Towards providing vCPE services using OpenNaaS

Leaded by the Mantychore FP7 project UseCase 1 (UC1), OpenNaaS is evolving to provide vCPE services on top of available physical infrastructure under the NaaS paradigm.
UC1 is focused on defining the demarcation between provider and user, by means of virtualised CPE.

There are two main goals in virtualising this part of the infrastructure.

  • The first is to remove the necessity for a separate physical device (or pair of devices) to sit alongside an existing layer 2 demarcation point, while still providing the flexibility of service that is needed toward the client.
  • The second goal is to delegate a level of control over the virtualised CPE to the user, one which they would not normally be able to achieve when the device is managed by their provider. Integrity of the session toward the provider is not a primary goal here – providers already peer directly with clients’ own routers in many cases, and have in place an infrastructure to ensure that misbehaviour of any one client’s router cannot affect other clients (e.g. BGP prefix filters).

Use case description

Typically, the demarcation of IP service between a service provider and its clients is performed by Client Premises Equipment (CPE). The CPE is part of the customers network and typically interfacing the providers network by an external gateway protocol, commonly BGP.

HEAnet (the Irish NREN) is the maintainer of the use case and takes the role of infrastructure and service provider in it. In HEAnet’s case, CPE equipment is often (not always) owned and operated by the provider, but it is always a part of the client’s network. Figure 1 exemplifies current layout.

Figure 1: Current CPE scenario layout

In the aggregated virtual CPE scenario defined by UC1, the CPE-router is virtualised and localized at the NREN. Several virtual routers can operate within a single hardware device. Hence, a single physical device can be used to provide virtual CPE service to multiple clients. Figure 2 shows this new scenario, with virtual routers illustrated as one Aggregated Virtual CPE.

Figure 2: Aggregated vCPE scenario layout

Despite vCPE being inside provider premises, it is part of the client’s network and as such the client needs to manage some parts of it. The boundary between the customer and the NREN is illustrated in figure 3.

Figure 3: Provider vs. client boundary in vCPE scenario

How will OpenNaaS satisfy the use case?

OpenNaaS is growing up with the inclusion of the vCPENetworkResource and the vCPENetworkManager. vCPENetworkResource is the representation of a vCPE scenario, which may include virtualised CPEs connected to a providers core router, but also to client network, and optionally between each others. Typically, there will be one vCPENetworkResource per client, although having many of them per client will be supported too. Clients will have access to this resource capabilities allowing them to assign desired IP addresses to interfaces they have rights to, configure a variety of IGPs (OSPF, IS-IS, RIP), activate VRRP for CPE redundancy (when more than one router is present), configuring NAT and configuring firewalling.

In order to create a vCPENetworkResource providers will make use of the vCPENetworkManager. vCPENetworkManager is the responsible of maintaining correlation between existent vCPENetworkResources and physical infrastructure. This component will assist providers in the provisioning of vCPENetworkResources based on provided physical infrastructure, and provider inputs.

Currently, a demonstrator of this functionality is being developed. As a first milestone, our goal is to achieve an operative vCPE scenario on top of a particular physical infrastructure. Both, desired scenario and available physical infrastructure are described in figure4.

Figure 4: Demonstrator desired scenario and physical infrastructure

In order to achieve this goal, OpenNaaS will need to create virtualised routers and links following the topology seen in green in figure 6.

Figure 6: Demonstrator virtual infrastructure

A graphical user interface to ease user interaction with these components is also under development. This GUI will provide each role (provider/client) with a different view of the application and give them access to the features each role should manage.

However, GUI is a topic for a whole post, and will not be discussed in this one, that already finishes. Hope you enjoyed it!


  • Minoves, P. et al. “Virtual CPE: Enhancing CPE’s deployment and operations through Virtualization.” Submmited for review in NetCloud 2012.
This entry was posted in Ongoing Projects, Software and tagged , , , . Bookmark the permalink.