Technology Analysis of Service Chaining Approaches Bin Hu - - PowerPoint PPT Presentation

technology analysis of service chaining approaches
SMART_READER_LITE
LIVE PREVIEW

Technology Analysis of Service Chaining Approaches Bin Hu - - PowerPoint PPT Presentation

Sep 14, 2023 182 likes •447 views

Technology Analysis of Service Chaining Approaches Bin Hu (AT&T) Tim Rozet (Red Hat) Content Key Concepts MPLS/BGP VPN Approach VxLAN-GPE NSH Approach Open Stack Projects related to SFC / MPLS VPN / BGP Open

slide-1
SLIDE 1

Technology Analysis of Service Chaining Approaches

Bin Hu (AT&T) Tim Rozet (Red Hat)

slide-2
SLIDE 2

Content

  • Key Concepts
  • MPLS/BGP VPN Approach
  • VxLAN-GPE NSH Approach
  • Open Stack Projects related to SFC / MPLS VPN / BGP
  • Open Daylight Projects related to SFC / MPLS VPN / BGP
  • OPNFV Projects related to SFC / MPLS VPN / BGP
  • Key Takeaways
  • References

4/27/16 OpenStack Summit, April 25-29, 2016, Austin, TX, USA 2

slide-3
SLIDE 3

Key Concepts

  • Classification

– Policy-based function to identify / select / match traffic flow with a specific service function chain – Customer / network / service specific policies

  • Service Function Chain (aka Service Chain)

– An ordered set of service functions and ordering constraints that must be applied to packets and/or frames selected as a result of Classification – As simple as a linear chain; or as complex as a service graph with multiple branches

  • Service Function Forwarding Function (VRF or SFF)

– Forward traffic to one or more connected SF(s) – Transport traffic to another VRF/SFF or classifier – Terminate SFC

4/27/16 3 OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-4
SLIDE 4

MPLS/BGP VPN Approach (1 of 2)

  • L3VPN as the overlay encapsulation tunnel for routing and traffic flow over SFC topology

– VM(s) attached to L3VPN

  • Controller manages SFC topology, instantiation of SFC, VRF creation and configuration,

and route installation

  • Support use of existing protocols and PE devices with current capabilities

– BGP is used for route advertising – NETCONG/YANG or XMPP can be used for controller to create and configure VRFs, set up RTs and install routes into service instance interfaces

  • Supports both physical and virtual deployments
  • Multiple Control Plan Protocol (e.g. L3VPN, EVPN) and Multiple Data Plane

Encapsulation (MPLS/GRE, VxLAN etc.) supported

4/27/16 4 OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-5
SLIDE 5

OpenStack Summit, April 25-29, 2016, Austin, TX, USA

MPLS/BGP VPN Approach (2 of 2)

4/27/16 5

R-B R-B VRF VRF

Controller Controller

R-A R-A VRF VRF

MPLS/GRE or VxLAN (Encapsulation Tunnel) Network-A

Control Plane Service Plane Data Plane

R-1 R-1 I-VRF I-VRF E-VRF E-VRF SF-1 SF-1 R-n R-n I-VRF I-VRF E-VRF E-VRF SF-n SF-n

Network-B

BGP / NetConf YANG / XMPP BGP / NetConf YANG / XMPP Entrance Exit Notes Description Controller Manage instantiation of SFCs by (1) building a model of the desired topology (SFs, # of instances, connectivity); (2) instantiating of SF instances; (3) calculating routes and instantiating VRFs that will form virtual networks between SF instances; and (4) installing routes to cause traffic to flow into and between SF instances. NETCONF-YANG / XMPP Controller uses NETCONF-YANG and XMPP to create and configure VRFs, set up RTs and install routes into service instance interfaces BGP Controllers implements RR. Routers uses BGP RR to advertise routes, and interacts with Controller for updates Load Balancing Combined I-VRF/E-VRF LB and Forward/Reverse Flow LB (for stateful SF) is supported so that each SF in SFC can be separately scaled

