How to make uCPE deployment easier (and cheaper) with in-band management

By Karl Mörner

How many NICs do you need to manage a uCPE with service chained VNFs? One for WAN data plus one for each VNF and one for the platform?

Wrong! With in-band management, it is possible to let all management interfaces and data traffic share the same physical interface. Shared interfaces can minimize system cost and make things easier for the end user; two key pillars when building a managed service for enterprise deployment. A unified approach to in-band-management addresses both pillars and simplifies the service provider's ability to add functionality, and revenue streams, by onboarding new VNFs.

Many commercial VNFs support in-band management as an added feature. It allows the user to configure one network connection to handle both WAN and management traffic. With in-band-management, the VNF (or physical appliance running the VNF bare metal) can use a single IP address for all internet facing communication. Removing a dedicated management port simplifies the networking setup, reduces the cost for the system, and makes the installation procedure easier. The standard out-of-band configuration method using a dedicated management port is the basic setup for a VNF, but in-band-management can be a great improvement.

 

 Figure 1. Compare standard and in band management VNF configuration

Figure 1. Compare standard and in band management VNF configuration

 

There are still reasons to why a dedicated management port may be required though, for example, when the VNF is part of a service chain with other VNFs. It is far from ideal to let all management traffic pass all VNFs in the chain. Configuring such a setup would add unnecessary complexity to each VNF in the service chain, and VNF specific configurations just to enable a service chain would create vulnerabilities for the service configuration. As a design rule, all VNFs should be unaware of the service chains it belongs to and the underlying network.

 

Figure 2: Service chaining combined with in band management on VNF level is a design problem

Figure 2: Service chaining combined with in band management on VNF level is a design problem

 

This reasoning strongly supports using the standard out-of-band way to configure VNFs through dedicated WAN, LAN and Management ports. On the other hand, in-band-management with a single interface port provides a better user experience and a lower system cost.

 

Figure 3: A service chain without in band management on VNF level for simple VNF onboarding

Figure 3: A service chain without in band management on VNF level for simple VNF onboarding

 

Combining simplification with good design principles brings a few firm requirements on the networking setup of the service chain:

  • Shared physical ports for WAN and Management are required for cost reasons.
  • Each VNF must be configured without knowledge of the service chain it is part of.
  • Out of band network configuration using dedicated WAN, LAN and Management ports is the ideal way of configuring each VNF as it is the standard way and it is required for clean service chain configuration.

It may not be obvious how these seemingly incompatible requirements can be combined, but a solution can be implemented in the underlying virtualization layer.

  • The virtualization platform has to allow its own platform level management traffic to be shared with the physical NICs used for WAN traffic.
  • The physical NICs used for WAN traffic also need to be shared with each VNFs management traffic.
  • The sharing of all management and WAN traffic on a single physical NIC cannot have an impact on the individual VNF configuration within the service chain.

 

Figure 4: The virtualization platform shall solve service chaining and in band management independent of the VNFs it hosts

Figure 4: The virtualization platform shall solve service chaining and in band management independent of the VNFs it hosts

 

So, is there any available virtualization platform that can offer this approach to unified in-band management?

Yes, Enea NFV Access is a virtualization platform for uCPE, providing in-band-management on the platform level for all management and WAN traffic using one single physical NIC. It is easily enabled for automation, as part of Zero Touch Provisioning (ZTP). The solution scales to service chains of any size. When onboarding a VNF, no regard is taken to whether the VNF is included in any service chains; all networking configurations for in-band-management and service chaining are solved in the virtualization platform. Enea NFV Access simplifies VNF onboarding , supports single public IP addresses for WAN and all management, and provides a truly universal onboarding method for full openness and zero lock-in.

Find more information about Enea NFV Access at the Enea website: www.enea.com/nfv

Note: this article was first published on LinkedIn.