Speaking Engagements & Private Workshops - Get Dean Bubley to present or chair your event

Need an experienced, provocative & influential telecoms keynote speaker, moderator/chair or workshop facilitator?
To discuss Dean Bubley's appearance at a specific event, contact information AT disruptive-analysis DOT com

Friday, October 16, 2015

Is there a regulatory elephant lurking in the SDN / NFV room?

I've just spent three days at the Layer123 SDN Congress, a well-attended and well-organised event in Dusseldorf. I'm increasingly spending time looking at, and considering the technology and business implications of virtualisation - it fits tightly with my Future of the Network* work-stream (see end for details). It also plays into my ongoing analysis of 5G, enterprise-focused services and WebRTC/voice and video communications.

There's a huge number of interesting angles to comment on about SDN & NFV - timelines, business models, practialities of implementation, costs, vendors and ecosystems and organisational dynamics, to name a few.

But one area leapt out at me during a session on "network slicing": what are the possible regulatory implications of all this? It's an area that hardly gets considered - the assumption appears to be that "it's just a technology evolution", so it's very much business-as-usual when it comes to the rules.

But I don't think it's as clear-cut as that. Various angles seem to me to intersect with legal and regulatory considerations, because a lot of telecom-related rules never anticipated networks becoming software-based. In some cases it may just be that the exact wording needs to be clarified or amended, but in others there might need to be some major changes to how the law is framed.

(This is similar to what we already see in the voice/messaging arena - telecoms laws pre-suppose telephony and SMS services, as they were framed long before apps, "embedded communications" and social networks became a reality. Regulators aren't quite sure how to deal with "non-telephony voice", if they even understand it)

Some issues that I've considered might arise:
  • A lot of proposed SDN models have Net Neutrality implications. For example, I heard many discussions about "app-aware service chains" and ways to "slice" the network so it behaves differently for particular services or DPI-detected flows. This might not be a problem for clearly non-Internet services (eg IPTV and various M2M concepts) but would certainly pose issues elsewhere.
  • Linked to this is virtual CPE with customer controls. It seems reasonable to allow end-users to manage their own broadband ("Give me priority to do my home-working applications, over my kids' gaming traffic") - but will that depend where that functionality is instantiated? (eg in a home gateway vs. a virtual gateway in the operator's network)
  • Will virtualisation in the wireless network ever affect coverage? Are spectrum licences granted on the basis that all users/apps get access to the whole network?
  • Are there performance regulations in force, either based on speed or some other method of defining QoS? Do they apply to all users or just some of them? If the regulator tries to do testing of networks, does it get "administrator rights", or is it constrained to whatever commercially-available "slice" it obtains for measurement?
  • Will the overall measures of telco "investment" (ie CapEx) be changed by a move to NFV and SDN? This is an important metric used to determine competitive intensity, for example by regulators looking at the effects of consolidation. If a shift to software has some unintended impact on headline network capex, will this be interpreted by regulators or governments as a sign of failing competition instead?
  • How are regulators going to deal with truly "virtual" operators, including ones which are foreign-owned? If (say) AT&T installs a virtual IMS and vCPE in a French data-centre and delivers services to a client in Belgium, which country's rules apply? What licences and reporting are needed? What about lawful interception and emergency services?
  • How does network-slicing fit with existing rules on wholesale networks, network-sharing and MVNOs? What about universal service?
  • If there are any problems with security and data-integrity, can the network (and customer) backtrack to find which VNF was running in which data-centre at the time, and who was responsible for it?
  • Will various rules on interconnect, roaming or other services still be strictly relevant where it's a "software-software interface" via API, rather than a "network-network interface"?
  • Can external APIs (eg to content or apps providers) act as a source of unfair competitive leverage?
  • Various other issues relating to privacy, data-export / safe-harbour and so on
I'm sure that some of these can be discounted easily, and plenty other issues raised instead. Some will only apply in some countries, and some will just be related to semantics of old regulation - although out-of-date wording has never stopped the legal or lobbying professions from acting in the past.

There are some signs of awareness - the FCC's Tom Wheeler referenced virtualisation earlier this year (here). Ofcom commissioned a study by Fujitsu on it last year (here), and the EU has recently launched a tender for a study (here). This is a positive sign and should add clarity - but ideally might have been launched a couple of years ago. There may also be bigger issues elsewhere in the world, especially around international ownership of virtual operators or VNFs, or circumvention of rules on interconnection, data localisation or content-control.

The risk for vendors and telcos is that this work may unearth areas of enough uncertainty to delay deployments until laws are clarified. There is an argument to carry on "as is", pretend the regulatory issues are trivial, and see if there is any push-back later, with "facts on the ground" and momentum pushing virtualisation ahead. But to me, that seems perhaps unwise.

I asked one speaker at the conference about this, and the suggestion was that it didn't pose any issues. However, looking around the room it appeared that it was the first time that attendees had ever heard the term "regulation" in the same sentence as SDN or NFV. To me, that suggests that too-few questions have been asked, to be sure that we already have all the answers.

**I am collaborating with STL Partners on its Future of the Network research work-stream, for which I am acting as lead analyst. It covers SDN/NFV, 4G, 5G, FTTx, IoT networking, WiFi, operator benchmarking & business models, network investment case & ROI, regulatory issues & spectrum management and the link with digital services. Please contact information AT disruptive-analysis DOT com for more details.


Anonymous said...

ETSI have seen this issue too and have started to document some of the LI implications. See also http://www.etsi.org/news-events/news/1015-2015-10-news-etsi-nfv-isg-publishes-security-and-reliability-specifications

Dean Bubley said...

Many thanks - much appreciated

NNed said...

"How are regulators going to deal with truly "virtual" operators, including ones which are foreign-owned? If (say) AT&T installs a virtual IMS and vCPE in a French data-centre and delivers services to a client in Belgium, which country's rules apply? What licences and reporting are needed? What about lawful interception and emergency services?"

Isn't this already covered by existing regulation? Laws apply according to where network ingress and egress are. Foreign ownership is immaterial, where you operate is material.

Martin Geddes said...

Hmm - if the orchestration controller is in country A, and the assets it controls are in country B, where is that 'operation' exactly?

NNed said...

Martin: in country B obviously. Remote controlling something does not give you a free pass. No way to weasel out of that one.

This is nothing new. The NOC may be anywhere, but where the network is matters most.