Category: Uncategorized

Of all the suppliers (or even alleged suppliers) of NFV, the one who has shown the greatest and fastest gain in credibility is Oracle.  Over the last year they’ve jumped from almost-nonentity status to one of the three firms most likely to be called a “market leader” and “thought leader” by operators (Alcatel-Lucent and HP are the other two).  What’s behind this, we might wonder.  Well, let’s see.

The main cause of Oracle’s jump seems to be pretty simple.  The company started early this year to promote a very operations-centric vision of NFV.  This was the very moment when operators were starting to realize that the trials and PoCs being run were largely science projects with no direct pathway to proving out benefits needed for a real trial.  Was that a coincidence, we might wonder?  I don’t know of any way to prove it one way or the other.

We also can’t know whether Oracle has been continually developing to their operations-centric NFV vision or whether they’re simply responding to media attention by singing the song that gets the most jukebox nickels thrown.  Oracle’s recent announcements certainly double down on operations as the focus of NFV, and they’re gaining significant traction with operator CIOs (who are the people running the OSS/BSS systems) and with CFOs who think that a new approach to NFV is needed to reap some tangible benefits.

Deep inside, it’s more complicated.  Oracle does have some unique credentials that could be valuable for NFV, but I don’t think they’re particularly tied to operations or OSS/BSS.  If Oracle emerges as a winner in NFV it might well be because they changed horses in mid-positioning.

Efforts to standardize or define NFV have historically focused on the deployment of virtual functions.  That’s not unreasonable given that virtual functions are what NFV brings to the table.  The problem has been that NFV’s prospective benefits—capex reduction, opex efficiency, and service agility—are really difficult to realize if you limit your efforts to deploying those virtual functions.  Services and operations are end-to-end in topology and lifecycle, and so you have to attack them on a broad front to make any difference that matters.

The critical question of benefits has always come down to how you could build a super-efficient form of service automation.  If you could define services so that they could deploy on demand and so that service events could be handled by software, you’d cut the heart out of TCO and increase service agility by orders of magnitude.  NFV correctly framed the notion of management and orchestration or MANO as the heart of the future of networking…but they only defined it for those virtual functions and left the rest of the service and network out.

I said in an early blog on NFV that MANO was something that you could see through three different lenses.  It could be an NFV function and then expand to embrace the total service and infrastructure.  It could be an operations function and expand to embrace NFV deployment.  Finally, it could be something that knows lifecycles and processes and events and lives outside both NFV and OSS/BSS, and unites all the old and new into one model and vision.  The ISG has not taken the first path, and it’s hard to say how that vision could come about without ISG endorsement.  That means the second and third visions are the best shot, and the second is the one Oracle has taken…sort of.

Oracle’s approach to the problem is largely based on what I’ve called the “virtual device model”, which means that NFV is framed to operations systems like a device.  When it’s called for, an independent process resolves the resource commitments needed to make the NFV virtual device into something real.  That approach is a reasonable first step for NFV but it’s not an optimum strategy.  NFV needs to integrate resource and service management, which can’t be done if the deployment of resources and the management of those resources is opaque to operations.

Alcatel-Lucent’s and HP’s NFV strategy are actually better than Oracle’s in terms of implementation, because either would allow for the handling of service events to be mediated by a service model.  Why then is Oracle getting such good traction?  The answer is that while they may not be integrating NFV into operations, they are focusing on modernizing operations overall.

You could gain as much from redoing OSS/BSS implementations around a model-and-event framework as you could gain from either SDN or NFV.  In fact, it’s the operations improvements that are essential.  As operators have moved past the “prove-you-can-deploy-a-VNF” stage of NFC testing, they’ve recognized that to deploy NFV you’ll have to make a business case, not prove a technology.  Central to all NFV business cases is efficient deployment and management.

If you look at the NFV projects that really matter, the ones that are actually trying to prove out NFV’s benefits, you see that they’re divided into two groups, one that approached the issues at the service level from the top down, and the other that approached issues at the technology level.  Oracle’s laser focus on the service lifecycle has given it a lot of curb appeal to the first group, to the point where in at least one Tier One they ended up with a compelling position with the account before any real discussions of NFV features took place.

The question is whether this kind of lead can be sustained.  It’s always dangerous to base your strategy on the presumption that your competitors will continue to give you free rein with a key buyer issue.  However, it’s fair to say that Oracle’s two arch-rivals, Alcatel-Lucent and HP, have so far done just that.

Oracle has a secret weapon, though, in database technology.  NFV operations isn’t a network problem it’s a database problem.  You can’t do NFV management effectively at scale without implementing a kind of database buffer between the resources to be managed and the management and operations elements.  Oracle has all the knowledge and technology needed to do a premier job in that space, though so far they’ve made no comments on it that I’ve been able to find.

And lurking behind all of this are the two pivotal NFV issues, which are intent models and IoT.  The former could finally expose the real issues of operationalizing NFV and so create a scramble for implementations that address those issues.  The latter could be the camel’s nose that pulls a very large vendor under a very important tent, because IoT is a major opportunity for NFV if it’s conceptualized realistically.  Oracle has experience in both these areas too, and so they’re likely to broaden their engagement as time passes.  Since Alcatel-Lucent and HP are likely to start singing operations more effectively to counter Oracle’s early positioning, this will create a three-horse race that could really focus the industry on the right questions for NFV to answer.

Does the Street have it right when they say NFV could hurt Cisco?  A Barron’s blog suggests that SDN doesn’t pose much of a threat to Cisco but NFV does, citing a financial analyst’s report.  The perspective of Wall Street on tech is sometimes helpful because it exposes the issues that could drive stock prices.  Sometimes it just exposes technical biases in the Street’s thinking.  Which is it this time?

The report suggests that enterprises are moving apps to the cloud and to high-density servers, which reduces the need for switching—particularly top-of-rack stuff.  SDN doesn’t enter into this threat because enterprises lack the software skill to implement it.  That assumption doesn’t square with what I hear from the enterprises.

I’ve not found any enterprise who says they are reducing data center switching because of cloud use or dense-core servers or hyperscale.  It may be that switching would grow more rapidly without multi-core, but of course we’ve had multi-core servers for decades.  I have to dismiss the argument that something unusual is happening here.

As far as the cloud goes, enterprises tell me that they are migrating some applications, and some pieces of others, to the cloud, but that this process has had more impact on stranded application-specific servers than on the data center.  None of them told me that they saw a reduction in data center switching arising from the use of cloud computing.

