network server room with computers for digital tv ip communications and internet

Stateless Network Functions

 

Stateless Network Functions

In today’s rapidly evolving technological landscape, networking infrastructure plays a crucial role in ensuring seamless connectivity and efficient data transmission. One emerging concept that has gained significant attention is the stateless network function (SNF). This blog post aims to provide a comprehensive understanding of SNFs, exploring their significance, benefits, and potential applications.

Stateless network functions, also known as stateless processing, refer to a network architecture approach that eliminates the need for storing session-specific information. Unlike traditional stateful network functions, which rely on maintaining session state information, SNFs process each packet independently, without any context or knowledge of previous packets

 

Highlights: Stateless Network Function

  • Tight State and Processing

New technology is needed, and it’s time to break the tight state and processing. This involves decoupling the existing network function design into a stateless processing component ( stateless network functions) and a data store layer. Doing this and breaking the tight coupling enables a more elastic and resilient network functions infrastructure.

 

Before you proceed, you may find the following posts helpful:

  1. SASE Solution
  2. Software-defined Perimeter
  3. Service Chaining
  4. ICMPv6

 

Back to Basics with Stateless Network Function

  • The Role of Networks

Let’s face it. Networks need to be both scalable and sophisticated. To be successful, you need to completely redesign the network functions, such as routing and firewall functions, along with the underlying platforms that manage and orchestrate these functions. However, to accomplish this, there is a need to create an entirely new architecture and adapt the existing technology to this new architecture.

If you look at technologies used for cloud storage, no one has ever used them for networks. Why is this? The reason is mainly down to performance requirements, such as throughput and latency in distributed systems.

  • Start with Architecture

One can understand that with this type of disruptive technology, there will be a lot of pushback from the industry, saying that it is just impossible. But we need to give the world something new. It deserves it. The ability to customize networks on-demand. It would help to have a logical place to start with a new architecture.

 

Benefits of Stateless Network Functions:

1. Enhanced Scalability: By eliminating the need to store session state information, SNFs offer improved scalability. Network devices can handle a higher volume of packets and achieve better performance, making them ideal for handling large-scale deployments and high traffic scenarios.

2. Simplified Network Management: Stateless network functions simplify network management by reducing the complexity associated with session state maintenance. This streamlined approach allows for easier configuration, troubleshooting, and monitoring, resulting in improved operational efficiency.

3. Increased Flexibility: SNFs enable more flexible network architectures, as they can be easily deployed and scaled without the constraints of session state limitations. This flexibility enables organizations to adapt their networks to changing demands and deploy new services rapidly.

4. Enhanced Security: Stateless processing enhances network security by reducing potential attack vectors. Since SNFs do not rely on session state information, they minimize the risk of session hijacking or data leakage, leading to more robust and secure networks.

Applications of Stateless Network Functions:

1. Load Balancing: Stateless network functions are particularly well-suited for load balancing applications. They enable efficient distribution of network traffic across multiple servers or resources, ensuring optimal resource utilization and improved application performance.

2. Deep Packet Inspection: SNFs can be used for deep packet inspection (DPI), a technique that analyzes the content of network packets for security or application identification purposes. The stateless nature of SNFs allows for faster and more efficient DPI, enabling real-time threat detection and network optimization.

3. Network Function Virtualization (NFV): Stateless network functions are a foundational component of network function virtualization (NFV) architectures. By decoupling network functions from dedicated hardware, NFV leverages SNFs to achieve greater flexibility, scalability, and cost-effectiveness in network deployments.

 

Stateless Network Functions: Changing the environment

Decentralized workloads, the decline of on-premise, and the increase in multi-cloud deployments have created one of the most extensive connectivity challenges for data centers. A key finding is those colocation providers, which have traditionally served as space, power, and physical network connectivity resources, should not become the hub for all traffic as workload decentralizes.

The problem is these colocation providers have not focused on connectivity that requires multi-tenancy and routing, and they usually have physical cloud connects; this has introduced growing management and operational challenges, which will only increase in large-scale deployments.

Cloud Connect is where you need to connect multiple enterprises, where these enterprises need to connect to multiple cloud providers. All of these tenants need BGP routing, firewall functions, and NAT, but to do this on a larger scale with a solution that couples the state cannot scale and be reliable.

 

  • New technologies come in waves – some appear, and others disappear.

The market needs a new type of technology, a software-defined interconnect like the Internet exchange. This came to light in 2016 when Laurent Vanbever proposed a software-defined internet exchange based on OpenFlow ( what is OpenFlow ) known as SDX; software-defined internet exchange is an SDN solution originating from the combined efforts of Princeton and UC Berkeley. It aims to address IXP pain points by deploying additional SDN controllers and OpenFlow-enabled switches. It doesn’t try to replace the entire classical IXP architecture with something new; rather, it augments existing designs with a controller.

 

Software-defined interconnect (SDIX)

However, a software-defined interconnect (SDIX) is a new category of offering that allows colocation providers to manage their cloud connects via software and extend their connectivity control. It should cover the cloud connection but also multiple data center interconnects. In the past, the colocation providers focused on space and power. However, in today’s world, they have new responsibilities. The responsibilities now extend to new types of connectivity for customers. Customers now have new requirements.

They must move their data from one colocation facility to another to avoid latency or backup purposes. For these cases, colocation providers need a new type of platform to direct all of their different tenant’s tasks and requirements to a software-based platform.

Why is this different? The underlying technology, for one: is when it comes to network functions such as firewalls, routers, and load balancers; regardless of the application architecture and requirements, these network functions are physical boxes. The challenge is that traffic that flows through these boxes is tightly coupled with the box.

The physical box, virtual machine, or container performing a network function is coupled with the state. What happens with the state when you launch a new network function or redirect the traffic to a backup device? For sure, this will affect the application. This might be acceptable for a single application but not for a large-scale deployment when you have millions of connections and applications running on top of network functions.

Network function virtualization (NFV) and NFV use cases didn’t help here. All it did was change the physical boxes to virtual ones. It’s like changing a physical appliance in Dublin to a cloud-based provider. Is this the future? NFV inherits the same design and features that the physical box has. But what needs to be done is realizing that the problem is the state. You need to decouple the dynamic state from each network function and put them in a high-performance data store within a cluster of commodity hardware and switches—a hardware-agnostic solution with code that is not open source.

 

Network function stateless

Then you can make the network function stateless, so it’s physically just a thread. So if it fails, it doesn’t affect application performance as the state is collected from the data store. This is needed as an underlying design, but does it seem possible? There will be overheads from decoupling the state.

The state can be put into a cluster of servers. Some servers maintain some of the state, and some of the other servers can be the network functions. The state is not physically in another data center or location. Every type of dynamic state, such as counters, timers, and handshaking that you see in the TCP flow, all of which is state is a challenge to decouple without breaking application performance. However, this can be done by adapting technology-distributed systems. A database to store the state needed that is designed for high-performance computing. A read for a state should be around 5 microseconds.  

An algorithm is needed to read and write the state in a way that reads multiple packets simultaneously. This enables you to overcome any latency issues and achieve better performance than traditional appliances that have the state coupled.

Conclusion:

Stateless network functions are revolutionizing networking infrastructure by offering enhanced scalability, simplified management, increased flexibility, and improved security. With their wide range of applications, SNFs are paving the way for more agile and efficient networks. As organizations continue to embrace digital transformation, understanding and harnessing the potential of stateless network functions will be key to building resilient and future-proof network architectures.

Matt Conran
Latest posts by Matt Conran (see all)

Comments are closed.