Service Function Chaining | W. Haeffner |
Internet-Draft | Vodafone |
Expires: August 02, 2014 | J. Napper |
Cisco Systems | |
January 29, 2014 |
Service Function Chaining Use Cases in Mobile Networks
draft-haeffner-sfc-use-case-mobility-00
This document provides some exemplary use cases for service function chaining in mobile service provider networks. The objective of this draft is not to cover all conceivable service chains in detail. Rather, the intention is to localize and explain the application domain of service chaining within mobile networks as far as it is required to complement the problem statement and framework statements of the working group.
Service function chains typically reside in a LAN segment which links the mobile access network to the actual application platforms located in the carrier’s datacenters or somewhere else in the Internet. Service function chains ensure a fair distribution of network resources according to agreed service policies, enhance the performance of service delivery, take care of security and privacy or support application and business support platforms. General considerations and specific use cases are presented in this document to demonstrate the different technical requirements of these goals for service function chaining in mobile service provider networks.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 02, 2014.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Much of the terminology used in this document has been defined by the 3rd Generation Partnership Project (3GPP), which defines standards for mobile service provider networks. Although a few terms are defined here for convenience, further terms can be found in [RFC6459].
Mobile access networks terminate at a mobile service creation point (Packet Gateway) typically located at the edge of an operator IP backbone. From the user equipment (UE) up to the Packet Gateway (P-GW) everything is fully standardized by the 3rd Generation Partnership Project (3GPP) e.g., in [TS.23.401]. Within the mobile network, the user payload is encapsulated in 3GPP specific tunnels terminating eventually at the P-GW. In many cases application- specific IP traffic is not directly exchanged between the original mobile network, more specific the P-GW, and an application platform, but will be forced to pass a set of service functions. Those application platforms are, for instance, a web server environment, a video platform, a social platform or some other multimedia platform. Network operators use these service functions to differentiate their services to their subscribers. Service function chaining is thus integral to the business model of operators.
Important use cases classes for service function chains generically include:
For simplicity we only describe service function chaining in the context of LTE (Long Term Evolution) networks. But indeed our service chaining model also applies to earlier generations of mobile networks.
The major functional components of a LTE network are shown in Figure 1 and include user equipment (UE) like smartphones or tablets, the LTE radio unit named eNB (enhanced NodeB), the serving gateway (S-GW) which together with the mobility management entity (MME) takes care of mobility and the packet gateway (P-GW), which finally terminates the actual mobile service. These elements are described in detail in [TS.23.401]. Other important components are the home subscriber system (HSS) and the policy and charging rule function (PCRF), which are described in [TS.23.203]. The P-GW interface towards the SGi-LAN is called SGi-interface, which is described in [TS.29.061] and finally the SGi-LAN is the home of service function chains (SFC), which are not standardized by 3GPP.
End to end context including all major components of a LTE network. The actual 3GPP mobile network includes the elements from the user equipment [UE] to the packet gateway [P-GW].
+--------------------------------------------+ | Control Plane (C) [HSS] | [OTT Appl. Platform] | | | | | +--------[MME] [PCRF] | Internet | | | | | | | [UE-C] -- [eNB-C] == [S-GW-C] == [P-GW-C] | | +=====|=========|==========|============|====+ +--------+---------+ | | | | | | | | | | [UE-U] -- [eNB-U] == [S-GW-U] == [P-GW-U]-+--+----[SGi-LAN] | | | | | | | | | | | | | | [Appl. Platform] | | | | | | User Plane (U) | | | +--------------------------------------------+ +--- IP Backbone --+ |<----------- 3GPP Mobile Network ---------->|
Figure 1: Major components of an LTE network.
The radio-based IP traffic between the UE and the eNB is encrypted according 3GPP standards. Between eNB, S-GW, P-GW user IP packets as well as control plane packets are encapsulated in 3GPP-specific tunnels. In some mobile carrier networks the 3GPP specific tunnels between eNB and S-GW are even additionally IPSec-encrypted. For more details see [TS.29.281] and [TS.29.274].
Service function chains act on user plane IP traffic only. But the way these act on user traffic may depend on subscriber, service or network specific control plane metadata.
The original user IP packet including the Source-IP-Address (S-IP) of the UE and the Destination-IP-Address (D-IP) of the addressed application platform and leaves the Packet Gateway away from the mobile network via the so-called Gi-interface (3G service, e.g., UMTS) respectively SGi-interface (4G service, e.g., LTE). Between this (S)Gi-interface and the actual application platform the user generated upstream IP packets and the corresponding downstream IP packets are typically forced to pass an ordered set of service functions, loosely called a service function chain (SFC). The set of all available service functions (physical or virtualized) which can be used to establish different service chains for different services is often called a Gi-LAN for 2G/3G services and SGi-LAN for 4G services.
