MH
Uploaded byMichelle Holley
PDF, PPTX2,224 views

Service Function Chaining in Openstack Neutron

The document discusses service function chaining (SFC) in OpenStack Neutron, outlining its architecture, configuration model, and various use cases such as mobile networks and data centers. It highlights the use of VNFs, the role of OpenStack commands for managing service chains, and integration with related projects like ONOS and ODL. Furthermore, it emphasizes the importance of MPLS tags for chaining within OpenStack due to the lack of support for Network Service Header (NSH) in Open vSwitch.

Embed presentation

Download as PDF, PPTX
Security Level: Service Function Chaining in Openstack Neutron Farhad Sunavala Principal Engineer, Huawei
2 Agenda 1.  Service Chaining – What, why, use cases, architecture, etc. 2.  Openstack Neutron networking-sfc •  Architecture •  Configuration Model •  CLI •  Flows •  Use Cases •  Related projects •  Final Thoughts 3. Q & A
3 Service Chain What ? All SFC documents - https://datatracker.ietf.org/wg/sfc/documents/ Problem Statement for Service Function Chaining - https://datatracker.ietf.org/doc/rfc7498/
4 Service Chain Why ? (Use Cases) https://datatracker.ietf.org/wg/sfc/documents/ Mobile Networks, Mobile Network Gi LAN, Fixed Broadband, Data Centers, vCPE (E.g. ATT’s uCPE - Universal Customer Premises Equipment)
5 SFC – Traditional Way using PNFs (HW Boxes) SFC – Subscriber Based SFC using VNFs
6 SFC Architecture RFC 7665
7 Openstack Neutron networking-sfc Documentation https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining https://docs.openstack.org/networking-sfc/latest/ Initial release First stable release, bug fixes, minor API changes, sfc commands changed to openstackclient, symmetric chain parameter in API, OVS SFC agent as L2 agent extension, symmetric port-chains, port-pair support for correlation=mpls
8 Openstack Neutron SFC Architecture
9 Service Chain Configuration Model
10 Service Chain Objects
11 Service Chain CLI port pair (ingress and egress neutron ports of VNF) openstack sfc port pair create –ingress <ingress> --egress <egress> <pp1-name> openstack sfc port pair create –ingress >ingress> --egress <egress> <pp2-name> port pair group (load-balancer for like VNFs) openstack sfc port pair group create –port-pair <pp1-name> --port-pair <pp2-name> <ppg-name> flow classifier (classifier details) openstack sfc flow classifier create –source-ip-prefix <source-ip-prefix> --destination-ip-prefix <destination-ip-prefix> <fc-name> port chain openstack sfc port chain create –flow-classifier <fc-name> --port-pair-group <ppg-name> <pc-name> port-pair consists of neutron port for ingress and egress. Hence, any entity (Virtual or Physical) which can be described by a neutron port, can be easily inserted or removed from the service chain.
12 networking-sfc Flows src sf sf2 dst 10.0.0.310.0.0.4 10.0.0.10 10.0.0.6 root@fs-10-145-105-66:~/configs# ovs-ofctl dump-flows -O OpenFlow13 br-int table=0 cookie=0xb524b28024063844, duration=10.116s, table=0, n_packets=0, n_bytes=0, priority=30,icmp,in_port=8,nw_src=10.0.0.4,nw_dst=10.0.0.3 actions=group:1 Classify Loadbalance root@fs-10-145-105-66:~/configs# ovs-ofctl dump-groups -O OpenFlow13 br-int group_id=1,type=select,bucket=actions=set_field:fa:16:3e:75:cb:ad->eth_dst,resubmit(,5),bucket=actions=set_field:fa:16:3e:07:f3:5f->eth_dst,resubmit(,5) Tag root@fs-10-145-105-66:~/configs# ovs-ofctl dump-flows -O OpenFlow13 br-int table=5 cookie=0xb524b28024063844, duration=781.070s, table=5, n_packets=0, n_bytes=0, priority=0,ip,dl_dst=fa:16:3e:75:cb:ad actions=push_mpls:0x8847, set_field:511->mpls_label,set_mpls_ttl(255),push_vlan:0x8100,set_field:4097->vlan_vid,resubmit(,10) cookie=0xb524b28024063844, duration=781.065s, table=5, n_packets=0, n_bytes=0, priority=0,ip,dl_dst=fa:16:3e:07:f3:5f actions=push_mpls:0x8847, set_field:511->mpls_label,set_mpls_ttl(255),push_vlan:0x8100,set_field:4097->vlan_vid,resubmit(,10)
