Reducing complexity to move forward faster
CenturyLink has chosen to break up the orchestration process and not attempt to use one master orchestrator for everything, Dunstan says. Instead it has created separate domain orchestrators, one for VNFs and another for physical network functions, as well as a third for third-parties, such as transport and more. Then there is a master orchestration system above the three domain orchestrators. (See CenturyLink: Kill Complexity to Speed NFV.)
"The logic behind this was not that you couldn't build one system, you just can't have enough meetings to get it to work right," he says. When one part of the organization had completed its work, another part might have gotten distracted by something else and getting everyone on the same page proved too difficult. "When the system has so many cross-dependencies, you can't get there. So we decided that we would break it up this way. We don't do PNF and VNF together. That was a deliberate decision that took quite a long time to get through."
PNF and VNF orchestrators are fundamentally different, since the one controls an existing piece of hardware and the other addresses something that doesn’t yet exist, Dunstan explains.
"But adding all of those things to bring a VNF into existence in the existing PNF infrastructure, which is already one of the world's largest Tail-F implementations, was going to be a massive effort, disrupting lots and lots of customer telemetry," he says. "So we determined to separate it."
CenturyLink also spent considerable time deciding how to handle VNF onboarding, and ultimately chose not to create a single uniform interface that replaces vendor interfaces, when those have their own appeal.
"It didn't make sense, because the people that bought Palo Alto, for instance, like the Palo Alto UI, so why should we replace that," he said. "You are further chasing breaches and bugs. So we decided to not follow that path. When we do VNF integration, we bring the VNF into existence, we do all the connectivity associated with it, we do some basic set-up and then we hand it over to the specialist who deals with it."
In the case of a virtual firewall, CenturyLink gets it operational and then hands off to the customer with an IP address, or offers configuration services associated with that for customers who prefer that level of assistance.
Dunstan came to CenturyLink with its acquisition of Active Broadband, and arrived as the company was struggling with the second version of its Programmable Services Backbone architecture, which was its early venture into virtualization dating back to 2012. The first version was VMware-based but wasn't a complete stack, which lead to the second version, an OpenStack-based system. (See CenturyLink's ABN Buy Is Software Harbinger, CenturyLink: Building the Case for NFV and Inside CenturyLink's NFV/SDN Strategy.)
"I looked at this thing and we came to the conclusion within three-to-four months that we had built something too complicated," he says. "And so because the scope was so broad, these guys had built virtualization to run anything but the mission that the business needed was NFVi. So we went back and rebuilt again, and we went specifically for that purpose. In doing so, we were able to simplify the proper system we built significantly [over] the previous version and make it much easier to get into production and manage."
— Carol Wilson, Editor-at-Large, Light Reading