The (S)Gi-interface towards the (S)Gi-LAN itself is discussed in [TS.29.061], but service function chaining is not specified by 3GPP.
The (S)Gi-LAN service functions may use subscriber and service related metadata delivered from mobile control plane functions like PCRF to process the flows according to service related policies.
In short, the (S)Gi-LAN service area is presently used by mobile service providers to differentiate their services to their subscribers and reflect the business model and of mobile operators.
For different applications (e.g., Appl. 1,2,3) upstream and downstream user plane IP flows will be forced to pass a sequence of service functions which is called a service chain specific to a given application. In the simple example sketched in Figure 2 the service chains for applications 1,2 and 3 may be just classified by an unique interface-ID of the egress P-GW interfaces where the service chains for application 1, 2 and 3 are attached.
Service functions typically observe, alter or even terminate and reestablish application session flows between mobile user equipment and application platforms.
Typical service function chain topologies as seen in many of today’s mobile networks. Control plane metadata supporting policy based traffic handling may be linked to individual service functions SFn. Because in this example the P-GW classifies service chains we consider the P-GW being a component of the service chaining environment.
+------------------------------------------------------------------+ | Control Plane Environment [HSS] [MME] [PCRF] [others] | +------------------------------------------------|-----------------+ +--------------------+ +---------------------------|--------------------|-----------------+ | User Plane Environment | | | | | +------(S)Gi-LAN --+-----+ | | | | | | | | | +---[SF1]-[SF3]–[SF5]---[Appl. 1] | | | | / | | | [UE]---[eNB]===[S-GW]===[P-GW]-----[SF2]–[SF4]–[SF6]--------+ | | | \ | | | | | +---[SF7]–[SF8]–[SF9]-----+ | | | | | | | | | +--------------------------+ | | | | | | | +----------------------------------------------------------|--|----+ | | OTT Internet Applications | | [Appl. 2] [Appl. 3]
Figure 2: Typical service chain topology.
Mobile user equipment like smartphones, tablets or other mobile devices address use Access Point Names (APNs) to address a service network or service platform. APNs are DNS host names and comparable to FQDN host names. While a FQDN refers to an Internet IP address, an APN (loosely speaking) specifies a P-GW IP address. These APNs are used to distinguish certain user groups and their traffic, e.g., there can be an APN for a mobile service offered to the general public while enterprise customers get their own APN. For APN details see [TS.23.003].
Operators often associate a designated VLAN-ID with an APN. A VLAN-ID n then may classify the service function chain n (SFC n) related to an application platform n (Appl. n).
+----------+ | | | IF-1 O [APN 1 => VLAN-ID 1] ---- [SFC 1] ---- [Appl. 1] | | =====| P-GW O . . . . | | | IF-n O [APN n => VLAN-ID n] ---- [SFC n] ---- [Appl. n] | | +----------+
Figure 3: Association of a service chain to an application platform.
Examples for an APN are:
Vodafone Germany:
APN: | web.vodafone.de |
User Name: | not required |
Password: | not required |
Deutsche Telekom/T-Mobile:
APN: | internet.telekom |
User Name: | t-mobile |
Password: | tm |
More sophisticated classifications are feasible using UE related, subscriber and service related, as well as network related metadata. Typical metadata and their sources are:
Mobile operator defined subscriber, service or network specific policies are typically encoded in the 3GPP-based “policy and charging rules function” (PCRF), see [TS.23.203]. For instance, a PCRF may encode the rules that apply to pre-paid and post-paid users, users with a classification of gold, silver, or bronze, or even as detailed as describing rules that apply to “gold users, wishing to download a video file, while these subscribers are subjected to a fair-usage policy”. It is up to the mobile service providers to encode the precise mappings between its subscriber classes and the associated service chains.
Because HTTP via TCP port 80 (or TCP port 443 for HTTPS) is by far the most common Internet traffic class, we discuss two typical examples of an associated service function chaining model in some more detail.
The models presented below are simplified compared to real life service function chain implementations because we do not discuss differentiated traffic handling based on different subscriber- specific service level agreements and price plans or even actual network load conditions.
With the increase of Internet traffic in mobile networks mobile operators have started to introduce Performance Enhancement Proxies (PEPs) to optimize network resource utilization. PEPs are more or less integrated platforms that ensure the best possible Quality of Experience (QoE). Their service functions include but are not limited to Deep Packet Inspection (DPI), web and video optimizations, subscriber and service policy controlled dynamic network adaption, analytics and management support.
