Communication Service Providers (CSP) are rapidly adopting vCPE (Virtual Customer Premise Equipment) in order to provide value-added managed services for the Enterprises and their branches. The legacy way of deploying purpose-built appliances to provide services like Router, Firewall, IoT gateway etc. at the branch is losing momentum, because of high operational costs incurred by Enterprises as well as CSPs. In a standard vCPE model, a dedicated physical CPE of varying form factor based on the needs of the customer is deployed at the branch site. This CPE can be a simple NID (Network Interface Device) or a small form factor server hosting several NFV based VNFs (Virtual Network Functions).
A branch site does not always use a dedicated building/office, instead, it may be part of a Multi-Tenant Unit (MTU), where each floor/suite is occupied by different enterprises. This means the vCPE solution should not only provide physical customer premise equipment but also support multi-tenancy capabilities on the customer premise equipment, so that it can be shared across multiple tenants co-located in the building.
The following diagrams illustrate the concept of dedicated and shared customer premise equipment (CPE).
As we can see, multi-tenancy on a CPE network is a lucrative option for the CSP from cost and management perspective, but it introduces its own set of challenges as described below.
In the MTU case, the branch demarcation is a port on the shared CPE. Since the CPE is shared across multiple tenants, it is important that the CPE supports multiple ways of traffic isolation. For example, VLAN is an efficient way where each tenant port is part of a VLAN and it can be dynamically assigned as a part of the zero-touch provisioning process when the branch is on-boarded. The CPE may also need to operate in bridge mode, so that the IP address for the tenant ports can be managed by the CSP.
One of the primary use cases of the vCPE, is the VPN Services to provide Site to Site connectivity among the branches of an Enterprise. In a shared model, it becomes necessary that the CPE solution provides Port based E-Line, E-LAN services so that a specific Port on the shared CPE can be part of the EVC (Ethernet Virtual Connection) belonging to the Enterprise. It is also important that the VPN services are implemented as software defined VPNs using open standards like OVS (Open vSwitch) and ODL (OpenDaylight) to achieve interoperability.
Since the CPE is shared among multiple tenants, controls should be enforced to make sure a tenant`s VNF does not use more resources (for example, CPUs) than the allocated limits. Otherwise, it impacts the SLAs of the services offered to other tenants sharing the same CPE. The CPE Hypervisor and VNF Management software need to work together to enforce policies related to CPU, Memory, Disk/Network IO and WAN bandwidth usage.
In the dedicated CPE model, all the ingress traffic belongs to a single customer and can be chained to different VNFs as per policies. But in shared CPE model, the port where the traffic is originating should also be considered along with other filters to decide how the services should be chained. This requires intelligence at the CPE virtual switch and SDN controller level. Additionally the VNFs part of the service chain may be dedicated or shared, so appropriate data isolation should be implemented at VNF level. Multiple vNICs on the VNF is an option to isolate the data movement in a service chain.
CSP Operations/Billing systems
For shared CPE model, the NFV Orchestrator and other OSS/BSS systems should provide flexibility in provisioning services and associated VNFs at various levels - dedicated for a tenant or shared among tenants. The self-service portals offered to end customers need to provide a granular and partitioned view of the CPE and the VNFs running on it, in order to limit the configuration of services and data access based on the Tenant context. Another important aspect is the billing data that need to be collected for Pay-Per-Use model provided by Shared VNFs. CPE Manager and SDN Controller play a vital role in collecting these network data specific to a Tenant + VNF + Traffic type combination on the Shared CPE.
In summary, an ideal vCPE solution should support both the distributed CPE deployment models – dedicated as well as shared, so that the CSP can choose the best approach for a specific location. The evaluation process to choose a solution should consider how the vendor solves the above challenges.