13 Use cases - networking-sfc Simplest case - Same tenant src1 VNF11 VNF13 VNF12 VNF21 VNF22 VNF31 VNF32 VNF34 VNF33 dst classify + loadbalance + tag untag + classify + loadbalance + tag untag + Normal forwarding src2 untag + classify + loadbalance + tag
14 Use cases - networking-sfc Different tenants –no problem, use RBACs (role based access control) src1 VNF11 VNF13 VNF12 VNF21 VNF22 VNF31 VNF32 VNF34 VNF33 dst Classification + loadbalancing Classification + loadbalancing Classification + loadbalancing Normal forwarding src2 Shared network
15 Use cases - networking-sfc VNF containers - No problem, use kuryr src1 VNF11 VNF13 VNF12 VNF21 VNF22 VNF31 VNF32 VNF34 VNF33 dst Classification + loadbalancing Classification + loadbalancing Classification + loadbalancing Normal forwarding src2 Containers orchestrated by Docker Swarm / k8s, networked using kuryr
16 Use cases - networking-sfc Nested containers in a VM – no problem, use VLAN aware VMs br-tun br-tun VM2 patch-int patch-tun br-trunk Bridge C1 10.0.0.9/24 C2 10.0.0.3/24 C3 10.0.1.4/24 vl100 vl200 vl300 trunk Vl100,vl200,vl300 vl1 10.0.0.100/2410.0.0.4 vl1 vl100 vl200 vl300 vl1 vl1 vl1 vl4 br-int br-int patch-tun patch-int VM3 10.0.0.101/24 vl1 vl1 vl1 vl4
17 Use cases - networking-sfc Multiple Openstack implementations / site licensing – no problem, use Openstack TriCircle https://wiki.openstack.org/wiki/Tricircle
18 Use cases - networking-sfc Use neutron provided services like FWaaS, LBaaS, VPNaaS as VNFs in the service chain. Integrate PNFs (Physical Network Functions) with VNFs as part of a service chain using L2GW. Support for Service Graphs branching and reclassification.
19 networking-sfc related projects 1.  ONOS SDN Controller with networking-sfc integration https://wiki.onosproject.org/pages/viewpage.action?pageId=4163192 https://docs.openstack.org/networking-onos/latest/devref/sfc_driver.html 2.  ODL SDN Controller with networking-sfc integration https://wiki.opendaylight.org/images/3/37/OpenDaylight-Summit-2016-OpenStack-SFC-Support.pdf https://docs.openstack.org/networking-odl/ocata/specs/sfc-driver.html 3.  Networking-sfc / OVN Driver https://docs.openstack.org/networking-sfc/latest/contributor/sfc_ovn_driver.html https://www.youtube.com/watch?v=PUZzhRxc6iA 4.  Tacker with networking-sfc integration. https://specs.openstack.org/openstack/tacker-specs/specs/newton/tacker-networking-sfc.html
20 Final thoughts networking-sfc uses MPLS tags for chaining due to lack of NSH support in openvswitch. Openvswitch 2.8.0 (released August 31st 2017) has experimental NSH support. http://openvswitch.org/releases/NEWS-2.8.0 •  Experimental NSH (Network Service Header) support in userspace datapath. •  Used generic encap and decap actions to implement encapsulation and decapsulation of NSH header. •  IETF NSH draft - https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ As networking-sfc and releated projects provide full NSH support now, support for service-aware functions will hopefully become more commonplace.
21 Questions ???
Copyright©2016 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. Thank You.

