Internet DRAFT - draft-lee-nsc-verification-problem-statement
draft-lee-nsc-verification-problem-statement
Network Working Group S. Lee
Internet-Draft M. Shin
Intended status: Informational Y. Choi
Expires: January 16, 2014 ETRI
July 15, 2013
Problem statement for Verification of Network Service Chains
draft-lee-nsc-verification-problem-statement-01
Abstract
This document addresses the possible conflicts between service
overlays in the network service chaining. These conflicts are due to
overlapping in classification rules and resource sharing of service
overlays. The verification of service chains provides a method for
network administrators to detect such conflicts and correct a
problematic service chain before applying it on the real network.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 16, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Lee, et al. Expires January 16, 2014 [Page 1]
Internet-Draft Problem Statement for NSC Verification July 2013
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Problem Areas . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Verification of Service Chains . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
6.1. Normative References . . . . . . . . . . . . . . . . . . 4
6.2. Informative References . . . . . . . . . . . . . . . . . 4
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction
The current network service model is bound to static topologies and
manually configured resources. This has motivated a more flexible
deployment model which orchestrates the service delivery separated
from the network. Network service chaining (NSC)
[I-D.quinn-nsc-problem-statement]
[I-D.boucadair-network-function-chaining] provides a new network
service model that delivers the traffic along the predefined logical
paths of network services (i.e., service overlays or service chains).
The service overlay provides a specific order of network services
with no regard of network topologies. The traffic is classified with
a set of rules in different granularity to select a target service
overlay.
The service overlays are configured to be isolated from each other
with virtualization of the network resources and different traffic
classification rules. However, the service overlays can share the
physical network resources (i.e., network services); and the traffic
classification rules can overlap each other. This may cause
unexpected QoS degradation in a composite network service due to
network service overload; and service failure due to loops or
interventions of the service overlays. In order to these conflicts
of service overlays over network resources and classification rules,
it is required to verify the newly added service overlays before
applying them on the real network.
This document formulates the problems in network service chaining for
the verification of service overlays to avoid any conflicts between
them.
Lee, et al. Expires January 16, 2014 [Page 2]
Internet-Draft Problem Statement for NSC Verification July 2013
2. Problem Areas
The main reasons why service chains may bring conflicts between each
other are as follows:
1. Sharing of network services:
The service overlay provides the identifiers of network services;
and invocation orders and logical links between them. The network
service is instantiated with the identifier so that one or more
physical network service nodes are located for it. While the
network service instantiation can be orchestrated by NSC functions
in a load balanced manner, the computing resource for the network
service is limited and dynamic so that it is not avoidable for
different service chains to share the same network service
instances. This brings uncertainty in QoS of the network service
chains because they cannot see which service chains share the same
network services. Thus, the network administrator should
carefully check the conflict over the network resources before
adding a new service chain to the real network for its stability.
2. Overlapping of classification rules:
An incoming packet (or traffic) is classified according to the
classification rules to determine which service overlay will
handle it. The classification is based on the contents of one or
more packet header fields so that the classification rule may vary
in different granularity. This may bring a problematic case that
an incoming packet matches two or more classification rules with
different service chains, which can result in a service chain loop
or intervention. Different priorities of the rules can help the
problem but it is not easy to predict which rules may be in a
conflict. Moreover, the service chains of low priorities may be
unreachable but not intended to. Thus, the network administrator
should carefully check the conflict of the classification rules
between service chains before adding a new one to the real network
for its consistency.
3. Verification of Service Chains
The service chain verification function provides an ability to check
whether there is any conflict between a new service chain and the
existing ones in the network before applying the new service chain in
the network. The aforementioned problems arise from the rule or
resource conflicts between service chains. Thus, the verification
targets are the classification rules and network resources used for a
new service chain.
Lee, et al. Expires January 16, 2014 [Page 3]
Internet-Draft Problem Statement for NSC Verification July 2013
As a result of the rule verification, the classification rules whose
target packets are a subset or a superset of the ones of the new rule
are presented out of the existing rules in the network. In the
similar way, the shared network services between the new service
chain and the existing ones are listed with their frequencies of
being shared as a result of resource verification. The verification
results are provided to network administrators so that they can
easily anticipate the possible problematic cases and determine if the
service chain is required to be corrected or not.
The verification procedure above is performed in an off-line manner.
In other words, it is a formal verification method which checks the
conflicts of configurations at design time. This method is
relatively simple and can test a set of service chains in an
exhaustive manner. However, dynamic state of network resources and
topologies cannot be considered at the verification.
4. Security Considerations
TBD.
5. IANA Considerations
TBD.
6. References
6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
6.2. Informative References
[I-D.boucadair-network-function-chaining]
Boucadair, M., Jacquenet, C., Parker, R., Lopez, D.,
Yegani, P., Guichard, J., and P. Quinn, "Differentiated
Network-Located Function Chaining Framework", draft-
boucadair-network-function-chaining-02, July 2013.
[I-D.quinn-nsc-problem-statement]
Quinn, P., Guichard, J., Kumar, S., Chauhan, A., Leymann,
N., Boucadair, M., Jacquenet, C., Smith, M., Yadav, N.,
Nadeau, T., Gray, K., and B. McConnell, "Network Service
Chaining Problem Statement", draft-quinn-nsc-problem-
statement-01, July 2013.
Lee, et al. Expires January 16, 2014 [Page 4]
Internet-Draft Problem Statement for NSC Verification July 2013
Authors' Addresses
Seung-Ik Lee
ETRI
218 Gajeong-ro Yuseung-Gu
Daejeon 305-700
Korea
Phone: +82 42 860 1483
Email: seungiklee@etri.re.kr
Myung-Ki Shin
ETRI
218 Gajeong-ro Yuseung-Gu
Daejeon 305-700
Korea
Phone: +82 42 860 4847
Email: mkshin@etri.re.kr
Yoon-Chul Choi
ETRI
218 Gajeong-ro Yuseung-Gu
Daejeon 305-700
Korea
Phone: +82 42 860 5978
Email: cyc79@etri.re.kr
Lee, et al. Expires January 16, 2014 [Page 5]