Virtual Network Functions (VNF)
As part of the quest to introduce service agility in their network management processes, many service providers and data centers are experimenting with Network Functions Virtualization (NFV). Having implemented the first Virtual Network Functions (VNF) for its DNS and DHCP customers as early as 2007, we have nearly a decade of experience in deploying VNF architectures and centralized management solutions for some of the most demanding network environments in the world.
When embarking on the VNF journey, not all network services are alike. While proxies and caching servers can be easily deployed as stateless services that can be scaled on on-demand basis, there are select network services such as DHCP and authoritative DNS where stateless service becomes a handful.
To design the most suitable architecture for vDNS or vDHCP, it is important to consider the following:
Authoritative or caching DNS. A separation of these two DNS server functions is a must because of the different management processes. While caching DNS servers typically are under higher load and more prone to various attacks, the authoritative DNS servers should usually be integrated with the service activation processed to allow real-time changes to be served out.
DHCP and legal requirements. Most jurisdictions have laws whereby the service providers are required to maintain logs of IP usage for long periods of time. While many vendors recommend a stateless approach to deploying vDHCP, this approach may have legal consequences in case a stateless vDHCP instance fails, leading to loss of lease data.
Management processes. While caching DNS services typically need very little on-going management, this is not the case with DHCP and authoritative DNS service. Therefore, it is a paramount to consider the associated management processes in addition to actual deployment of these VNFs.
FusionLayer delivers secure and scalable vDNS and vDHCP appliances that can be deployed on virtually any hypervisor. Thanks to their embedded SQL database and a built-in proactive security architecture involving local Intrusion Prevention, they can be jump-started, backed up and decommissioned easily.