This chapter covers Network Functions Virtualization (NFV), a foundational technology that decouples network functions from dedicated hardware appliances. For the N10-009 exam, NFV appears in Domain 1.0 (Networking Concepts) under Objective 1.6, which focuses on virtualization technologies and their role in modern network architectures. Expect roughly 5–8% of exam questions to touch on NFV concepts, often in comparison with Software-Defined Networking (SDN) and cloud computing. Mastering NFV is critical for understanding how service providers and enterprises reduce costs, increase agility, and enable network slicing—a key trend in 5G and edge computing.
Jump to a section
Imagine a traditional post office where every service—sorting, stamping, tracking, forwarding—requires a separate, dedicated machine bolted to the floor. To add a new service, you must purchase, install, and wire another heavy machine. This is the traditional network: each function (router, firewall, load balancer) has its own proprietary hardware appliance. Now imagine that same post office running all those services as apps on a single, powerful computer. When you need a new sorting algorithm, you simply install a new software package—no new hardware, no rewiring, no downtime. This is Network Functions Virtualization (NFV). Just as a virtual machine (VM) can host multiple operating systems, NFV hosts network functions like firewalls, routers, and WAN accelerators as software instances on commodity servers. The key difference from SDN (Software-Defined Networking) is that SDN separates the control plane from the data plane, while NFV decouples network functions from the hardware they run on. In practice, NFV allows a telco to run a virtualized Evolved Packet Core (vEPC) on standard x86 servers instead of proprietary chassis, scaling up by adding more VM instances during peak hours and decommissioning them when idle—exactly like spinning up extra sorting lines at the post office only during the holiday rush.
What is Network Functions Virtualization (NFV)?
Network Functions Virtualization (NFV) is an architectural framework that virtualizes entire classes of network node functions into building blocks that may connect, chain, or be combined to create communication services. The concept was initially driven by the European Telecommunications Standards Institute (ETSI) NFV Industry Specification Group (ISG) in 2012. The core idea is to run network functions—such as routing, firewalling, load balancing, intrusion detection, WAN optimization, and even mobile core network elements—as software instances on standard high-volume servers, switches, and storage, rather than on proprietary, purpose-built hardware.
Why NFV Exists
Traditional network functions are tightly coupled with the hardware they run on. A router from Vendor A runs proprietary ASICs and a closed operating system. To upgrade capacity, you replace the chassis. To add a new feature, you wait for a hardware refresh. This model leads to: - High CapEx: Purchasing dedicated appliances for each function. - Long innovation cycles: Hardware development takes 18–24 months. - Overprovisioning: Hardware must be sized for peak loads, wasting resources during off-peak. - Vendor lock-in: Proprietary interfaces make multi-vendor environments complex.
NFV solves these by implementing network functions as software that can run on any compatible x86 server. This enables: - Rapid deployment: Spin up a new firewall instance in minutes via orchestration. - Elastic scaling: Add or remove instances based on demand. - Resource consolidation: Host multiple VNFs on the same hardware. - Reduced power and space: Fewer physical boxes.
ETSI NFV Architectural Framework
The ETSI NFV architecture defines three main domains:
1. NFV Infrastructure (NFVI): The totality of hardware and software resources that host VNFs. This includes compute (servers), storage, and networking (switches, routers) that are virtualized using hypervisors or container runtimes. 2. Virtualized Network Functions (VNFs): Software implementations of network functions that run on the NFVI. Examples include virtual routers (vRouter), virtual firewalls (vFW), virtual load balancers (vLB), and virtual evolved packet core (vEPC). 3. NFV Management and Orchestration (MANO): The framework for managing VNFs and the NFVI. MANO consists of three components: - NFV Orchestrator (NFVO): Orchestrates network services across multiple VNFs and manages resource allocation. - VNF Manager (VNFM): Manages the lifecycle of individual VNF instances (instantiation, scaling, termination). - Virtualized Infrastructure Manager (VIM): Controls and manages the NFVI resources (e.g., OpenStack, VMware vCenter).
How NFV Works Internally
At a high level, NFV leverages virtualization technologies to abstract network functions from hardware. A VNF is essentially a software application that performs a specific network function, packaged as a virtual machine (VM) or container. The hypervisor (e.g., KVM, VMware ESXi) or container runtime (e.g., Docker, containerd) provides isolation and resource management.