The question of whether SDN’s threat to Cisco is mitigated by lack of enterprise software skill is hard to survey because it amounts to asking someone “Are you as dumb as the Street thinks you are?”  What I have found is that it is difficult for a business to justify a shift to a white-box data center because most of their data center technology has at least three years of useful life remaining.  The biggest reason for a lack of SDN adoption is that inertia.  If SDN “saves money” or “reduces capex” then why not reduce it further by simply not buying anything?

The problem with SDN, IMHO, isn’t the software skill of the buyer it’s the positioning skill of the seller.  Capex reduction is an incredibly weak justification for modernization because it usually requires a forklift update to “modernize” and a lot of what’s getting lifted is really being tossed out while there’s still residual depreciation.  These projects have a negative ROI unless you can cover that stranded cost with some other benefit.  What that benefit might be isn’t for buyers to puzzle out, it’s for sellers to articulate and prove.

But is SDN a threat to Cisco?  As I pointed out in an earlier blog, at some point central control of forwarding and connectivity in the data center is going to happen.  My model says that even in 2018 there will be significant impact from these trends.  They don’t force white-box substitution but they do encourage buyers to think about transitioning from expensive brands (like Cisco) to cheaper formulations.  I personally think that SDN will be less an impact than virtual switching and routing, and that white-boxes with an operating system that supports legacy switching/routing will be easier to introduce.  I think Cisco will see an impact from that source as early as the end of next year.

NFV is (as you’d expect) more complicated.  The article suggests that the goal of NFV is to replace switches and routers with virtual appliances, but that hasn’t been the focus of NFV at all.  Dynamic deployment and optimization is most useful for customer-specific elements of the network, or for dynamic multi-component ecosystems (like IMS or CDN).  A virtual router is really a hosted router, not a VNF.

Enterprises are likely to be transitioned to virtual switching and routing as a part of an expansion in the scope of VPN/VLAN services, something that is already starting to shape vCPE to include network edge switch/router technology.  This is probably the greatest impact point for Cisco because there are a lot of edge devices in a network, and so losing even a percentage of that TAM would hurt.  But NFV isn’t really the driver here, it’s just lent its name to a notion of hosting edge functions on commodity multi-purpose devices.  I’ve pointed out in the past that you don’t need NFV for vCPE.

NFV deployment at an optimum level would actually benefit Cisco, though.  NFV could create a market for hundreds of thousands of new servers and switches.  Cisco makes both.  The NFV data center market alone could increase data center switch TAM by 25%.  Since UCS has lower margins than switching/routing today, server gains might not boost profits the way Cisco would like, but by 2018 margins on switching/routing will be lower too.  Any port in a margin storm.

I think the analysis of SDN and NFV impact on Cisco that the Barron’s article cites doesn’t hold water.  This doesn’t mean Cisco skates by on SDN and NFV impact.  The biggest problem for Cisco is actually something that I’ve blogged about all last week—intent models.

In a software-based network, where “devices” are really virtualized collections of software features, a new target of interoperability has to be defined.  You can’t look for box equivalence.  That new target, I think, will be the “black box” or intent-model feature set.  Anything that can look like an intent-router is a router.  That includes virtual equivalents, but also real ones.  If you can harmonize a virtual function set to look like a physical device, you can harmonize real device behavior to look like that same thing.  Where then is Cisco’s brand superiority going to take it?

That’s the truth of the “impact of SDN and NFV” for Cisco. Neither of these two technologies are going to prove out without strong adoption of intent models.  Intent models, not SDN or NFV technology as we know it, poses the threat to Cisco, by anonymizing the way that network features are created.  Anonymize the features, and you anonymize the vendor.

The solution to this would be for Cisco to be a feature leader, but the company is legendary for seeking a “fast follower” role.  Wait till the market develops it and then kill early players with your massive brand.  That works when brand matters, but the time when it does—at least matters in the traditional sense—may be passing.

As an industry, networking has always been very dependent on standards.  One big reason is the desire of operators (like all buyers) to avoid vendor lock-in.  Standards tend to help make boxes interchangeable, which reduces vendors’ power to control modernization and evolution.  SDN and NFV are “standards-based” technologies, so you might think they’d continue this trend.  They might in fact accelerate operator choice, but for reasons a lot more complicated.

Of the two technology revolutions in networking that we hear about today, SDN is the most “traditional” because it’s aimed specifically at creating a service behavior set and not at hosting the stuff that does that.  Packets go from Point A to Point B in SDN because they got forwarded along a path, and that pretty much describes what happens today in legacy networks.  The difference with SDN lies in how that path is decided.

Adaptive behavior, meaning dynamic discovery of topology/connectivity, is the basis for path determination today.  A router expert once told me that about 80% of router code was related to path determination, and what SDN would do is pull that logic out of devices and send it to a central control point where paths were analyzed and imposed on the network (via OpenFlow).

If path determination is the thing most impacted by SDN you’d probably think that early SDN applications focused on where it was the biggest part of the problem, but that’s not been the case.  SDN so far has deployed more in the data center where path cost differences are negligible and where failure of devices and paths is rare compared with the WAN.  SDN has really been driven by the need to explicitly control connectivity, particularly in multi-tenant applications.

What has SDN done to hardware?  Despite all the white-box talk, not as much as many thought.  The early applications have actually been more overlay-network-oriented, where we build tunnels and routes on top of traditional (usually Ethernet) connectivity.  Some SDN architectures (like the original Nicira) were designed from the first to ride on legacy connectivity not displace it.  This may change over time, though, because if connectivity management is ceded to higher layers, then the data center switches are just transport devices, harder to differentiate.  So that gives operators more choices, right?

Actually it doesn’t.  The cheaper a box is, the less differentiated it is, the harder it is to drive new player opportunities.  Nobody wants to fund a startup in a space where everything looks like everything else.  So where SDN is really driving operator choice is more in the software, a network area that’s only now emerging as important.

NFV is even more complicated.  First and foremost, NFV separates software (in the form of embedded features or “firmware” or “network operating systems”) from hardware, which allows the underlying platform to be commoditized.  Software, left on its own, is now free to innovate.  The theory has always been that virtual functions hosted on commodity hardware would lower the total cost of ownership, and broaden operator choices by preventing proprietary lock-in.

