tech talk by louis fourie: sfc: technology, trend and implementation
TRANSCRIPT
Page 0 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
OpenStack Based VNF Forwarding Graph
Cathy Zhang([email protected])
Louis Fourie([email protected])
October 2015
Page 1 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
What is Service Chaining?
Service Chain Management and Control Platform
NAT FW IDS LB Video NAT FW LB
Page 2 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
SF Forwarder
(vSwitch)
QoS
WOC
Classifier Traffic
Destination
SF Instance Manager
(OpenStack or 3rd
Party)
OpenStack Based Management Plane
Service Chain Intent
Manager
Load
Balancer
IDS FW
Service Instance Catalog
Manager
Traffic
Source
Neutron Server with Service Chain Extension
OVS or SDN Based Control Plane
SF Forwarder
(vSwitch)
Service Chaining in OpenStack
Cache
Page 3 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
Neutron API for Service Chain
Chain Classifier
Destination
N-Tuple
Logical Chain
Path
Neutron API Service Chain Extension
Source
N-Tuple Neutron Port-
pair for IPS1
Neutron Port-
pair for FW1 Neutron Port-
pair for WOC1
Neutron Port-
pair for FW2
Neutron Port-
pair for FW3 Traffic
Destination WOC FW IPS Traffic
Source
Neutron Port-
pair for IPS2 Neutron Port-
pair for WOC2
Page 4 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
OpenStack Neutron Service Chain Solution
OpenFlow
RPC SDN Controller
SDN Controller Service Chain
Driver OVS Service Chain Driver
Common Service Chain Driver API (C2)
Neutron API for Service Chain (C1)
Service Chain Driver Manager
Neutron Service Chain Plugin
ML2 Driver API (C2)
Neutron APIs
ML2 Driver Manager
ML2 Plugin
OVS Driver SDN Controller
Driver
Neutron Server
Compute Node
OVS Agent
OVS Switch
(Classifier) Service
VM (FW)
Service
VM (IDS)
Compute Node
OVS Agent
OVS Switch
(Classifier) Service VM
(NAT)
Service
VM
Compute Node
OVS Agent
OVS Switch
(Classifier) Service
VM
Service
VM (LB)
Traffic
Destination
Traffic
Source
Page 5 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
• Started in Liberty cycle
• Approved specs:
• Service Chain API
• System Design and Workflow
• OVS driver and agent
• Service chain implementation:
• CLI, Horizon
• Neutron server: API, DB, Driver Manager, Common Driver API
• OVS driver and agent
• http://docs.openstack.org/developer/networking-sfc/
Openstack networking-sfc Project
Page 6 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
Flow Classifier Flow Classifier
Service Chain Configuration Model
Port Pair Group 2 Port Chain Port Pair Group 1
SF Port Pair 2.1 SF Port Pair 1.1
SF Port Pair 2.2
Flow Classifier
Port Pair Group N
SF Port Pair N.1
SF Port Pair N.2
SF Port Pair 2.3
Page 7 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
Service Chain Objects
Port Chain – represents a Service Function Chain
Sequence of Port Pair Groups
List of Flow Classifiers
Port Pair Group – defines a load distribution group of functionally equivalent SFs
Group of Port Pairs
Port Pair – represents a single SF
Ingress, egress Neutron ports
Flow Classifier – N-tuple for packet matching
Source/destination IP address, TCP/UDP ports, protocol, IP version, source/destination Neutron ports
Page 8 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
Service Chain Data-plane with SCH
Page 9 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
IETF Service Chain Header
Ver Resvd Metadata Length Protocol Type
Service Index
Optional Metadata TLVs
SCH payload
Path Identifier
Page 10 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
Data-plane Implementation: SFF Proxy on OVS Bridges
Switch
Service Function VM1 Service Function VM2
veth
Host 1
eth0
OVS Bridges
tun0
veth
veth
veth
• Service Function VMs attached to OVS bridges
• Service Chains constructed using rules installed on OVS bridges
Service Function VM3 Service Function VM4
Host 2
eth0
OVS Bridges
tun0
veth
veth
veth
veth
veth
veth
veth
veth
veth
veth
veth
veth
Page 11 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
SFF Proxy on OVS Bridge
Service Function VM
eth0
tun0
veth
Egress Ingress
veth
Host
OVS Bridges
Classifier Match
MPLS Encapsulation
Load distribution
VxLAN Encapsulation
Service VM Selection
MPLS Decapsulation
VxLAN Decapsulation
Page 12 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
SFC Data Path SCH and VxLAN Encapsulation
Host
VxLAN Tunnel
VM
OVS Tunnel Bridge
Patch ports
Tunnel ports
OVS Integration Bridge
Encap/decap Enet in VxLAN
Original packetMPLSOriginal Enet
(ET=0x8847)
Original packet
Original packetMPLSOriginal Enet
(ET=0x8847)
Encap/decap packet in
Enet+MPLS
VM Ingress
PortVM Egress
Port
VxLANUDPL2
Original Enet
(ET=IP)
Page 13 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
Port Chain Configuration
• Neutron REST API Extensions with CRUD operations for:
• Port Chains
• Port Pair Groups
• Port Pairs
• Flow Classifiers
• Neutron-client CLI commands
• Horizon GUI
• Heat configuration
Page 14 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
Neutron-client CLI Commands
• neutron port-chain-create [-h] [--description <description>] --port-pair-group <port-pair-group-id>
[--flow-classifier <flow-classifier-id>] PORT-CHAIN-NAME • neutron port-pair-group-create [-h] [--description <description>]
--port-pair <port-pair-id> PORT-PAIR-GROUP-NAME
• neutron port-pair-create [-h] [--description <description>] [--ports [--ingress <port-id>] [--egress <port-id>]] PORT-PAIR-NAME • neutron flow-classifier-create [-h] [--description <description>] [--protocol <protocol>]
[--ip-version <IP version>] [--source-port <Min source protocol port>:<Max source protocol port>]
[--destination-port <Min destination protocol port>:<Max destination protocol port>]
[--source-port-id <Source Neutron port ID>] [--destination-port-id <Dest Neutron port ID>]
[--l7-parameter <L7 parameter>] FLOW-CLASSIFIER-NAME
Page 15 HUAWEI TECHNOLOGIES CO., LTD.
35pt
: R153 G0 B0
:
FrutigerNext LT Medium
: Arial
32pt
: R153 G0 B0
黑体
22pt
) :18pt
黑色
:
FrutigerNext LT Regular
: Arial
20pt
):18pt
黑色
细黑体
Thank you