A simple service function chain model for mobile Internet upstream and downstream traffic is shown in Figure 4 below. The function chain includes Load Balancers (LB), which split HTTP over TCP port 80 away from the rest of the internet traffic. Beside basic web content, this traffic class includes more and more video. To act on this traffic type we force this traffic to pass Performance Enhancement Proxies. The firewall function (FW) protects the carrier network from the outside and Network Address Translation (NAT) maps the private IP address space dedicated to user equipment to a public IP address.
The first application in the service chain caches web content to help reduce Round Trip Times (RTT) and therefore contribute to improved web page load times. This is generally more important for mobile service providers than reducing Internet peering costs. Similar arguments hold for cached video content. We avoid potential large jitter imported from the Internet.
Service function chain to control, steer and manipulate HTTP traffic over TCP port 80. An example for non HTTP:80 traffic is IPsec traffic, which is dedicated to port 10000. Note that in a real environment not only port 80 but for example additional traffic via port 8080, 25 for SMTP, 110 for POP3 or 143 for IMAP may be forced to pass a service chain.
[Cache] | [P-GW]---[LB]-----------[PEP]--[LB]--[FW]---[NAT]---[Internet] | HTTP:80 | | | | | | non HTTP:80 | +---------------------+
Figure 4: Service function chain for HTTP traffic over TCP port 80.
A second application is video optimization. Video content from the Internet may not fit in the size of mobile device displays or simply would overload the mobile network when used natively. Therefore mobile operators adapt internet-based video content to ensure the best Quality of Experience.
Video content optimization very often is also an additional premium-related component in service offers and price plans.
Our PEP environment for video optimization consists of three basic service functions shown in Figure 5: A steering proxy which is able to redirect HTTP traffic, a DPI-based controller which checks for video content and an optimizer which transcodes videos to an appropriate format on the fly in real time.
[PEP for video] ==>> [Steering Proxy]---[DPI Contr.]---[Optimizer]
Figure 5: Service functions required for video optimization.
In Figure 6 we show the detailed HTTP flows and their redirection in some more detail. The intention here is to show every elementary functional step in a chain as a separate physical or virtualized item but this state diagram must not necessarily reflect every existing vendor-specific proprietary implementation.
[UE]----[Steering Proxy]----[DPI Contr.]----[Optimizer]----[Content] |-- HTTP GET ->|-------------- HTTP GET ----------------------->| |<------------- HTTP Response -------------------| |-- Is it Video? ->| |<-- Video found --| |<--- HTTP ----| Redirect |-- HTTP GET ->|-----HTTP GET ---------------->| |-- HTTP GET -->| Video |<--- HTTP -----| Response Orig. Video {Optimize} |<------- HTTP Response --------| Transcoded Video |-- Is it Video? ->| |<-- Video found --| |<--- HTTP ----| Response Transcoded Video
Figure 6: Flow diagram between UE and video optimization PEP.
This use case model highlights the weakness of current service deployments in the areas of traffic selection, reclassification, and multi-vendor support. Traffic is classified after the P-GW and separated into separate flows based on whether it is (in this example) TCP traffic destined to port 80. This classification could be done initially if the load balancer can classify the traffic and initiate service chain selection, or the traffic can be reclassified at the load balancer if it is already embedded in a service chain (e.g., when combined with other functions such as the TCP optimization in the following use case). Multi-vendor support is needed because every element in the use case can be provided by a different vendor: load-balancer, http proxy, firewall, and NAT.
This use case imposes the following requirements on a service function chaining (SFC) solution:
The essential parameters influencing TCP behavior are latency, packet loss and available throughput.
Content servers are mostly attached to fixed networks. These are characterized by high bandwidth and low latency. Therefore content servers often experience large TCP window sizes. In fixed networks, end-to-end TCP window size mismatches do not have that much negative impact on data flows.
On the other hand, mobile networks show a different behavior. While the (S)Gi-side of the network typically exhibits low latency, low packet loss, high bandwidth and minimal congestion, the Radio Access Network (RAN) tends to have higher latency, packet loss, and congestion. Therefore mobile devices normally experience much smaller TCP window sizes.
One way to mitigate these different environments, i.e., the LAN and the mobile wireless part, is to use split TCP. However, this leads to the case that the mobile wireless part can experience a different TCP window size than the fixed LAN part.
In mobile networks, these TCP window size mismatches may result in poor end-to-end throughput and bad user experience.
