Reading Time: 7 minutes

All networks and for that matter the world of internetworking is changing from static hardware defined solutions to software defined networks.  We have seen SD-LAN (Software Defined – Local Area Networks) and SD-WAN (Software Defined – Wide Area Networks) for the past few years already.  It all began in the data centres with SD-LAN to make them more agile and adaptable to rapidly changing needs and configurations.

Next to evolve was the SD-WAN with MPLS and core networks separating the data plane from the control plane to make them more agile and flexible.

Now, the software defined strategy is hitting the endpoints of a network at the ‘customer premise equipment’ or CPE.  Some call them Universal CPE (uCPE) like AT&T does in the USA and others, like IBM, refer to them as Virtual CPE (vCPE) like they do globally.  Whatever the marketing folks brand them as these days, this is a game-changing technological strategy for internetworking.


Let us use Juniper Networks as an ideal example of the classic vCPE platform.  The make three devices, the NFX-150, NFX-250, and NFX-350.  Each box is just one rack unit high but varies in compute and storage capacity, thus processing power and functionality change with the more powerful box you use.  These devices are based upon the Intel x86 processors.  So, they are inexpensive computers but but for the taxiing demands of the edge router role with high performance and reliability inherent in each chassis.

Historically, vendors sold several stand alone devices, all housed in separate boxes.  If redundancy at the endpoint was needed, then a multitude of devices had to be installed, connected, configured, and maintained.  This hardware based solution was slow and difficult to deploy, capital expensive, and complex to set up and operate.  Outages took a painfully long time to troubleshoot as anyone who has had to find the proverbial needle in the haystack solution can attest.  It makes me nervous and stressed just writing about it.

However, the software defined realm is finally catching up to the endpoints and several vendors have been exceptionally creative and inventive in developing software defined routers for the customer locations at the edge of the networks.

So, what is a vCPE anyway?

Virtual customer premises equipment (vCPE) is a way to deliver network services such as routing, firewall security, and virtual private network connectivity to enterprises by using software rather than dedicated hardware devices.  By virtualizing CPE, providers can dramatically simplify and accelerate service delivery, remotely configuring and managing devices, and allowing customers to order new services or adjust existing ones on demand.  Since the box is generic,  lots of different virtual presences can be installed, even from a variety of vendors.  Since these presences are software defined, you may have a Cisco, Checkpoint or Juniper firewall install in your box.  Different endpoints on the same network can have different presences installed.  Not that it is desired to do this approach, but it is technically possible.


Traditionally, customer premises equipment (CPE) consists of provider-owned, specialized hardware devices deployed to branch office locations.  Providers must send network technicians onsite to provision and configure CPE, which means that deployment of new services can be time-consuming and expensive.  In contrast, vCPE, also known as cloud CPE, abstracts the intelligence of such devices into software-based functionality that resides in a remote data center. The software runs on top of simple, inexpensive, on-site hardware. This model also allows the consolidation of specialized, individual devices into one general purpose box, both for convenience and cost-effectiveness.

Some research indicates that vCPE is one of the top drivers of network functions virtualization (NFV) deployment, because of its potential to simplify operations, reduce CapEX and OpEX and speed service delivery.

Network Functions Virtualization (NFV) abstracts network functions, allowing them to be installed, controlled, and manipulated by software running on standardized compute nodes.  NFV incorporates cloud and virtualization technologies to drive rapid development of new network services with elastic scale and automation.  These technologies are often grouped as NFV and software-defined networking (SDN).


The desire to automate the orchestration and management of network, storage, and compute resources is a key driver of development for NFV and SDN.  Imagine a scenario that includes one physical server with 10 VMs (Virtual Machines) or hundreds of containers.  This concept would never scale if manual operations were required.  With automation, you can rapidly spin up or destroy virtualized network functions (VNFs) such as VMs, containers, routers, firewalls, and intrusion prevention systems (IPS), to elastically scale your network functions to match dynamic demand.

In the hardware realm, this would have required an abundance of time, measured in months, and tens of thousands of dollars, perhaps even topping one hundred thousand dollars?  However, in the world of software defined CPE, changes can be made quickly, measured in just days or perhaps hours depending upon your level of preparedness.  The costs are paid in monthly installments and can flex with the needs and the NFV virtual machines that are deployed.  So, a retailer can scale up for the holiday season and then scale down the networks and the resources during the quieter winter selling months.  As demand increases again, it can simply scale the solution back to full power, or even far more.


