Posted by Rebecca Warren ● Jun 6, 2018 9:52:00 PM

The Challenge with Appliances

Network functions like firewalls and load balancers were developed around a legacy technology model.

Mismatch Between Services and Appliances

The challenge providers are having in trying to build network infrastructures to offer to their tenants, is that the tools they have available to them are inadequate – there is a mismatch between their needs and what is being provided.

Network functions, such as firewalls and load balancers are traditionally deployed as appliances (physical network devices that get plugged into a network to serve a single purpose). The services that are based on this model typically involve a network engineer plugging in a device as needed – a frustrating process for both sides.

More recently, there has been a move to virtual appliances (with Network Functions Virtualization, or NFV), where providers can launch a virtual appliance for a customer, rather than plug in a box. While this empowered operators with push-button deployment (a much needed improvement), the benefits in the context of offering a service ends there.

It is still an appliance, still managed like an appliance, and in the end, provides none of the promise that came with the move to virtualization. All that has been done is to take the physical appliance and run it in software. The end result is still high operational expenses, unsatisfied tenants, and missed revenue opportunities.

The Problem is State

The central issue with why the appliance model doesn’t provide what is needed to build services out of is that each box has to maintain and manage its own network state in order to operate properly.

Before explaining why this is the root of the problem when it comes to the agile properties needed in the as a service model, we first clarify our definition of the term “state” in this particular context.

Although there is a variety of network functions, the state within them can be generally classified into (1) static state (e.g., firewall rules, intrusion prevention system rules, configuration in general), and (2) dynamic state, which is continuously updated by the network function’s processes (e.g., connection information in a firewall, substring matches in an intrusion detection system, or server mappings in a load balancer).

The static state can be replicated to each instance upon boot, and doesn’t pose a particular challenge today.

It is the dynamic network state that we are referring to that is challenging to deal with and limits network functions from being deployed and offered as a service.

The mismatch of services and appliances has left leading cloud service providers with complex solutions that are difficult to deploy, manage, and scale within their data center environments.

If you are interested in learning more about how we are revolutionizing network functions, schedule a demo today.

Topics: NFV, Technical Resources