Therefore mobile operators very often use TCP optimization proxies in the data path. These proxies monitor latency and throughput real-time and dynamically optimize TCP parameters for each TCP connection to ensure a better transmission behavior.
A rudimentary service chain setup for TCP optimization is shown in Figure 7. Examples of non TCP flows are UDP/RTP voice or video traffic.
[P-GW]---[LB]----------[TCP Opt.]---[LB]---[FW]---[NAT]---[Internet] | TCP | | | | non-TCP | +--------------------------+
Figure 7: Optimizing TCP parameterization in a mobile network.
This use case highlights weaknesses of current service deployments in the areas of traffic selection, reclassification, and multi-vendor support as in the previous use case presented in 4.1.
This use case imposes the following additional requirements on a Service Function Chaining solution.
As indicated in Figure 2, service functions may be linked to the control plane to take care of additional subscriber or service related metadata. In many cases the source of metadata would be the PCRF and the link would be a Diameter-based Gx interface. Diameter is specified in [RFC6733] and Gx in [3GPP].
Service functions within the SGi/Gi-LAN are less focused on the explicit QoS steering of the actual mobile wireless network. QoS in mobile networks is based on the 3GPP “Bearer” concept. A Bearer is the essential traffic separation element enabling traffic separation according different QoS settings and represents the logical transmission path between the User Equipment (UE) and the Packet Gateway (P-GW).
In many operator environments every new service introduction may result in a further dedicated (S)Gi-LAN service chain.
Often the coarse grained classification according APNs is not fine enough to uniquely select a service function chain or a processing scheme within a service function chain required to support the typical user-, service- or network- related policies which the operator likes to apply to a specific user plane flow.
It is very likely that an APN, such as shown as example in Section 2.3, is carrying an extremely diverse set of user traffic. This can range from HTTP web traffic to real-time traffic.
In many carrier networks service chain LANs grow incrementally according product introductions or product modifications. This very often ends in a mix of static IP links, policy based routing or individual VRF implementations etc. to enforce the required sequence of service functions. Major weak points seen in many carrier networks are:
Mobile operators use service function chains to enable and optimize service delivery, offer network related customer services, optimize network behavior or protect networks against attacks and ensure privacy. Service function chains are essential to their business. Without these, mobile operators are not able to deliver the necessary and contracted Quality of Experience or even certain products to their customers.
Because product development cycles are very fast in mobile markets, mobile operators are asking for service chaining environments which allow them to instantly create or modify service chains in a very flexible and very simple way. The creation of service chains should be embedded in the business and operation support layers of the company and on an abstract functional level, independent of any network underlay. No knowledge about internetworking technology should be required at all. The mapping of the functional model of a service chain onto the actual underlay network should be done by a provisioning software package as shown in Figure 8. Details of the architecture and design are subject of forthcoming standards and proprietary implementation details.
+------------------------------------------------------------------+ | Creation of an abstract service function chain | +------------------------------------------------------------------+ | V +------------------------------------------------------------------+ | +----------------------------------------------------+ | | | Service function chain compiler | | | +----------------------------------------------------+ | | | | | V | | +----------------------------------------------------+ | | | Mediation device | | | +----------------------------------------------------+ | +------------------------------------------------------------------+ | V +------------------------------------------------------------------+ | Physical network underlay | +------------------------------------------------------------------+
Figure 8: Creation and provisioning system for service function chains.
Service functions can be physical or virtualized. In the near future the majority of mobile service functions will typically reside in the local cloud computing environment of a mobile core location. Nevertheless, the architecture and design should allow and support also remote service functions if applicable.
A service function chain should be generalized by a directed graph where the vertices (nodes) represent an elementary service function. This model allows branching conditions at the vertices. Branching in a graph could then be triggered by typical 3GPP specified mobile metadata (see Section 2.3) and allow for more sophisticated steering methods in a service chain. Typically this data will be injected by the mobile control plane, commonly by the PCRF via a Diameter-based 3GPP Gx interface.
Service chain behavior and output should additionally depend on actual network conditions. For example, the selection of a video compression format could dependent on the actual load of the mobile network segment a mobile user is attached to.
To avoid Diameter signaling storms in the (S)Gi-LAN, individual service functions should probably not be attached individually to the control plane. A mechanism where metadata information is carried by extensions to the user IP packet may be more appropriate, provided these extensions do not increase the original payload size too much.
A clear separation between service chaining functionality and 3GPP bearer handling is required. This may be subject of forthcoming studies.
TBD.
This document has no actions for IANA.
We thank Peter Bosch and Martin Stiemerling for valuable discussions and contributions.
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |