and 10 Gbps. The edge device thus becomes an aggregation point for these multiple feeds into the core network. Therefore, there are some key functionalities that need to be supported by the service provider edge devices, which either must act as virtual BNG or virtual broadband gateways or introduce some functionality like virtual EPC that is primarily software-defined.

Another need that we see at the service provider edge is for greater flexibility and improved programmability to support dynamic route flows in the platform. We also need to be able to bring compute resources directly to the edge, as we are doing some of the processing right at the service provider edge before passing the traffic on to the regional or core network infrastructure or data center.

Figure 1: Moving security services closer to the edge
[click to enlarge]

Agility as a core platform design requirement

A network edge solution designed specifically to address the concerns listed above is needed. To meet these needs, this article proposes a fully integrated architecture that lowers service latency, improves security, provides an agile programmable networking platform, and supports service chaining at the edge to flexibly deploy multiple applications.

The following architecture describes such a solution bringing together hardware and software elements from NoviFlow, Lanner Electronics, and Fortinet. It fulfills the needs outlined using standard commercial off-the-shelf hardware to deliver an agile, customer defined infrastructure that can implement multiple virtual network functions on the same physical platform.

Platform management tools come pre-integrated to enable the remote management and provisioning of the platform without the need to go onsite to do cabling, wiring or troubleshooting. This removes the need for physical interactions with the edge or resources like the cost of a truck roll when problems occur.

The core idea of this solution is to fully leverage SDN infrastructure to implement directly in the network fabric key networking tasks such as filtering, load balancing and telemetry, and implementing other security functions as VMs, removing the need for expensive fixed-function appliances that physically constrain scalability. Delivering these capabilities on white box hardware makes for a more efficient, cost-effective solution.

In a service provider scenario, a multi-access edge solution usually needs to support a large number of lower-speed traffic ports. This solution brings with it a large number of physical networking ports, simplifying deployment. Each compute blade comes with its own internal NIC card, and the box integrates two 6.4 Tbps switches, eliminating the need for external cabling. The integrated switching makes it possible to do filtering decisions and redirection of traffic right at the network edge, before traffic even has a chance to consume core network resources or expose core resources to malware, viruses and cybersecurity exploits.