Data Plane Performance Challenges:
One of the biggest challenges in NFV is achieving line-rate packet processing in software. Traditional kernel-based networking (e.g., Linux bridge, Open vSwitch) introduces significant overhead due to context switches, interrupt handling, and memory copies. To address this, several acceleration technologies are used:
DPDK (Data Plane Development Kit): A set of libraries and drivers that bypass the kernel's network stack, allowing user-space applications to poll directly from network interface cards (NICs) with minimal latency. DPDK can achieve 10–40 Gbps throughput on commodity hardware.
SR-IOV (Single Root I/O Virtualization): A PCIe standard that allows a physical NIC to present multiple virtual functions (VFs) directly to VMs, bypassing the hypervisor's virtual switch. Each VM gets near-native performance.
Open vSwitch with DPDK: Accelerated virtual switch that uses DPDK for fast packet forwarding between VMs.
Service Function Chaining (SFC):
VNFs are often chained together to form a network service. For example, traffic might flow through a virtual firewall, then a virtual load balancer, then a virtual WAN optimizer. This is called Service Function Chaining. In NFV, SFC is implemented using network overlay technologies like VXLAN, GENEVE, or NSH (Network Service Header). The orchestrator defines the chain and steers traffic accordingly.
Key Components, Values, Defaults, and Timers
Hypervisor Defaults: Most NFV deployments use KVM (Kernel-based Virtual Machine) as the hypervisor because it is open source and well integrated with DPDK. Default memory overcommit ratio is typically 1.5:1, but for NFV, overcommit is often disabled to guarantee performance.
DPDK Defaults: DPDK uses hugepages (2 MB or 1 GB) to reduce TLB misses. Default hugepage size is 2 MB, but 1 GB is recommended for VNFs handling large packet buffers. The default polling frequency is 1000 Hz, but this is configurable.
SR-IOV: Maximum number of VFs per physical function is typically 256 (depends on NIC). Each VF appears as a separate PCIe device.
NFV MANO Interfaces: The ETSI NFV specification defines reference points: Os-Ma (between OSS/BSS and NFVO), Or-Vnfm (between NFVO and VNFM), Vi-Vnfm (between VIM and VNFM), and Nf-Vi (between NFVI and VIM).
Configuration and Verification Commands
While NFV is primarily orchestrated through APIs (e.g., OpenStack Heat, Kubernetes), some low-level commands are relevant:
# Check DPDK status on a host
dpdk-devbind.py --status
# List hugepages
cat /proc/meminfo | grep HugePages
# Check SR-IOV VFs on a NIC
ip link show eth0
# Example: Create a VF on interface eth0
echo 4 > /sys/class/net/eth0/device/sriov_numvfs
# Verify VFs
lspci | grep EthernetHow NFV Interacts with Related Technologies
SDN: While NFV and SDN are complementary, they are not dependent. NFV focuses on virtualizing network functions, while SDN focuses on separating the control plane from the data plane. In practice, SDN provides the programmable network fabric that connects VNFs, enabling dynamic traffic steering for service chaining.
Cloud Computing: NFV is often deployed in cloud environments (public, private, hybrid) using infrastructure-as-a-service (IaaS) platforms like OpenStack. VNFs are instantiated as VMs or containers managed by cloud orchestration tools.
Network Slicing: In 5G, NFV enables network slicing by allowing multiple independent virtual networks (slices) to run on the same physical infrastructure. Each slice can have its own VNF chain and performance guarantees.
Edge Cases and Exam Traps
NFV vs. SDN: A common exam trap is confusing NFV with SDN. Remember: NFV virtualizes the network function itself (e.g., the router software), while SDN virtualizes the network control plane. They are separate concepts that often work together.
Performance: The exam may test that NFV can introduce performance overhead due to virtualization. Know that DPDK and SR-IOV are used to mitigate this.
ETSI NFV: The exam expects you to know that ETSI is the standards body behind NFV, not IETF or IEEE.
VNF Lifecycle: The VNF Manager (VNFM) handles lifecycle—instantiation, scaling, healing, termination. The NFVO handles service-level orchestration across VNFs.
Define the Network Service
The process begins with a service provider defining a network service, such as a virtual firewall or a complete virtual evolved packet core (vEPC). This definition is captured in a Network Service Descriptor (NSD), which specifies the VNFs required, their configuration, and how they should be chained. The NSD is written in YAML or JSON and follows the ETSI NFV descriptor format. It includes references to VNF Descriptors (VNFD) that detail each VNF's resource requirements (CPU, memory, storage) and connectivity.