It’s hard to say that will happen.  Two virtual functions are interchangeable based on a bunch of qualifiers.  They have to run on the same thing, do the same thing, expose the same interfaces, and be managed in the same way.  If we have a service chain created to build vCPE, for example, the elements in the chain are interchangeable if all these criteria are met and any one element can be switched out for a competitive brand.  Many think this is one of the goals of NFV specifications, but it’s not.

NFV does not dictate any service data plane interface, any functionality, or any management interface.  Given that, vCPE created by chaining three functions wouldn’t predefine any set of interface standards to conform to.  It would be a happy accident if we had three or four providers of individual virtual functions (VNFs) that could be freely substituted for one another.

What this would mean is that NFV might actually promote vendor lock-in at one level and reduce it at the level below.  Software features have enough range of motion in implementation that vendors would be able to develop ecosystems of VNFs that worked well together but didn’t easily accommodate substitutions for individual functions.  They would be able to pick from commodity platforms, though, right?

Perhaps.  NFV is a new world, and the NFV specifications are not broad enough to define every piece of it.  Operators realize that all NFV implementations are not going to be equal, end-to-end, and in fact that not all will even be able to make the business case.  The NFV vendors often provide VNFs, platforms to host stuff, operations and management and orchestration.  All these work within the ecosystem the vendor offers, but we already know that you can’t be sure you could substitute one VNF for another.  You can’t substitute one MANO for another either, and it doesn’t appear you can substitute even Virtual Infrastructure Managers.  If you buy an NFV ecosystem, you’re buying a single vendor or a vendor and specific partners.

Before you take this as doom and gloom, let me say that the long-term prospects for an open and efficient NFV implementation are very good.  What we see now in NFV, and even in SDN to a degree, is a growing-pain problem.  Whether it would even have been possible to standardize NFV fully, to make every piece interchangeable, is debatable.  We certainly didn’t do it.  That means that we’re going to have a bunch of implementations out there, each presenting a unique slant on the value proposition for NFV.  The ones that get the best traction will become the focus of more partnerships, be expanded more by new product features, and will define the shape of the NFV future.  The others will die off.

You can see some of this already.  Alcatel-Lucent offers NFV in a sense as a carrier to mobile evolution.  HP offers a broad ecosystem of partners with useful VNFs, and Oracle offers an operations-slanted vision.  The differences in implementation are way more subtle than the positioning (which for some vendors is still too subtle) and the early-market drive that the vendor hopes to harness.

What will actually create an open NFV ecosystem, though, is the “service agility” driver.  In order to create agile services that can be efficiently operationalized, operators will need to assemble services from little functional blocks that can be stitched together using deployment automation tools.  As I’ve suggested in prior blogs, these blocks will each be “black boxes” or “intent models” representing features disconnected from implementation specifics.

The standards for interconnection in NFV will be shaped by the operators themselves when they build their service libraries.  It’s just that the early winners among NFV vendors will be in a better position to help do the shaping.

The question of how to secure SDN and NFV comes up all the time, and in my view it’s yet to be fully resolved.  I think we’re trying to achieve “security by dissection”, meaning that we look at things like VNFs or NFV Infrastructure and ask how to secure them.  Yes, you have to build a secure ecosystem from secure pieces, but ecosystem security isn’t assured that way, only preserved.  The things that connect SDN and NFV, the things that make them different, have to be addressed.

The big challenge in SDN and NFV security, speaking ecosystemically, is that there’s a significant “signaling” or “control/management” plane that’s explicit in both.  Inside this plane you can command devices, establish behaviors, and most of all admit things from the outside.  Compromise this process and your security measures are doomed no matter what you do elsewhere.

Part of the challenge, as I noted in a prior blog, is that we have to define an “architecture” for either SDN or NFV to understand just what security is needed.  If there’s a control/management plane, how is it related to the data plane of the service or of the infrastructure?  For example, is an NFV service created “inside” a private IP address space and gated to the outside world only for its external ports?  If so, and if management connections are gated in a secure way, you’ve gone a long way to creating a secure implementation.  If not, if you use public addresses for all components, then everything inside a service could in theory be attacked from the data plane.

Aside from architecture, there is another point about SDN and NFV security that can be addressed in a general sense.  Both SDN and NFV are highly dependent on control/management interactions.  In fact you could argue that what separates SDN and NFV from the older technologies is the dominance of control/management processes over adaptive processes.  That to me means that it’s likely that these control/management processes will need special attention to secure them properly.

Message authentication is like disarmament; the operative concept is “trust but verify.”  The presumption in SDN and NFV is that commands issued to devices or device systems are authentic, meaning that they emerge from a trusted entity.  Most security is focused on trust management, and most of that falls into the categories of isolation and path protection.

If all your trusted entities are collected in a single subnetwork, and if that subnetwork is made up of protected paths—encrypted or whatever—so that outsiders can’t gain access, then you can control trust conveyance by controlling who’s on the subnetwork.  This is why I think the question of subnetwork architecture and security are critical for both SDN and NFV.  It does little good to talk about security if your critical control/management interfaces are exposed to public access.

The problem with a pure trust focus is that you don’t account for a trusted entity turning on you, either deliberately or because they were hacked and someone has taken control.  Few control measures are total proof against hacking, but it’s possible to reduce risk by making sure that trusted entities are not exposed to public Internet access or subject to the introduction of malicious software.  You need a very isolated sandbox, which is not just addressing but processes.

Even that’s not always going to solve your problem.  Things creep through almost anything, and there’s also that risk of someone going rogue or simply making a major mistake.  This is where the “verification” comes in.

It should be an axiom of SDN and NFV that any control/management change made for any reason must be explicitly associated with a causal factor (both event and the agent making the change) and logged.  Further, it should be an axiom that the message itself (including the causal factor and commands) must be authenticated.

Message authentication in networking and IT has been around for a while.  The basic idea is that you generate a secure “hash code” from a message that is a form of a cryptographic key.  Anyone can send this key to an authority for validation, which means that if you derive the key of a message you receive you can validate the key and through it the authenticity of the message.

Everyone is familiar with a technology that can be useful for the verification of messages in SDN and NFV, but not in the form they’d expect.  Bitcoin uses what’s called “block chaining” or (as one word) “blockchain” to keep a tamper-proof history of something.  One could apply blockchain principles to SDN and NFV interfaces or control elements to keep a log of everything that happened there, and because the players in the process can be authenticated via a token using a public key, you can identify who did what.  One company I’ve encountered who offers this is Guardtime, who as it happens has a relationship with Ericsson.  However, I can’t find any specific reference to the two companies working on an SDN or NFV strategy together, which suggests that blockchain applications to control/management security are still novel.

