Internet DRAFT - draft-chen-v6ops-nfv-ipv6

draft-chen-v6ops-nfv-ipv6







Network Working Group                                            G. Chen
Internet-Draft                                                   H. Deng
Intended status: Informational                              China Mobile
Expires: April 30, 2015                                 October 27, 2014


     IPv6 Considerations for Network Function Virtualization (NFV)
                      draft-chen-v6ops-nfv-ipv6-00

Abstract

   NFV adoption is gaining significant momentum, driven largely by the
   need to improve service agility and reduce operational cost.  IPv6 is
   a fundamental feature should be enabled.  This memo desribes the
   layered NFV components and typical implementations.  The IPv6
   considerations have been elaborated to each component in order to
   consoliate IPv6 demands across entire NFV system.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 30, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of




Chen & Deng              Expires April 30, 2015                 [Page 1]

Internet-Draft                  NFV-IPv6                    October 2014


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Overview on IPv6 Considerations in the NFV Architecture . . .   3
   3.  IPv6 Considerations on VIM  . . . . . . . . . . . . . . . . .   4
   4.  IPv6 Considerations on Vitrual Network  . . . . . . . . . . .   5
   5.  IPv6 considerations on Virtualisation Layer . . . . . . . . .   6
     5.1.  IPv6-enable Libvirt . . . . . . . . . . . . . . . . . . .   7
     5.2.  IPv6-enable KVM . . . . . . . . . . . . . . . . . . . . .   7
     5.3.  IPv6-enable Linux . . . . . . . . . . . . . . . . . . . .   7
   6.  IPv6 Considerations on Network Hardware . . . . . . . . . . .   7
   7.  IPv6 Considerations on VNF  . . . . . . . . . . . . . . . . .   8
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     10.1.  Normative References . . . . . . . . . . . . . . . . . .   8
     10.2.  Informative References . . . . . . . . . . . . . . . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   Network Virtualization Function (NFV) is a new trend for the telcom
   industry revolution.  It leverages IT infrastructure to take over the
   telcom functions.  Driven largely by the need to improve service
   agility and reduce operational cost, virtualization has been adopted
   in the NFV architecture.  Server, storage, and network resources are
   abstracted from their physical functions, e.g. processor, memory, I/O
   controllers, disks, network and storage switches, etc, into pools of
   functionality which can be managed functionally regardless of their
   implementation or location.  In other words, all servers, storage,
   and network devices can be aggregated into independent pools of
   resources to be used as needed, regardless of the actual
   implementation of those resources.

   Depending on the virtualization, NFV system gains good scalability.
   However, this expansion also can't survive on the exhaunsting IPv4
   address space.  IPv6 is definitely the only way out to this pressing
   needs, because the larger IP address space makes it easier to manage
   large cloud infrastructures.  The memo intends to enumurate IPv6
   considerations regarding to the different components in the NFV
   architecture.  It's expected early adopters could reconsider the way
   they design NFV cloud network so as to get more scalable and
   manageable infrastructure.





Chen & Deng              Expires April 30, 2015                 [Page 2]

Internet-Draft                  NFV-IPv6                    October 2014


2.  Overview on IPv6 Considerations in the NFV Architecture

   European Telecommunications Standards Institute (ETSI) has defined
   the NFV architecure framework [GS_NFV_002].  NFV system has been
   structured from three main working domain in the high-level framework
   as shown in the Figure 1.

   +-------------------------------------+   +---------+
   | Virtualised Network Functions(VNFs) |   |  NFV    |
   | +------+   +------+        +------+ |   |Managment|
   | | VNF  |   |  VNF |  ..... | VNF  | |   |  and    |
   | +------+   +------+        +------+ |   |Orchest  |
   +-------------------------------------+   |-ration  |
   +-------------------------------------+   |         |
   |        NFV Infrastructure(NFVI)     |   |         |
   | +-------+   +-------+   +-------+   |   |         |
   | |Virtual|   |Virtual|   |Virtual|   |   |         |
   | |Compute|   |Storage|   |Network|   |   |         |
   | +-------+   +-------+   +-------+   |   |         |
   | +-------------------------------+   |   |         |
   | |     Virtualisation Layer      |   |   |         |
   | +-------------------------------+   |   |         |
   |        Hardware Resource            |   |
   | +--------+ +--------+ +--------+    |   |         |
   | |Compute | |Storage | |Network |    |   |         |
   | |Hardware| |Hardware| |Hardware|    |   |         |
   | +--------+ +--------+ +--------+    |   |         |
   +-------------------------------------+   +---------+

