Massive VNF Scaling
Fortinet Security VNFs Dynamic Scale-Out and Scale-In
The Need for Dynamic, Massive VNF Scaling
The use of virtualization and the implementation of the European Telecommunications Standards Institute’s (ETSI's) Network Function Virtualization (NFV) framework has been growing in the mobile network as operators evolve their infrastructures towards 5G technology. The decoupling of the underlying hardware resources from the functions provided by the VNF adds agility and flexibility but reduces performance, predictability, and availability. To overcome these short-comings, there is a need to automate and orchestrate the ability of VNF to scale-out and scale-in based on service requirements and load. These may drastically vary based on the service type and VNF's function and location.
Fortinet's Massive Auto Scaling
As a standards-based implementation for auto-scaling, Fortinet's security VNFs integrate with software-defined networking (SDN) and the management and orchestration (MANO) platform to provide the required dynamic scale in and out:
- SDN infrastructure and applications are used to determine service chains and distribute the sessions to the security VNFs based on their availability and loads.
- The MANO ecosystem is used to analyze, in real-time, the traffic levels and the load of each VNF to determine if a VNF instance should be added (scale-out) or removed (scale-in) to meet current and future traffic and service requirements/service-level agreements (SLAs). The instantiation or removal of a VNF will interact with the SDN layer that will re-distribute the traffic/sessions amongst the acting VNFs.
This type of integration and interworking will enable massive auto-scaling of VNFs to meet SLAs and availability requirements.
Fortinet and NoviFlow Auto Scaling Proof of Concept
To demonstrate the feasibility of security VNF massive auto scaling capabilities via SDN integration, Fortinet and NoviFlow joined forces to build a Gi-LAN application control web security service provided by FortiGate VM VNF. This PoC demonstrates the ability to dynamically scale-out to achieve 10 to 100 Gbps service throughput via NoviFlow's SDN switch and application. The architecture is detailed below where up to six FortiGate VMs used as application-control VNFs are dynamically scaled to achieve the required throughput based on overall traffic load.
This type of solution as demonstrated by Fortinet and NoviFlow can scale-out to multiple 100G of Gi-Traffic (DPI, Firewall, CG-NAT, NGFW) throughput via one NoviSwitch and a cluster of Fortinet PNFs/VNFs. It scales back in cases of non-usage. The NoviSwitch SDN programmable data plane supports up to 6.4 Terabit using P4 Language programmable network processors.
An additional layer of automation can be added to automatically trigger the instantiation of VMs for scale-out/in, such as analytics to determine and anticipate the current vs. required resources to deliver the SLA based on real-time traffic/sessions load and VNF's resources utilization.