The application of a bitcoin-like process to the control/management action history of a network device or management interface is pretty clear, but you can also apply the blockchain principle to automated responses.  We’re entering the “I, Robot” age of networking, where we rely on automated processes to do everything for us.  The price of economical operations is low human touch.  Absent the Three Laws of Robotics, though (see Asimov’s work if you don’t recognize the term), it’s hard to be confident that our robotic network agents aren’t throwing a flyer now and then.  Event-driven processes can also be logged through blockchains so you can track back how something happened.

You can use elements of blockchain technology to authenticate agents, messages, control interfaces, devices, and more.  You can even “authenticate” the state of a service or infrastructure element, which means you could know whether you were in it or not.  In theory you could build up a model of security using these principles and then use an audit process to establish whether you were still in a state of trust, even in a state of functional optimality.

It seems to me that there’d be a lot of value in exploring what blockchain technology could do in SDN and NFV security, and even in how it could change the view of what audit trails and network state management should look like. Thus, it seems we should be thinking about the blockchain concept as part of the SDN and NFV story, and probably in other IT areas as well.

I’ve talked in the last two blogs about how intent modeling fits the way that SDN and NFV have to work, and also a bit about its relationship with OSS/BSS, TMF, and the ETSI models.  Today I’d like to close this series of blogs with a discussion of intent modeling and orchestration.  As it happens, it might be intent modeling that finally defines that notion fully, and also fully justifies the ISG.

When you read through the ETSI material as a (former) software developer and architect, you’re struck by one point.  The documents implicitly define software that processes data.  That point might seem trivial on the surface because, after all, isn’t that what software is supposed to do?  Actually, in a general modern sense, the answer is that it’s not.

Let’s review for a second what an intent-modeled service would look like.  It would be a series of connected/cascaded models/objects, with the top one representing the retail offering.  As you develop downward, you’d pass through some number of layers of “commercial models” that describe interconnection of purchasable entities, and finally cross a border into describing how intent was translated into resource commitments.  It’s the classic tree-turned-upside-down picture.

One could say that an “orchestrator” processes this mode, but the problem with that is already visible.  We have a separation of orchestration and management, and implicitly of deployment and the rest of the lifecycle processes.  The more logical way to approach this would be to say that orchestration is a data-driven activity, and that deployment is simply a stage in the service lifecycle.

If we presume that our service model is fully developed in the order entry process, then logically the way to deploy it would be to send the top object an “activate” command, which is an event.  That object would then run an orchestration process that would look at its own as-a-service subordinates and activate them in turn.  You’d see a cascade of these events down the tree, and a collection of responses coming back, focusing eventually on the top object.

This, IMHO, is the only way to visualize a deployment of an intent-modeled service.  All any layer of this structure knows about the rest is the set of services it consumes itself.  You commit the services at a given layer, and that commits the subordinate ones, and so forth.

Each layer in the intent model is our black box process, and so each layer presents only functionality and an SLA in an upward direction.  The model is responsible for the SLA so the model is responsible for remediation if something breaks, which includes horizontal scaling and replacement of a failed component.  Those are lifecycle actions, and so they belong in the model.

What separates this from the literal ETSI view are two points.  First, orchestration is a continuous and “fractal” process.  It is running all the time, but it’s running in response to events.  The second point is that the intent model structure describes the end-state of the service not a parameter set, and the model itself mediates processes to get the service into that goal-state.

In the intent-modeled service the “Orchestrator” and “VNF Manager” and even the VIM are all co-equal processes that are integrated into a given intent-model lifecycle state/event table.  Everything that happens is a response to conditions, which is the first test for a fully automated service process.  The blocks in the ETSI E2E are functionally valid but are not literally process elements.

One thing this could do is provide an actual mission for the NFV work to support.  From the first there’s been a strong correlation between what MANO was supposed to be doing and what something like OpenStack already does.  If you presume that the only goal of the NFV architecture is to deploy and connect virtual functions, you’ve reinvented Nova and Neutron, respectively.  But if you say that it’s the intent-modeled service, the event-connected lifecycle progression, that NFV defines, then you’ve stepped into the new world that NFV as a concept has promised.

This same approach also integrates management and operations.  A service lifecycle driven by service events has a natural event-handling relationship with both NMS and OSS/BSS.  If a service breaks, you launch a lifecycle process to remediate.  If it works, you tickle the NOC to get the underlying problem (like a bad server) fixed.  If remediation doesn’t work you have to do a billing credit by tickling an eTOM process in the OSS/BSS.  All of that is defined into the service lifecycle process by the intent model.

Presuming that intent modeling goes (forgive the pun) as intended, there is going to be an impact on the NFV marketplace.  Several in fact.

First and foremost, intent modeling cements the business case to the implementation.  If you do a PoC on an intent-modeled implementation of NFV you can tie in everything needed to show capital savings, operations efficiency gains, and agility gains.  No stranded business cases required.

Second, the relationship between SDN and NFV is firmed up, and even SDN’s role outside NFV is strengthened.  The same is true for the cloud; SDN and NFV are both mechanisms to expand the scope of cloud “orchestration” and “connection”, and so are things useful for more than they’re being considered today.

Third, there’s now a logical and valid framework in which NFV claims by vendors can be examined.  For example, if Oracle announces NFV-supporting OSS/BSS elements, how do we know that they really support NFV?  Since the relationship between operations and NFV is vague at best, almost anything can be claimed to support that relationship.  If we demand intent-modeled service with event-driven lifecycle management, we can list criteria for “support” of NFV that are meaningful.

Which leads to the fourth point, which is that this approach would separate the wheat from the chaff, NFV-wise.  We could say, for example, that if VNFs have to fit into a specific framework for intent modeling and event-driven lifecycles, then VNFs have to present specific integration points with that.  Do they?  If not, then they’re not VNFs.  Similarly, somebody with OpenStack support can’t say they are an NFV implementation unless they have the broader intent-and-event orientation.

I’d love to be able to say that this is where we’re heading.  I firmly believe that some in the ETSI process see this direction pretty much as I’ve described it here.  More probably accept the broad concept but haven’t thought through all the details.  However…everyone would not fit in that happy camp of endorsers.  There’s a lot of inertia that’s developed in NFV, and right now the momentum is not in an intent-modeled, event-driven direction.  Time will be required to turn it around.