The modular architecture of NFV is what allows service providers to automate at every level. Major components of the architecture include:

  • NFV infrastructure (NFVI) building block—Provides the virtualization layer (hypervisors or container management systems such as Docker), and the physical compute, storage, and networking components that host the VNFs. NFVI is managed through the NFVI infrastructure manager (VIM), which controls the allocation of resources for the VNFs. OpenStack is an example of an open source VIM, controlling the physical and virtual resources. VMWare is an example of a commercial VIM.

  • VNFs—Software-based applications that provide one or more network services. VNFs use the virtualized infrastructure provided by the NFVI to connect into the network and provide programmable, scalable network services. VNF Managers support the lifecycle of VNF instances and management of a VNF software.

  • Management and orchestration (MANO)—Provides the overarching management and orchestration of the VNFs in the NFV architecture. MANO instantiates the network services through the automation, provisioning, and coordination of workflows to the VIM and VNF Managers that instantiate the VNFs and overlay networking service chains. MANO connects the NFV architecture with the existing OSS/BSS.

Depending upon the compute, storage, and platform configurations deployed at the site, ‘Edge Computing’, also known as Fog Computing can be installed.  This pushes more functionality and capability closer to the end customer’s location thereby driving more value.  By ‘pushing the intelligence to the edge”, internetworking attributes can be addressed, such as latency, speed, local interactions, data sharing, and overall internetworking performance.  This edge computing is ideal for Internet of Things (IoT) implementations too.


One of the powerful attributes of a vCPE is the ability to connect to the public internet in several ways.  You can connect ‘On-Net” whereby the router is connected to your core network, often an optical fibre WAN connection.  Or, a popular vCPE option is to connect ‘Off-Net’ when the router is connected to a variety of third-party connections such as xDSL, cable modem, LTE, or more.  With the use of a secure tunnel to the cloud hosting site, your data is well protected and still married into your network at the cloud location.  With Off-Net connections, routers can be added to locations where your core network does not reach.  Deployment is quicker with these low-speed, quasi-consumer grade connections too.  Channel bonding of several connections permits higher aggregated data rates with 100 Mbps to 300 Mbps speeds deemed to be realistic for a typical Off-Net connection.

The vCPE offers lots of flexibility and provides true value in the data rate versus cost equation.  Internetworking is becoming a commodity service with unseen before lower pricing, so the infrastructure needs to map to these lower pricing models to warrant the costs and retain profitability for the providers.  Adding vCPE to difficult to reach locations is achievable today as modern cable and telecom link coverage is ubiquitous for most urban and suburban areas.  Deployment times are faster and security is proven with encrypted VPNs.  The cost per site is probably the most attractive attribute of the vCPE.  So, give this next generation connection strategy a try when you need to add a branch location or link in a remote site to headquarters.


About the Author:

Michael Martin has more than 35 years of experience in systems design for broadband networks, optical fibre, wireless and digital communications technologies.

He is a Senior Executive with IBM Canada’s GTS Network Services Group. Over the past 13 years with IBM, he has worked in the GBS Global Center of Competency for Energy and Utilities and the GTS Global Center of Excellence for Energy and Utilities. He was previously a founding partner and President of MICAN Communications and before that was President of Comlink Systems Limited and Ensat Broadcast Services, Inc., both divisions of Cygnal Technologies Corporation (CYN: TSX).

Martin currently serves on the Board of Directors for TeraGo Inc (TGO: TSX) and previously served on the Board of Directors for Avante Logixx Inc. (XX: TSX.V). 

He serves as a Member, SCC ISO-IEC JTC 1/SC-41 – Internet of Things and related technologies, ISO – International Organization for Standardization, and as a member of the NIST SP 500-325 Fog Computing Conceptual Model, National Institute of Standards and Technology.

He served on the Board of Governors of the University of Ontario Institute of Technology (UOIT) and on the Board of Advisers of five different Colleges in Ontario.  For 16 years he served on the Board of the Society of Motion Picture and Television Engineers (SMPTE), Toronto Section. 

He holds three master’s degrees, in business (MBA), communication (MA), and education (MEd). As well, he has diplomas and certifications in business, computer programming, internetworking, project management, media, photography, and communication technology.