This blog was published in the IEEE ComsSoc Technology Blog on April 10, 2023. You can read the original article here
Introduction (by Alan J Weissberger):
Through network disaggregation of hardware and modular software, as proposed by the OCP, TIP, and O-RAN Alliance, network operators can select cheaper/commodity hardware from Taiwanese and/or Chinese manufacturers (ODMs)while using open source software or purchasing software from a trusted source.
For example, open source or proprietary software can turn a bare-metal-switch into an Internet gateway or a 5G core router. That software will also provide network management and security. It can easily be changed if the network operator, or the national government, decides the security landscape has evolved – without the need to replace any physical equipment.
IEEE and SCU SoE are sponsoring a virtual panel session which is described here.
Disaggregation Issues (by Richard Brandon, VP of Strategy at RtBrick):
As you move closer towards the core, disaggregation will certainly result in more physical boxes being used than traditional network systems, but closer to the edge it is usually a one-for-one replacement, substituting a single proprietary box with an open one. Even in the core though, this won’t necessarily mean many more outward facing physical interfaces. For example, a white box switch really just takes the place of a line-card in a conventional chassis-based router, with the same number of outward facing networking ports. So at that level, little changes.
Q & A (Alan and Richard):
1. Which of the consortiums (OCP, TIP, O-RAN) are doing a good job of specifying disaggregated hardware modules and the exposed interfaces between them?
We’ve been working closest with TIP and its operator members, specifically on the Open BNG initiative. They’ve issued a set of requirements for different use-cases, which have been driven by several operators. There is always the risk that this requirements list can become a superset of everything that’s ever been implemented, but the process is doing its best to manage that challenge.
2. Any success stories of multi-vendor interoperability of those disaggregated network modules?
For Open BNG, TIP selected several hardware and software vendors that met their criteria, which includes interoperability. For example, RtBrick’s routing software can run on nine different hardware platforms from three different vendors, and those platforms can be mixed and matched to optimize for scale and cost. RtBrick’s BNG software has been deployed in Deutsche Telekom’s production network, working on different vendor switches.
3. The cyber attack surface is greatly increased with many more exposed interfaces. What extra cyber security is needed to prevent attacks?
Of course, there are more distinct switching entities, but in some ways, this is actually an advantage because if any individual switch is compromised by a DDos Attack, for example, the blast radius of the attack is actually reduced with disaggregation.
Either way, it is usually the software where any vulnerabilities may lie. Here, disaggregation opens up some interesting dynamics when it comes to security threats, particularly those security concerns that derive from equipment provided by ‘untrusted nation states.’ Up until now, telcos have had a choice between lower-cost equipment from these untrusted states, or using trusted vendors with higher cost-bases.
Disaggregation brings the best of both worlds. The hardware can be sourced from countries with low manufacturing costs, but the software, which is where the vulnerabilities may be, can be supplied by vendors from open democratic countries.
Richard Brandon is a strategic and operational IT marketeer who is focused on results for his customers. He has experience within the networking, telecoms and TV industries.