Time we may not have.  What operators want and need from NFV has to be in field trials within nine months or so, and on its way to proving a business case, or we couldn’t hope to deploy enough NFV to change the timing of the revenue/cost crossover operators expect for 2017.  If we don’t see some strong indication that there’s at least a couple vendors who can do the right thing by around November of this year, then I think time may run out for NFV.  Which means again that we’re going to have to accept vendor-driven and even proprietary visions of NFV in order to get useful ones—like intent models.

I talked in my last blog about intent modeling in NFV, and today I want to look at extending intent modeling in two directions—into SDN (which is easy) and into management (which is less than easy).  I’m not going to recap the theory of intent models beyond a sentence, so if you didn’t read yesterday’s blog I suggest you do that before reading this one.

An intent model describes a “service” in terms of the characteristics it presents to its users, not by how those characteristics are created.  Thus, it’s a good statement of an abstraction for a given service or at a given interface point.  I’ve suggested that NFV could use intent models to describe both the “input” to NFV from the higher-layer OSS/BSS (a service model) and the “output” of MANO into the Infrastructure Manager(s) that represent resources.

Since NFV has to command connections be made, and since a NaaS abstraction is the obvious way to describe these connections, an intent model is almost surely what NaaS abstractions should look like.  Since SDN is a way of creating a NaaS connection set for NFV, then an intent model can describe SDN services.  In fact, better than any other approach, particularly for OpenDaylight.

OpenDaylight, with multiple southbound control options, could create a connection service using a combination of OpenFlow/SDN and legacy technologies.  To make that work optimally you’d need a description of a connection service that’s technology-neutral.  Which means an intent model.  The ODL controller could then translate intent into commitments through the southbound APIs to the real devices or management systems.  To me this is a no-brainer, to the point where you have to wonder why it’s taken us so long to get around to recognizing the value here.

The management side, as I’ve already noted, is more complex but in the end also very logical.  An intent model of a network service would include the service connection points and the “SLA”, which would describe the connection behavior to be delivered.  IMHO, it’s not much of a stretch to say that an intent model should define SLA variables, the usual stuff like bit rate, packet loss, delay, and so forth.  We could also establish a convention that every intent model defines a “service quality gauge” that would range from green through red depending on just how good/bad the service was conforming to its SLA at a given time.

The benefit of this is that a given intent model would then be defining variables that it was the responsibility of the lower-level structure (which could be a hierarchy of models or an element that commits resources) to populate.  Since an intent model would have to offer what would look like a downward policy flow to populate lower-level deployment/connection processes with SLA variables from above, there’s nothing wrong with having the flow be bidirectional.

There are implications to this approach beyond simple management variable derivations.  A “service” is now a set of linked intent models, each of which is asserting an as-a-service property set to the stuff above it.  Because every model is a service with policies, properties, and SLAs every model can be managed.

This addresses an important point in service-building, which is how you organize complex services.  Say you have a VPN with two sites, so you have three “services” in NaaS terms—two access services and one interior VPN service.  You can define this as a tree with the retail service on top and the three subordinate elements below.  The “orchestration” of this combination can be visualized easily as the instantiation of the three individual subordinate services followed by the interconnection of the three.  The former step is defined by the intent model for each subordinate, and the final step by the intent model for the top (retail) layer.

The end game here is simple.  A service is modeled and created through a series of abstractions—“objects” in modern software terms.  Each object is an intent model in its upward-facing direction and each object decomposes the fulfillment of the intent it advertises by drawing on services/intents from below.

In most cases, I think, one of these objects will have two primary service/connectivity missions.  One is to activate the services below, and the other is to “connect” them into a structure that fulfills that object’s own intent model.  Overall, this is a modeled, data-driven, approach to NFV.

And more.  If each of these models/objects has a state/event process that describes how it responds to conditions during the service lifecycle, including how it is impacted by and impacts the state of subordinate and superior models/objects, then you can describe remediation of faults and operations/management integration simply by linking processes into that model.

To me, this could overcome what could be a serious implementation flaw in NFV, which is the use of specific logic to address service lifecycle processes.  Yes, you can establish a parameter in a descriptor file to indicate whether a given VNF needs a DNS or DHCP server or a load balancer, as long as you recognize when the software is built that the parameter will be needed.  It’s hard to address new requirements without changing software.  But if you have a model-and-table-based approach with structured service objects, you can change things by simply changing the data model to invoke a different process.

I said yesterday that the introduction of intent modeling into NFV could be a major asset, a major revolution.  Like all revolutions, it could cause significant disorder.  My perception of the ISG process is that it’s proceeding in two directions at once.  One direction is augmenting the original E2E model of NFV, which I believe is not suitable as an implementation guide, and the other is trying to develop functional requirements that, if accepted, would suggest a completely different approach should have been taken.

NFV is going to have to get through this at the political level and not at the technical level.  Somebody, somewhere high up in the organization, is going to have to sit down with a small number of like-minded people and get this right, and then work out how to develop support for the change.  That support might involve some fancy footwork to paper over the fact that a lot of detail introduced so far was introduced based on the wrong approach.  It’s not necessarily going to be an easy task to change, but I think it’s essential if NFV is to be deployed optimally, and I think some operators (and even a few vendors) are seeing the light.

A piece of good news on the NFV front is that the ETSI ISG is moving toward consideration of intent modeling as the basis for a number of important interfaces.  I’ve been advocating intent modeling for several years now, so obviously I’m pleased with the move.  You should be too, and everyone else in both the SDN and NFV spaces, because the decision if implemented could have significant short- and long-term benefits.

In some prior blogs, I’ve suggested that both SDN and NFV must be framed around the concept of “network as a service” or NaaS.  NaaS is an abstraction of a connection service, such that it can be realized using any suitable technology or combination of technologies.  A VLAN or VPN should be a NaaS abstraction.

The reason for this is that operations evolution has to lead technology/infrastructure evolution.  You can’t have customers or customer service agents looking at a service order to decide what technology will have to be used to fulfill it.  Services have to be ordered in terms of what they deliver, and that must then be translated into how it gets delivered.  An abstract VLAN can be ordered as a VLAN and built using any combination of legacy, SDN, and NFV.

The key to making this work is the abstraction itself, the representation of NaaS.  The abstraction of a connection service has to describe the connection in terms of endpoint behaviors and service-level agreements (SLAs).  Think of it as a “description” of the service (the logical topology, which in the case of a VLAN is a “multipoint” service, and its QoS attributes, for example) and a list of endpoints.