Instantiate VNFs on NFVI
The NFV Orchestrator (NFVO) receives the request and coordinates with the VNF Manager (VNFM) and Virtualized Infrastructure Manager (VIM) to allocate resources. The VIM, such as OpenStack, provisions virtual machines or containers on the NFVI hosts. For each VNF, the VNFM triggers instantiation, which involves deploying the VNF image from a catalog, configuring virtual NICs, and attaching networks. The hypervisor allocates CPU cores, memory, and hugepages. DPDK or SR-IOV is configured for high-performance data plane access.
Configure Service Function Chaining
Once VNFs are running, the orchestrator establishes the service function chain (SFC) by steering traffic through the VNFs in the correct order. This is achieved through network overlays like VXLAN or GENEVE, with each VNF's virtual interface connected to an overlay network. The orchestrator programs the virtual switches (e.g., Open vSwitch) with flow rules that direct packets from one VNF to the next. For example, traffic from a customer edge router might first go to a virtual firewall, then to a virtual load balancer, and finally to a virtual router.
Monitor and Scale VNFs
The VNF Manager continuously monitors the health and performance of each VNF instance. Metrics such as CPU utilization, packet throughput, and memory usage are collected via agents or hypervisor APIs. When a threshold is crossed (e.g., CPU > 80% for 5 minutes), the VNFM triggers scaling actions. In horizontal scaling, new VNF instances are spawned and traffic is load-balanced across them. In vertical scaling, resources (vCPU, memory) are added to an existing instance. The VIM handles the actual resource allocation.
Terminate and Decommission VNFs
When a VNF is no longer needed—due to reduced demand, service end-of-life, or failure—the VNFM initiates graceful termination. It signals the VNF to drain existing connections (e.g., TCP sessions) and then shuts down the VM or container. The VIM releases the allocated resources back to the NFVI pool. The orchestrator updates the service chain to remove the VNF and adjusts routing. This dynamic lifecycle enables efficient resource utilization and aligns with cloud-native principles.
Enterprise Scenario 1: Virtual CPE (vCPE) for Branch Offices
A large enterprise with hundreds of branch offices traditionally deploys a physical router, firewall, and WAN optimizer at each site—a costly and logistically complex model. With NFV, the enterprise migrates to a virtual CPE (vCPE) architecture. At each branch, a small white-box server with a hypervisor runs VNFs: a virtual router (e.g., Cisco CSR 1000v), a virtual firewall (e.g., Palo Alto VM-Series), and a virtual WAN optimizer (e.g., Riverbed SteelHead). The central orchestration platform (e.g., VMware NSX or OpenStack) manages all VNFs from a single pane of glass. Scaling is trivial: adding a new branch just means deploying a new server and pushing the VNF images. Performance considerations: each VNF must be allocated sufficient CPU cores and memory; DPDK is used for the router VNF to achieve 1 Gbps throughput. Common misconfiguration: overcommitting CPU, causing packet loss during peak traffic. The solution is to pin vCPUs to physical cores and reserve resources.
Enterprise Scenario 2: Telco 5G Core Virtualization
A mobile network operator deploys a 5G standalone core using NFV. The 5G core functions—AMF, SMF, UPF, etc.—are all VNFs running on commercial off-the-shelf (COTS) servers. The UPF (User Plane Function) is particularly performance-sensitive, handling user data traffic. The operator uses SR-IOV to give the UPF VNF direct access to the physical NIC, achieving 40 Gbps throughput per server. The NFV MANO stack (e.g., ONAP) orchestrates the lifecycle: during a major event (e.g., New Year's Eve), the orchestrator automatically scales out the AMF and SMF instances to handle increased signaling. The VNFM monitors CPU load and triggers scaling when utilization exceeds 70%. A common pitfall: misconfigured resource isolation between VNFs leads to noisy-neighbor issues where one VNF's bursty traffic starves another. This is mitigated by using CPU pinning and QoS on virtual switches.
Enterprise Scenario 3: Virtual Firewall as a Service (FWaaS)
A cloud service provider offers a virtual firewall service to tenants. Each tenant gets a dedicated virtual firewall instance (e.g., Fortinet FortiGate-VM) in a multi-tenant NFVI. The VNFs are instantiated on demand via a self-service portal. The provider uses VXLAN to isolate tenant traffic. The orchestrator chains the tenant's traffic through the firewall VNF before reaching the tenant's virtual network. Scaling is per-tenant: if a tenant's traffic spikes, additional firewall instances are spawned and placed behind a virtual load balancer. Misconfiguration example: forgetting to set proper anti-spoofing rules in the virtual switch, allowing tenants to spoof IP addresses. The fix is to enforce port security at the VIM level.
