New network virtualization techniques like containerization rely heavily on distributing traffic between many lightweight, virtualized resources. Because these resources are highly transient, telecom operators can’t use physical probes to monitor traffic between them. Nor can hardware probes perform basic functions such as service assurance and troubleshooting.
Losing visibility of network traffic flows can undo the benefits of virtualization. So how do we ensure traffic visibility in a virtualized network environment? Enter software probes.
NFV Needs Virtual Probes
Historically, telecom operators used dedicated appliances to monitor their networks. But physical probes can't access logical interfaces to monitor traffic between virtual machines (VMs) hosted on the same server. For that matter, physical appliances cannot easily monitor traffic different servers connected via virtual overlay.
In contrast, a software probe works on both virtual and physical networks. It recognizes thousands of communication protocols and metadata attributes to enable traffic shaping, service chaining, service assurance, and next-generation firewalls.
A software probe fulfills the NFV promise of an elastic network infrastructure by monitoring high-density data traffic in real time. It also creates structured data sets with the ability to run analytics. And that granular view into network utilization and service quality allows telecom operators to quickly rectify service-related issues and create innovative new features.
Classification up to Layer 7
One example of a software probe comes from Qosmos, which specializes in deep packet inspection (DPI) and IP classification software. Its virtualized probe provides real-time flow analysis, classification, and metadata extraction up to Layer 7. This rich data supports capabilities such as streaming analytics, malware detection, data leak prevention, and cloud application security brokers.
Qosmos says its software probe can be implemented on a wide array of platforms, ranging from virtual CPE devices to large Xeon-based servers. And the fact that its software probe aggregates dynamic counters early in the processing value chain further reduces the cost and complexity of network virtualization.
Building Software Probe with DPDK
Qosmos built its virtual probe using the Intel® Data Plane Development Kit (DPDK), a set of performance-optimized packet-processing API (Figure 1). Initially launched as a proprietary technology, Intel recently open-sourced the APIs—and now developers are using Intel DPDK on a variety of platforms, including RISC-based processors.
Figure 1: Intel® Data Plane Development Kit (Intel® DPDK) offloads compute-intensive services. (Source: Intel)
The Intel DPDK virtual switch (vSwitch) allows telecom operators to maximize packet throughput on server platforms running NFV workloads. And it’s an open platform that is compatible with all Intel® Architecture-based hardware platforms.
Qosmos integrated the Intel DPDK vSwitch in its ixEngine* DPI engine to boost packet processing performance. “Technologies such as DPDK enhance the performance of Qosmos DPI software at the data-capture level,” said Nicolas Bouthors, CTO at Qosmos.
Processor Optimizing Network Virtualization
Bouthors notes that software probes must contend with ever-increasing network traffic: “That has a direct impact on the processing needs.” There is also a greater need to switch packets with stable latency.
To handle increasing resource requirements, powerful processors like the Intel® Xeon® processor E5-2600 v4 product family are employed to keep things running smoothly. Thanks to increased CPU power, network tasks such as cryptography and packet forwarding are much more manageable.
Most important, processors like the Xeon E5 2600 v4 accelerate network virtualization by using the quality-of-service (QoS) techniques collectively known as the Intel® Resource Director Technology (RDT).
Figure 2. RDT facilitates virtual functions by prioritizing VM workloads. (Source: Intel)
RDT techniques facilitate greater visibility and control over critical shared resources like processor caches and main memory (Figure 2). And that keeps transient packets from clogging the caches and displacing important program code and data.
The new NFV paradigm is pushing for the softwarization of telecom functions now mostly dedicated to hardware implementations. And Intel’s Broadwell family of Xeon processors is accelerating that shift toward software features like virtual probes.
How Software Probe Complements NFV
NFV technologies are crucial in confronting CAPEX and OPEX pressures, as well as an unprecedented rise in data traffic. Software probes bring down the CAPEX and OPEX costs associated with monitoring virtual network functions or VNFs in real time.
Therefore, the choice of a processing platform is critical due to a software probe’s inherent need for packet acceleration in extreme network environments: a processing platform that provides sufficient bandwidth and compute resources alongside specialized tools for a modern virtualization environment!