This sort of model has been known in the industry for some time (I’ve referenced it in a blog or two earlier).  It’s called an intent model because it models not how something is done but what the “something” looks like to its consumer.  There have even been papers describing the application of intent modeling to virtual networks.  However, intent modeling was not a part of the original ETSI conception of NFV, though it was the foundation of both my CloudNFV and ExperiaSphere work.

It’s fair to ask where exactly intent modeling might fit inside the ISG’s end-to-end model, and there are a number of places.  Let’s start at the top.

A “service” is first and foremost an intent model, as my example here illustrates.  Buyers don’t expect a blueprint and a heap of parts, they want a car.  Service models should be viewed at the top as perhaps a cascade of intent models, each representing a commercial chunk of the service, presented by features and not by implementation.  This could be modeled as the TMF’s “Customer-Facing Services” or CFSs.

The challenge of intent models is that you eventually have to deliver on the intent, which means that you have to be able to decompose the “intent” into realization at the resource level.  The easiest way to visualize this is to think about a point in your service cascade where the structure below ceases to be intent-based and becomes resource-based.  In the TMF world this could be described as the boundary between Customer-Facing and “Resource-Facing Services” or RFSs.

It’s difficult to say with confidence where this boundary point is in the ETSI ISG world because they’ve put operations out of scope.  Instead, let’s shift focus for a moment and look at the ETSI structure to see where intent models might fit.

One obvious place is the top.  A request for VNF deployment should never be expressed in the form of resource-specific recipes because you don’t know where a given service would optimally locate its components (likely dependent on service locations, for example).  So the input to NFV MANO from the OSS/BSS (the Os/Ma Interface in the E2E model) should be an intent model, perhaps what we could call a “deployment order” to distinguish it from what’s above.

In fact, all of the interfaces that ETSI draws “inside” the MANO block of the E2E model should likely be visualized as intent models because in all of them you have an abstraction of behaviors on one side and realizations of the behaviors on the other.  However, the most important place for intent modeling besides the input to MANO is the VNFM-to-VIM connection (the Vi-Vnfm Interface if you’re keeping score).  This is where the service model’s realization has to be converted into specific hosting and connection processes, which means that network connectivity and NaaS are “below” the VIM (which you’ll recall I tend to generalize as Infrastructure Manager to reflect the fact that some of the infrastructure in a real service isn’t virtual at all).

In a general case, then, NFV could be considered to be a description of the boundary between CFSs and RFSs in TMF terms.  The input to NFV is a CFS representing an intent model decomposed from the original retail service (it might be that service if there are no commercial components, or it might be a commercial chunk thereof).  The VIM’s output has to be resource-specific, which says it’s a part of the “cascade” of resource models.

This raises what’s likely the critical intent-model-related question in NFV today, which is just where inside NFV the CSF-RFS boundary occurs.  If I feed CFS models into the top and get resource controls out the bottom, then we can infer that “orchestration” in general is the boundary function between the two.  But what does the border-crossing?  It’s either a MANO function or a (V)IM function.

I think it depends on how resource choices are made.  IMHO, a “service” can set policies within its intent model that would guide resource selection, meaning that a service could require things that preference one implementation over another.  It should never make selections itself because that would mean you’d have to retroject resource knowledge into service models.  If a (V)IM is a representative of, an abstraction of, resources, then unless you want there to be one logical VIM, you have to assume that RFS modeling takes place above it, with the VIM at the bottom of the tree where models turn into actual resource commitments.

I think this same approach is the way that federation of multiple providers or even SDN domains should be handled.  Each “domain” is associated with a resource model that can commit the infrastructure within.  This part of the model is (V)IM-related.  Above the (V)IM is a model that describes how services are decomposed by domain.  You could then visualize a (V)IM not as a piece of logic but rather as a set of models, which says that pretty much the whole of NFV can be visualized as an intent model and the decomposition of that model.

Which is where I think NFV should go ASAP.  Accepting some approach like this would help focus the ISG on the specific things required to make NFV work as part of a service process, and that’s the way it has to work if it’s going to deliver service management efficiency or service agility.

Sometimes our technologies are more defined by the stories told about them than about their realities.  SDN and NFV are no exceptions, and the full scope of mythology for either would take a lot more than a single article to cover.  Fortunately we can narrow the scope of myths (and blogs) by focusing on what operators think are myths.  I’ve culled through the views of service planners in the operator world and collected what they say are the SDN/NFV tales they think are the tallest.

Number one on all the lists is the myth of the five nines.  We’d have SDN and NFV coming out our pores if we could only get them to five nines.  Some operators think this is funny/silly and others think it’s destructive, but service planners agree it’s a myth.  They make two critical points to validate their view.

First, the network business has for years demonstrated that buyers will trade off reliability for price, at least up to a point.  According to the planners, the actual target for future services is only three nines, which is where their own research say buyers will draw the line.

Second, the notion that the nine-count for SDN or NFV is somehow holding up deployment is nonsense.  The problem with both technologies is simply one of proving a business case, which in the service planners’ experience is mostly relating to proving a radical improvement in operations efficiency is possible.  They don’t think SDN hardware is any less reliable than current network devices.  They have not planned to replace major transport/connection devices with NFV functions.  Counting nines isn’t the problem, it’s counting incremental return on investment.

The second myth the service planners listed seems to come out of frustration with some aspects of both SDN and NFV standardization.  Call this one the myth of the perfect resource.  According to this myth, we have to be able to define the resource needs of a given service with great precision.  The greater the better, because if we could find that perfect match the service would be more profitable.

Wrong, say the planners.  The fact is that “perfect routes” differ only a little in cost from imperfect ones, in the scope of services being considered for SDN.  In NFV, a lot of attention to the precise resource needs of a given virtual function means that the effective size of the resource pool is much reduced, which means less economy of scale and more overprovisioning.  A highly detailed assessment of deployment needs would also be more operationally complex to administer.

Myth number three is new revenue is going to come from shortening time to revenue.  We hear all the time about service agility, but when you dig into the comments you find that the talker means “provisioning in hours rather than weeks”.  That shortening is a limited benefit because most service delays are caused by access provisioning, which can be solved only by prepositioning capacity (and that can be done without either SDN or NFV).

The longest provisioning times today are for business data services, and these services tend to get provisioned when new sites are added.  That happens relatively rarely; sites turn over at an average rate of less than 2% per year.  In any event, planners say, you can’t necessarily run glass to every building hoping a customer will pop up there, and without access you can’t change provisioning times meaningfully.

