Interview with Nicolas Bouthors, CTO of Enea, Qosmos Division
NFV is changing the way communication services are being delivered. What is the impact on monitoring?
Virtualization has effectively decoupled services from the infrastructure delivering those services, thus making it difficult to trace any service fault to a particular piece of infrastructure. Our approach at Qosmos is to put a virtual probe inside the hypervisor and tie it to the virtual switch for data capture. Using a flow-based approach, the probe can see when something happens at the service level if it is related to a specific VNF or NFVI component (i.e. compute, storage, or network resource that has been virtualized).
What do you mean by flow-based monitoring?
Flow-based monitoring simply means that we identify and keep track of individual traffic flows, where a flow is defined as data exchanged between two 5-tuples (i.e. a combination of source and destination IP addresses, port numbers and protocol). This is why flow-based monitoring is well adapted to virtualized environments; it allows network administrators to monitor the entire chain of physical and virtual resources used in the delivery of a particular service to a specific end-point.
Does it mean you capture and analyze all traffic flows going across the NFVI layer?
The entire NFV traffic goes through the NFVI layer. However, this represents a huge amount of data. From a technical and economic standpoint, it is not desirable to capture and analyze all that traffic with high granularity.
Our vision is that a NFV administrator needs real-time as well as historical views with different levels of granularity, depending on what is being monitored. This is why the NFV Probe we developed can be configured to monitor both individual VNFs as well as all traffic going through the NFVI layer, but with varying degrees of granularity. For example, the NFV administrator can configure the probe to observe in real-time with high granularity a specific meta-data, say response time for a web server that has an open trouble ticket. On the other hand, he can also get a high-level view of the NFVI layer and see when an alarm is raised if it is related to a specific host, function, application, or service.
What makes these “on-demand” configurations possible?
We are using a Netconf interface to configure the probe and to specify how to correlate and aggregate different variables to create specific KPIs. Qosmos supports thousands of protocols and metadata, so the NFV Probe needs to be configured to specify what needs be analyzed. For example, the administrator might want to focus on response time for http and no other protocol.
What is the implication of this on-demand probing on data storage?
All the information coming from the NFV Probe is stored in a database according to a data model we call that the “traffic matrix”. We have run several trials where we provided a traffic matrix on an open source database (e.g. Elastic Search or InfluxDB) and used open-source tools such as Kibana and Grafana to visualize the information.
So are virtual probes the way of the future for monitoring telecom services?
Yes! The reality is that we will have hybrid networks (combining traditional and NFV infrastructure) for many years to come. In this context, virtual probes provide a clear advantage as they can monitor both virtual and physical interfaces to provide an end-to-end view for any service. And of course, deliver this with the economic advantage of non-proprietary hardware.