Network Integrity: The Key to NFV

Retiring or removing VNFs is equally critical as some VNFs inadvertently left instantiated could result in security breaches or result in susceptibility to denial-of-service attacks. For instance, VNFs may be instantiated for temporary troubleshooting or service testing during service activation.  These may include virtual test agents, traffic generators, virtual taps, and packet analysis. If they are mistakenly left instantiated or fail to be retired by an automated process, they can be exploited maliciously or inadvertently during routine network maintenance, resulting in service disruption and extended operational expenses.

Assuring security integrity becomes even more challenging when multi-cloud or multi-site NFV is considered. Virtual networks may span from data centers, remote points-of-presences, to mobile base stations, and to customer premise locations. Not all VNFs are suitable to be centrally hosted for a variety of reasons, including latency, bandwidth and performance. The resulting architecture is very effective and practical for hosting various types of VNFs and changes the convention definition of a security perimeter.

Clearly, maintaining configuration integrity will be necessary in order to meet regulatory and compliance requirements, which will be increasingly challenging and potentially expensive in virtualized networks.

An effective network data integrity assurance strategy must be highly scalable. It must be able to collect, compare and report on tens-of-millions of real-time configuration and service parameters from hundreds-of-thousands of physical and virtual network functions, NFVI (i.e. servers, hypervisors, etc.), and management and orchestration systems. It must have the ability to discover network service topology and compare to inventory databases, automatically reconciling mismatches and discrepancies. Identifying, alerting, and correlating network data integrity analytics with security events will be important to maintain a reliable and secure network. Lastly, any strategy must be open and interoperable, and easily integrated into BSS, OSS, and orchestration systems, as well as multi-vendor physical and virtual network functions. 

The benefits that can be gained from a holistic network data integrity strategy include:

• Lower operational expenditures through reduced fallout caused by incorrect inventory data;
• Accuracy in network asset information for reliable financial and regulatory reporting;
• Speed and simplicity to identify which network function are instantiated, their location, and the number of instances;
• Faster resolution of network faults from accurate inventory data;
• Improved customer satisfaction and revenue assurance with “right first time” network configuration; and
• Higher user confidence in decision-making processes based on accurate inventory data.

We’ve reached the end of the beginning of SDN/NFV transformation. The time is now time to focus on deployability. Most of the challenges, including network data integrity, which exist with today’s convention networks will become magnified with new hybrid physical and virtual networks. And new ones will emerge. We are beginning a massive market transformation where many of the operational barriers first need to be identified, and then overcome.

 ________________

About Nakina:

Nakina offers a suite of Network Integrity applications for managing, securing, and optimizing physical and virtual networks. Nakina’s applications are built upon our Network Integrity Framework - open and modular software platform that abstracts network complexity, normalizes multi-vendor management, and bridges the physical and virtual worlds for Management and Orchestration systems. Our software is proven, trusted and protects the world’s largest and most important networks.