The one area of exception to this is the area of feature hosting for add-on features like firewalls, NAT, DNS/DHCP, etc. which we’ve come to associate with virtual CPE.  Planners admit that there’s likely a benefit to being able to sell users add-on connection features, but they also say that within a year or two nearly all connections have been equipped with the features they will need in the long term.  Smart planners are asking what the cost of ownership will be when the dynamic period has passed.

The fourth myth service planners cite is controversial even among the planners.  That one could be called the operations-business-as-usual myth.  According to both SDN and NFV advocates within the operators’ business, SDN and NFV can be managed in the same way as the traditional devices could have been managed.  No changes to either OSS/BSS or NMS practices will be required.  Planners divide on this one, not based on whether there’s a myth here but based on why and how it would be dealt with.

A slight majority of planners believe that it is possible that “virtual device” management practices that made SDN or NFV look like traditional equipment could work.  The problem for this group is that the qualifier is unacceptable because the consequences of being wrong would be truly dire.  This group wants to see specific service trials to prove out the model, and they don’t see results they can bank on as yet.

The remainder of planners think it would be a waste of time to try to prove the point because it’s invalid on the face.  An SDN enclave or a bunch of hosted functions are not traditional devices.  Under the skin, they cannot be managed in the same way at all.  SDN is not adaptive, it relies on setting failure modes and changing network configuration if something goes wrong.  NFV substitutes servers and virtual connections for a physical appliance, and you have to manage what you really have not what it looks like or you’ll never fix anything.

One of the most interesting things that comes out of the service planner views isn’t their myth concept but the source of the myths.  It’s become the norm to divide operators into three groups—Tiers One through Three.  While the boundaries here are soft, they do roughly correlate with the SDN and NFV socialization that’s happening.  The smaller an operator is, the more targeted the operator’s service set, the more likely it is that the operator has broadly socialized network technology changes and has hammered out an accommodation.

Service myths have the greatest impact on the Tier One operators, because those operators are the most likely to have largely independent standards and CTO processes that are budgeted and can go on for quite some time on their own, bereft of any broad support.  Tier One planners say that a lot of the mythology of SDN and NFV comes not from the vendors but from their own people, who are looking to justify (to the rest of the company) a technology they’ve been advocating.

We’ve seen some pretty interesting NFV deployments from Tier Twos, and I think that the lesson of NFV mythology is that we’ll see the light in smaller operators first, ones who have better internal cooperation.  The bigger ones should think about that one.

SDN and NFV are going to change infrastructure policy, if they succeed.  I’ve blogged about that before.  They’ll also likely change the services offered by operators.  The notion of service agility as a benefit demands something to jump from (which we have; the present) and to (what we’d have to define).  I’d like to think about that future service set today.

We have three broad classes of services today.  First, we have connection services that allow us to communicate with someone (or multiple parties).  Second, we have access services that let us get to something, like the Internet.  Finally, we have private network services in the form of VPNs or VLANs.  These categories are fairly broad, and I think it’s reasonable to assume that future services will tend to work within or among the current classes of service rather than to invent new classes.

As a class of service, connection services are becoming a subset of access services, meaning that we are transforming “connection services” into “connection as a service”.  That shift is inevitable given the fact that the Internet is a connection fabric and most connection services can fit easily within it.  Traditional connection services are the least-likely to be profitable in the long term, and so one change we can expect to see is for operators themselves to under-invest in these services and accept that they’ll lose some of each (or all of some) to OTT over time.

Voice calling and SMS/IM are examples of things that just don’t make a lot of sense to spend money on as an operator.  That doesn’t mean that they’ll disappear from wireless and wireline operator inventories tomorrow, but rather that more and more of them will get subsumed into social-media and other applications.

Service-specific access is also going to slip.  I am of the view that IPTV in the U-verse sense is doomed and I think you can see that in AT&T’s quarterly report.  The whole notion of service agility demands users be prepped with enough access capacity to accept delivery of their services without physical changes being made to the demarcation.  Thus, you don’t necessarily have to give a user the fattest pipe their media can support, but you do have to give them media to support more services than they initially buy, and provide a ready means to upspeed it.

Where this trend takes is to the notion of an agile demarcation (dmark) point, a place where services can be connected for presentation to the user on demand.  The first question that SDN and NFV would have to answer is how their use would facilitate this on-demand connection/presentation.

An futuristic IP dmark could be a more sophisticated version of a gateway router (virtual or real).  A user sees an IP network as a series of accessible subnetworks, which means that it’s fairly easy to present all manner of services as simply a piece of an address space.  You’d have to make sure that you didn’t allow routing between the services for security and stability control, but that problem exists today where VPNs and Internet are provided to the same site.

One possibility here is to presume that a user has a series of IP services that are mapped to a public IP address (the popular Class A address of IPv4 RFC 1918, 10.x.x.x, is an example), which would mean that every IP connection would “see” both public Internet and a series of private services in the same connection.  Another idea would be to create tunnels with SDN that would partition the services in a way similar to that used to deliver IPTV, packet voice, and Internet over fiber.

Carrier Ethernet could be changed by this model.  Ethernet is based on Level 2 addressing, and it would be possible to give each service a Level 2 address through which it would connect.  If the service is something like VLAN that address could represent a “bridge” to an Ethernet LAN, and if the service were Level 3 (IP) the address could look like a router that’s an on-ramp to the IP subnet(s) the service uses.  You could map the same kind of service model to carrier Ethernet as to IP, which means that you could evolve both residential and business customers to the service model.

In the long run, the smart thing to do in both cases would be to give the users a fiber path that could be metered to a range of speeds, and then let the user set the total capacity of their access connection using an operations tool.  That would then set the maximum capacity of agile service connections that could be terminated on that site.

Introducing NFV into the picture changes things a bit in my view.  NFV is about hosting features not hosting connectivity, and in order to give users a feature you need to present what I’ll call a “logical service”, not a series of tunnels.  Features are either embedded in a data path, in which case they are somewhat transparent to the user except in behavior terms, or they look like something the user can address (which implies they have an address and are part of a service address space).

It’s possible to see a service set as a series of tunnels, but it’s not an easy model to manage at the user level.  Given that, I think it’s fair to presume that the future services will be presented as addresses, which means that the service dmark will be either a L2 or L3 virtual window on a world of routers and switches that are gateways to useful stuff.

