Internet DRAFT - draft-gu-sfc-extend-architecture
draft-gu-sfc-extend-architecture
SFC R. Gu, Ed.
Internet-Draft C. Li
Intended status: Informational China Mobile
Expires: September 9, 2015 March 8, 2015
Service Function Chain Extension Architecture
draft-gu-sfc-extend-architecture-00
Abstract
An extended architecture in service function chain is provided
including the applications to tenants, SDN controller, network
function virtualized manager (NFVM) and the service function node.
Auto-deployed self-service is provided by the orchestration of SDN
controller and NFV manager. Besides, fundamental configurations and
the realizations of the service function chaining are introduced with
requirements raised. Benefitting from the Network function
virtualization (NFV) and cloud technologies, SFC in virtual networks
can bring convenient and elastic network to the customers with
central management to the operators.
Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 9, 2015.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Gu & Li Expires September 9, 2015 [Page 1]
Internet-Draft sfc-extend-architecture-00 March 2015
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Fundamental service function chaining architecture . . . . . 3
4. Service function chaining use cases . . . . . . . . . . . . . 5
5. Service function chaining realization . . . . . . . . . . . . 5
6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 5
7. Security Considerations . . . . . . . . . . . . . . . . . . . 6
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
9. Normative References . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
Service function is responsible for specific treatment of received
packets, while service function chain is directing the traffic
through a series of service functions in Data Centers or across the
Data Centers. Due to the virtualized network, service function chain
can be centrally controlled with servicing traffic on the same
network or across the different networks. With the service function
chaining, Network as a service can be provided by Internet Service
Providers (ISPs) in order to meet the different requirements from
diversified tenants. Layer 4- Layer 7 value-added services (VAS) are
provided. Tenants buy service functions through the logical network
applications with logical network mapping to the physical network
technically.
This document describes a extended architecture of Service Function
Chaining (SFC) to provide the L4-L7 services. The basic architecture
includes the applications to tenants, SDN controller, network
function virtualized manager (NFVM) and the service function node.
With the orchestration, the SDN controller and the NFV manager work
in coordination to provide the auto-deployed service such as load
balancing the traffic originating from the remote side to the Data
Centers or inner Data Centers, doing the network address translation
(NAT), and the firewalls with policies focusing on the threats.
Besides the architecture, fundamental configurations and the
realizations of the service function chaining are introduced with
requirements raised. Benefitting from the Network function
virtualization (NFV) and cloud technologies, SFC in virtual networks
can bring convenient and elastic network to the customers with
central management to the operators.
Gu & Li Expires September 9, 2015 [Page 2]
Internet-Draft sfc-extend-architecture-00 March 2015
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Fundamental service function chaining architecture
The service function chaining includes the service chain applications
faced to tenants, the orchestrations platform, SDN controller, NFV
manager and the network elements.
Service chain applications (APP):
Service chain applications are programs to the tenants which record
their network requirements and translate them to the SDN controller
and the NFV managers.
Orchestrator:
The orchestrator is in charge of the orchestration and management of
NFV infrastructure and software resources, and realizing network
services.
SDN Controller:
The SDN controller is a logically centralized entity with a general
view of the network and in charge of SDN datapaths according to the
requirements from the service chain applications.
NFV Manager:
The NFV manager is responsible for NFV lifecycle management such as
installation, update, query, scaling and termination.
Network elements:
Network elements are the resource instances which can be a virtual
instance or be embedded in a physical network element such as the
virtual load balance instances or the physical firewall located in
the resource pool.
The basic operations of the service function chain include:
(a) The installation, update, query, scaling and termination of
virtual load balancer.
Gu & Li Expires September 9, 2015 [Page 3]
Internet-Draft sfc-extend-architecture-00 March 2015
(b) The installation, update, query, scaling and termination of
virtual firewall.
(c) The installation, update, query, scaling and termination of VPN
gateway.
(d) The installation, update, query, scaling and termination of the
Intrusion Detection system (IDS) and the Intrusion Prevention system
(IPS).
It is not the purpose of this document to be exhaustive of all the
service function chain, but instead, we try to make it clearer for
the deployment and realization of SFC.
--------------------------
| service function chain |
| +----------------
| APP | |
----+--------------+------ |
| | |
| | |
| ---------+------- |
| | | |
| | Orchestrator +----- |
| | | | |
| ---------+------- | |
| | | |
| | | |
---+--------------+------- | ------+---------
| | | | |
| SDN Controller | ----+ NFV manager |
| | | |
---+---------------------- ------+---------
| |
-----+------------------------------------+-------
| |
| ----- ----- ----- |
| |VSW| |VSW| |VSW| |
| ----- ----- ----- |
| |
| ------ ------ ------ ------ ------ |
| | VM | | VM | | VLB| | VFW| | VR | |
| ------ ------ ------ ------ ------ |
| |
| network element |
|------------------------------------------------|
Figure 1: SFC Extension Architecture
Gu & Li Expires September 9, 2015 [Page 4]
Internet-Draft sfc-extend-architecture-00 March 2015
4. Service function chaining use cases
Layer 4 -Lay 7 value-added services which the SFCs support are
necessities. In the Data Center scenario, SFC should be configured
with the service profile according to the network status and user
attribute. Customers can choose the suitable SFC as required, thus
providing a elastic, agile and convenient service with deployment
cost reducing and consumption of resources increasing.
5. Service function chaining realization
Tenants configure the SFC they required by service chain application.
The configurations are translated by the centralized network
management part such as the plugin of FWaaS or LBaaS in the Openstack
Neutron. The network management center interacts with SDN controller
or the management of virtual network functions (VNFs). Different
tenants can define their own configurations of the VNF policies. In
the VPC service, the configurations are recorded in the service
profiles which direct the traffic in the right way. After receiving
the service profile of SFC, SDN controller sends the responding flow
table to the network elements and makes the comprehensively decision
after the message report bottom up received.
Actually, in the openstack neutron, the functions of FWaaS, LBaaS and
VPNaaS are limited to the basic functions such as creating, updating,
querying and deleting a VAS. The overall management of the FW or LB
are operated by the FW or LB manager. Thus the SDN controller and
the VNF manager cooperate in order to provide prefect interaction
with the service chain application. The operations of create,
update, query, delete are provided by the neutron, while the other
functions are provided by the VNF managers, such as source NAT, x-
forward-for in the http header, scalability, high availability and so
on.
6. Conclusion
Such an extended architecture in service function chain provided
takes advantage of the orchestration of SDN controller and the NFV
manager. Thus convenient and elastic network are provided to the
customers with central management to the operators. Details about
the architecture such as the respective responsibility of SDN
controller and NFVM, the traffic directing and interactive process
between different network elements need to be further studied.
Gu & Li Expires September 9, 2015 [Page 5]
Internet-Draft sfc-extend-architecture-00 March 2015
7. Security Considerations
None.
8. IANA Considerations
None.
9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.
Authors' Addresses
Rong Gu (editor)
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing 100053
China
Email: gurong_cmcc@outlook.com
Chen Li
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing 100053
China
Email: lichenyj@chinamobile.com
Gu & Li Expires September 9, 2015 [Page 6]