  • Steering Traffic into SFC:
  • Destination-based
  • Flow-classification based
  • Classifier
  • Traffic Flow through SFC:
  • VPN Forwarding
  • Multiple VPN control

protocol supported

  • Multiple data plane

encapsulation supported

  • LB ensures consistent

traffic paths

Payload IP B Payload IP B Payload MPLS/ GRE IP B Payload MPLS/ GRE IP B Payload MPLS/ GRE IP B

slide-6
SLIDE 6

NSH Approach (1 of 4)

4/27/16 6

  • Focus on virtualized SF deployment
  • Encapsulation is based on NSH, and tunneling is based on VxLAN-

GPE, GRE or Ethernet

– VM is attached to OVS (L2), and assumes appropriate setup available – Multiple tunneling protocols can be applied

  • Flow-based classification allows for flexible classification criteria

– Classifier is required

OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-7
SLIDE 7

OpenStack Summit, April 25-29, 2016, Austin, TX, USA

NSH Approach (2 of 4)

4/27/16 7

Notes Description Control Plane Function Manage instantiation of SFCs by (1) domain-wide view of available SF resources; (2) use policies to construct SFCs and associated SFPs; (3) select specific SFs for requested SFCs; (4) provides SFC dataplane info to other components, e.g. SFF; (5) provides metadata and usage info for Classifier; (6) provide info including policy info for other SFC elements to properly interpret metadata Service Classifier Determine what traffic needs to be chained based on policy SF Forwarder Deliver packets / frames to SFs based on info in SFC Encapsulation, e.g. an overlay switch like OVS SFC Encapsulation Carry explicit information used to identify SFP; also enable metadata and context information. It is transport independent

  • Steering Traffic into SFC:
  • Classifier
  • Traffic Flow through SFC:
  • Traffic from the network

that satisfies classification criteria is encapsulated and directed into an SFP

  • SFF delivers packets to SFs

based on SFC Encap

  • Metadata may be added

and passed between nodes

  • Transit routers/switches

forward based on outer encapsulation

Service Classifier Service Classifier

Control Plane Functions Control Plane Functions

Service Classifier Service Classifier

SFC Encapsulation (e.g. NSH over VxLAN-GPE)

Control Plane Service Plane Data Plane

SF Forwarder SF Forwarder SF-1 SF-1 SF Forwarder SF Forwarder SF-n SF-n

SFC-enabled Domain

Outer Transport Payload Outer Transport Payload SFC Encap Outer Transport Payload Outer Transport Payload SFC Encap Metadata

slide-8
SLIDE 8

OpenStack Summit, April 25-29, 2016, Austin, TX, USA

NSH Approach (3 of 4)

4/27/16 8

  • SF Proxy
  • Supports SFC-unaware

SFs, e.g. legacy SFs

  • Removes and inserts SFC

encapsulation on behalf of an SFC-unaware service function

Service Classifier Service Classifier Service Classifier Service Classifier

SFC Encapsulation (e.g. NSH over VxLAN-GPE)

Data Plane

SF Forwarder SF Forwarder SFC-unaware SF SFC-unaware SF SF Forwarder SF Forwarder SF-n SF-n

SFC-enabled Domain

Outer Transport Payload Outer Transport Payload Outer Transport Payload SFC Encap Outer Transport Payload Outer Transport Payload SFC Encap Metadata

SF Proxy SF Proxy

Component Insert NSH Remove NSH Select SFP Decrement Service Index Update Context Header Service Policy Selection Classifier √ √ √ SF Forwarder √ √ Service Function √ √ SF Proxy √ √ √

slide-9
SLIDE 9

OpenStack Summit, April 25-29, 2016, Austin, TX, USA

NSH Approach (4 of 4)

4/27/16 9

  • Base HDR – Info about service header and

payload protocol

  • O: OAM oackets
  • C: critical metadata TLV present. MD Type 2
  • nly
  • Next Protocol: protocol type of original

packets (IPv4, IPv6, Ethernet)