                    Figure 1: High-Level NFV Framework

   We try to document the effort made to enable IPv6 across all
   components as illustrated in the overall NFV architecture.  The
   Figure 2 lists components, which should take specific considerations
   to perform IPv6 functions.  For each component, a typical
   implementation has been exemplified.  Those implementations are
   leveraged towards the realization of IPv6-capable NFV system.














Chen & Deng              Expires April 30, 2015                 [Page 3]

Internet-Draft                  NFV-IPv6                    October 2014


   +---------------------------+--------------------------+
   |    NFV Components         |Implementations Instance  |
   +---------------------------+--------------------------+
   |     VI Management         |    Openstack             |
   +---------------------------+--------------------------+
   |   Virtual Network         |OpenDayLight, OpenVSwitch |
   +---------------------------+--------------------------+
   |  Virtualisation Layer     |KVM, Librvirt,Linux Kernel|
   +---------------------------+--------------------------+
   |  Network Hardware         |   DPDK                   |
   +---------------------------+--------------------------+
   |        VNF                |   OpenEPC                |
   +---------------------------+--------------------------+

                  Figure 2: IPv6 Relevant NFV Components

3.  IPv6 Considerations on VIM

   Virtualised Infrastructure Management (VIM) comprises the
   functionalities that are used to control and manage the interation of
   a VNF with computing , storage and network resources under its
   authority, as well as their virtualisation.  We can clearly see
   OpenStack gaining more and more traction.  Openstack is comprosed by
   several core projects, e.g., Compute (Nova), Network (Neutron), Image
   (Glance), Object Storage (Swift) and Block Storage (Cinder) and etc.
   The major concerns of IPv6 capability should be implemented into the
   Neutron project.  Neutron could offers sophisticated networking
   functionality to coordinate network resources.  Numerous IPv6
   features could be merged into Neutron.

   In general, Neutron is responsible for all topologies work in a
   multi-tenant environment.  IPv6 enable Neutron is able to allow IPv6
   address static configuration and auto assignment.  The internal IPv6
   communications between Virtual Machines (VMs) and external IPv6
   interconnection via Neutron and external router/border gateway should
   be supported.  The following considerations faciliate the IPv6
   communications goals:

   o  Address Management: several IPv6 configuration modes such as SLAAC
      [RFC4862] , DHCPv6 Stateless [RFC3736] and DHCPv6 Stateful
      [RFC3315] are recommended to be supported.  It includes the
      ability for a user to create a port on a IPv6 subnet and assign a
      specific IPv6 address or muliple IPv6 addresses to the port and
      have it taken out the DHCP address pool.  Prefix delegation is
      also expected to be used to automatically configure neutron
      routers with prefixes so that IPv6 prefixes are obtained and
      renumbering can be done automatically.




Chen & Deng              Expires April 30, 2015                 [Page 4]

Internet-Draft                  NFV-IPv6                    October 2014


   o  External IPv6 Interconnections: IPv6 subnet could be routed via
      Layer 3 (L3) agent to an external IPv6 network.  Both VLAN and
      overlay (e.g.  GRE, VXLAN) subnet attached to VMs can be used to
      support multiple L3 agents for a given external network to support
      scaling.  Neutron scheduler could be used to assign virtual
      routers to the L3 agents.  Openstack takes the concept of floating
      IP to allow internal servers to be accessed from external
      networks.  That is the normal cases in IPv4.  Given the large
      address space that IPv6 offers, the floating IP may be
      unnecessary.  End-to-end native IPv6 is more desirable than any of
      the transition solutions.

   o  Floating IP: Floating IP is used in Openstack to make internal
      servers to be accessible from external Internet.  Floating IP
      support for IPv6 Addresses could be used for internal IPv6
      connecting to external IPv6.

   o  Security Group: security group is set to interrogate and/or
      disallow IP flows.  Full support for IPv6 TCP/UDP/ICMP in IPv6
      security groups are necessary in a IPv6 environment.

   o  User Interfece and Command Line (CLI): it's important for users to
      manipulate networks with IPv6 features.  During the network,
      subnet, router creation, it should have the option to allow user
      to specify the type of address management they would like.  This
      includes the supports via Neutron API (Restful and CLI) as well as
      via Openstack UI (i.e., Horizon).  It's also esstential to enable
      that feature to be able to specify Floating IPs via Neutron API
      (restful and CLI) and control and manage all IPv6 security group
      capabilities via Neutron/Nova API (restful and CLI) .

4.  IPv6 Considerations on Vitrual Network

   Virtual Networks is used to isolate resources and network overlays.
   It could be orchestrated by Openstack Neutron to lign network
   resources to be able to better address the requirements of rich
   multi-tenant environments.  In order to make system more scaleable,
   Neutron adopts a plug-in model for various 3rd party components to
   provide the networking service.  New technologies (e.g., software-
   defined networking (SDN)) are emerging to increase the flexibility
   and agility of the network, decoupling the control from the
   forwarding plane to make it easier to provision, automate and
   orchestrate network services.  The OpenDaylight provides a plugin and
   a corresponding agent to enable integration with Neutron.  IPv6
   demands should also be considered in OpenDaylight softwares including
   a pluggable controller, interfaces and applications.





Chen & Deng              Expires April 30, 2015                 [Page 5]

Internet-Draft                  NFV-IPv6                    October 2014


   The target of IPv6-enable OpenDaylight is to make the overlay and
   underlay networks in the cloud architecture both being developed with
   IPv6.  The OpenDaylight project, like OpenFlow, is a good initiative
   to accelarate the IPv6 transition.  OpenFlow v1.3 could dynamically
   learn the Layer 3 IPv6 hosts.  This can be facilitated by supporting
   the IPv6 Neighbor Discovery Protocol (NDP) or supporting DHCPv6.  In
   this case, the OpenDaylight controller should has the ability to
   perform matching on IPv6 packets and pushes down a flow-table entry
   to each of the edge devices enabling the forwarding of these packets
   up to the controller or application to process.

   Each of the underlay devices would need to support the optional IPv6
   features of OpenFlow and support the required combinations of match/
   action on the IPv6 header.  This also includes the ability to support
   masking of address fields.  Open vSwitch (OVS) is a typical effort to
   enable the IPv6 process with the overwhelming superiority, such as
   flexible controller in user-space and fast datapath in kernel.  A
   IPv6-enable vSwitch should be able to support IPv6 flows via
   OpenFlow.  The flow could be identified by the combination of any
   IPv6 features, such as IPv6 ND target, IPv6 source address or IPv6
   destination address.  The implementation of OVS would the dedicated
   IPv6 module to enable IPv6 forwarding.

5.  IPv6 considerations on Virtualisation Layer

   The virtualisation layer abstracts the hardware resources and
   decouples the VNF software from the underlying harware.  It enables
   the software that implements the VNF to use the underlying
   virtualised infrasturecture.  Typically, this type of functionality
   is provided for computing and storage resources in the form of
   hypervisors.  In order to facilitate the management of different
   kinds of hypervisors, libvirt virtualization API is created to
   provide management tool for managing platform virtualization.  The
   Figure 3 elaborates the relations of different components in
   virtualisation layer.  The sub-section will describe the detailed
   consideration for each one.

