An Architecture of Service Chaining
Author(s): Li Hongyu, Yuanlong Jiang
As network virtualization is opening the gate to much more innovative services for service providers, service chaining provides a flexible way of service provisioning and facilitates their deployment....
Internet Working Group Y. Jiang H. Li Internet Draft Huawei Intended status: Informational Expires: December 2013 June 27, 2013 An Architecture of Service Chaining draft-jiang-service-chaining-arch-00.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on December 27, 2013. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Jiang, et al Expires December 27, 2013 [Page 1] Internet-Draft Service Chaining Architecture June 2013 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Abstract As network virtualization is opening the gate to much more innovative services for service providers, service chaining provides a flexible way of service provisioning and facilitates their deployment. This document provides a general abstract architecture for service chaining. It is a flexible and scalable architecture which can fulfill requirements of service chaining. Some solutions based on this architecture are also discussed with their advantages and disadvantages. This architecture can be used as a guideline and also a criterion for the design of service chaining. Table of Contents 1. Conventions used in this document ......................... 3 2. Terminology ............................................... 3 3. Introduction .............................................. 3 4. Service Chaining Architecture ............................. 5 5. Service Chaining Topology ................................. 6 6. Service Chaining Construction ............................. 7 6.1. Service chaining Controller ............................ 7 7. Availability and Scalability of Service Chaining........... 7 8. Service Chaining Solution Considerations .................. 8 8.1. Ethernet compatible solution ........................... 8 8.2. IP/MPLS compatible solution ............................ 9 8.3. Solution of Network-Located Function Chaining (NLFC) ... 9 8.4. Solution with a standalone service header .............. 9 9. Security Considerations ................................... 9 10. IANA Considerations ...................................... 10 11. References ............................................... 10 11.1. Normative References ............................... 10 11.2. Informative References ............................. 10 12. Acknowledgments .......................................... 10 Authors' Addresses ............................................ 11 Jiang, et al Expires December 27, 2013 [Page 2] Internet-Draft Service Chaining Architecture June 2013 1. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119]. 2. Terminology Service Flow: packets/frames with specific service characteristics (e.g., packets matching a specific tuple of fields in Ethernet, IP, TCP, HTTP headers and etc.) or determined by some service policies (such as access port and etc.) Service Classifier (SCLA), an entity which can classify incoming packets/frames into different service flows based on their service characteristics or some policies. Service Processing Entity (SPE): a logical entity which can provide one or more service processing functions for packets/frames such as firewall, DPI (Deep Packet Inspection), LI (Lawful Intercept) and etc. Usually these processing functions are computation intensive. This entity may also provide packet/frame encapsulation/decapsulation capability. Service Chain: one or more service processing functions in a specific order which are chained to provide a composite service, and packets/frames from one or more service flow should follow. Service Chaining Domain: a domain where packet is forwarded using service chaining mechanism. Service Forwarding Entity (SFE): a logical entity which forwards packets/frames to one or more SPEs in a same service chain. Optionally, it provides mapping, insertion and removal of header(s) in packets/frames. Note service forwarding path may not be the shortest path to its destination. Service Chaining: a mechanism of building service chains and forwarding packets/frames of service flows through them. 3. Introduction With the maturity of hardware/software in network virtualization, it is possible for service providers to provide more innovative services. Jiang, et al Expires December 27, 2013 [Page 3] Internet-Draft Service Chaining Architecture June 2013 Service chaining provides a flexible way to construct services, e.g., it is easy to insert/remove, and upgrade service processing functions for a service in this framework. It is thus possible to define very complex services over heterogeneous networks in a consistent way with the help of service chaining. Several drafts have already been proposed for service chaining with different approaches ([NLFC], [NSH] and [L3VPNSC]) and more solutions are expected to emerge in the near future. This document provides architecture and abstraction of the critical components for service chaining, and it is hoped to shed some lights on the design of service chaining. Possible solutions of service chaining are also outlined and compared in this document so that they can be gauged under the same criterion. Jiang, et al Expires December 27, 2013 [Page 4] Internet-Draft Service Chaining Architecture June 2013 4. Service Chaining Architecture In general, a service chaining architecture can be abstracted to consist of following components: - At least one Service Classifier (SCLA), which classifies incoming packets/frames into different service flows based on their service characteristics or some policies; - One or more Service Forwarding Entities (SFEs), each of which is attached with one or more Service Processing Entities (SPEs). Service chaining architecture with a single SFE is demonstrated in Figure 1. Upon their entry into a service chaining domain, packets/frames are classified by SCLA into different service flows. Then packets/frames from a specific service flow are forwarded by SFE into one or more SPEs in a service chain in correct order. Upon completion of all service processing, they exit the service chaining domain. It should be noted that Service Classifier, Service Forwarding Entity, and even Service Processing Entity can be implemented in a single network element. SPE SPE /-\ /-\ SPE: Service Process Entity | | ... | | \+/ \+/ SFE: Service Forward Entity | | | | SCLA: Service Classifier | | +--------+ +-+---------+--+ ENTRY| | | |EXIT ----+ SCLA +-----+ SFE +---- | | | | +--------+ +--------------+ Figure 1 Service Chain with a single SFE Service chaining architecture with multiple SFEs is further demonstrated in Figure 2. In addition to the previous discussion, multiple SFEs are interconnected by a physical/logical link or a Jiang, et al Expires December 27, 2013 [Page 5] Internet-Draft Service Chaining Architecture June 2013 network path which may be an Ethernet or IP/MPLS underlay network. Ethernet, IP/MPLS or other tunneling technologies such as those being in progress in NVO3 workgroup can be used for this underlay network. SPE SPE SPE SPE /-\ /-\ /-\ /-\ | | ... | | | | ... | | \+/ \+/ \+/ \+/ | | | | | | | | | | | | +--------+ +-+---------+--+ +-+---------+--+ ENTRY| | | | | | EXIT ----+ SCLA +-----+ SFE +---------+ SFE +----- | | | | | | +--------+ +--------------+ +--------------+ Figure 2 Service Chain with Multiple SFEs 5. Service Chaining Topology SCLA, SPE and SFE can be implemented as a standalone network entity, or in a network entity combined with other functions (such as one SFE plus one or more SPEs, one SCLA plus one SFE, or one SCLA plus one SFE and one or more SPEs). Furthermore, they may be implemented as software modules running in a DC, in clouds or as standalone physical equipments. Following service chaining topologies can be supported by this architecture: -Daisy chain This is a type of service chain in the shape of a daisy, as demonstrated in Figure 1, where multiple SPEs are attached to a single SFE, and SPEs cannot send packets/frames directly to each other but via one shared SFE. -Lily chain Jiang, et al Expires December 27, 2013 [Page 6] Internet-Draft Service Chaining Architecture June 2013 This is a type of service chain in the shape of a lily. It can be regarded as a simplified form of Figure 2, where only a single SPE is attached to each SFE, and the SFEs are connected from one to another in sequence. -Hybrid chain Part of a hybrid chain may be Daisy chain and other parts may be Lily chain, thus it can be readily combined by the previous two. 6. Service Chaining Construction Attachment of SPEs onto an SFE could be pre-configured on the SFE; or updated by some auto discovery and registering procedure when an SPE first attaches to it. 6.1. Service chaining Controller A service chaining controller which centrally manages service chains (e.g., set up, remove, and monitor service chains) can be implemented together with an SDN controller or a network orchestrator. OSS may also be used as a platform to provide this kind of control function. 7. Availability and Scalability of Service Chaining Two options for load balancing are possible: -Load balancing on flows It is very convenient to provide load balancing and make it scalable in this architecture: construct multiple service chains which provide the same set of service processing functions; the SCLA classifies a service flow into sub-flows, and each sub-flow is directed into a different service chain. -Load balancing on SPEs/paths It is also possible to provide load balancing in finer granularity. Such as, provide multiple SPEs with the same service processing function if a compute bottleneck is expected or found for this service processing function; provide multiple paths between a pair of SFEs if shortage of bandwidth is expected or found for the single path between them. The SFE should be able to load balance a service flow over these SPEs or paths with some pre-determined algorithms. High availability of a service chain will be discussed in a next version. Jiang, et al Expires December 27, 2013 [Page 7] Internet-Draft