Cloud Native Network Function (CNF) is a modern approach to networking, which leverages the power of the cloud to simplify and scale networking functions. It involves the deployment of network functions as software applications on cloud-native infrastructure, rather than on dedicated hardware devices.
The idea of CNF is derived from the principles of cloud native computing, which emphasize speed, agility, and scalability. Its goal is to provide a flexible, scalable, and resilient environment to run network infrastructure. It’s a shift from the traditional networking function, which is hardware-centric and rigid. CNF runs network functions using cloud-based containers, making it more flexible and adaptable to changes.
A core principle of CNF is the modular design of network functions. It involves breaking down network functions into smaller, manageable parts, or microservices, typically managed using a container orchestrator like Kubernetes. These microservices can be deployed, upgraded, and managed independently of each other. This allows for faster and more efficient network function deployment and management.
This is part of a series of articles about cloud native security.
In this article:
The use of microservices and containers allows for easy and rapid scaling of network functions. This flexibility is crucial in today’s dynamic and unpredictable business environment.
Scalability is not just about handling more network traffic. It also extends to geographical reach. With cloud-based networking, you can easily extend your network functions to new locations or regions, which is important for businesses with a global presence or those planning to expand globally.
The use of containers and microservices makes network function deployment and management more efficient. Containers provide a lightweight and portable platform for running network functions. They can be quickly deployed and started, ensuring efficient resource utilization.
Furthermore, the microservices architecture of CNF allows for independent deployment and management of network functions. This means you can update or upgrade a specific function without affecting others. This results in less downtime and disruption, streamlining network operations.
Another aspect of cloud native networking is that network functions can be fully automated and controlled from a central control plane. This provides a level of convenience and efficiency that cannot be matched by traditional hardware-based infrastructure.
Multitenancy is the ability to serve multiple tenants or users from a single instance of a software application. In the context of CNF, this means you can run multiple network functions on the same cloud infrastructure.
Multitenancy offers several benefits. For one, it helps to maximize resource utilization. By sharing resources among multiple tenants, you can reduce waste and improve cost efficiency.
Multitenancy allows for isolation of network functions, in cases where each tenant must have separate, secure networking. But in cases where the same organization manages multiple tenants, it makes it possible to manage multiple business units or departments from a single platform, and makes it easier to enforce policies and monitor network performance.
The use of containers and microservices, coupled with automation, allows for rapid deployment and management of network functions.
With cloud native networking, you can quickly roll out new network functions or make changes to existing ones. This speed is crucial in an environment where businesses need to be agile and responsive to stay competitive. The high velocity of cloud native networking also helps in accelerating innovation. With faster deployment and management, you can experiment with new features or services more quickly, fostering innovation.
Ubiquity means the ability to be present everywhere at the same time. In the context of cloud native networking, this means the ability to deploy and manage network functions from anywhere, at any time.
With cloud-based networking, you can manage your network functions from any location. This gives you the flexibility to operate your network from anywhere, making it a perfect choice for businesses with a distributed workforce or those operating in multiple locations. Another aspect of the ubiquity of cloud native networking is that it can run on any device, not just on specific hardware equipment.
In the early days of networking, physical hardware was the primary mode of operation. Network functions were executed on physical devices, which were bulky, expensive, and difficult to manage.
As technology advanced, network functions were virtualized, leading to the advent of Virtual Network Functions (VNF), which ran the same software as traditional network devices, but repackaged as a virtual machine. VNFs marked a significant improvement over their physical counterparts as they were more flexible and cost-efficient, and not tied to specific hardware equipment. However, they still had their limitations, as they were not designed for cloud environments.
The next stage of evolution was Cloud Native Functions (CNFs), designed from the ground up to operate in cloud environments. CNFs leverage the power of containers, microservices, and orchestration to offer superior scalability, resilience, and flexibility. They represent the next stage of network technology, revolutionizing the way we think about and manage networks.
Virtual Network Functions (VNFs) and Cloud Native Network Functions (CNFs) represent two approaches to network function virtualization. VNFs are an earlier innovation, essentially virtualizing the traditional network functions so that they can run on standard server hardware, rather than requiring specialized network equipment. This transition marked a significant shift from hardware-centric network functions to software-defined capabilities, allowing for greater flexibility and cost savings. However, VNFs retain the monolithic architecture of the network functions they replace, which can limit their scalability and agility.
In contrast, CNFs take advantage of cloud-native principles, such as microservices, containers, continuous integration/continuous deployment (CI/CD) pipelines, and dynamic orchestration. CNFs are designed to be scalable, resilient, and agile, making them well-suited for deployment in cloud environments. Unlike VNFs, which are designed to run in a virtualized but still relatively static and monolithic environment, CNFs are built from the ground up to be modular, distributed, and loosely coupled. This allows them to be more dynamically managed and scaled, providing better support for DevOps practices and enabling faster deployment of new features and updates.
Let’s review the basic components of a cloud native network architecture:
The data plane, also known as the forwarding plane, is responsible for processing and forwarding data to its intended destination. In cloud-native networking, the data plane is usually implemented as a separate microservice, offering the flexibility to scale independently based on the network load.
In a CNF, the data plane is designed to efficiently handle high volumes of traffic with minimal latency. It leverages cloud-native technologies to dynamically scale up or down, ensuring optimal network performance. The isolation of the data plane as its own microservice allows for better security and fault isolation.
At the heart of the CNF architecture is the Linux kernel, which plays a critical role in enabling network connectivity. Linux has been the operating system of choice for most cloud-native applications, thanks to its robustness, flexibility, and open-source nature.
In CNFs, the Linux kernel is leveraged to provide network namespaces, which isolate the network stack for each container. This allows each container to have its network interface, routing table, and firewall rules, providing the necessary isolation for multi-tenant environments. Furthermore, the Linux kernel enables advanced networking features like traffic shaping, quality of service (QoS), and security group policies, offering granular control over network traffic.
Control plane agents are responsible for managing the network state and enforcing network policies. Each agent includes plugins that enable one or more network functions. Control plane agents communicate with the data plane, receiving instructions on how to handle network traffic, and use APIs to control internal applications, data stores, and orchestrators.
In cloud-native networking, control plane agents are highly scalable and resilient. They are implemented as a set of microservices, each running within one or more containers, allowing it to be easily scaled up or down based on the network load. Agents are fault-tolerant, ensuring network operations can continue uninterrupted even in the event of a failure.
Custom plugins in CNF architecture serve as extensions or add-ons to the existing network functions, providing additional features, protocols, or services that are not part of the core CNF software. These plugins can be developed to meet specific requirements, enabling network operators to tailor their network functions to the unique needs of their environment or customers. Custom plugins facilitate the integration of new technologies and standards without requiring a complete overhaul of the network function or waiting for the CNF platform to provide native support.
The modular nature of CNFs and the use of container orchestration platforms like Kubernetes enable seamless integration of these custom plugins. They can be independently developed, deployed, and updated, thus not interfering with the core functionality of the CNF. This approach supports innovation and agility, allowing network operators to quickly adapt to new demands or opportunities in the market.
Custom plugins also enhance the capability of CNFs to interact with other elements of the cloud-native ecosystem, such as service meshes, API gateways, and security tools, further extending the functionality and efficiency of cloud-native networking solutions.
The management plane for external components refers to the tools, interfaces, and protocols used to oversee and control resources and services that interact with the CNF ecosystem. This includes the management of cloud resources, external storage, network gateways, and other third-party services. The management plane provides a unified view and control mechanism for these components, enabling efficient allocation, monitoring, and adjustment of resources as required by the network functions.
The management plane typically leverages APIs for automation and integration, allowing for seamless communication between the CNF infrastructure and external components. It supports the dynamic nature of cloud-native networking by enabling real-time management and orchestration of resources across different environments and platforms.
In addition, the management plane ensures that external dependencies are correctly configured, available, and optimized for the CNFs, thus maintaining the overall performance, reliability, and security of the network services. It plays a crucial role in enabling a network architecture that extends beyond the immediate CNF deployment, integrating broader cloud and IT ecosystems.
Related content: Read our guide to cloud native architecture
Here are a few innovative use cases of cloud native network functions:
Network address translation (NAT) provides a way to manage IP addresses, offering a solution to the shortage of IPv4 addresses. By translating private IP addresses into public ones, NAT allows multiple devices to share a single public IP address.
CNF can operate NAT at a very large scale. To implement carrier-grade NAT, network functions are virtualized and deployed as software applications on cloud-native platforms. This allows for unprecedented scalability and flexibility. If demand for NAT services increases, additional instances can be spun up in the cloud instantly.
Moreover, cloud-native NAT can be centrally automated and managed. This reduces the need for manual intervention, decreasing the risk of errors and increasing efficiency.
Traditionally, telecommunication providers would install CPE at the customer’s premises to provide connectivity. However, this approach comes with several challenges, including high operational costs, lack of scalability, and difficulty in managing and updating these devices.
The virtualization of CPE, also known as vCPE, leverages cloud-native networking to overcome these challenges. In this model, the majority of the network functions that were previously run on physical devices are now run in the cloud. This approach offers numerous benefits, including lower costs, increased flexibility, and easier management.
Furthermore, vCPE can be easily scaled up or down based on demand. If a business grows and requires additional network capacity, this can be provided quickly and easily by the cloud provider, instead of having to deploy or replace physical devices. Similarly, if the business scales down, the capacity can be reduced, avoiding waste and unnecessary expense. vCPE represents a paradigm shift in how network services are delivered and managed, with cloud-native networking at its core.
With CNF, network services are no longer tied to specific hardware. Instead, they are run as software applications on the cloud, offering a level of flexibility and scalability that traditional networking simply cannot match.
When network services are deployed on the cloud, they can be easily managed and updated. This also means network services can be updated or patched in real time, improving security.
Moreover, deploying network services on the cloud allows for greater automation. Network functions can be programmed to automatically adjust based on demand, reducing the need for manual intervention. This not only increases efficiency but also reduces the risk of errors, providing a more reliable and robust network service.
Calico’s flexible modular architecture supports a wide range of deployment options, so you can select the best networking approach for your specific environment and needs. This includes the ability to run the Calico Network policy engine with a variety of CNI plugins. With Calico CNI, you can leverage Calico’s IPAM capabilities and underlying network types, in non-overlay or overlay modes, with or without BGP.
Calico’s flexible modular architecture for networking includes the following:
In addition to providing both network and IPAM plugins, Calico also integrates with a number of other third-party CNI plugins and cloud provider integrations, including Amazon VPC CNI, Azure CNI, Azure cloud provider, Google cloud provider, host local IPAM, and Flannel.
Next steps:
Get updates on blog posts, workshops, certification programs, new releases, and more!
