VIRTUAL NETWORK FUNCTIONS

NFV provides for an open architecture with many flexible options for deploying an NFV solution. The typical architecture of NFV consists of three distinct layers:
Network functions virtualization infrastructure (NFVi) – the hardware and infrastructure software platform required to run network applications. 
Virtual network functions (VNFs) – software applications that deliver specific network functions, such as routing, security, mobile core, IP multi-media subsystems, video, etc. 
Management, automation and network orchestration (MANO) – the framework for management and orchestration of NFVi and various VNFs.

NFV vs​ SDN

Software defined networking (SDN) is typically defined as the separation of the forwarding and control planes in a network element. It provides improved control/management as well as network programmability. SDN is distinct from NFV – but many NFV deployments may use SDN controllers as part of the overall NFV architecture.

NFV, SDN, and application programming interfaces 

NFV is network component virtualization and SDN is network architecture that puts automation and programmability into the network by decoupling network control and forward functions. When NFV virtualizes all the infrastructure in a network, SDN centralizes the network’s control, creating a network that uses software to construct, control and manage it. 
An SDN controller, northbound application programming interfaces (APIs) and southbound APIs are often included with an SDN. With the controller, network administrators can see the network and decide on the policies and behaviors of the adjacent infrastructure. Northbound APIs are used by applications and services to inform the controller of what resources it needs. Southbound APIs help the network run smoothly by processing information about the network’s state from the infrastructure and forwarding it to the controller.

Virtual Firewall

A virtual firewall appliance is a network firewall service that provides packet filtering inside a virtualized environment. A virtual firewall appliance oversees and controls approaching and outgoing traffic. A virtual firewall appliance works in conjunction with switches and servers like a physical firewall. A virtual firewall appliance keeps an unapproved user from getting to and transmitting information and records and virtual firewall appliance also prevents​ an organization's employee from exchanging any sensitive information or documents. A virtual firewall appliance works in two modes: bridge mode and hypervisor mode. Like a conventional firewall framework, bridge mode works by diagnosing and observing the majority of the virtual machines incoming and outgoing traffic. In hypervisor mode, the virtual firewall appliance works in isolation from the physical network, dwelling in the center hypervisor kernel and dealing with the incoming and outgoing traffic of the virtual machine.

Virtual Firewall Features

Next-Generation Firewall

vFirewall is a virtualized next generation firewall that can detect and mitigate modern day threats. These include threats like DoS/DDoS, trojan, botnets, SYN/UDP/ICMP flood attacks, port map or port scan attacks, web/SQL attacks etc … vFirewall can do both Intrusion Prevention and Intrusion Detection in all types of deployments which can be virtualized, bare metal or public/private cloud. 

Deep Packet Inspection (DPI) is playing an increasingly important role in networking today, becoming more and more of a service enabler for quality of experience (QoE), data center and network security, Virtual CPE services, network and subscriber analytics, and more. With advancements in Network Function Virtualization (NFV) and Software Defined Networking (SDN), new use cases for Virtualized Deep Packet Inspection (vDPI), or DPI solutions such as Virtual Firewall deployed at a virtual network function (VNF), have emerged.

Mro-Tek Virtual Firewall Framework

Mro-Tek Virtual Firewall Framework is a reusable high performance DPDK optimized security solution developed to run on Intel x86 based platforms that can be used  as Virtual CPE (vCPE), Firewall or IDS/IPS solutions for partners and Software and hardware architecture of our Virtual Firewall Framework delivers up to 2x performance over traditional appliances based Firewalls.

Virtual Firewall forms an integral part of our vCPE solution with the addition of Firewall, IDS/IPS and QoS services. The framework offers an optimized and balanced combination of Access Control Lists (ACL), Stateful Firewall, Intrusion Detection/Prevention . Mro-Tek vFirewall Framework is able to deliver industry leading performance by using innovative techniques such as Receive side scaling, hyper threading, SIMD instructions, and by keeping the signature database small enough to fit in to the processor cache thereby avoiding memory calls during runtime packet processing.

Deploy on Your Virtual Machine

Do you have a virtual machine (VM) environment? Most Barracuda products are available in software form as virtual appliances ready to be downloaded and installed into your VM server. We support a variety of hypervisors including:
 - VMware
 - Microsoft Hyper-V
 - Citrix Xen
 - Oracle VirtualBox
 - KVM

NFV Use Cases

NFV is applicable across a wide range of network functions, including fixed and mobile networks. Some leading NFV applications include: