Internet DRAFT - draft-gu-sfc-test-report-sfc-nsh
draft-gu-sfc-test-report-sfc-nsh
SFC R. Gu
Internet-Draft C. Li
Intended status: Informational China Mobile
Expires: April 20, 2016 H. Assarpour
Broadcom
October 18, 2015
Test Report of Service Function Chain with NSH in Cloud Datacenter
draft-gu-sfc-test-report-sfc-nsh-00
Abstract
Service function chaining is provided in cloud datacenters with some
encapsulation technology adopted in classifing and forwarding traffic
flows of service function chaining. This draft introduces the test
of service function chain with the encapsulation technology NSH in
Cloud Datacenter, which shows significance to the pratical deployment
of carrier grade services of NFV datacenter.
Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 20, 2016.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Gu, et al. Expires April 20, 2016 [Page 1]
�
Internet-Draft Test Report of SFC with NSH October 2015
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Definition of terms . . . . . . . . . . . . . . . . . . . . . 3
4. Test setup . . . . . . . . . . . . . . . . . . . . . . . . . 3
5. Test cases and results . . . . . . . . . . . . . . . . . . . 6
5.1. Functionality . . . . . . . . . . . . . . . . . . . . . . 6
5.2. Performance . . . . . . . . . . . . . . . . . . . . . . . 6
5.2.1. High bandwidth test . . . . . . . . . . . . . . . . . 6
5.2.2. Large scale SFC flow test . . . . . . . . . . . . . . 7
5.2.3. Flow update rate test . . . . . . . . . . . . . . . . 8
5.2.4. Forwarding latency . . . . . . . . . . . . . . . . . 8
6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
8. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 9
9. Normative References . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction
Service function chaining is provided in cloud datacenters which
means that several service functions are at service in a required
order. In providing the service function chaining, Network Service
Header (NSH) encapsulation is used by inserting the NSH onto the
encapsulated packets or frames to realize function paths.
This draft describes the test on service function chaining (SFC)
solution with NSH for NFV architectures. In the test, a single point
of SFC controller is used in controlling the NFV networks. This
solution is targeted at carrier grade services using SFC solution
integrated into a top of rack (TOR) switch. Performance,
scalability, and impact on customization are evaluated.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
In this document, these words will appear with that interpretation
only when in ALL CAPS. Lower case uses of these words are not to be
interpreted as carrying RFC-2119 significance.
Gu, et al. Expires April 20, 2016 [Page 2]
�
Internet-Draft Test Report of SFC with NSH October 2015
3. Definition of terms
DPI Deep Packet Inspection
FW Firewall
LB Load Balance
NAT Network Address Translation
NSH Network Service Header
OAM Operation and Management
SF Service Function
SFC Service Function Chaining
SFC CLA Service Function Chaining Classification
SFF Service Function Forwarding
VNF Virtual Network Function
4. Test setup
The evaluation test aims at testing the complete SFC solution which
is integral to build a carrier class NFV datacenter.
The solution shown as follows includes:
SFC controller and Management
The SFC controller is used to translate the service function chains
to forwarding paths and propagate the path information to
participating nodes in order to realize the service function
Gu, et al. Expires April 20, 2016 [Page 3]
�
Internet-Draft Test Report of SFC with NSH October 2015
chain.The SFC mangement is charge for managing the service function
chains and service functions. [draft-ietf-sfc-control-plane]
SFC Classification (SFC CLA)
Locally instantiated matching of traffic flows against policy for
subsequent application of the required set of network service
functions, which is defined in [draft-ietf-sfc-architecture]. The
policy may be customer/network/service specific.
SF Forwarding (SFF)
SFF is responsible for forwarding traffic to one or more connected
service functions according to information carried in the SFC
encapsulation and handling traffic coming back from the SF.
Service function features
Service function features provide some additional service function
features such as OAM and SFC proxy.
Switch
The switch provides the data center underlay switching and provides
the high speed connectivity required in data centers.
Virtual Network Functions
Virtual network function acts on the specific treatment of received
packets, which belong to various layers of a protocol stack. The
service functions include: firewalls, load balancer, WAN, DPI, NAT
and so on.
Gu, et al. Expires April 20, 2016 [Page 4]
�
Internet-Draft Test Report of SFC with NSH October 2015
+------------------------------------------------------------------+
| |
| SFC controller and Management |
| |
+--------------------------------|---------------------------------+
|
+--------------------------------V---------------------------------+
| |
| ++++++++++++ ++++++++++ ++++++++++++++++++++++++++++ |
| + + + + + + |
| + SFC + + SFF + +Service function features + |
| +Classifier+ + + + (OAM or SFC proxy) + |
| + + + + + + |
| ++++++++++++ ++++++++++ ++++++++++++++++++++++++++++ |
| |
| Service Function Chaining Forwarding Parts |
+--------------------------------|---------------------------------+
|
+--------------------------------V---------------------------------+
| |
| Switch |
| |
+-----|------------|--------------|--------------|-------------||--+
| | | | ||
| | | | ||
+--------------------------------------------------------+ ||
| +----------+ +----------+ +----------+ +----------+| +----||---+
| | | | | | | | || | |
| | VNF 1 | | VNF 2 | | VNF 3 | | VNF N || | Tester |
| | | | | | | | || | |
| +----------+ +----------+ +----------+ +----------+| +---------+
| SF |
+---------------------------------------------------------
Test Topology
In the test, the tester responsible for the traffic source and the
monitors sends out the traffic with all of the required test patterns
and receives the traffic coming back after handling from the VNFs.
