Cable MSOs: How to Succeed With SD-WAN Using Virtualized Service Assurance

Posted by Jeff Johnson on Tuesday, September 12, 2017 with No comments

Cable MSOs hoping to effectively target enterprise customers must find a way to establish a nationwide service area, which means augmenting their own DOCSIS and Carrier Ethernet infrastructure with third-party access to extend their footprint. Increasingly, MSOs are adopting software-defined WAN (SD-WAN) to reach on- and off-net sites, in a uniform way over any access media. But, there’s a pitfall: SD-WAN appliances don’t offer standards-based test, turn up, and monitoring functions required to offer service level agreement (SLA)-grade services.

Instead, SD-WAN solutions use proprietary monitoring and reporting methods, which don’t interoperate with existing network equipment. Problem is, SD-WAN may only be required in certain enterprise customer locations, so any implementation has to interact seamlessly with traditional service delivery methods, which means using standards-based techniques.

How to address this issue?

Virtualized test probes and test reflectors can cost-efficiently replicate network interface device (NID) functionality, bringing the needed turn-up testing, monitoring and operations & maintenance (OAM) functions to SD-WAN endpoints. Virtualized instrumentation uplifts SD-WAN with carrier-grade functionality, making it interoperate with existing network infrastructure, operations procedures, and support systems.

Assuring the SD-WAN Service Lifecycle

The SD-WAN service lifecycle has three main phases, consistent with the MEF’s established model for Carrier Ethernet connectivity:

  1. Deployment: provisioning and service activation testing (SAT)
  2. Performance monitoring and SLA reporting: collecting and presenting key performance metrics
  3. Troubleshooting: techniques to identify, isolate, and troubleshoot service issues

<click image to enlarge>

Metro Ethernet Forum Service Lifecycle 

Approaches to Virtualized Performance Assurance

To effectively assure all of these phases, MSOs may choose to use one of two approaches:
  1. Centralized performance monitoring architecture using virtualized performance assurance controller (vPAC) virtual network functions (VNFs) as probe generators, with a lightweight, stand-alone software agent that instruments the entire network in a software-only implementation. 
  2. Network-embedded architecture that employs small footprint, programmable performance assurance hardware modules (vCPE modules) augmented by virtualized performance assurance functions hosted on a centralized vPAC. 

The first option, because it’s software-only, is less precise and has a smaller feature-set than that offered by vCPE modules. However, it is well-suited for deployments where performance assurance using standard-based protocols is needed, but the added-benefits offered by the NFV-enabled modules are not required.

To facilitate integration with existing operational support systems (OSS), network management systems (NMS), and VNF orchestrators, either approach requires four key elements:
  1. A test session controller
  2. A test packet generator
  3. A test packet reflector or receiver
  4. Precision timestamping
Each approach is discussed in more detail below.

Software-Only Virtualized Performance Assurance

This option provides unprecedented deployment speed and agility, through its ability to remotely and centrally deploy, configure, and run everything needed to instrument an existing network, on-demand, with minimal expense. Standards-based monitoring methods integrate the network itself into a ubiquitous instrumentation layer. With this visibility centralized in data centers shared with SDN control and big data analytics, providers have an integrated foundation to deliver a new level of customer experience.

Here’s how it works:
  • The vPAC assumes all session setup, control, and sequencing functions, as well as results analysis and reporting to file servers. vPAC instances (manifested as VNFs) are deployed and orchestrated seamlessly with the network service descriptors, allowing fully-automated setup and assurance of virtual service chains.
  • The lightweight software agent VNF has two functions: 
    1. Offers reflection capabilities, instrumenting the network with any orchestrator while easily running unprivileged on any Linux based operating system.
    2. Enables bi-directional measurements, unrivaled metrics set, measurement granularity, and third party interoperability—features unavailable when using built-in standard open-source tools (such as ICMP ping) or even proprietary measurement methods offered by SD-WAN vendors.
Enhanced Performance Assurance with NFV-Powered vCPE Modules

This option basically consists of pairing a centralized vPAC with network-embedded vCPE hardware modules, in order to virtualize as many customer-located networking functions as possible while retaining minimum hardware needed for service delivery, consistent with performance, reliability, and quality of experience (QoE) expectations. As noted earlier, this offers more precision and a larger feature set than a software-only implementation. Yet, compared with traditional hardware-based approaches, instrumenting a network in this way is a very affordable, fast to deploy option.

An example of this vCPE strategy is illustrated below in comparison side-by-side with traditional CPE; here, local networking functionality (e.g. firewall, PBX, routing) is virtualized to software-based VNFs, hosted on low-cost commercial off-the-shelf (COTS) servers or cloud infrastructure

<click image to enlarge>

vCPE: Traditional vs. Virtualized Customer Premises Equipment Example

In the context of SD-WAN, this approach can be used to introduce customer premises-located performance monitoring, turn-up test, service OAM (SOAM) and troubleshooting functionality, which—in the case of fiber business services—is normally provided using a NID. Reducing hardware appliances required at the branch site is a key benefit of SD-WAN; where installing a traditional standard NID along with the SD-WAN appliance may not be a feasible CPE option.

NFV-powered hardware modules can offer the same level of performance monitoring precision, as well as loopback and full line-rate turn-up test capabilities at a fraction of the cost of a NID, making this approach an economically viable fit when deploying SLA-grade business services over SD-WAN.


Whether deployed as software-only or using vCPE modules, all SD-WAN lifecycle phases can benefit from a flexible, NFV-based performance monitoring solution that scales beyond the footprint of the SD-WAN cloud and is capable of sending performance flows from any starting location to any destination in the network infrastructure.

Such a solution can be used to:
  • Cover large scale hub-spoke and full-mesh topologies with active, microsecond accurate, standards-based performance monitoring towards thousands of endpoints continuously.
  • Bring standards-based turn-up testing, monitoring, and OAM functions to all SD-WAN endpoints, by adding NFV-enabled vCPE modules or orchestratable lightweight software agents. Since the solution is standards-based, standard networking devices can also act as responders to performance monitoring flows.
  • Monitor micro-outages, one-way delay & variation, and SLA compliance by delivering precise and granular metrics.
  • Centralize test control and automation, integrated with existing OSS, by pairing vPACs with NMS solutions.
  • Deliver a new level of performance monitoring (PM) workflow automation with results centrally stored for comparison to predefined QoS templates or SLA levels. Tests—conducted one-way or bi-directionally, in an end-to-end or segmented manner—can be scheduled on demand or triggered by service endpoint installation.
  • Provide open access to turn-up data and results—including customer-ready reports reflecting their specific SLAs—using the API. 
All of these applications support MSOs’ goal of delivering SD-WAN managed services to enterprises, over large, diverse geographic areas with the same level of quality as they do with traditional WAN offerings.