Performance and Scale Considerations
Throughput: A single VNF can achieve 10-40 Gbps with DPDK/SR-IOV. Beyond that, multiple VNF instances must be load-balanced.
Latency: Virtualization adds 10-50 microseconds of latency per hop. For ultra-low-latency applications (e.g., industrial IoT), NFV may be unsuitable without specialized hardware acceleration (e.g., FPGA).
Resource Limits: Most hypervisors limit VMs to a maximum of 256 vCPUs and 12 TB of RAM (per VM). Container-based VNFs have lower overhead but less isolation.
What N10-009 Tests on NFV
The N10-009 exam covers NFV under Objective 1.6: "Explain the concepts of virtualization technologies." Specific sub-objectives include:
Differentiate between NFV and SDN.
Describe the benefits of NFV (cost reduction, agility, scalability).
Identify VNF examples (virtual router, virtual firewall, virtual load balancer).
Understand the role of hypervisors and orchestration.
Common Wrong Answers and Why Candidates Choose Them
1. "NFV and SDN are the same thing." - *Why wrong*: NFV virtualizes network functions; SDN separates control and data planes. They are complementary but distinct. - *Trap*: Both use virtualization and often appear together. Candidates conflate them.
2. "NFV eliminates the need for hardware entirely." - *Why wrong*: NFV runs on commodity hardware (servers, NICs). Physical hardware is still required. - *Trap*: The word "virtualization" misleads into thinking everything is software-only.
3. "VNFs always perform better than hardware appliances." - *Why wrong*: Virtualization adds overhead. With DPDK/SR-IOV, performance can approach hardware, but not always exceed it. - *Trap*: Marketing hype suggests NFV is always superior; exam tests realistic performance trade-offs.
4. "NFV requires SDN to function." - *Why wrong*: NFV can be deployed without SDN (e.g., using traditional routing protocols between VNFs). - *Trap*: They are often co-deployed, but the exam tests independence.
Specific Numbers, Values, and Terms
ETSI: The standards body behind NFV. Memorize this.
MANO: Management and Orchestration (NFVO, VNFM, VIM).
VNF: Virtualized Network Function.
NFVI: NFV Infrastructure.
DPDK: Data Plane Development Kit (user-space packet processing).
SR-IOV: Single Root I/O Virtualization (direct NIC access to VMs).
Service Function Chaining (SFC): Ordering of VNFs.
Edge Cases and Exceptions
NFV in the cloud: The exam may ask about NFV in public cloud (e.g., AWS VPC) vs. on-premises. Know that NFV can be deployed in both.
Container-based VNFs: Containers (e.g., Docker) are increasingly used instead of VMs. The exam may mention CNFs (Cloud-Native Network Functions).
NFV and 5G: NFV is a key enabler for 5G network slicing. Expect a question linking NFV to 5G.
How to Eliminate Wrong Answers
If an answer says "NFV replaces all hardware," eliminate it—hardware is still needed.
If an answer says "NFV and SDN are the same," eliminate—they are different.
If an answer claims "VNFs always have lower latency than hardware," eliminate—virtualization adds latency.
Look for keywords: "decouples functions from hardware" is NFV; "separates control and data planes" is SDN.
NFV decouples network functions from proprietary hardware, allowing them to run as software on commodity servers.
The ETSI NFV architecture consists of NFVI, VNFs, and MANO (NFVO, VNFM, VIM).
VNF examples include virtual routers, virtual firewalls, virtual load balancers, and virtual WAN optimizers.
DPDK and SR-IOV are key acceleration technologies that improve VNF packet processing performance.
NFV enables elastic scaling, rapid deployment, and reduced CapEx/OpEx compared to traditional hardware.
Service Function Chaining (SFC) allows traffic to be steered through a sequence of VNFs.
NFV is complementary to SDN but not dependent on it.
The exam expects you to know that NFV is defined by ETSI, not IETF or IEEE.
NFV can be deployed on-premises or in the cloud, using VMs or containers.
