Internet DRAFT - draft-gu-sfc-usecase-and-hierarchical-models
draft-gu-sfc-usecase-and-hierarchical-models
SFC R. Gu, Ed.
Internet-Draft C. Li
Intended status: Informational China Mobile
Expires: January 6, 2016 July 5, 2015
Usecase and hierarchical models of service function chaining in cloud
datacenters
draft-gu-sfc-usecase-and-hierarchical-models-00
Abstract
In providing the service functions such as VPN, FW, LB, DPI and so
on, usecase and hierarchical models in cloud datacenters are
introduced.In order to realize the practical deployment,the cascade
and hang-on network architecture are comparied to make the
guidance.By adopting the hang-on network architecture and the
hierarchical models, services to the tenants are more flexible and
elastic while services to the operators are more convenient in
management.
Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 6, 2016.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Gu & Li Expires January 6, 2016 [Page 1]
Internet-Draft sfc-usecase-and-hierarchical-models-00 July 2015
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Definition of terms . . . . . . . . . . . . . . . . . . . . . 2
4. Cloud datacenters network architecture . . . . . . . . . . . 3
5. Usecase and hierarchical models . . . . . . . . . . . . . . . 4
6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
9. Normative References . . . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction
Network service functions including NAT, firewall, load balancing,
DPI, and many others are provided in cloud datacenters as value-added
services (VAS). Service chain is a traffic steering technology in
directing the traffic flows of network service functions.
This draft describes a typical use case of service function chaining
in cloud datacenters based on the recommended network architecture.
Besides, the concept of typical models including service model,
network model and device model are introduced. By adopting the
hierarchical model, standardized services are more convenient to both
the tenants and the operators.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Definition of terms
VPN: virtual private network
NAT: network address translation
FW: firewall
LB: load balancer
DPI: deep packet inspection
Gu & Li Expires January 6, 2016 [Page 2]
Internet-Draft sfc-usecase-and-hierarchical-models-00 July 2015
VM: virtual machine
VAS: value-added services
4. Cloud datacenters network architecture
In order to provide service functions better, we compare the recent
physical network architectures including the cascade architecture and
the hang-on architecture. In the cascade network architecture, all
the physical devices are directly connected one by one. Take the
traffic from the Internet into the datacenters as an example. From
top to down, the traffic goes from the Internet through firewall
devices, DPI devices, Load balancers and other devices to the virtual
machines. While in the hang-on architecture, all the devices such as
firewalls, DPIs, Load balancers and other devices are hanging on the
switch. Thus traffic goes to the switch and then is forwarded to the
service nodes which are needed. Compared with the hang-on
architecture, the cascade architecture has disadvantages such as
inflexible and inefficient. Traffic should go through all these
nodes cascaded in the link. When one of the nodes is congested, all
the links will be influenced. While in the hang-on architecture,
traffic flow can be improved with service function chaining. In the
real practice, the hang-on architecture is recommended in providing
the service functions in datacenters. In the cascade architecture,
traffic should be designed in other ways in order to satisfy the
service function chain, which needs to be taken into consideration.
Gu & Li Expires January 6, 2016 [Page 3]
Internet-Draft sfc-usecase-and-hierarchical-models-00 July 2015
-------- --------
---- ---- ---- ----
---- Internet ---- ---- Internet ----
---- ---- ---- ----
----+--- ----+---
| |
------+------ ------------- | -------------
| VPN | | VPN | | | FW |
------+------ ------+------ | ------+------
| | | |
------+------ | ------------- |
| FW | | | | |
------+------ +----+ +-----+
| | |
------+------ | SW |
| DPI | +-----| +-----+
------+------ | | | |
| | | | |
------+------ | ------+------ |
| SW | | | |
------+------ ------+----- | -----+------
| | LB | | | DPI |
------+------ ------------ | ------------
| LB | |
------+------ |
| |
------+------ ------+------
| VM | | VM |
------------- -------------
cascade network architecture hang-on network architecture
Figure 1: cascade and hang-on network architecture
5. Usecase and hierarchical models
Services such as NAT, VPN, FW, VLB, and DPI are provided to the
public in datacenters. In datacenters, devices of NAT, VPN, FW, VLB
and DPI as several resource pools are hanging on the switch. When
one of the services is needed, traffic is redirected to the
responding resource pool.
We divide the practical deployment into hierarchical models, service
models, network models and device models due to our actual practice.
(1) Service models
Gu & Li Expires January 6, 2016 [Page 4]
Internet-Draft sfc-usecase-and-hierarchical-models-00 July 2015
Service models are facing to tenants directly. Up to now, five
typical service models are summarized according to the typical
services provided in cloud datacenters.
Service Model A: FW+VM
--------
---- ----
---- Internet ----
---- ----
----+---
|
| -------------
| | FW pool |
| ------+------
| |
------------- |
| | |
| SW +-----+
| |
| |
------+------
|
|
------+------
| VM |
-------------
Figure 2: Service Model A
To the customers who need the firewall service, the template of
firewall and the virtual machine is suitable. In the service
application, tenants can subscribe their own service with firewalls
by choosing the service model A.
Service Model B: FW+LB+VM
Gu & Li Expires January 6, 2016 [Page 5]
Internet-Draft sfc-usecase-and-hierarchical-models-00 July 2015
--------
---- ----
---- Internet ----
---- ----
----+---
|
| -------------
| | FW pool |
| ------+------
| |
------------- |
| | |
| +-----+
| SW |
+-----+ |
| | |
| ------+------
| |
------+----- |
| LB pool | |
------------ |
|
------+------
| VM |
-------------
Figure 3: Service Model B
Service model B is designed for the customers to whom firewalls and
load balance services are required. When choosing the service model
B, traffic goes through the firewall, load balancer until arriving at
the virtual machines.
Service Model C: VPN+FW+LB+VM
Gu & Li Expires January 6, 2016 [Page 6]
Internet-Draft sfc-usecase-and-hierarchical-models-00 July 2015
--------
---- ----
---- Internet ----
---- ----
----+---
|
------------- | -------------
| VPN | | | FW pool |
------+------ | ------+------
| | |
| ------------- |
| | | |
+-----+ +-----+
| SW |
+-----+ |
| | |
| ------+------
| |
------+----- |
| LB pool | |
------------ |
|
------+------
| VM |
-------------
Figure 4: Service Model C
Service model C is service model B plus VPN service in order to
satisfy some customers with the demand of private line, firewall and
load balancer.
Service Model D: VPN+FW+VM
Gu & Li Expires January 6, 2016 [Page 7]
Internet-Draft sfc-usecase-and-hierarchical-models-00 July 2015
--------
---- ----
---- Internet ----
---- ----
----+---
|
------------- | -------------
| VPN | | | FW pool |
------+------ | ------+------
| | |
| ------------- |
| | | |
+-----+ +-----+
| SW |
| |
| |
------+------
|
|
------+------
| VM |
-------------
Figure 5: Service Model D
Service model D is for the service chain of VPN and firewall.
Service Model E: VPN+LB+VM
Gu & Li Expires January 6, 2016 [Page 8]
Internet-Draft sfc-usecase-and-hierarchical-models-00 July 2015
--------
---- ----
---- Internet ----
---- ----
----+---
|
------------- |
| VPN | |
------+------ |
| |
| -------------
| | |
+-----+ |
| SW |
+-----+ |
| | |
| ------+------
| |
------+----- |
| LB pool | |
------------ |
|
------+------
| VM |
-------------
Figure 6: Service Model E
Service model E is for the service chain of VPN and load balancer.
Every typical service belongs to a service model. A customer can
require a service by choosing one from these service models. For
providing more services, service models need to be updated.
(2) Network models
Network models include the network architecture, the traffic flow and
the policy and routing protocol in the practical network. Service
models need to be realized by the network models. When the tenant
selects one service model, the corresponding network model is set up
at the same time.
Network Model A: FW+VM
Traffic flow is filtered by the firewall to the virtual machines by
traffic steering policy.
Gu & Li Expires January 6, 2016 [Page 9]
Internet-Draft sfc-usecase-and-hierarchical-models-00 July 2015
Network Model B: FW+LB+VM
Combining the firewall and load balance service, traffic goes through
firewall and load balancer in turn.
Network Model C: VPN+FW+LB+VM
Corresponding to service model C, traffic goes by-pass VPN, firewall
and load balancer devices with the help of network policy.
Network Model D: VPN+FW+VM
In providing VPN and firewall services, network model D is
established.
Network Model E: VPN+LB+VM
In providing VPN and load balancer services, network model E is
established.
(3) Device models
The physical or virtual devices belong to device models. In the
practical deployment, devices are deployed as a resource pool such as
the VPN device pool, firewall pool, load balancer pool and so on
contributed by different vendors. All of these devices are
interconnected by the core switch.
6. Conclusion
Usecase and hierarchical models of service functions in cloud
datacenters are introduced by providing services such as VPN, FW, LB,
DPI and so on. Comparison between the cascade and hang-on network
architecture is made in guiding the deployment of service function in
datacenters.By adopting the hang-on network architecture and the
hierarchical models, services are more flexible, convenient and
elastic. The improvement of the cascade network architecture needs
to be further studied.
7. Security Considerations
None.
8. IANA Considerations
None.
Gu & Li Expires January 6, 2016 [Page 10]
Internet-Draft sfc-usecase-and-hierarchical-models-00 July 2015
9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.
Authors' Addresses
Rong Gu (editor)
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing 100053
China
Email: gurong_cmcc@outlook.com
Chen Li
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing 100053
China
Email: lichenyj@chinamobile.com
Gu & Li Expires January 6, 2016 [Page 11]