Faced with the increasingly common dilemma of trying to support service flexibility for customers with growing end-points scattered around the globe, Masergy Communications is using a virtualized network function platform to let customers add routing and firewall functions by software. The move, formally announced today by Masergy but also highlighted last week by Overture Networks, expands the camp of NFV deployments at the customer premises for increased service flexibility and reduced costs and hassles. (See Masergy Launches NFV Platform, Premises-Based Virtual Router and Overture Announces Pure-Play NFV Deployment .)
Colt addressed the same dilemma in Europe ahead of its NFV deployment, and CenturyLink is also distributing NFV, while other operators are seeing the same issues. What Masergy Communications Inc. is doing is jumping in with both feet on a pure-play virtualized network function platform that will make premises-based virtual routers part of their managed services portfolio alongside premises-based physical routers and cloud-based routers. (See Two Faces of Distributed NFV, Colt: NFV Can't Be Backward Step and Light Reading Report: NFV Market Report: Virtual CPE.)
Masergy's vision, CTO Tim Naramore tells Light Reading in an interview, is to add a virtual machine stack into its existing network interface device, known as the Masergy Intelligent Bridge, to reduce the number of boxes required and the complexity of getting all that gear in place before adding a site to its managed services offer. Overture is one of the companies already making the NID device and was Masergy's choice for this next step.
"That way, you have one box to deploy, and if you need a router later, you can add it, through software," he says. "If you need a router and a firewall and the NID all there from day one, you can configure it and have it all delivered in one easy step."
Most of Masergy's customers have international locations already and are expanding, often through acquisition. The process of shipping multiple boxes and getting them through customs and on-site all at once is very challenging and adds both hassle and expense to the process, Naramore says. By moving to a single box, with VM on board, Masergy is simplifying the process and creating service flexibility in the process.
The service provider chose Brocade Communications Systems Inc. (Nasdaq: BRCD)'s Vyatta 5600 vRouter in part because it uses and likes Brocade's switches, and is using Fortinet Inc. 's FortiGate-VM virtual firewall for much the same reason -- a previous successful relationship with the company.
The decision to go with Overture Ensemble Carrier Ethernet (ECE) is a bit more complicated. Masergy uses Overture boxes today but also those from other vendors, and conducted something of its own bake-off before making an NFV choice.
"Overture's vision closely matched our vision," Naramore says. "We have been working with Prayson Pate and his team for more than a year on this."
Where the two came together was on the need to incorporate the virtual machine into the NID device itself and enable multiple VMs to run there in an open architecture. Masergy is starting with virtual router and firewall functions because those are things that its customers want the company to manage today as part of its managed services portfolio, but Naramore sees the need going forward for other functions including service border controller, media gateway for SIP functions and more. Overture's open architecture will enable Masergy to add those down the road and not be restricted to Overture-only options.
Some vendors were willing to provide any functionality in software but expected Masergy to provide its own servers, and other vendors were willing to provide all functions on a single box, but expected to be the sole vendor of whatever software functions were added later.
Providing its own servers didn't simplify the premises challenge for Masergy, Naramore points out, since it still meant providing multiple boxes to a site, and one of those boxes became a pretty heavy-duty server. "If you are going to eliminate two $2,000 pizza boxes [for routing and firewall] with a $12,000 server, it really doesn't work financially," he points out.
Overture's open approach lets Masergy add whatever VMs it chooses going forward. "Some of the larger vendors can give us whatever we need, but you have to buy it all from them," he says, without naming names.
The other thing Overture did that proved critical to Masergy was to create a performance-optimized device that is low-heat and low-power, in part by using the Intel Atom processor, and Intel's Data Plane Development Kit (DPDK), to develop their code to be completely optimized.
"We were able to get line-rate throughput with multiple VMs, which was far ahead of any of their competition, and that was critical for us," Naramore says.
Some other vendors left their NID software running on their own ASICs and planned to add an Intel blade to the box. Masergy finds the Overture approach enhances performance while keeping power and heat generation in line with CPE needs.
This solution specifically targets the smaller, more scattered sites that Masergy's customers seek to bring under its managed services umbrella, Naramore says -- it's not suitable for a major data center, for instance -- but the growth in the need to connect this widely distributed locations has him convinced the service will see a fairly fast ramp following its July 1 debut.
He's already had multiple CIOs say they are ready to deploy immediately, a clear indication that this isn't NFV being deployed for its own sake but to meet a customer-driven need.
— Carol Wilson, Editor-at-Large, Light Reading