The goal of NFV is to transform the way that network operators architect networks by evolving standard IT virtualization technology to consolidate many network equipment types on to industry standard high-volume servers, switches and storage, which could be located in the data center, in the network or at end-customer premises. NFV replaces traditional, custom-designed network equipment (black boxes) that continues to dominate the installed base of networks.
NFV provides for an open architecture with many flexible options for deploying an NFV solution. The typical architecture of NFV consists of three distinct layers:
Network functions virtualization infrastructure (NFVi) – the hardware and infrastructure software platform required to run network applications.
Virtual network functions (VNFs) – software applications that deliver specific network functions, such as routing, security, mobile core, IP multi-media subsystems, video, etc.
Management, automation and network orchestration (MANO) – the framework for management and orchestration of NFVi and various VNFs.
Software defined networking (SDN) is typically defined as the separation of the forwarding and control planes in a network element. It provides improved control/management as well as network programmability. SDN is distinct from NFV – but many NFV deployments may use SDN controllers as part of the overall NFV architecture.
NFV is network component virtualization and SDN is network architecture that puts automation and programmability into the network by decoupling network control and forward functions. When NFV virtualizes all the infrastructure in a network, SDN centralizes the network’s control, creating a network that uses software to construct, control and manage it.
An SDN controller, northbound application programming interfaces (APIs) and southbound APIs are often included with an SDN. With the controller, network administrators can see the network and decide on the policies and behaviors of the adjacent infrastructure. Northbound APIs are used by applications and services to inform the controller of what resources it needs. Southbound APIs help the network run smoothly by processing information about the network’s state from the infrastructure and forwarding it to the controller.
A virtual firewall appliance is a network firewall service that provides packet filtering inside a virtualized environment. A virtual firewall appliance oversees and controls approaching and outgoing traffic. A virtual firewall appliance works in conjunction with switches and servers like a physical firewall. A virtual firewall appliance keeps an unapproved user from getting to and transmitting information and records and virtual firewall appliance also prevents an organization's employee from exchanging any sensitive information or documents. A virtual firewall appliance works in two modes: bridge mode and hypervisor mode. Like a conventional firewall framework, bridge mode works by diagnosing and observing the majority of the virtual machines incoming and outgoing traffic. In hypervisor mode, the virtual firewall appliance works in isolation from the physical network, dwelling in the center hypervisor kernel and dealing with the incoming and outgoing traffic of the virtual machine.
NFV is applicable across a wide range of network functions, including fixed and mobile networks. Some leading NFV applications include: