Service Function Chaining


Network monitoring/measurement

  • sFlow RFC 3176
  • Cisco's NetFlow 
  • IPFIX Protocol RFC 7011

Cloud native technologies include 

  • containers, 
  • service meshes, 
  • microservices, 
  • immutable infrastructure and 
  • declarative APIs 

that allow deployment in public, private and hybrid cloud environments through loosely coupled and automated systems

Various planes

  • infrastructure plane, 
  • virtual infrastructure plane, 
  • service plane,
  • user plane,
SFC Path identification

* NSH Network Service Header
* VLAN SFC
* Ethernet MAC chaining
* SFC using MPLS - SPRING

NSH is new tunneling protocol. RFC 8300

Then service function forwarders (SFFs) will create the service function paths (SFPs) in the form of an overlay by forwarding packets based on their NSH header.

The NSH header is composed of 

  • service path identification, 
  • transport independent per-packet service metadata and 
  • optional variable type-length-value (TLV) metadata.

physical probe or virtual probe functionality deployed as 

  • switches,
  • classifiers, 
  • SFs, or 
  • SFFs.

The term probe to designate any network node capable of reading and writing to a NSH header


Middleboxes are also interchangeably called 

  • services, 
  • inline services, 
  • appliances, 
  • network functions (NFs), 
  • virtual NFs
  • (vNFs), or 
  • service functions (SFs)

Example SFs includes 

  • firewalls, 
  • content filters, 
  • virus scanners (VS), 
  • intrusion detection systems (IDS), 
  • deep packet inspection (DPI), 
  • network address translation (NAT), 
  • content caches, 
  • load-balancers, 
  • wide area network (WAN) accelerators,
  • multimedia transcoders, 
  • multiservice proxies, 
  • application acceleration,
  • Lawful Intercept (LI),
  • HTTP header enrichment functions
  • TCP Optimizer
  • logging/metering/charging/advanced charging applications,  
  • or any other function that requires processing of packets 
SFC

ETSI NFV uses the term "network function forwarding graph" (NF-FG) 
IETF uses the term "service function chaining" (SFC) 

Fundamentally SFC is the ability to cause network packet flows to route through a network via a path other than the one that would be chosen by routing table lookups on the packet’s destination IP address.

VNF Forwarding Graph (VNFFG)
The combination of 

  • VNFs, 
  • SFC, and 
  • the classification of traffic to flow through them 

is described as the VNF Forwarding Graph (VNFFG). 


It is described as YAML file as per TOSCA VNF Forwarding Graph Descriptor (VNFFGD). VNFFGD = Forwarding Path + VNFGG

NSD = VNFFGD + VNFD

Each node is really a logical port, which is defined in the path as a Connection Point (CP) belonging to a specific VNFD. 

Tacker = OpenStack service addressing uses cases of 

  • NFV Orchestration and 
  • VNF Infrastructure Manager VIM ( Nova, Neutron, Cinder)

using standards based architecture

NFVO Renders VNF Forwarding Graphs using SDN Controller or a SFC API

Tacker allows for managing VNFs

Example CLI calls:

To create VNFFG

openstack vnf descriptor create --vnfd-file tosca-vnffg-vnfd1.yaml VNFD1
openstack vnf create --vnfd-name VNFD1 VNF1

openstack vnf descriptor create --vnfd-file tosca-vnffg-vnfd2.yaml VNFD2

openstack vnf create --vnfd-name VNFD2 VNF2

To create VNFFG SFC (where testVNF1, and testVNF2 are VNF instances):

tacker vnffg-create –name mychain –chain testVNF2,testVNF1 –symmetrical True

To create VNFFG SFC by abstract VNF types (ex. “firewall”, “nat”): 

tacker vnffg-create –name mychain –chain firewall,nat –abstract-types

To create SFC Classifier for a VNFFG:

tacker vnffg-classifier-create –name myclass –chain mychain –match tcp_dest=80,ip_proto=6

vnffg, vnffg_classifier are schema. Can be represented as dictionary. 

For classifier, one can use tenant_id attribute to implement 


Reference

0 comments:

Post a Comment