technology analysis of service chaining approaches
play

Technology Analysis of Service Chaining Approaches Bin Hu - PowerPoint PPT Presentation

Technology Analysis of Service Chaining Approaches Bin Hu (AT&T) Tim Rozet (Red Hat) Content Key Concepts MPLS/BGP VPN Approach VxLAN-GPE NSH Approach Open Stack Projects related to SFC / MPLS VPN / BGP Open


  1. Technology Analysis of Service Chaining Approaches Bin Hu (AT&T) Tim Rozet (Red Hat)

  2. Content • Key Concepts • MPLS/BGP VPN Approach • VxLAN-GPE NSH Approach • Open Stack Projects related to SFC / MPLS VPN / BGP • Open Daylight Projects related to SFC / MPLS VPN / BGP • OPNFV Projects related to SFC / MPLS VPN / BGP • Key Takeaways • References 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 2

  3. Key Concepts • Classification – Policy-based function to identify / select / match traffic flow with a specific service function chain – Customer / network / service specific policies • Service Function Chain (aka Service Chain) – An ordered set of service functions and ordering constraints that must be applied to packets and/or frames selected as a result of Classification – As simple as a linear chain; or as complex as a service graph with multiple branches Service Function Forwarding Function (VRF or SFF) • – Forward traffic to one or more connected SF(s) – Transport traffic to another VRF/SFF or classifier – Terminate SFC 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 3

  4. MPLS/BGP VPN Approach (1 of 2) • L3VPN as the overlay encapsulation tunnel for routing and traffic flow over SFC topology – VM(s) attached to L3VPN Controller manages SFC topology, instantiation of SFC, VRF creation and configuration, • and route installation • Support use of existing protocols and PE devices with current capabilities – BGP is used for route advertising – NETCONG/YANG or XMPP can be used for controller to create and configure VRFs, set up RTs and install routes into service instance interfaces • Supports both physical and virtual deployments • Multiple Control Plan Protocol (e.g. L3VPN, EVPN) and Multiple Data Plane Encapsulation (MPLS/GRE, VxLAN etc.) supported 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 4

  5. MPLS/BGP VPN Approach (2 of 2) Controller Controller Control Plane Steering Traffic into SFC: • • Destination-based BGP / NetConf BGP / NetConf • Flow-classification based Service Plane YANG / XMPP SF-1 SF-n YANG / XMPP SF-1 SF-n Classifier • • Traffic Flow through SFC: MPLS/ MPLS/ MPLS/ IP B Payload IP B Payload Payload IP B GRE GRE GRE Network-B • VPN Forwarding Network-A Multiple VPN control • IP B Payload IP B Payload VRF I-VRF E-VRF I-VRF E-VRF VRF VRF I-VRF E-VRF I-VRF E-VRF VRF protocol supported Data Plane R-1 R-n R-A R-B R-A R-1 R-n R-B Multiple data plane • encapsulation supported LB ensures consistent • Entrance Exit traffic paths MPLS/GRE or VxLAN (Encapsulation Tunnel) Notes Description Controller Manage instantiation of SFCs by (1) building a model of the desired topology (SFs, # of instances, connectivity); (2) instantiating of SF instances; (3) calculating routes and instantiating VRFs that will form virtual networks between SF instances; and (4) installing routes to cause traffic to flow into and between SF instances. NETCONF-YANG / XMPP Controller uses NETCONF-YANG and XMPP to create and configure VRFs, set up RTs and install routes into service instance interfaces BGP Controllers implements RR. Routers uses BGP RR to advertise routes, and interacts with Controller for updates 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 5 Load Balancing Combined I-VRF/E-VRF LB and Forward/Reverse Flow LB (for stateful SF) is supported so that each SF in SFC can be separately scaled

  6. NSH Approach (1 of 4) • Focus on virtualized SF deployment • Encapsulation is based on NSH, and tunneling is based on VxLAN- GPE, GRE or Ethernet – VM is attached to OVS (L2), and assumes appropriate setup available – Multiple tunneling protocols can be applied Flow-based classification allows for flexible classification criteria • – Classifier is required 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 6

