Synopsis
In this Tech Talk, Louis Fourie will do deep dive into one of the key technology enablers -- service function chaining and describe extensions to OpenStack networking (Neutron) for service chaining, including use cases, architecture and implementation.
About Louis Fourie
Louis Fourie is currently a senior staff engineer working on network virtualization, cloud services, and SDN technologies at Huawei Technology, USA. Louis is an active contributor to the service chaining work in several organizations including OpenStack, ONF, ETSI NFV, IETF, and OPNFV. Louis previously worked at Cisco on several computer networking, voice and data communications products, and is the holder of several patents.
OpenStack Service Chaining Using Neutron Service Function Forwarding
1. Page 0HUAWEI TECHNOLOGIES CO., LTD.
OpenStack Based VNF Forwarding Graph
Cathy Zhang(cathy.h.zhang@huawei.com)
Louis Fourie(louis.fourie@huawei.com)
October 2015
2. Page 1HUAWEI TECHNOLOGIES CO., LTD.
What is Service Chaining?
Service Chain Management and Control Platform
NAT FW IDS LBVideo NAT FW LB
3. Page 2HUAWEI TECHNOLOGIES CO., LTD.
SF Forwarder
(vSwitch)
QoS
WOC
Classifier
Traffic
Destination
SF Instance Manager
(OpenStack or 3rd
Party)
OpenStack Based Management Plane
Service Chain Intent
Manager
Load
Balancer
IDSFW
Service Instance Catalog
Manager
Traffic
Source
Neutron Server with Service Chain Extension
OVS or SDN Based Control Plane
SF Forwarder
(vSwitch)
Service Chaining in OpenStack
Cache
4. Page 3HUAWEI TECHNOLOGIES CO., LTD.
Neutron API for Service Chain
Chain Classifier
Destination
N-Tuple
Logical Chain
Path
Neutron API Service Chain Extension
Source
N-Tuple
Neutron Port-
pair for IPS1
Neutron Port-
pair for FW1
Neutron Port-
pair for WOC1
Neutron Port-
pair for FW2
Neutron Port-
pair for FW3Traffic
DestinationWOC
FWIPSTraffic
Source
Neutron Port-
pair for IPS2
Neutron Port-
pair for WOC2
5. Page 4HUAWEI TECHNOLOGIES CO., LTD.
OpenStack Neutron Service Chain Solution
OpenFlow
RPC
SDN Controller
SDN Controller Service Chain
DriverOVS Service Chain Driver
Common Service Chain Driver API (C2)
Neutron API for Service Chain (C1)
Service Chain Driver Manager
Neutron Service Chain Plugin
ML2 Driver API (C2)
Neutron APIs
ML2 Driver Manager
ML2 Plugin
OVS Driver
SDN Controller
Driver
Neutron Server
Compute Node
OVS Agent
OVS Switch
(Classifier)
Service
VM (FW)
Service
VM (IDS)
Compute Node
OVS Agent
OVS Switch
(Classifier)
Service VM
(NAT)
Service
VM
Compute Node
OVS Agent
OVS Switch
(Classifier)
Service
VM
Service
VM (LB)
Traffic
Destination
Traffic
Source
6. Page 5HUAWEI TECHNOLOGIES CO., LTD.
• Started in Liberty cycle
• Approved specs:
• Service Chain API
• System Design and Workflow
• OVS driver and agent
• Service chain implementation:
• CLI, Horizon
• Neutron server: API, DB, Driver Manager, Common Driver API
• OVS driver and agent
• http://docs.openstack.org/developer/networking-sfc/
Openstack networking-sfc Project
7. Page 6HUAWEI TECHNOLOGIES CO., LTD.
Flow ClassifierFlow Classifier
Service Chain Configuration Model
Port Pair Group 2Port Chain Port Pair Group 1
SF Port Pair 2.1SF Port Pair 1.1
SF Port Pair 2.2
Flow Classifier
Port Pair Group N
SF Port Pair N.1
SF Port Pair N.2
SF Port Pair 2.3
8. Page 7HUAWEI TECHNOLOGIES CO., LTD.
Service Chain Objects
Port Chain – represents a Service Function Chain
Sequence of Port Pair Groups
List of Flow Classifiers
Port Pair Group – defines a load distribution group of functionally equivalent SFs
Group of Port Pairs
Port Pair – represents a single SF
Ingress, egress Neutron ports
Flow Classifier – N-tuple for packet matching
Source/destination IP address, TCP/UDP ports, protocol, IP version, source/destination Neutron ports
10. Page 9HUAWEI TECHNOLOGIES CO., LTD.
IETF Service Chain Header
Ver Resvd Metadata Length Protocol Type
Service Index
Optional Metadata TLVs
SCH payload
Path Identifier
11. Page 10HUAWEI TECHNOLOGIES CO., LTD.
Data-plane Implementation: SFF Proxy on OVS Bridges
Switch
Service Function VM1 Service Function VM2
veth
Host 1
eth0
OVS Bridges
tun0
veth
veth
veth
• Service Function VMs attached to OVS bridges
• Service Chains constructed using rules installed on OVS bridges
Service Function VM3 Service Function VM4
Host 2
eth0
OVS Bridges
tun0
veth
veth
veth
veth
veth
veth
veth
veth
veth
veth
veth
veth
12. Page 11HUAWEI TECHNOLOGIES CO., LTD.
SFF Proxy on OVS Bridge
Service Function VM
eth0
tun0
veth
Egress Ingress
veth
Host
OVS Bridges
Classifier Match
MPLS Encapsulation
Load distribution
VxLAN Encapsulation
Service VM Selection
MPLS Decapsulation
VxLAN Decapsulation
13. Page 12HUAWEI TECHNOLOGIES CO., LTD.
SFC Data Path SCH and VxLAN Encapsulation
Host
VxLAN Tunnel
VM
OVS Tunnel Bridge
Patch ports
Tunnel ports
OVS Integration Bridge
Encap/decap Enet in VxLAN
Original packetMPLS
Original Enet
(ET=0x8847)
Original packet
Original packetMPLS
Original Enet
(ET=0x8847)
Encap/decap packet in
Enet+MPLS
VM Ingress
Port
VM Egress
Port
VxLANUDPL2
Original Enet
(ET=IP)
14. Page 13HUAWEI TECHNOLOGIES CO., LTD.
Port Chain Configuration
• Neutron REST API Extensions with CRUD operations for:
• Port Chains
• Port Pair Groups
• Port Pairs
• Flow Classifiers
• Neutron-client CLI commands
• Horizon GUI
• Heat configuration