Connection services in this model are simply addresses through which a connection can be created.  Private network services are the same, and access services are address windows into hosted features of any sort.  This is a kind of compositional dmark model for service evolution.  Every user gets one (or two, for redundancy) access pipes that offer an address-space (or even two—one at L2 and one at L3) window into a service spectrum.

SDN and NFV are interior technologies in this model, obviously.  The biggest change is in the service dmark device that does the composing.  It doesn’t have to be on premises (you could just terminate an access path to an interior element) and it doesn’t have to be an appliance (software virtual routers and switches would work fine).  The point is that whatever the technology, it has to be service-elastic.  Otherwise we have all this wonderful capability to turn on Service A from a portal in 20 seconds, and then watch users wait three weeks for a new access pipe to use it.

There are profound implications to all of this.  Regulators have to address the question of whether providing IP services through virtual address windows links them to the Internet and makes them a neutrality issue.  Operators have to figure out how (based in part on the regulatory issue’s resolution) how “premium” services might be offered—as Internet/OTT services or as part of a private special-service address space.  Everyone will have to figure out how to make all this stuff seem plug-and-play to the buyer.

I think it can be.  I think that the address-space windowed compositional dmark model is the logical vision for the SDN/NFV future if you look at infrastructure from the user’s perspective; if you look (virtually) down the access pipe that connects you to your carrier.  I think this is the vision that everyone has to work to, or new services are going to underperform.

If SDN and NFV are going to create market waves, the obvious question is whether vendors are going to ride them or be swept away.  Given the immature state of both technologies, there’s not a lot of clear indicators to read on that topic, but there do seem to be a few signposts emerging from the fog, and I’ll try to describe what I see on them.

First, I think it’s clear from the strong showing Huawei is making that operators (except in the US where a political decision prevents them from selling) are increasingly adopting Huawei because they’re usually the price leader.  Huawei is also driving the prices lower in deals that they don’t get.  My view is that this demonstrates that neither SDN nor NFV are seen by operators as proven strategies.  We’d be virtualizing things, not buying price-leader products, if virtualization were proven.

Second, it’s just as clear that nobody can stand up and say “SDN and NFV are never going to amount to a hill of beans!”  Operators believe in the future of these two technologies even if they can’t prove them in the present.  Juniper, for example, has done a turnaround from a couple of years ago, when they were calling “service chaining” SDN and are now calling virtual routing a VNF.  Huawei, who is winning in the current cost-cutting paradigm, is still pushing hard to be a player in SDN and NFV.  You have to be able to show relevance, at least, in an SDN and NFV future or your stuff is hit with the label of “stranded cost.”

What these two points show is that we’re in a really funny state, market-wise.  It would be incorrect to say that either SDN or NFV is a sure thing, but it’s obvious that operators are looking hard to find a reason to invest in both of them, and if the right business case emerges there will likely be a very rapid response among buyers.

What’s somewhat surprising to me is that NFV and SDN are both as much IT stories as networking stories, and IT incumbents haven’t pushed their own positions as hard as I’d have thought they would.  You can understand why Alcatel-Lucent, for example, would be charting a careful path to NFV to avoid killing more routing business in the near term than they’d gain in VNF or MANO business.  Dell, HP, IBM, and Oracle are all unencumbered by network business to lose, and all of them have server products that would augment VNF and MANO revenues in the event of a big NFV win.  Yet none of these players are really aggressive in marketing, and IBM seems almost disinterested.

I think that the lack of drama in the IT giants’ NFV positioning is responsible for the near-term focus on VNFs.  You need a truly systemic business case to drive systemic NFV or SDN deployment, and in order to get that you have to involve legacy infrastructure, operations systems, service creation, and even marketing and market targeting.  Give that list to a salesperson to sell through and they’ll respond by looking for a job with a faster payoff.  You need a strong marketing platform to push through a broad NFV success, and absent such a push from the vendors with the least to lose, we fall back on low apples.

The easiest places to push NFV and by association promote SDN are places with one of two characteristics.  First, they can be customer edge services.  Anything that is done at the service edge is customer-specific so it can be market-targeted pretty easily to manage cost/revenue exposure.  We see vCPE for that reason.  Second, they can be distributed-intelligence services which would mean mobile services and content delivery today and IoT in the future.  These services have multi-tenant value and so can be justified on at least a metro scale without pushing spending too far ahead of return on investment.

In the vCPE area, I think that the next place to watch for some serious action is the area of application delivery control and application acceleration.  These are typically presented close to the edge, and the former is closely related to the load-balancing needed for any VNFs to exercise horizontal scaling.  F5 did pretty well this last quarter, which shows that there’s a real need for the technology, and so I’d expect that we’ll see a lot of interest in this space among VNF hopefuls.

In the distributed-intelligence services space, I think we have three possible push points not yet really represented in the market:

• IoT, which I’ve mentioned before. There really is a lot of value in IoT if you get your head out of 5G clouds and look not at how you connect the stuff but how you harness what we already can (and do) connect.  I think there are a number of vendors looking at an IoT service architecture, and I know there are operators who’d like to see it.
• Content delivery, which is implicated in the area of greatest traffic growth and which cuts across OTT video and mobility trends to create a symbiotic architecture opportunity. We used to have a cloud CDN vendor in Verivue, and they got sold off.  True “cloud CDN” demands both SDN and NFV play a significant role, and with content as important as it is, this is a great shot.
• Service application platform, because SDN connects service elements and VNFs deploy them, but you still need to have them for either to be useful. Logically speaking, we should have a “VNFPaaS” architecture that lets operators quickly assemble services from useful functions within a framework whose APIs and controls assure interworking and operationalization.  Right now every VNF is an island, and that’s no way to build an ecosystem.  We’d end up with the VNF equivalent of Darwin’s finches.

I think you can see the street signs, as I noted, but we’re missing that big overhead freeway sign.  For that, we’ll have to wait for Cisco to commit.  Cisco’s “let-me-show-you-just-enough” strategy for both SDN and NFV is a clear indicator that the sales champion of networking things that the current model (where Cisco is at least a major contender if not a winner) still has legs.  When Cisco starts to trot out major, and real, announcements in SDN and NFV we’ll know that the flex point, or at least the critical decision point, is near.

When might that be?  I think we’ll want to watch the signs this fall.  Operators typically do a fall strategic planning cycle that runs from mid-September into mid-November.  If they are going to do something radical in 2016 that cycle is where they’d likely show their hand.  I’ll be keeping an eye on things in that period, and you should too.