  • Service Path HDR – path id and location
  • Service Index: 255 by classifier, and

decrement after SF has processed packets

  • Control plane may set different initial

value

  • Context HDRs – Opaque metadata
  • TLV Class: the scope of Type field, e.g. a

specific vendor, or specific SDO-allocated

  • Type: specific type of information being

carried within the scope of given TLV class

  • Combined TLV

.C: 0-127 for non-critical, and 128-255 for critical options

slide-10
SLIDE 10

NSH Proof of Concept OpenStack Demo

  • OpenStack Tacker used as orchestration platform
  • OpenDaylight SDN Controller
  • OPNFV Apex Installer Platform
  • Custom OVS with NSH patch

4/27/16 10 OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-11
SLIDE 11

Jump Host

Project Apex: Deployment (TripleO based)

(Undercloud)

Instack VM (Overcloud) OPNFV Control OPNFV Compute

slide-12
SLIDE 12

Tacker SFC POC Workflow

1) Create VNF Descriptor (VNFD) 2) Create VNF instance from registered VNFD 3) Heat driver brings up VNF instance 4) Create Chain CLI which invokes ODL SFC driver 5) NSH Service Function Path (SFP) is rendered into OVS 6) Create Classifier CLI which invokes netvirt-sfc driver 7) Netvirt-sfc pushes classifier flows to OVS

4/27/16 12 OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-13
SLIDE 13

Tacker + SFC Overview: Proof of Concept (Direct ODL API)

NFVO / VNFM

Tacker

Compute Node 1

Operator / OSS / BSS CLI

Horizon(GUI)

OVS

ODL Controller

Neutron NB

OVSDB

Heat

VNF

vFirewall VNFD Templates

Nova

Neutron

SFC+Classifier Plugin

DB sfc-driver Netvirt-sfc driver

SFC Netvirt-sfc

HTTP Client HTTP Server

1 2 3 4 5,7 6

slide-14
SLIDE 14

DEMO Time!

4/27/16 14 OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-15
SLIDE 15

Tacker SFC Netwon Workflow

1) Create VNF Descriptor (VNFD) 2) Create VNF instance from registered VNFD 3) Heat driver brings up VNF instance 4) Create VNFFG Descriptor (VNFFGD) 5) Create VNFFG instance from registered VNFFGD 6) VNFFG translated into Chains/Classifiers and created in networking- sfc

4/27/16 15 OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-16
SLIDE 16

Tacker + SFC Newton Implementation

NFVO / VNFM

Tacker

Compute Node 1

Operator / OSS / BSS CLI

Horizon(GUI)

OVS

ODL Controller

Neutron NB

OVSDB

Heat

VNF

vFirewall VNFD Templates

Nova

Neutron

VNFFG

DB networking-sfc driver

SFC Netvirt-sfc

HTTP Client HTTP Server

VNFD VNFD Templates

VNFFGD

Networking- sfc

1 2 4 5 6 3

slide-17
SLIDE 17

BGP VPN v.s. NSH

4/27/16 17

MPLS / BGP VPN NSH Separate Control Plane, Service Plane and Data Plane Separate Control Plane, Service Plane and Data Plane Classifier not required Classifier required L3VPN as overlay encapsulation tunnel Encapsulation based on NSH, and overlay tunnel based on VxLAN or GRE or Ethernet Both physical and virtual deployment Virtual deployment VM attached to L3 VM attached to L2 (OVS)

OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-18
SLIDE 18

OpenStack Summit, April 25-29, 2016, Austin, TX, USA

OpenStack Projects related to SFC / MPLS VPN / BGP

4/27/16 18

Project Name Description

Neutron MPLS VPN-a s-a-Service

  • A Neutron extension that introduces MPLS VPN feature set.
  • APIs for creating, deleting, listing, showing and updating VPN services of a tenant
  • APIs for creating, deleting, listing, showing and updating MPLS Access VPNConnection
  • APIs for creating, configuring, deleting and showing MPLS access connection

Neutron APIs for Se rvice Chaining

  • “Port Chain” concept which is an ordered list of Neutron ports that defines the chain
  • “Flow Classifier” concept which specifies what traffic flow enters the service chain
  • Blueprint is proposed to address common SFC API independent of backend

implementation

  • Northbound Intent Based Service Chaining API and Intent Engine
  • Neutron API Extension for Service Chaining
  • Common Service Chaining Driver API
  • Service Registration API
  • Driven by the need of OPNFV’s OpenStack-based VNF Forwarding Graph project
slide-19
SLIDE 19

OpenStack Projects related to SFC / MPLS VPN / BGP

4/27/16 19

Project Name Description

BGP-MPLS VPN Extensi

  • n for OpenStack

Networking

  • Provides an API and Framework to interconnect BGP/MPLS VPNs

to Openstack Neutron networks, routers and ports.