More Related Content

PPTX
OVN - Basics and deep dive
byTrinath Somanchi
 
PDF
SDN/NFV: Service Chaining
byOdinot Stanislas
 
PDF
DPDK & Layer 4 Packet Processing
byMichelle Holley
 
PPTX
OpenvSwitch Deep Dive
byrajdeep
 
PDF
OpenStack Neutron IPv6 Lessons
byAkihiro Motoki
 
PPTX
MP BGP-EVPN 실전기술-1편(개념잡기)
byJuHwan Lee
 
PDF
Large scale overlay networks with ovn: problems and solutions
byHan Zhou
 
PDF
ML2/OVN アーキテクチャ概観
byYamato Tanaka
 
OVN - Basics and deep dive
byTrinath Somanchi
 
SDN/NFV: Service Chaining
byOdinot Stanislas
 
DPDK & Layer 4 Packet Processing
byMichelle Holley
 
OpenvSwitch Deep Dive
byrajdeep
 
OpenStack Neutron IPv6 Lessons
byAkihiro Motoki
 
MP BGP-EVPN 실전기술-1편(개념잡기)
byJuHwan Lee
 
Large scale overlay networks with ovn: problems and solutions
byHan Zhou
 
ML2/OVN アーキテクチャ概観
byYamato Tanaka
 

What's hot

PDF
Routed Provider Networks on OpenStack
byRomana Project
 
PPTX
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
byJoe Huang
 
PPTX
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
byvivekkonnect
 
PPTX
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
bySAMeh Zaghloul
 
PPSX
FD.io Vector Packet Processing (VPP)
byKirill Tsym
 
PDF
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
byOpenStack Korea Community
 
PDF
OpenStackでも重要な役割を果たすPacemakerを知ろう!
byksk_ha
 
PDF
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
byNalee Jang
 
PDF
Demystifying EVPN in the data center: Part 1 in 2 episode series
byCumulus Networks
 
PDF
오픈스택: 구석구석 파헤쳐보기
byJaehwa Park
 
PDF
Open vSwitch 패킷 처리 구조
bySeung-Hoon Baek
 
PPTX
Hyper-Converged Infrastructure: Concepts
byNick Scuola
 
PDF
Fun with Network Interfaces
byKernel TLV
 
PDF
BGP Dynamic Routing and Neutron
byrktidwell
 
PPTX
Meetup 23 - 02 - OVN - The future of networking in OpenStack
byVietnam Open Infrastructure User Group
 
PPTX
Issues of OpenStack multi-region mode
byJoe Huang
 
PDF
Deploying IPv6 on OpenStack
byVietnam Open Infrastructure User Group
 
PPTX
Linux Network Stack
byAdrien Mahieux
 
PPTX
Kubernetes Introduction
byEric Gustafson
 
PDF
[오픈소스컨설팅]오픈스택에 대하여
byJi-Woong Choi
 
Routed Provider Networks on OpenStack
byRomana Project
 
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
byJoe Huang
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
byvivekkonnect
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
bySAMeh Zaghloul
 
FD.io Vector Packet Processing (VPP)
byKirill Tsym
 
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
byOpenStack Korea Community
 
OpenStackでも重要な役割を果たすPacemakerを知ろう!
byksk_ha
 
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
byNalee Jang
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
byCumulus Networks
 
오픈스택: 구석구석 파헤쳐보기
byJaehwa Park
 
Open vSwitch 패킷 처리 구조
bySeung-Hoon Baek
 
Hyper-Converged Infrastructure: Concepts
byNick Scuola
 
Fun with Network Interfaces
byKernel TLV
 
BGP Dynamic Routing and Neutron
byrktidwell
 
Meetup 23 - 02 - OVN - The future of networking in OpenStack
byVietnam Open Infrastructure User Group
 
Issues of OpenStack multi-region mode
byJoe Huang
 
Deploying IPv6 on OpenStack
byVietnam Open Infrastructure User Group
 
Linux Network Stack
byAdrien Mahieux
 
Kubernetes Introduction
byEric Gustafson
 
[오픈소스컨설팅]오픈스택에 대하여
byJi-Woong Choi
 

Similar to Service Function Chaining in Openstack Neutron

PDF
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
bynvirters
 
PPTX
Layer 123 SDN World Congress OpenDaylight Service Function Chaining Use Cases
byabhijit2511
 
PDF
【EPN Seminar Nov.10.2015】 Services Function Chaining Architecture, Standardiz...
byシスコシステムズ合同会社
 
