SFC R. Gu Internet-Draft C. Li Intended status: Informational China Mobile Expires: April 20, 2016 H. Assarpour Broadcom October 18, 2015 Test Report of Service Function Chain with NSH in Cloud Datacenter draft-gu-sfc-test-report-sfc-nsh-00 Abstract Service function chaining is provided in cloud datacenters with some encapsulation technology adopted in classifing and forwarding traffic flows of service function chaining. This draft introduces the test of service function chain with the encapsulation technology NSH in Cloud Datacenter, which shows significance to the pratical deployment of carrier grade services of NFV datacenter. Status of This Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 20, 2016. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Gu, et al. Expires April 20, 2016 [Page 1] Internet-Draft Test Report of SFC with NSH October 2015 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. Definition of terms . . . . . . . . . . . . . . . . . . . . . 3 4. Test setup . . . . . . . . . . . . . . . . . . . . . . . . . 3 5. Test cases and results . . . . . . . . . . . . . . . . . . . 6 5.1. Functionality . . . . . . . . . . . . . . . . . . . . . . 6 5.2. Performance . . . . . . . . . . . . . . . . . . . . . . . 6 5.2.1. High bandwidth test . . . . . . . . . . . . . . . . . 6 5.2.2. Large scale SFC flow test . . . . . . . . . . . . . . 7 5.2.3. Flow update rate test . . . . . . . . . . . . . . . . 8 5.2.4. Forwarding latency . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 8. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 9 9. Normative References . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction Service function chaining is provided in cloud datacenters which means that several service functions are at service in a required order. In providing the service function chaining, Network Service Header (NSH) encapsulation is used by inserting the NSH onto the encapsulated packets or frames to realize function paths. This draft describes the test on service function chaining (SFC) solution with NSH for NFV architectures. In the test, a single point of SFC controller is used in controlling the NFV networks. This solution is targeted at carrier grade services using SFC solution integrated into a top of rack (TOR) switch. Performance, scalability, and impact on customization are evaluated. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. In this document, these words will appear with that interpretation only when in ALL CAPS. Lower case uses of these words are not to be interpreted as carrying RFC-2119 significance. Gu, et al. Expires April 20, 2016 [Page 2] Internet-Draft Test Report of SFC with NSH October 2015 3. Definition of terms DPI Deep Packet Inspection FW Firewall LB Load Balance NAT Network Address Translation NSH Network Service Header OAM Operation and Management SF Service Function SFC Service Function Chaining SFC CLA Service Function Chaining Classification SFF Service Function Forwarding VNF Virtual Network Function 4. Test setup The evaluation test aims at testing the complete SFC solution which is integral to build a carrier class NFV datacenter. The solution shown as follows includes: SFC controller and Management The SFC controller is used to translate the service function chains to forwarding paths and propagate the path information to participating nodes in order to realize the service function Gu, et al. Expires April 20, 2016 [Page 3] Internet-Draft Test Report of SFC with NSH October 2015 chain.The SFC mangement is charge for managing the service function chains and service functions. [draft-ietf-sfc-control-plane] SFC Classification (SFC CLA) Locally instantiated matching of traffic flows against policy for subsequent application of the required set of network service functions, which is defined in [draft-ietf-sfc-architecture]. The policy may be customer/network/service specific. SF Forwarding (SFF) SFF is responsible for forwarding traffic to one or more connected service functions according to information carried in the SFC encapsulation and handling traffic coming back from the SF. Service function features Service function features provide some additional service function features such as OAM and SFC proxy. Switch The switch provides the data center underlay switching and provides the high speed connectivity required in data centers. Virtual Network Functions Virtual network function acts on the specific treatment of received packets, which belong to various layers of a protocol stack. The service functions include: firewalls, load balancer, WAN, DPI, NAT and so on. Gu, et al. Expires April 20, 2016 [Page 4] Internet-Draft Test Report of SFC with NSH October 2015 +------------------------------------------------------------------+ | | | SFC controller and Management | | | +--------------------------------|---------------------------------+ | +--------------------------------V---------------------------------+ | | | ++++++++++++ ++++++++++ ++++++++++++++++++++++++++++ | | + + + + + + | | + SFC + + SFF + +Service function features + | | +Classifier+ + + + (OAM or SFC proxy) + | | + + + + + + | | ++++++++++++ ++++++++++ ++++++++++++++++++++++++++++ | | | | Service Function Chaining Forwarding Parts | +--------------------------------|---------------------------------+ | +--------------------------------V---------------------------------+ | | | Switch | | | +-----|------------|--------------|--------------|-------------||--+ | | | | || | | | | || +--------------------------------------------------------+ || | +----------+ +----------+ +----------+ +----------+| +----||---+ | | | | | | | | || | | | | VNF 1 | | VNF 2 | | VNF 3 | | VNF N || | Tester | | | | | | | | | || | | | +----------+ +----------+ +----------+ +----------+| +---------+ | SF | +--------------------------------------------------------- Test