Common exam traps: confusing NFV with SDN, thinking NFV eliminates all hardware, and assuming VNFs always outperform hardware.
These come up on the exam all the time. Here's how to tell them apart.
NFV (Network Functions Virtualization)
Virtualizes network functions (firewall, router, etc.) as software.
Focuses on decoupling functions from hardware.
Managed by NFV MANO (NFVO, VNFM, VIM).
Primarily a service provider/enterprise data center technology.
Standardized by ETSI NFV ISG.
SDN (Software-Defined Networking)
Separates control plane from data plane.
Focuses on network programmability and centralized control.
Managed by SDN controller (e.g., OpenDaylight, ONOS).
Used in data centers, campus networks, and WAN.
Standardized by Open Networking Foundation (ONF) and IETF.
Mistake
NFV is the same as SDN.
Correct
NFV virtualizes network functions (e.g., firewall, router) to run on commodity hardware, while SDN separates the control plane from the data plane. They are complementary but independent technologies. NFV can exist without SDN, and vice versa.
Mistake
NFV eliminates the need for physical hardware.
Correct
NFV runs on physical servers, switches, and storage—standardized commodity hardware. It removes the need for proprietary appliances but still requires a physical infrastructure (compute, network, storage).
Mistake
VNFs always perform worse than hardware appliances.
Correct
With acceleration technologies like DPDK and SR-IOV, VNFs can achieve near line-rate performance (10-40 Gbps). However, they may still have higher latency (microseconds) than dedicated ASICs. Performance depends on implementation.
Mistake
NFV is only for service providers.
Correct
NFV is used in enterprise data centers, branch offices (vCPE), and cloud environments. Any organization that wants to consolidate network functions and reduce hardware costs can benefit.
Mistake
NFV requires a hypervisor.
Correct
While hypervisors (KVM, ESXi) are common, VNFs can also run as containers (e.g., Docker) without a hypervisor, using container runtimes like containerd. This is known as Cloud-Native Network Functions (CNFs).
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
NFV (Network Functions Virtualization) virtualizes network functions like firewalls and routers to run on standard servers, while SDN (Software-Defined Networking) separates the control plane from the data plane. They are complementary: SDN can provide the network connectivity between VNFs, but they are independent technologies. On the exam, remember that NFV is about decoupling functions from hardware, and SDN is about centralized control.
The ETSI NFV architecture has three main domains: NFVI (NFV Infrastructure) which includes compute, storage, and networking resources; VNFs (Virtualized Network Functions) which are software implementations of network functions; and MANO (Management and Orchestration) which consists of the NFV Orchestrator (NFVO), VNF Manager (VNFM), and Virtualized Infrastructure Manager (VIM). MANO handles lifecycle management and resource orchestration.
NFV allows network functions to be deployed as software instances that can be scaled horizontally (adding more instances) or vertically (adding resources to an instance) based on demand. Orchestration tools automatically adjust the number of VNF instances using performance metrics like CPU utilization or throughput. This elasticity eliminates the need to overprovision hardware for peak loads.
Virtualization introduces overhead from context switches, interrupts, and memory copies, which can degrade packet processing performance. This is addressed using DPDK (Data Plane Development Kit) for user-space packet processing, SR-IOV (Single Root I/O Virtualization) for direct NIC access to VMs, and CPU pinning to dedicate cores to VNFs. These techniques can achieve near line-rate throughput (10-40 Gbps).
Yes, NFV can be deployed in public clouds like AWS, Azure, or Google Cloud by running VNFs as virtual machines or containers. For example, a virtual firewall can be deployed as an EC2 instance in AWS. However, performance may be lower due to shared infrastructure, and acceleration technologies like DPDK may not be available. The exam may test that NFV is not limited to on-premises data centers.
Service Function Chaining is the process of steering traffic through a specific sequence of VNFs to form a complete network service. For example, traffic might go through a firewall, then a load balancer, then a proxy. SFC is implemented using network overlays (VXLAN, GENEVE) or NSH (Network Service Header) to tag packets and forward them along the chain. The orchestrator defines the chain and programs the virtual switches accordingly.
The VNF Manager (VNFM) is responsible for the lifecycle management of VNF instances. This includes instantiation, scaling, updating, healing (recovering from failures), and termination. The VNFM communicates with the VIM to allocate resources and with the VNF itself via management interfaces. It also monitors VNF performance and triggers scaling actions based on policies.
You've just covered Network Functions Virtualization (NFV) — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?