SFC R. Gu, Ed. Internet-Draft C. Li Intended status: Informational China Mobile Expires: September 9, 2015 March 8, 2015 Service Function Chain Extension Architecture draft-gu-sfc-extend-architecture-00 Abstract An extended architecture in service function chain is provided including the applications to tenants, SDN controller, network function virtualized manager (NFVM) and the service function node. Auto-deployed self-service is provided by the orchestration of SDN controller and NFV manager. Besides, fundamental configurations and the realizations of the service function chaining are introduced with requirements raised. Benefitting from the Network function virtualization (NFV) and cloud technologies, SFC in virtual networks can bring convenient and elastic network to the customers with central management to the operators. Status of This Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 9, 2015. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Gu & Li Expires September 9, 2015 [Page 1] Internet-Draft sfc-extend-architecture-00 March 2015 carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Fundamental service function chaining architecture . . . . . 3 4. Service function chaining use cases . . . . . . . . . . . . . 5 5. Service function chaining realization . . . . . . . . . . . . 5 6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 6 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 9. Normative References . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction Service function is responsible for specific treatment of received packets, while service function chain is directing the traffic through a series of service functions in Data Centers or across the Data Centers. Due to the virtualized network, service function chain can be centrally controlled with servicing traffic on the same network or across the different networks. With the service function chaining, Network as a service can be provided by Internet Service Providers (ISPs) in order to meet the different requirements from diversified tenants. Layer 4- Layer 7 value-added services (VAS) are provided. Tenants buy service functions through the logical network applications with logical network mapping to the physical network technically. This document describes a extended architecture of Service Function Chaining (SFC) to provide the L4-L7 services. The basic architecture includes the applications to tenants, SDN controller, network function virtualized manager (NFVM) and the service function node. With the orchestration, the SDN controller and the NFV manager work in coordination to provide the auto-deployed service such as load balancing the traffic originating from the remote side to the Data Centers or inner Data Centers, doing the network address translation (NAT), and the firewalls with policies focusing on the threats. Besides the architecture, fundamental configurations and the realizations of the service function chaining are introduced with requirements raised. Benefitting from the Network function virtualization (NFV) and cloud technologies, SFC in virtual networks can bring convenient and elastic network to the customers with central management to the operators. Gu & Li Expires September 9, 2015 [Page 2] Internet-Draft sfc-extend-architecture-00 March 2015 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Fundamental service function chaining architecture The service function chaining includes the service chain applications faced to tenants, the orchestrations platform, SDN controller, NFV manager and the network elements. Service chain applications (APP): Service chain applications are programs to the tenants which record their network requirements and translate them to the SDN controller and the NFV managers. Orchestrator: The orchestrator is in charge of the orchestration and management of NFV infrastructure and software resources, and realizing network services. SDN Controller: The SDN controller is a logically centralized entity with a general view of the network and in charge of SDN datapaths according to the requirements from the service chain applications. NFV Manager: The NFV manager is responsible for NFV lifecycle management such as installation, update, query, scaling and termination. Network elements: Network elements are the resource instances which can be a virtual instance or be embedded in a physical network element such as the virtual load balance instances or the physical firewall located in the resource pool. The basic operations of the service function chain include: (a) The installation, update, query, scaling and termination of virtual load balancer. Gu & Li Expires September 9, 2015 [Page 3] Internet-Draft sfc-extend-architecture-00 March 2015 (b) The installation, update, query, scaling and termination of virtual firewall. (c) The installation, update, query, scaling and termination of VPN gateway. (d) The installation, update, query, scaling and termination of the Intrusion Detection system (IDS) and the Intrusion Prevention system (IPS). It is not the purpose of this document to be exhaustive of all the service function chain, but instead, we try to make it clearer for the deployment and realization of SFC. -------------------------- | service function chain | | +---------------- | APP | | ----+--------------+------ | | | | | | | | ---------+------- | | | | | | | Orchestrator +----- | | | | | | | ---------+------- | | | | | | | | | | ---+--------------+------- | ------+--------- | | | | | | SDN Controller | ----+ NFV manager | | | | | ---+---------------------- ------+--------- | | -----+------------------------------------+------- | | | ----- ----- ----- | | |VSW| |VSW| |VSW| | | ----- ----- ----- | | | | ------ ------ ------ ------ ------ | | | VM | | VM | | VLB| | VFW| | VR | | | ------ ------ ------ ------ ------ | | | | network element | |------------------------------------------------| Figure 1: SFC Extension Architecture Gu & Li Expires September 9, 2015 [Page 4] Internet-Draft sfc-extend-architecture-00 March 2015 4. Service function chaining use cases Layer 4 -Lay 7 value-added services which the SFCs support are necessities. In the Data Center scenario, SFC should be configured with the service profile according to the network status and user attribute. Customers can choose the suitable SFC as required, thus providing a elastic, agile and convenient service with deployment cost reducing and consumption of resources increasing. 5. Service function chaining realization Tenants configure the SFC they required by service chain application. The configurations are translated by the centralized network management part such as the plugin of FWaaS or LBaaS in the Openstack Neutron. The network management center interacts with SDN controller or the management of virtual network functions (VNFs). Different tenants can define their own configurations of the VNF policies. In the VPC service, the configurations are recorded in the service profiles which direct the traffic in the right way. After receiving the service profile of SFC, SDN controller sends the responding flow table to the network elements and makes the comprehensively decision after the message report bottom up received. Actually, in the openstack neutron, the functions of FWaaS, LBaaS and VPNaaS are limited to the basic functions such as creating, updating, querying and deleting a VAS. The overall management of the FW or LB are operated by the FW or LB manager. Thus the SDN controller and the VNF manager cooperate in order to provide prefect interaction with the service chain application. The operations of create, update, query, delete are provided by the neutron, while the other functions are provided by the VNF managers, such as source NAT, x- forward-for in the http header, scalability, high availability and so on. 6. Conclusion Such an extended architecture in service function chain provided takes advantage of the orchestration of SDN controller and the NFV manager. Thus convenient and elastic network are provided to the customers with central management to the operators. Details about the architecture such as the respective responsibility of SDN controller and NFVM, the traffic directing and interactive process between different network elements need to be further studied. Gu & Li Expires September 9, 2015 [Page 5] Internet-Draft sfc-extend-architecture-00 March 2015 7. Security Considerations None. 8. IANA Considerations None. 9. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997. Authors' Addresses Rong Gu (editor) China Mobile 32 Xuanwumen West Ave, Xicheng District Beijing 100053 China Email: gurong_cmcc@outlook.com Chen Li China Mobile 32 Xuanwumen West Ave, Xicheng District Beijing 100053 China Email: lichenyj@chinamobile.com Gu & Li Expires September 9, 2015 [Page 6]