Topology In the test, the tester responsible for the traffic source and the monitors sends out the traffic with all of the required test patterns and receives the traffic coming back after handling from the VNFs. When the SFC controller tells the information of the service function chain to the service function forwarding parts, the CL SLA and SFF perform the operations. In indicating the service chain path, NSH are supported by the service function chaining forwarding devices and the vNFs. Gu, et al. Expires April 20, 2016 [Page 5] Internet-Draft Test Report of SFC with NSH October 2015 5. Test cases and results 5.1. Functionality Content: The VNF is updated with the encapsulation technology. In this test, GRE tunnel and NSH is used during the service function chaining. So the VNF is developed by decoding GRE header and NSH header, doing the security check of the IP packet and modify the GRE and NSH headers. The test aims at the service function forwarding parts can work with the updated VNFs. Significance: The significance of the test is to demonstrate the service function chain does work with NSH. Process: The traffic sent out from the tester to the Service Function Chaining Forwarding Parts where the service function classification chooses the flow path and the service function forwarding does the forwarding actions. The traffic is forwarded into the VNFs by the service function forwarding. The traffic can pass through a single VNF or multiple VNFs due to the path planned, and returns back to the tester after handling by VNFs and termination by the Service Function Forwarding Parts. Result: Incoming and outcoming traffic are checked in the switch with no packet loss monitored in the tester. 5.2. Performance 5.2.1. High bandwidth test Content: The high bandwidth of source traffic with smaller packet sizes processed by the service function chaining forwarding devices is tested. Significance: Gu, et al. Expires April 20, 2016 [Page 6] Internet-Draft Test Report of SFC with NSH October 2015 The significance of this test is to demonstrate that the service function chaining forwarding devices can support high bandwidth classification at line rate, which is important in the NFV datacenter. Process: The tester sends out the traffic with small packet size (e.g. 288Byte in the test) at the full bandwidth (e.g.40Gbps one hop in the test). Several VNFs with several separate service function chains are constructed (e.g. six hops with total bandwidth of 240Gbps). Result: Incoming and outcoming traffic are checked in the switch with no packet loss monitored in the tester. 5.2.2. Large scale SFC flow test Content: The large scale SFC flow test includes the large scale flow classification testing and the large scale SFC flow with SFF testing in order to test the classification and forwarding tables. Significance: The significance of large scale flow classification test is to demonstrate that the service function chaining forwarding devices can support large scale flow tables and perform all the necessary classification and lookup at full bandwidth. Both high scale flow and SFF lookups are demonstrated in the large scale SFC flow with SFF testing. Process: In the first step, traffic is sent out by the tester with a large number (e.g. 9million) of flows mapped to few service function paths (e.g. 3 service function paths). In the second step, traffic is sent out by the tester with a large number (e.g. 4million) of flows mapping to many service function paths (TBD). Result: Incoming and outcoming traffic are checked in the switch with no packet loss monitored in the tester. Gu, et al. Expires April 20, 2016 [Page 7] Internet-Draft Test Report of SFC with NSH October 2015 5.2.3. Flow update rate test Content: In this test, the update rate of adding new entries to the classification flow tables will be tested. Significance: It is important that a device doing flow classification can do add/delete/modify operations at a high enough rate to support the data center requirements as new flows (subscribers, application) are added or existing ones removed. Process: The tester sends out the traffic by the planned service function chain. And at one moment, another traffic sends out by the tester as well aiming at adding new entries to the classification flow tables. Result: It shows out that greater than 40K flow updates per second are added successfully. 5.2.4. Forwarding latency Content: Forwarding latency of the service chain classification and forwarding and the VNFs is tested. Significance: Latency is of concern in some particular services provided such as video service in cloud datacenters. Process: The tester sends out the traffic by the planned service function chain with time at every hop recorded. Result: The latency we tested was 200usec total over with 23 hops, 5 emulated vNFs not only the VNFs themselves. Gu, et al. Expires April 20, 2016 [Page 8] Internet-Draft Test Report of SFC with NSH October 2015 6. Security Considerations TBD. 7. IANA Considerations TBD. 8. Conclusion Due to the test of functionality and performance, NSH encapsulation technology shows its pratical value in the service function chaining in NFV datacenters.However, some more key points need to be further studied in order to large scale deployment, such as introducing the SFC parts into the existed SDN architecture, and the relationship between the SDN controller and the SFC controller and so on. 9. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", March 1997. Authors' Addresses Rong Gu China Mobile 32 Xuanwumen West Ave, Xicheng District Beijing 100053 China Email: gurong@chinamobile.com Chen Li China Mobile 32 Xuanwumen West Ave, Xicheng District Beijing 100053 China Email: lichenyj@chinamobile.com Hamid Assarpour Broadcom Email: hamid@broadcom.com Gu, et al. Expires April 20, 2016 [Page 9]