Service Chaining Architecture June 2013 8. Service Chaining Solution Considerations A solution must be able to classify packets/frames into different service flows. This is done by the Service Classifier (a packet/frame is classified with a tuple of fields in one or more headers or local policy). After the classification, a Service Identification (SID) may be applied to the packet/frame so that no further classification is needed in subsequent SFEs. SID can be mapped to traditional header fields such as a VLAN or an MPLS label (hence VLAN mapping or MPLS label swap is needed), or carried in a new service header (hence an extra header is inserted). A solution must be able to forward packets/frames across all service processing entities in a service chain in a correct sequence. This is done by the service forwarding entity with the help of SID. A solution should support the exchange of information between service processing entity and the service forwarding entity. For example, the processing result of a packet in a service processing entity can be encoded in a service header in the packets. But for long term service states (which can influence the processing of multiple packets/frames), they can be locally stored and/or signaled to service forwarding entity or other service processing entities by some specific control channels (e.g., OpenFlow protocol). Possible solutions for service chaining are outlined in this section. Note this may not be a complete picture, and it is expected that more solutions will emerge in the future. 8.1. Ethernet compatible solution Ethernet technology (IEEE 802.1Q, 802.1ad, and etc.) or DC technology can be used to support service chaining. SCLA maps service ID of a service flow to a VLAN (e.g., C-VLAN and S-VLAN) ID or a VXLAN ID in a frame. SFE then forwards the frame with the VLAN ID to appropriate SPEs for service processing (may need to change VLAN ID for each SPE). The issue with this solution: its service chaining layer is entangled with its transport layer, thus planning and provisioning of service chains are complex, and it may not be a scalable solution to be used in a large network since VLAN ID or VXLAN ID space is shared by both service ID and tunnel ID. Jiang, et al Expires December 27, 2013 [Page 8] Internet-Draft Service Chaining Architecture June 2013 8.2. IP/MPLS compatible solution MPLS can be used to support service chaining - only an MPLS label is needed to represent SID of a service flow. Service ID of a service flow is mapped to an MPLS label in the packets by the SCLA. SFE then forwards frames with the label to appropriate SPEs for service processing (may need to swap the label for each SPE). [L3VPNSC] demonstrates how service topology specific Route Targets can be introduced into BGP/MPLS VPN to support automatic signaling of service chaining. Similarly, L2VPN may be crafted to support service chaining. 8.3. Solution of Network-Located Function Chaining (NLFC) [NLFC] proposes a solution of using NLFC Map (an ordered list of NLF identifiers) for service chaining, where a packet carries a map index of its service chain, then NLF nodes forward the packet by looking up the map index in locally stored NLFC Policy Table for its next NLF node. 8.4. Solution with a standalone service header A standalone service header can provide an independent layer of protocol data unit, so that service specific information such as SID can be carried over all kinds of underlay networks with no need of mapping. [NSH] proposes a new Network Service Header for service chaining, which consists of a Base Header and a Context Header. 9. Security Considerations This document proposes architecture for the service chaining, outlines several types of its topology, and discusses possible approaches in this domain, thus no security issue is raised at present. It was expected that further solutions for these requirements will deal with security considerations specifically. Jiang, et al Expires December 27, 2013 [Page 9] Internet-Draft Service Chaining Architecture June 2013 10. IANA Considerations No IANA action is needed for this document. 11. References 11.1. Normative References [RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 11.2. Informative References [NLFC] Boucadair, M., and Jacquenet, C., "Differentiated Network- Located Function Chaining Framework", draft-boucadair- network-function-chaining-00, June 2013. [NSH] Quinn, P., and Fernando, R., and et al, "Network Service Header", draft-quinn-nsh-00, June 2013. [L3VPNSC] Fernando, R., Rao, D., and et al, "Virtual Topologies for Service Chaining in BGP IP VPNs", draft-rfernando-l3vpn- service-chaining-01, June 2013. 12. Acknowledgments TBD. Jiang, et al Expires December 27, 2013 [Page 10] Internet-Draft Service Chaining Architecture June 2013 Authors' Addresses Yuanlong Jiang Huawei Technologies Co., Ltd. Bantian, Longgang district Shenzhen 518129, China Email: email@example.com Hongyu Li Huawei Technologies Co., Ltd. Bantian, Longgang district Shenzhen 518129, China Email: firstname.lastname@example.org Jiang, et al Expires December 27, 2013 [Page 11]