How to make uCPE deployment easier (and cheaper) with in-band management
By Karl Mörner
By Karl Mörner
How many NICs do you need to manage a uCPE with service chained VNFs? One for WAN data plus one for each VNF and one for the platform?
Wrong! With in-band management, it is possible to let all management interfaces and data traffic share the same physical interface. Shared interfaces can minimize system cost and make things easier for the end user; two key pillars when building a managed service for enterprise deployment. A unified approach to in-band-management addresses both pillars and simplifies the service provider's ability to add functionality, and revenue streams, by onboarding new VNFs.
Many commercial VNFs support in-band management as an added feature. It allows the user to configure one network connection to handle both WAN and management traffic. With in-band-management, the VNF (or physical appliance running the VNF bare metal) can use a single IP address for all internet facing communication. Removing a dedicated management port simplifies the networking setup, reduces the cost for the system, and makes the installation procedure easier. The standard out-of-band configuration method using a dedicated management port is the basic setup for a VNF, but in-band-management can be a great improvement.
Figure 1. Compare standard and in band management VNF configuration
There are still reasons to why a dedicated management port may be required though, for example, when the VNF is part of a service chain with other VNFs. It is far from ideal to let all management traffic pass all VNFs in the chain. Configuring such a setup would add unnecessary complexity to each VNF in the service chain, and VNF specific configurations just to enable a service chain would create vulnerabilities for the service configuration. As a design rule, all VNFs should be unaware of the service chains it belongs to and the underlying network.
Figure 2: Service chaining combined with in band management on VNF level is a design problem
This reasoning strongly supports using the standard out-of-band way to configure VNFs through dedicated WAN, LAN and Management ports. On the other hand, in-band-management with a single interface port provides a better user experience and a lower system cost.
Figure 3: A service chain without in band management on VNF level for simple VNF onboarding
Combining simplification with good design principles brings a few firm requirements on the networking setup of the service chain:
It may not be obvious how these seemingly incompatible requirements can be combined, but a solution can be implemented in the underlying virtualization layer.
Figure 4: The virtualization platform shall solve service chaining and in band management independent of the VNFs it hosts
So, is there any available virtualization platform that can offer this approach to unified in-band management?
Yes, Enea NFV Access is a virtualization platform for uCPE, providing in-band-management on the platform level for all management and WAN traffic using one single physical NIC. It is easily enabled for automation, as part of Zero Touch Provisioning (ZTP). The solution scales to service chains of any size. When onboarding a VNF, no regard is taken to whether the VNF is included in any service chains; all networking configurations for in-band-management and service chaining are solved in the virtualization platform. Enea NFV Access simplifies VNF onboarding , supports single public IP addresses for WAN and all management, and provides a truly universal onboarding method for full openness and zero lock-in.
Find more information about Enea NFV Access at the Enea website: www.enea.com/nfv
Note: this article was first published on LinkedIn.