  7. NSH Approach (2 of 4) Control Plane Functions Control Plane Functions Control Plane Steering Traffic into SFC: • • Classifier • Traffic Flow through SFC: Service Plane SF-1 SF-n SF-1 SF-n Traffic from the network • that satisfies classification Outer SFC Outer SFC Outer Payload Encap Metadata Payload Transport Payload criteria is encapsulated Outer Transport Encap Transport Transport Payload and directed into an SFP • SFF delivers packets to SFs SF Service SF SF Service Service SF Service based on SFC Encap Forwarder Data Plane Classifier Forwarder Forwarder Classifier Classifier Forwarder Classifier • Metadata may be added and passed between nodes Transit routers/switches • SFC-enabled forward based on outer SFC Encapsulation (e.g. NSH over VxLAN-GPE) Domain encapsulation Notes Description Control Plane Function Manage instantiation of SFCs by (1) domain-wide view of available SF resources; (2) use policies to construct SFCs and associated SFPs; (3) select specific SFs for requested SFCs; (4) provides SFC dataplane info to other components, e.g. SFF; (5) provides metadata and usage info for Classifier; (6) provide info including policy info for other SFC elements to properly interpret metadata Service Classifier Determine what traffic needs to be chained based on policy SF Forwarder Deliver packets / frames to SFs based on info in SFC Encapsulation, e.g. an overlay switch like OVS 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 7 SFC Encapsulation Carry explicit information used to identify SFP; also enable metadata and context information. It is transport independent

  8. NSH Approach (3 of 4) SFC-unaware SFC-unaware SF SF Outer Transport Payload SF Proxy SF Proxy SF-n SF-n Outer SFC Outer SFC Outer Payload Encap Metadata Payload Transport Payload SF Proxy Outer • Transport Encap Transport Transport Payload • Supports SFC-unaware SFs, e.g. legacy SFs Service SF SF Service Service SF SF Service Data Plane Classifier Forwarder Forwarder Classifier Classifier Forwarder Forwarder Classifier • Removes and inserts SFC encapsulation on behalf of an SFC-unaware service function SFC-enabled SFC Encapsulation (e.g. NSH over VxLAN-GPE) Domain Decrement Update Context Service Policy Component Insert NSH Remove NSH Select SFP Service Index Header Selection Classifier √ √ √ SF Forwarder √ √ Service Function √ √ 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 8 SF Proxy √ √ √

  9. NSH Approach (4 of 4) Base HDR – Info about service header and • payload protocol O: OAM oackets • • C: critical metadata TLV present. MD Type 2 only • Next Protocol: protocol type of original packets (IPv4, IPv6, Ethernet) • Service Path HDR – path id and location Service Index: 255 by classifier, and • decrement after SF has processed packets Control plane may set different initial • value • Context HDRs – Opaque metadata • TLV Class: the scope of Type field, e.g. a specific vendor, or specific SDO-allocated • Type: specific type of information being carried within the scope of given TLV class • Combined TLV .C: 0-127 for non-critical, and 128-255 for critical options 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 9

  10. NSH Proof of Concept OpenStack Demo • OpenStack Tacker used as orchestration platform • OpenDaylight SDN Controller • OPNFV Apex Installer Platform • Custom OVS with NSH patch 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 10

  11. Project Apex: Deployment (TripleO based) Jump Host OPNFV Control Instack VM (Undercloud) OPNFV Compute (Overcloud)

  12. Tacker SFC POC Workflow 1) Create VNF Descriptor (VNFD) 2) Create VNF instance from registered VNFD 3) Heat driver brings up VNF instance 4) Create Chain CLI which invokes ODL SFC driver 5) NSH Service Function Path (SFP) is rendered into OVS 6) Create Classifier CLI which invokes netvirt-sfc driver 7) Netvirt-sfc pushes classifier flows to OVS 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 12

  13. Tacker + SFC Overview: Operator / OSS / BSS Proof of Concept (Direct ODL API) CLI Horizon(GUI) Tacker DB Templates NFVO / VNFM 1 SFC+Classifier Plugin 2 sfc-driver Netvirt-sfc driver VNFD 4 6 Heat SFC Netvirt-sfc ODL Controller Nova Neutron OVSDB Neutron NB 3 5,7 Compute Node 1 VNF HTTP HTTP Client vFirewall Server OVS

  14. DEMO Time! 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 14

  15. Tacker SFC Netwon Workflow 1) Create VNF Descriptor (VNFD) 2) Create VNF instance from registered VNFD 3) Heat driver brings up VNF instance 4) Create VNFFG Descriptor (VNFFGD) 5) Create VNFFG instance from registered VNFFGD 6) VNFFG translated into Chains/Classifiers and created in networking- sfc 4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 15

  16. Tacker + SFC Operator / OSS / BSS Newton Implementation CLI Horizon(GUI) 5 Tacker DB Templates Templates NFVO / VNFM VNFFG 1 4 2 networking-sfc driver VNFD VNFD VNFFGD VNFD Heat SFC Netvirt-sfc 6 ODL Controller Nova Neutron OVSDB Neutron NB 3 Networking- sfc Compute Node 1 VNF HTTP HTTP Client vFirewall Server OVS

Recommend


More recommend