PPTX
Barak Perlman, ConteXtream - SFC (Service Function Chaining) Using Openstack ...
byCloud Native Day Tel Aviv
 
PDF
Summit 16: Service Function Chaining: Demo and Usage
byOPNFV
 
PDF
Container Service Chaining
byOpen Networking Summit
 
PPTX
Traffic Control as a Service
byOfer Ben Yaacov
 
PDF
OPNFV Service Function Chaining
byOPNFV
 
PDF
Network Virtualization & Software-defined Networking
byDigicomp Academy AG
 
PDF
SDN & NFV Introduction - Open Source Data Center Networking
byThomas Graf
 
PPTX
DEVNET-1175 OpenDaylight Service Function Chaining
byCisco DevNet
 
PDF
Sobanski odl summit_2015
byJohn Sobanski
 
PPTX
Neutron Advanced Services - Akanda - Astara 201 presentation
byEric Lopez
 
PPTX
Dragonflow 01 2016 TLV meetup
byEran Gampel
 
PPTX
Hong kongopenstack2013 sdn_bluehost
byJun Park
 
PDF
Topology Service Injection using Dragonflow & Kuryr
byEshed Gal-Or
 
PDF
PLNOG 13: Jeff Tantsura: Programmable and Application aware IP/MPLS networking
byPROIDEA
 
PDF
Stacks and Layers: Integrating P4, C, OVS and OpenStack
byOpen-NFP
 
PDF
Openstack Neutron and SDN
byinakipascual
 
PDF
State of the OpenDaylight Union
byOpen Networking Summit
 
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
bynvirters
 
Layer 123 SDN World Congress OpenDaylight Service Function Chaining Use Cases
byabhijit2511
 
【EPN Seminar Nov.10.2015】 Services Function Chaining Architecture, Standardiz...
byシスコシステムズ合同会社
 
Barak Perlman, ConteXtream - SFC (Service Function Chaining) Using Openstack ...
byCloud Native Day Tel Aviv
 
Summit 16: Service Function Chaining: Demo and Usage
byOPNFV
 
Container Service Chaining
byOpen Networking Summit
 
Traffic Control as a Service
byOfer Ben Yaacov
 
OPNFV Service Function Chaining
byOPNFV
 
Network Virtualization & Software-defined Networking
byDigicomp Academy AG
 
SDN & NFV Introduction - Open Source Data Center Networking
byThomas Graf
 
DEVNET-1175 OpenDaylight Service Function Chaining
byCisco DevNet
 
Sobanski odl summit_2015
byJohn Sobanski
 
Neutron Advanced Services - Akanda - Astara 201 presentation
byEric Lopez
 
Dragonflow 01 2016 TLV meetup
byEran Gampel
 
Hong kongopenstack2013 sdn_bluehost
byJun Park
 
Topology Service Injection using Dragonflow & Kuryr
byEshed Gal-Or
 
PLNOG 13: Jeff Tantsura: Programmable and Application aware IP/MPLS networking
byPROIDEA
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
byOpen-NFP
 
Openstack Neutron and SDN
byinakipascual
 
State of the OpenDaylight Union
byOpen Networking Summit
 

More from Michelle Holley

PDF
NFF-GO (YANFF) - Yet Another Network Function Framework
byMichelle Holley
 
PDF
Edge and 5G: What is in it for the developers?
byMichelle Holley
 
PDF
5G and Open Reference Platforms
byMichelle Holley
 
PDF
De-fogging Edge Computing: Ecosystem, Use-cases, and Opportunities
byMichelle Holley
 
PDF
Building the SD-Branch using uCPE
byMichelle Holley
 
PDF
Enabling Multi-access Edge Computing (MEC) Platform-as-a-Service for Enterprises
byMichelle Holley
 
PDF
Accelerating Edge Computing Adoption
byMichelle Holley
 
PDF
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
byMichelle Holley
 
PDF
DPDK & Cloud Native
byMichelle Holley
 
PDF
OpenDaylight Update (June 2018)
byMichelle Holley
 
PDF
Tungsten Fabric Overview
byMichelle Holley
 
PDF
Orchestrating NFV Workloads in Multiple Clouds
byMichelle Holley
 
PDF
Convergence of device and data at the Edge Cloud
byMichelle Holley
 
PDF
Intel® Network Builders - Network Edge Ecosystem Program
byMichelle Holley
 
PDF
Design Implications, Challenges and Principles of Zero-Touch Management Envir...
byMichelle Holley
 
