onboarding, instantiation and chaining, as well as maintenance, updates, rollback/reconfiguration, and tear down.
WAN Connectivity: Ubiquitous service look & feel over PON, Carrier Ethernet, xDSL, LTE, and even TDM access. Such variety of WAN connections and interfaces enables a unified global deployment for any NFV VAS.
RAD’s Intelligent Edge vCPE Solutions
vCPE edge portfolio includes everything CSPs need to deploy virtualization services today:
- Slim, high performance disaggregated operating system
- A range of thin and thick CPEs hosting VMs or containers
- A domain orchestrator to remotely manage virtualization functionalities and automate operations
It is designed to help service providers leverage their “real estate” – that is, the network and customer edge – in introducing VAS beyond simple connectivity. These include hosted zero-trust secured access (Secure Access Service Edge services – SASE), latency-sensitive applications and more.
- Freedom to choose any vCPE hardware, per branch site requirements, with a common operating system in all vCPEs to minimize integration efforts and reduce costs.
- Host value-added VMs and containers on premises or in data center/cloud as needed
- Rapid transition from branch-HQ connectivity to branch-cloud connectivity
- Open, lightweight vCPE-OS with a powerful embedded router, firewall and virtualization resources manager. It runs on a fraction of a CPU core, requires extremely low memory and provides market leading throughput
- Support “Cloud-First” business customers with SD-CloudAccess
Not sure which deployment option is right for your vCPE services?
We’ve collected some interesting insights that could help you make the right decision.
and we’ll happily share them with you.