Virtual Network Functions aka VNF — In an Easy Way

In this blog, we will see what is a virtual network function and why we need it. Also we will it’s importance in the 5G era and then we will discuss a bit on SR-IOV plugin.

Before going into VNF we need to understand what is Network Function Virtualization (NFV). It is a network architecture that is used for abstraction of network functions from hardware. In earlier days, there used to be a specialized hardware for each and every networking functionalities like router and hardware. But with the world moving towards virtualization, the networking has also been software defined and approach has been taken to make it more open and free it up from the proprietary hardware and software.

NFV is actually composed of three parts:

1. Virtual Network Function (VNF): The actual networking application i.e. the networking logic.
2. Network Functions Virtualization Infrastructure (NFVi): The infrastructure for running the VNF.
3. Management, Automation and Network Orchestration (MANO): It is the end to end automation framework for the above two.

These architecture is the basis for NFV and it helped the telco-cloud to develop software and deploy it on demand without requiring a specialized hardware everytime. In this blog I will speak now only of VNF and I will continue the other two in my coming blogs.

VNFs can deliver functions such as file sharing, directory services, firewall, WAN optimization, Load Balancing and all of these. These can all run as a separate virtual machine or a kubernetes cluster. So, VNF is one of the foundamental buildig block for 5G and edge computing.

So are VNFs deployed in a single VM like routing and firewall in a single VM?

No, each VNF are deployed in separate virtual machines or containers (in case of kubernetes) and they are sort of interconnected by service chaining or service mesh like Istio.

Now, let’s briefly discuss the benefits of VNF.

1. Network Scaling is easier to approach.
2. Network Infrastructure can be efficiently used.
3. Security can be enhanced.
4. Reduced Power Consumption.
5. Reduction in CAPEX and OPEX.

Now one important aspect we need to talk about VNF is it’s efficiency. All the VNF are like a normal software program that is running on a linux stack. As VNF are mainly related to data packets, it should be able to do faster packet processing. But with the native linux networking stack it is not possible and to solve this problem we have SR-IOV and DPDK. In this blog, I will focus on SR-IOV mainly.

What is SR-IOV?

SR-IOV or Single Root I/O Virtualization allows the isolation of PCI Express for each Virtual Machine. PCI is a high speed serial computer expansion bus standard. You can learn more from this link.

The benefit of SR-IOV is each virtual machine get its own PCI and it help the VNF to skip the hypervisor and access the NIC directly. The direct benefit of this kind of bypassing is the data packet reaches the NIC without any kernel interrupts which results in higher throughput.

Note : To run SR-IOV we need SR-IOV support in the BIOS level as well as the OS level. So this is kind of requirement while running SR-IOV.

So what does our guest i.e. our VM see this SR-IOV. From the VM perspective it sees it like a normal NIC because the isolation of the NIC happens at the host level.

Fig: Diagrammatic Representation of how VNF bypasses the hypervisor.

In the above diagram OVS is known as open virtual switch for which also will be doing a detailed blog in the future.

Now for installing SR-IOV with kubernetes we need the following plugins

1. SR-IOV device plugin : It is responsible for detecting any SR-IOV resources available on the host and it addresses the kubernetes cluster about the resources and it is a kind of read only and informing functionality.
2. SR-IOV CNI plugin: It is responsible for configuring the specific resources allocated to a VM and it also modifies the host resources to make it ready for the Virtual machines.
3. Multus meta plugin: It helps in informing the pods the namespace annotations and the resources allocated to that pod.

That’s it for this blog. In the next two blogs I will write about DPDK and also the other two components of VNF.

For any reviews and critics please feel free to drop me an email at subhamkundu999@gmail.com

References:

1. https://www.juniper.net/documentation/en_US/cso5.1/topics/concept/nsd-vnf-overview.html
2. https://en.wikipedia.org/wiki/Network_function_virtualization
3. https://www.design-reuse.com/articles/32998/single-root-i-o-virtualization.html
4. https://www.intel.com/content/www/us/en/developer/videos/creating-virtual-functions-using-sr-iov.html