PDF
Using Microservices Architecture and Patterns to Address Applications Require...
byMichelle Holley
 
PDF
Intel Powered AI Applications for Telco
byMichelle Holley
 
PDF
Artificial Intelligence in the Network
byMichelle Holley
 
PDF
Service Mesh on Kubernetes with Istio
byMichelle Holley
 
PDF
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
byMichelle Holley
 
NFF-GO (YANFF) - Yet Another Network Function Framework
byMichelle Holley
 
Edge and 5G: What is in it for the developers?
byMichelle Holley
 
5G and Open Reference Platforms
byMichelle Holley
 
De-fogging Edge Computing: Ecosystem, Use-cases, and Opportunities
byMichelle Holley
 
Building the SD-Branch using uCPE
byMichelle Holley
 
Enabling Multi-access Edge Computing (MEC) Platform-as-a-Service for Enterprises
byMichelle Holley
 
Accelerating Edge Computing Adoption
byMichelle Holley
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
byMichelle Holley
 
DPDK & Cloud Native
byMichelle Holley
 
OpenDaylight Update (June 2018)
byMichelle Holley
 
Tungsten Fabric Overview
byMichelle Holley
 
Orchestrating NFV Workloads in Multiple Clouds
byMichelle Holley
 
Convergence of device and data at the Edge Cloud
byMichelle Holley
 
Intel® Network Builders - Network Edge Ecosystem Program
byMichelle Holley
 
Design Implications, Challenges and Principles of Zero-Touch Management Envir...
byMichelle Holley
 
Using Microservices Architecture and Patterns to Address Applications Require...
byMichelle Holley
 
Intel Powered AI Applications for Telco
byMichelle Holley
 
Artificial Intelligence in the Network
byMichelle Holley
 
Service Mesh on Kubernetes with Istio
byMichelle Holley
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
byMichelle Holley
 

Recently uploaded

PDF
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
PDF
OutSystsems User Group Brabant November 2025
bymail496323
 
PPTX
Neo4j Fraud GraphTalk Singapore Nov 2025
bygourisachdeva2
 
PPTX
Redcentric Data Centres: vision, mission and values
byRedcentric
 
PDF
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
PDF
IDSECCONF2025 - Ali - DursGo–Web Security Scanner with AI Analysis.pdf
byidsecconf
 
PPTX
oop pillor polymorphism Code Presentation
byhifzamahmood8
 
PDF
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
PDF
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
PDF
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
PPTX
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
PDF
IDSECCONF2025 - Nosa Shandy - Discovering and Disclosing Privacy Vulnerabilit...
byidsecconf
 
PPTX
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
PDF
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
PDF
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
PDF
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
PPTX
Explaining ourselves – people, computers and AI
byAlan Dix
 
PDF
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PDF
Raj Jain, Recent Advances, Issues, and Challenges in Cybersecurity, Keynote a...
byrjain51
 
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
OutSystsems User Group Brabant November 2025
bymail496323
 
Neo4j Fraud GraphTalk Singapore Nov 2025
bygourisachdeva2
 
Redcentric Data Centres: vision, mission and values
byRedcentric
 
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
IDSECCONF2025 - Ali - DursGo–Web Security Scanner with AI Analysis.pdf
byidsecconf
 
oop pillor polymorphism Code Presentation
byhifzamahmood8
 
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
IDSECCONF2025 - Nosa Shandy - Discovering and Disclosing Privacy Vulnerabilit...
byidsecconf
 
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
Explaining ourselves – people, computers and AI
byAlan Dix
 
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Raj Jain, Recent Advances, Issues, and Challenges in Cybersecurity, Keynote a...
byrjain51
 
In this document
Powered by AI

Overview of Service Function Chaining in Openstack Neutron, presenting the agenda and key speakers.

Definition and use cases of Service Chains, including traditional and subscriber-based approaches using VNFs.

