When Masergy set out to add a premises-based virtual router to its family of managed router services, the global service provider was solving a specific customer problem -- the rapid growth of distributed locations where companies needed flexibility but didn't have IT resources on the ground.
It's a common and growing problem for communications services providers and one of the early sweet spots for network functions virtualization (NFV), but as Masergy Communications Inc. soon learned there were multiple approaches to addressing this particular challenge.
Its decision to team up with Overture Networks Inc. for premises-based CPE, along with Brocade Communications Systems Inc. (Nasdaq: BRCD)'s virtual router and Fortinet Inc. 's virtual firewall, was based on a vendor comparison process that sheds some light on the state of the industry, where premises-based NFV is concerned. Masergy is using the Overture 65vSE VNF compute node platform and running Overture Ensemble Carrier Ethernet (ECE), Brocade Vyatta 5600 vRouter and Fortinet FortiGate-VM firewall as virtualized network functions (VNFs).
Masergy CTO Tim Naramore shared his insights with me last week. To give you some New IP insight into Masergy's announcement, I've pulled out some key segments from my interview with Naramore. (See Masergy's Bold NFV Play Is Customer Driven for the news story on Light Reading.)
On the problem Masergy set out to solve:
Tim Naramore: We were really determined not to do NFV to do NFV. We were solving a very specific problem that our customers were coming to us with. They were saying, look, "My company is doing acquisition after acquisition, and some of these are in countries I'm not real sure about. And I would like the ability to be able to dynamically deploy a firewall and not have to ship equipment. Or I'd like the ability to do DPI, deep packet inspection on the fly if I needed to." That is what drove our vision as a product.
On the importance of Overture's choice to port its code to Intel Corp. (Nasdaq: INTC)'s Atom processor:
TN: It was important to us that Overture had a very extensive background in performance optimization -- this device is very low power, it's low heat, and the key for making this work is I think that [it's built on] Intel's Atom core processor. That's not the heftiest chip in the world so you are talking about a lot of functionality. They went to the trouble to really go down to the core level and use the data plane development kit (DPDK) from Intel to develop their code so it was completely optimized for this. And we were able to get line-rate throughput with multiple VMs, which was far ahead of any of their competition. That was critical for us.
On why that choice was important:
TN: One of the key elements of that was, you burn something into an ASIC, your ability to change it is limited. If you are putting it in software and running it on a generic CPU, your ability to change it is much, much greater. That to me was one of the key elements of why we made this decision. Had other people been able to demonstrate a huge performance increase, doing it the other way, with a dedicated chip, that might have been different, but we didn't see that.
On different vendor approaches to NFV:
TN: We found several of the CPE vendors that embraced [the CPE challenge.] They embraced that in different technology ways. Some, like Overture, ported their code to the Intel processor. So their existing code that was running on an ASIC is now running on that Intel processor. So there is nothing in that box but an Intel processor.
Other vendors said, "I am going to leave my NID software running on my ASIC and I am going to add a VM blade to it -- an Intel blade hat has the capability of running the software." Yet others were saying, "It's got to be a separate box that sits on top of the NID, and we want to deploy the cheapest possible white box solution."
In our case, for the exact reasons I told you, our customers aren't necessarily looking for the cheapest solution, they are looking for reliability, because they don't want to have to deal with it after they put it out.
On the importance of integrating the NID:
TN: A lot of folks said, "We will build the software and you go get your own Dell Technologies (Nasdaq: DELL) server or HP Inc. (NYSE: HPQ) server or whatever. We are not going to be in that business." That really wasn't going to help us on the NID software piece of things. Adding a server you had to deploy to the prem, you know, most of the guys were talking about pretty hefty servers. So if you are going to eliminate two thousand-dollar pizza boxes with a $12,000 server, it really doesn't work financially.
On the importance of an open architecture:
TN: A lot of the larger vendors out there, their approach to us was, "You'll buy it all from me. It'll be my routers, my firewalls. It'll be virtual, but you have to buy everything from me." But maybe the best person at making a NID isn't the best person at making a router. And we wanted the flexibility to go best of breed. That was really a key on going with Overture.
On the longer-term vision:
TN: Our vision is to go beyond [routers and firewalls] to session border controllers, encryption potentially, media gateways for SIP kind of solutions, test heads, etc. That really matched [Overture's] vision that their architecture was completely open. If I can build a VM, I can put it in this environment. That was important to us.
— Carol Wilson, Editor-at-Large, Light Reading