OPNFV Service Function Chaining
3 likes2,373 views
The document provides an overview of Service Function Chaining (SFC), detailing its integration within NFV cloud data center environments and use cases such as parental controls. It explains the implementation of Network Service Headers (NSH) for encapsulating packet information and discusses the leveraging of group-based policies for mapping subscriber traffic to service chains. Additionally, it mentions the current status and future roadmap of OPNFV SFC, including enhancements and functionalities planned for the Brahmaputra release.
OPNFV Service Function Chaining
- 1. Service Function Chaining Brady Johnson brady.allen.johnson@ericsson.com Keith Burns krb@cisco.com
- 3. What is Service Function Chaining • Service Chaining Downstreamed from OpenDaylight – Open Daylight Service Function Chaining (ODL SFC) – ODL SFC implements the NSH and SFC IETF specification drafts • Integrates SFC into NFV Cloud Data Center environments • Use Cases solved with SFC – Service Function scaling – Any sort of Dynamic Service Insertion 11/3/2015 Footer Lorem Ipsum Dolor Sit 3
- 4. Service Function Chaining Use Case: Parental Control 1. Update/create chains ODL SFC GUI ODL SFC Operator 2. Subscriber classification rules HTTP Content Filtering (Block URLs) SF HTTP SF NAT Legend: SFF: Service Function Forwarder SF: Service Function RSP: Rendered Service Path, a Service Chain RSP1 RSP2 Parental control, block certain URLs No control for parents SDN network SFF Internet Classifier
- 5. Service Chaining Encapsulation Network Service Headers (NSH) in detail
- 6. Service Function Forwarder NSH Classify once: Encapsulate Chain info with every packet SDN network Service Function Service Function Forwarder NSH Service Function NSH Tunnel Switch on NSH fields: NSP – NSH Path (Chain ID) NSI – NSH index (Hop in chain) ACL Classifier Service Function Chaining with NSH • Network Service Headers (NSH) – Reusable classification for pre-programmed paths
- 7. Service Function Chaining with NSH Outer Eth hdr Outer IP hdr VxLAN NSH NSH Base Header Service Path (24 bit) / Index Optional Metadata Network Services Header Example: NSH encapsulated in VXLAN Inner Eth hdr Inner IP hdr Payload Outer UDP hdr Service Path: The Service Chain ID Index: The hop in the Service Chain Advantages Challenges • Forwarding complexity is much simpler • Optional Metadata can be sent with packets • Supports flexible encapsulation (Ethernet, MPLS, VXLAN, etc) • Limited support in switches, kernels, and applications • Service Function needs to become NSH-aware
- 8. Service Chaining Classification Mapping Subscriber traffic to Service Chains with Group Based Policy
- 9. Group Based Policy made easy 11/3/2015 Footer Lorem Ipsum Dolor Sit 9 EPG: Hosts EPG: Web Servers web, ssh any EP:1 EP:2 EP:3 EP:4 Copied from Ed Warnicke’s GBP slides: https://docs.google.com/presentation/d/1vsYddlHFRnVG9cDwWxyldT2BNSfYUTPcR1lYtUrFA8U/edit?usp=sharing Concepts: • Group Endpoints (Eps) into Endpoint Groups (EPGs) • Apply Policy (Contracts) to traffic between groups • Contracts apply directionally Contracts Match: dstport:80 Action: Allow Match: dstport:22 Action: Allow Match: * Action: Allow web ssh any
- 10. Group Based Policy with SFC 11/3/2015 Footer Lorem Ipsum Dolor Sit 10 EPG: Web Servers chain-in chain-out EPG: Hosts EP:1 EP:2 EP:3 EP:4 Add Contracts for “chain- in” and “chain-out” with the name of the SFC chain. Contracts Match: * Action: chain:foo Match: * Action: chain:bar chain-in chain-out Service Function Forwarder Service Function Service Function SFC network
- 11. OPNFV SFC The Current Status
- 12. OPNFV SFC Current Network Topology 11/3/2015 Footer Lorem Ipsum Dolor Sit 12
- 13. OPNFV SFC Current Network Topology Compute Node VM SF1 VM SF2 SFF VM Clients VM Servers Legend VxLAN tunnel SF/SFF GBP creates VxLAN tunnel OpenFlow 1.3/OVSDB Original packets, no encap OVS OVS GBP EPG2 GBP EPG1 Control Node Top Of Rack Switch ODL SFC Open Stack GBP EPG: Group Based Policy, End Point Group Used as Classifier in OPNFV VNF Mgr
- 14. OPNFV SFC Brahmaputra Target Use Case 1. Update/create chains SDN network ODL SFC 1) Can NOT do HTTP 2) Can do SSH 1) Can do HTTP 2) Can NOT do SSH 2. Subscriber classification rules SFF Legend: SFF: Service Function Forwarder SF: Service Function RSP: Rendered Service Path, a Service Chain SF Firewall SF Firewall Classifier RSP1 RSP2 Simple HTTP Server Test Cases Block HTTP Block SSH
- 15. The VNF Manager • The technical definition of a VNF Manager – Lifecycle management of VNF instances – Overall coordination and adaption role for configuration and event reporting between NFV-Infrastructure and Network management system (NMS) • What do we need a VNF Manager for in OPNFV SFC? – Coordinating Service Function VM Lifecycle management – We decided to use the OpenStack Tacker VNF Mgr • Technically MANO (management and orchestration) is out of scope for Brahmaputra – We’ll install Tacker post-installation for testing 11/3/2015 Footer Lorem Ipsum Dolor Sit 15
- 16. Additional Information • OPNFV SFC wiki – https://wiki.opnfv.org/service_function_chaining • OPNFV SFC Brahmaputra Release Planning – https://docs.google.com/presentation/d/1GEt8Vi6hQL9kOknowxr3o9aE_VYoe5zljz8 MyQtdgw/edit?usp=sharing • OPNFV SFC discussion slides – https://docs.google.com/presentation/d/1gbhAnrTYbLCrNMhMXin0lxjyg7IHNPjrlBTI jwAzys/edit?usp=sharing • OPNFV JIRA – https://jira.opnfv.org/browse/SFC/?selectedTab=com.atlassian.jira.jira- projectsplugin:summary-panel 11/3/2015 Footer Lorem Ipsum Dolor Sit 16
- 17. What’s next in OPNFV SFC? Brahmaputra and beyond
- 18. On the Roadmap… • Multiple compute nodes – OpenDaylight clustering – Enhanced SF VM placement (load balancing, fault tolerance) • Hybrid Service Chains – Multi-protocol SFFs (OpenFlow, Netconf) • Enhanced VnfMgr functionality in Tacker • Scale SF VMs in/out based on CPU/Network load • SF network readiness detection – Block RSP creation until all SFs “ready” 11/3/2015 Footer Lorem Ipsum Dolor Sit 18
- 19. Demo Group Based Policy and Service Function Chaining