Description of SFC architecture as per RFC 7665 and Openstack Neutron's documentation and changes.

Explains the architecture, configuration model, and CLI commands necessary for setting up Service Chains.

Illustration of different flow examples within the networking-sfc environment and their configurations.

Various use cases demonstrating networking-sfc capabilities, including multi-tenant scenarios and integration with VNFs.

Discussion on related SDN projects integrating networking-sfc and final thoughts on MPLS and NSH support.

Q&A session and copyright notice from Huawei, emphasizing the future of networking technologies.

Service Function Chaining in Openstack Neutron

  • 1.
    Security Level: Service FunctionChaining in Openstack Neutron Farhad Sunavala Principal Engineer, Huawei
  • 2.
    2 Agenda 1.  Service Chaining– What, why, use cases, architecture, etc. 2.  Openstack Neutron networking-sfc •  Architecture •  Configuration Model •  CLI •  Flows •  Use Cases •  Related projects •  Final Thoughts 3. Q & A
  • 3.
    3 Service Chain What ? AllSFC documents - https://datatracker.ietf.org/wg/sfc/documents/ Problem Statement for Service Function Chaining - https://datatracker.ietf.org/doc/rfc7498/
  • 4.
    4 Service Chain Why ?(Use Cases) https://datatracker.ietf.org/wg/sfc/documents/ Mobile Networks, Mobile Network Gi LAN, Fixed Broadband, Data Centers, vCPE (E.g. ATT’s uCPE - Universal Customer Premises Equipment)
  • 5.
    5 SFC – TraditionalWay using PNFs (HW Boxes) SFC – Subscriber Based SFC using VNFs
  • 6.
  • 7.
    7 Openstack Neutron networking-sfc Documentation https://wiki.openstack.org/wiki/Neutron/ServiceInsertionAndChaining https://docs.openstack.org/networking-sfc/latest/ Initialrelease First stable release, bug fixes, minor API changes, sfc commands changed to openstackclient, symmetric chain parameter in API, OVS SFC agent as L2 agent extension, symmetric port-chains, port-pair support for correlation=mpls
  • 8.
  • 9.
  • 10.
  • 11.
    11 Service Chain CLI portpair (ingress and egress neutron ports of VNF) openstack sfc port pair create –ingress <ingress> --egress <egress> <pp1-name> openstack sfc port pair create –ingress >ingress> --egress <egress> <pp2-name> port pair group (load-balancer for like VNFs) openstack sfc port pair group create –port-pair <pp1-name> --port-pair <pp2-name> <ppg-name> flow classifier (classifier details) openstack sfc flow classifier create –source-ip-prefix <source-ip-prefix> --destination-ip-prefix <destination-ip-prefix> <fc-name> port chain openstack sfc port chain create –flow-classifier <fc-name> --port-pair-group <ppg-name> <pc-name> port-pair consists of neutron port for ingress and egress. Hence, any entity (Virtual or Physical) which can be described by a neutron port, can be easily inserted or removed from the service chain.
  • 12.
    12 networking-sfc Flows src sf sf2 dst 10.0.0.310.0.0.4 10.0.0.10 10.0.0.6 root@fs-10-145-105-66:~/configs# ovs-ofctldump-flows -O OpenFlow13 br-int table=0 cookie=0xb524b28024063844, duration=10.116s, table=0, n_packets=0, n_bytes=0, priority=30,icmp,in_port=8,nw_src=10.0.0.4,nw_dst=10.0.0.3 actions=group:1 Classify Loadbalance root@fs-10-145-105-66:~/configs# ovs-ofctl dump-groups -O OpenFlow13 br-int group_id=1,type=select,bucket=actions=set_field:fa:16:3e:75:cb:ad->eth_dst,resubmit(,5),bucket=actions=set_field:fa:16:3e:07:f3:5f->eth_dst,resubmit(,5) Tag root@fs-10-145-105-66:~/configs# ovs-ofctl dump-flows -O OpenFlow13 br-int table=5 cookie=0xb524b28024063844, duration=781.070s, table=5, n_packets=0, n_bytes=0, priority=0,ip,dl_dst=fa:16:3e:75:cb:ad actions=push_mpls:0x8847, set_field:511->mpls_label,set_mpls_ttl(255),push_vlan:0x8100,set_field:4097->vlan_vid,resubmit(,10) cookie=0xb524b28024063844, duration=781.065s, table=5, n_packets=0, n_bytes=0, priority=0,ip,dl_dst=fa:16:3e:07:f3:5f actions=push_mpls:0x8847, set_field:511->mpls_label,set_mpls_ttl(255),push_vlan:0x8100,set_field:4097->vlan_vid,resubmit(,10)