   +--------------------------------------+
   |         VIM(e.g., Openstack)         |
   +--------------------------------------+
   |         Libvirt API                  |
   +--------------------------------------+
   | KVM  |  Xen |   ESX   |   others...  |
   +--------------------------------------+
   |  Linux OS   | Others ....            |
   +--------------------------------------+

                 Figure 3: Virtualisation Layer Components



Chen & Deng              Expires April 30, 2015                 [Page 6]

Internet-Draft                  NFV-IPv6                    October 2014


5.1.  IPv6-enable Libvirt

   Libvirt could provide a common and stable layer sufficient to
   securely manage VNF instances. libvirt provides all APIs needed to do
   the management, such as provision, create, modify, monitor, control,
   migrate and stop the instances.  IPv6 network configurations can be
   enabled by the libvirt networking APIs, which is formulated by
   network XML format.  Libvirt define network profile from different
   elements including general metadata, connectivity and addressing.  To
   enable IPv6, each attributes shoule be configured properly.  For the
   IPv6 addressing, Libvirt could take SLAAC as default and optionally
   enable DHCP services.  Libvirt could configure static routes for IPv6
   forwarding, but lack of supports for dynamic routing protocol.

5.2.  IPv6-enable KVM

   KVM should provied same operations cooresponding to Libvirt.  It may
   be straight forward to enable IPv6 on KVM guests by configure the
   host machine and interfaces with IPv6 address.  The necessary
   firewall rules could be also added to ip6tables on the host machine.
   NDIS driver in KVM also should be able to handle the IPv6 packages.

5.3.  IPv6-enable Linux

   Linux system should have to enable the IPv6 support in the kernel.
   Some interface configuration file should add IPv6 address information
   and restart the networking.  Other consideration is the MTU setting.
   The MTU size of the NIC on Linxu defaults to 1500 bytes.  It may be
   good to support Jumbo frames in the cloud infrastructure.  Large MTU
   size not only gives you better network performance, but also provides
   you with workaround for software issues.  It has been observed that
   many IPv6 packeges may exceed 1500-bytes.  Therefore, it's very
   important to enable jumbo frames to avoid the corruption.

6.  IPv6 Considerations on Network Hardware

   Network hardware is capable of high-performance packet processing.
   There are optimized data plane solutions for the IP package
   processing.  The Intel Data Plane Development Kit (DPDK) is a set of
   optimized software libraries and drivers, that enable high-
   performance data plane on network elements.  The IPv6 demands to DPDK
   are targeted to support IPv6 forwarding, including IPv6 fragmentation
   reassembly.  For the fast path, it would support IPv6 exact match
   flow classification.







Chen & Deng              Expires April 30, 2015                 [Page 7]

Internet-Draft                  NFV-IPv6                    October 2014


7.  IPv6 Considerations on VNF

   The traditional mobile node functions would gradually be migrated to
   Vitrual Network Function (VNF).  Examples of VNF are 3GPP Evolved
   Packet Core (EPC) network elements, e.g., Mobility Managment Entity
   (MME), Serving Gateway (SGW), Packet Data Network Gateway (PGW).  VNF
   may remodel the network node functions into the different instances.
   For examples, the IPv6 relevant functions of SGW/PGW include PDN
   signaling processing, IPv6 data-plane filtering, classification,
   forwarding and IPv6 Charging control.  Those IPv6 processing should
   also be supported in the new-built VNF instances.

8.  IANA Considerations

   This document makes no request of IANA.

9.  Security Considerations

   TBD

10.  References

10.1.  Normative References

   [GS_NFV_002]
              European Telecommunications Standards Institute, ETSI.,
              "Network Functions Virtualisation (NFV); Architectural
              Framework", March 2009.

10.2.  Informative References

   [RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
              and M. Carney, "Dynamic Host Configuration Protocol for
              IPv6 (DHCPv6)", RFC 3315, July 2003.

   [RFC3736]  Droms, R., "Stateless Dynamic Host Configuration Protocol
              (DHCP) Service for IPv6", RFC 3736, April 2004.

   [RFC4862]  Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
              Address Autoconfiguration", RFC 4862, September 2007.

Authors' Addresses









Chen & Deng              Expires April 30, 2015                 [Page 8]

Internet-Draft                  NFV-IPv6                    October 2014


   Gang Chen
   China Mobile
   53A,Xibianmennei Ave.,
   Xuanwu District,
   Beijing  100053
   China

   Email: phdgang@gmail.com


   Hui Deng
   China Mobile
   53A,Xibianmennei Ave.,
   Xuanwu District,
   Beijing  100053
   China

   Email: denghui@chinamobile.com

































Chen & Deng              Expires April 30, 2015                 [Page 9]