IETF 97
Seoul, South Korea
ODL SFC, Implementing IETF SFC
November 14, 2016
Brady Johnson
ODL SFC Project Technical Lead
[email protected]
OpenDaylight SFC Data Model
Rendered Service Path (RSP)
Service Function Chain (SFC)
●
Abstract, ordered list of Service Function Types
○
ex: [DPI, FW, NAT, QoS]
Service Function Path (SFP)
●
Concrete, directional details about an SFC
●
Specific transport details (VxLAN-GPE+NSH, Eth+NSH, etc)
●
Optionally specify concrete Service Functions
and Service Function Forwarders
●
The actual service chain, combining info from the SFC and SFP
●
Includes dynamic runtime representation of SFP
resulting from load balancing and/or failover
Service Chaining Classification
SFP
●
Map subscriber/tenant traffic flows to Service Chains
●
Applies Service Chain Encapsulation (NSH)
●
Uses IETF ACL matching for traffic flow matching
SFC
Classifier
RSP
SF-Type1
SF-Type2
SF-Type3
Concrete
SF1
Concrete
SF2
Concrete
SF3
Concrete SFF1
Concrete SFF2
OpenDaylight SFC Use Case:
SF Reclassification and branching
Reclassification:
P2P/BitTorrent ⇒ Blue
HTTP ⇒ Red
P2P Rate
Limiting
HTTP
Header
Enrichment
SF-QoS
SF-HTTP
Re-Classify
ODL-SFC
Feedback
SF-DPI
Update/Create
Service Chains
SFF
Classifier
br-int
Classification
Rules
SDN Network
Classifier
Internet
Service Chaining Encapsulation:
Network Service Headers (NSH)
NSH encapsulated packets:
NSP: NSH Path, Chain ID
NSI: NSH index, Hop in chain
The shown NSI is after being
decremented by the SF
NSH-Aware Service Functions
SFNAT
SF-HTTP
SFNAT
1,253
Classify once:
Encapsulate Chain info
with every packet
NSH-UnAware
Service Function
(decrement NSI on pkt egress)
NSH
Proxy
7,254
1,254
Original
packets
7,253
SFF
1,255
SFF
Classifier
7,254
br-int
br-int
7,253
Classifier
Host 2
Host 2
7,255
Host 1
1,253
Original
packets
SDN Network
Original
packets
NSH Header and transport details
As supported in ODL SFC
Outer Eth hdr
Outer
IP hdr
Example 1:
NSH encapsulated
in VXLAN-GPE
Outer
UDP hdr
NSH
VxLAN
GPE
Inner
Eth hdr
Inner
IP hdr
Payload
Network Services Header
NSH Base Header
Service Path:
The Service Chain ID Service Path (24 bit) / Index
Index:
The hop in the
Service Chain
Optional Metadata
Example 2:
NSH encapsulated
in Ethernet
Outer Eth hdr
NSH
Inner
Eth hdr
Inner
IP hdr
Payload
OpenDaylight:
Just 1 piece of the puzzle
NFV
OVS
Linux
fd.io
• OPNFV: Integrating it all together
• https://www.opnfv.org/
• https://wiki.opnfv.org/display/sfc/Service+Function+Chaining+Home
OPNFV SFC
Compute Node
VM
Clients
OVS
(br-int)
Control Node
VM
VM
SF1
Ingress
Classifier
SF2
SFF
Tacker
VM
Servers
Egress
Classifier
ODL
SFC
OVS
Top Of Rack
Switch
Legend
VxLAN tunnel SF/SFF
OpenFlow 1.3/OVSDB
Classifier encaps VxLAN-GPE NSH
Original packets, no encap
Open
Stack
IETF SFC RFC improvements
• Terminating SFPs and how to handle SFP egress
• rfc7665 - Section 4.3, point 2
• The specification mentions that the last SFF should remove the SFC encapsulation and
send the packet back to the network.
• This can be done by any SFC egress boundary node, and shouldnt be required by
the last SFF.
• Its not always feasible for the SFF to know what to do with the original packet.
• When using GBP and Netvirt classifiers, the egress classifier removes the SFC
encapsulation, thus acting as an SFC egress boundary node
• If the packet is sent back to the network (OpenStack br-int bridge) without SFC
encapsulation, and it enters the classifier again, then there will be a loop
• Reclassification
• Several use cases that can be problematic
• TCP proxy
• How to handle when the SF generates traffic, which SFP to use
• Symmetric classifier
• Should be more explicitly specified