  • 13.
    13 Use cases -networking-sfc Simplest case - Same tenant src1 VNF11 VNF13 VNF12 VNF21 VNF22 VNF31 VNF32 VNF34 VNF33 dst classify + loadbalance + tag untag + classify + loadbalance + tag untag + Normal forwarding src2 untag + classify + loadbalance + tag
  • 14.
    14 Use cases -networking-sfc Different tenants –no problem, use RBACs (role based access control) src1 VNF11 VNF13 VNF12 VNF21 VNF22 VNF31 VNF32 VNF34 VNF33 dst Classification + loadbalancing Classification + loadbalancing Classification + loadbalancing Normal forwarding src2 Shared network
  • 15.
    15 Use cases -networking-sfc VNF containers - No problem, use kuryr src1 VNF11 VNF13 VNF12 VNF21 VNF22 VNF31 VNF32 VNF34 VNF33 dst Classification + loadbalancing Classification + loadbalancing Classification + loadbalancing Normal forwarding src2 Containers orchestrated by Docker Swarm / k8s, networked using kuryr
  • 16.
    16 Use cases -networking-sfc Nested containers in a VM – no problem, use VLAN aware VMs br-tun br-tun VM2 patch-int patch-tun br-trunk Bridge C1 10.0.0.9/24 C2 10.0.0.3/24 C3 10.0.1.4/24 vl100 vl200 vl300 trunk Vl100,vl200,vl300 vl1 10.0.0.100/2410.0.0.4 vl1 vl100 vl200 vl300 vl1 vl1 vl1 vl4 br-int br-int patch-tun patch-int VM3 10.0.0.101/24 vl1 vl1 vl1 vl4
  • 17.
    17 Use cases -networking-sfc Multiple Openstack implementations / site licensing – no problem, use Openstack TriCircle https://wiki.openstack.org/wiki/Tricircle
  • 18.
    18 Use cases -networking-sfc Use neutron provided services like FWaaS, LBaaS, VPNaaS as VNFs in the service chain. Integrate PNFs (Physical Network Functions) with VNFs as part of a service chain using L2GW. Support for Service Graphs branching and reclassification.
  • 19.
    19 networking-sfc related projects 1. ONOS SDN Controller with networking-sfc integration https://wiki.onosproject.org/pages/viewpage.action?pageId=4163192 https://docs.openstack.org/networking-onos/latest/devref/sfc_driver.html 2.  ODL SDN Controller with networking-sfc integration https://wiki.opendaylight.org/images/3/37/OpenDaylight-Summit-2016-OpenStack-SFC-Support.pdf https://docs.openstack.org/networking-odl/ocata/specs/sfc-driver.html 3.  Networking-sfc / OVN Driver https://docs.openstack.org/networking-sfc/latest/contributor/sfc_ovn_driver.html https://www.youtube.com/watch?v=PUZzhRxc6iA 4.  Tacker with networking-sfc integration. https://specs.openstack.org/openstack/tacker-specs/specs/newton/tacker-networking-sfc.html
  • 20.
    20 Final thoughts networking-sfc usesMPLS tags for chaining due to lack of NSH support in openvswitch. Openvswitch 2.8.0 (released August 31st 2017) has experimental NSH support. http://openvswitch.org/releases/NEWS-2.8.0 •  Experimental NSH (Network Service Header) support in userspace datapath. •  Used generic encap and decap actions to implement encapsulation and decapsulation of NSH header. •  IETF NSH draft - https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/ As networking-sfc and releated projects provide full NSH support now, support for service-aware functions will hopefully become more commonplace.
  • 21.
  • 22.
    Copyright©2016 Huawei TechnologiesCo., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. Thank You.