As a service provider, our network has to handle millions of devices and millions of flows. With our in-flight internet service, these flows are moving; they have to access critical services in different datacenters in the network. It makes the network quite unique and dynamic.
As I wrote in my last blog, our network is comprised of many kinds of elements:
- Traditional metal routing/switching boxes
- Capable of moving around large number of bits.
- Programmable switches
- We use APIs to setup our underlay network as a service.
- Direct connect and VPN tunnels
- Ability to reach resources in the public cloud
- Virtual network functions
- We run our network functions as services. They can run either in the public cloud or in our own data center
- A service comprising virtual and metal-based firewalls
- Legacy metal-based network functions
- DPI engines, access/MAC and PHY layer for the older satellite, traffic conditioners
One of the first building blocks we used to start building our next generation service provider network was dynamic service chaining. We called this service “vForwarder”.
Traditional Core Networks
In traditional core networks, traffic flows in a very well-defined and controlled path.
All traffic flows through all of the network devices that are pre-wired together. This has certain negative implications:
- The network functions that carry the traffic have to scale at the same time.
- Every time there is a network function that needs to be added, even for a small number of subscribers, the paths need to be changed.
- A fault in one network function can impact the whole network path.
- All traffic needs to traverse most of the network devices even if they don’t need to act on the traffic.
Dynamic Service Chaining Approach
When we started building out the next generation network we decided to build a micro services approach for the network to address the challenges with traditional core networks.
The service allows network flows to follow different paths through the network. It allows flows coming from the same device, even the same app to go through a distinct set of network functions.
The high level goals are:
- Allow the network to behave like a set of connected micro-services.
- Allow the addition of new network services dynamically without impacting other services.
- Let network functions scale independently of each other.
- Bypass or route around faulty network functions.
- Allow integrating legacy network paths and equipment.
ViaSat Virtual Network
We created a completely distributed network service. It includes hardware from well-known routing/switching companies and a whole lot of home grown software.
The network controller is home grown and runs in each datacenter and also in the public cloud. It scales to millions of devices with thousands of flows per device.
From each vForwarder perspective they see a set of Network Function interfaces (NFis) and a set of overlay tunnels. The Network functions can be virtual or physical.
The network functions can use the Controller’s API to attract traffic flows to their own NFis. They can also determine if the NFi needs to have a certain encapsulation – VLAN, GRE, VxLAN etc.
The overlay interfaces can have a completely different encapsulation on each link. This allows fully mesh-connected network functions within and across data centers. Even functions in the public cloud can be connected in a chain easily.
The distributed network controllers allow a service chain to span data centers and network functions can be placed anywhere in the network. The controller also programs the overlay gateways in the border leaf routing devices.
Using our network controller and the vForwarder service we created a platform that allows:
- New functions can be added very easily into the network. The neighboring services don’t even need to know.
- Network functions can now scale out independently of each other since the traffic is selectively sent only to the functions that need them.
- We can move flows and combine service chains across data centers – allows for a truly mobile and dynamic end-user service.
- The ability to route or re-route traffic on a hop by hop basis. So if a network function changes or remarks traffic the next hop is truly dynamic.
Next I will talk a little more about Network Function Orchestration in this environment. Please watch this space.