When the SFC controller tells the information of the service function
chain to the service function forwarding parts, the CL SLA and SFF
perform the operations. In indicating the service chain path, NSH
are supported by the service function chaining forwarding devices and
the vNFs.
Gu, et al. Expires April 20, 2016 [Page 5]
�
Internet-Draft Test Report of SFC with NSH October 2015
5. Test cases and results
5.1. Functionality
Content:
The VNF is updated with the encapsulation technology. In this test,
GRE tunnel and NSH is used during the service function chaining. So
the VNF is developed by decoding GRE header and NSH header, doing the
security check of the IP packet and modify the GRE and NSH headers.
The test aims at the service function forwarding parts can work with
the updated VNFs.
Significance:
The significance of the test is to demonstrate the service function
chain does work with NSH.
Process:
The traffic sent out from the tester to the Service Function Chaining
Forwarding Parts where the service function classification chooses
the flow path and the service function forwarding does the forwarding
actions. The traffic is forwarded into the VNFs by the service
function forwarding. The traffic can pass through a single VNF or
multiple VNFs due to the path planned, and returns back to the tester
after handling by VNFs and termination by the Service Function
Forwarding Parts.
Result:
Incoming and outcoming traffic are checked in the switch with no
packet loss monitored in the tester.
5.2. Performance
5.2.1. High bandwidth test
Content:
The high bandwidth of source traffic with smaller packet sizes
processed by the service function chaining forwarding devices is
tested.
Significance:
Gu, et al. Expires April 20, 2016 [Page 6]
�
Internet-Draft Test Report of SFC with NSH October 2015
The significance of this test is to demonstrate that the service
function chaining forwarding devices can support high bandwidth
classification at line rate, which is important in the NFV
datacenter.
Process:
The tester sends out the traffic with small packet size (e.g. 288Byte
in the test) at the full bandwidth (e.g.40Gbps one hop in the test).
Several VNFs with several separate service function chains are
constructed (e.g. six hops with total bandwidth of 240Gbps).
Result:
Incoming and outcoming traffic are checked in the switch with no
packet loss monitored in the tester.
5.2.2. Large scale SFC flow test
Content:
The large scale SFC flow test includes the large scale flow
classification testing and the large scale SFC flow with SFF testing
in order to test the classification and forwarding tables.
Significance:
The significance of large scale flow classification test is to
demonstrate that the service function chaining forwarding devices can
support large scale flow tables and perform all the necessary
classification and lookup at full bandwidth. Both high scale flow
and SFF lookups are demonstrated in the large scale SFC flow with SFF
testing.
Process:
In the first step, traffic is sent out by the tester with a large
number (e.g. 9million) of flows mapped to few service function paths
(e.g. 3 service function paths).
In the second step, traffic is sent out by the tester with a large
number (e.g. 4million) of flows mapping to many service function
paths (TBD).
Result:
Incoming and outcoming traffic are checked in the switch with no
packet loss monitored in the tester.
Gu, et al. Expires April 20, 2016 [Page 7]
�
Internet-Draft Test Report of SFC with NSH October 2015
5.2.3. Flow update rate test
Content:
In this test, the update rate of adding new entries to the
classification flow tables will be tested.
Significance:
It is important that a device doing flow classification can do
add/delete/modify operations at a high enough rate to support the
data center requirements as new flows (subscribers, application) are
added or existing ones removed.
Process:
The tester sends out the traffic by the planned service function
chain. And at one moment, another traffic sends out by the tester as
well aiming at adding new entries to the classification flow tables.
Result:
It shows out that greater than 40K flow updates per second are added
successfully.
5.2.4. Forwarding latency
Content:
Forwarding latency of the service chain classification and forwarding
and the VNFs is tested.
Significance:
Latency is of concern in some particular services provided such as
video service in cloud datacenters.
Process:
The tester sends out the traffic by the planned service function
chain with time at every hop recorded.
Result:
The latency we tested was 200usec total over with 23 hops, 5 emulated
vNFs not only the VNFs themselves.
Gu, et al. Expires April 20, 2016 [Page 8]
�
Internet-Draft Test Report of SFC with NSH October 2015
6. Security Considerations
TBD.
7. IANA Considerations
TBD.
8. Conclusion
Due to the test of functionality and performance, NSH encapsulation
technology shows its pratical value in the service function chaining
in NFV datacenters.However, some more key points need to be further
studied in order to large scale deployment, such as introducing the
SFC parts into the existed SDN architecture, and the relationship
between the SDN controller and the SFC controller and so on.
9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", March 1997.
Authors' Addresses
Rong Gu
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing 100053
China
Email: gurong@chinamobile.com
Chen Li
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing 100053
China
Email: lichenyj@chinamobile.com
Hamid Assarpour
Broadcom
Email: hamid@broadcom.com
Gu, et al. Expires April 20, 2016 [Page 9]