  • Allow attachment of Neutron networks and/or routers to carrier

provided WANs using standard protocols of BGP and MPLS.

  • A vendor neutral API and data model are provided to allow

multiple back-ends that can be "plugged in“

  • Support both L3VPN and EVPN

Tacker

  • NFVO Orchestration based on ETSI MANO spec

OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-20
SLIDE 20

ODL Projects related to SFC / MPLS VPN / BGP

4/27/16 20

Project Name Description

Group-based Policy (GBP)

  • A policy framework and engine for ODL
  • Used as Classifier in the setup of ODL SFC and OPNFV SFC (based on VxLAN-GPE NSH)

Service Function Ch aining

  • Provides the infrastructure (chaining logic, APIs) needed for ODL to provision a

service chain in the network

  • Based on VxLAN-GPE NSH approach

VPN Service

  • Implement the infrastructure services required to support L3 VPN service
  • Implementation of L2 VPN and L3 VPN services for data center tenants using

technologies like BGP-MPLS VPN and EVPN

  • Build L3 VPN Services using L3VPN based on BGP-MPLS (RFC 4364) in the first Phase

(targeted for Lithium).

  • L2 VPN Service based on EVPN (draft-ietf-l2vpn-evpn) is planned for a future ODL

release.

OVSDB/NetVirt

  • Implements network virtualization for OpenStack
  • Used as Classifier in the setup of ODL SFC and OPNFV SFC (based on VxLAN-GPE NSH)

OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-21
SLIDE 21

OPNFV Projects related to SFC / MPLS VPN / BGP

4/27/16 21

Project Name Description

OpenStack-based V NF Forwarding Gra ph

  • Integrate OpenStack SFC related components in order to demonstrate an OpenStack

based and OpenFlow compliant solution which will dynamically set up VNFFG

  • Deliverables include vendor-neutral SFC requirement and Interface specification, and

development of components such as VNFFG Manager, SDN Controller, VNFFG Classifier

Service Function Ch aining

  • Provides the infrastructure to install the upstream ODL SFC implementation project in

an NFV environment so as to allow ODL to create SFCs across OPNFV VNFs

  • VxLAN-GPE NSH approach
  • Dependent on ODL GBP, OVSDB/NetVirt and SFC projects

SDN Distributed Ro uting and VPN

  • Address integration and deployment of VIM and Virtual networking components to

provide Layer 3 VPN services in the OPNFV platform.

  • In collaboration with the related BGPVPN project in OpenStack and supported

implementations in SDN controllers (e.g. VPN in ODL)

OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-22
SLIDE 22

Key Takeaways

  • Diversity is healthy, but not fragmentation
  • For end user, more interests are:

– Common APIs that can leverage diversified backend implementations – A method can support inter-domain/end-to-end SFC use cases across heterogeneous networks – A deployment that can leverage existing network capabilities to minimize TCO

4/27/16 22 OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-23
SLIDE 23

References

  • Service Function Chaining (SFC) Architecture, IETF RFC 7665
  • Service Chaining using Virtual Networks with BGP VPNs, IETF

Internet-Draft

  • Network Service Header, IETF Internet-Draft
  • Generic Protocol Extension for VXLAN, IETF Internet-Draft
  • Generic Routing Extension, IETF RFC 2784 and 2890

4/27/16 23 OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-24
SLIDE 24

References (cont.)

  • Tacker VNFFG Specification
  • Tacker networking-sfc driver Specification
  • Networking-odl SFC driver Specification
  • Demo walkthrough with DevStack
  • Demo walkthrough with OPNFV Apex

4/27/16 24 OpenStack Summit, April 25-29, 2016, Austin, TX, USA

slide-25
SLIDE 25

Q & A

4/27/16 25 OpenStack Summit, April 25-29, 2016, Austin, TX, USA