Service Function Chaining Vu Anh Vu
Internet-Draft Younghan Kim
Intended status: Informational Kyoungjae Sun
Expires: December 27, 2017 Soongsil University
June 28, 2017
Interoperation of multiple Metadata schemes in SFC
draft-vu-sfc-md-scheme-interoperation-02
Abstract
Metadata carries SFC information shared amongst SFC components. Each
service function requires different metadata, therefore a common
metadata scheme for all SFs in SFC domain is redundant and sometime
unsecured.
This document describes use cases for using multiple NSH Metadata
schemes in single and multiple SFC domains and proposes a general
architecture and method for coordinating heterogenous Metadata
schemes in SFC.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 27, 2017.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Vu Anh Vu, et al. Expires December 27, 2017 [Page 1]
Internet-Draft MD scheme Interoperation June 2017
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2
1.2. Problem Statement . . . . . . . . . . . . . . . . . . . . 2
2. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Heterogenous SFs compatibility . . . . . . . . . . . . . 3
2.2. Reduce MD size . . . . . . . . . . . . . . . . . . . . . 3
2.3. Multi-domain SFC . . . . . . . . . . . . . . . . . . . . 3
3. MD scheme Conversion . . . . . . . . . . . . . . . . . . . . 4
4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 5
7. Normative References . . . . . . . . . . . . . . . . . . . . 5
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
1.2. Problem Statement
SFC Architecture document [RFC7665] has defined the purposes of
shared Metadata in SFC. Network Service Header (NSH) document
[I-D.ietf-sfc-nsh] defines NSH structures, including 2 type of
Metadata (MD), and is not repeated here.
The NSH document [I-D.ietf-sfc-nsh] defines two types of Metadata in
NSH: MD-type 1, which has fixed 4x4 byte length, and MD-type 2 having
variable lengths. Every SFs in an SFC-enabled domain MUST support
MD-type 1 and SHOULD support MD-type 2. However, the semantics of
each byte in MD is up to operators to define. Each operator has its
own SFC configuration, hence the SFC MD is different from operator to
operator. Operators define MD with their SFC configuration, but
their SFs use it, and most of the time SFs are not developed by their
operator. Certainly, SF developers always try to make their products
compatible with as many environments as possible. Letting operator
defining MD give them the flexibility, but sacrifice the
Vu Anh Vu, et al. Expires December 27, 2017 [Page 2]
Internet-Draft MD scheme Interoperation June 2017
compatibility of SFs. More or less, operator and SF developer should
have some agreements, or standards, about the semantic of MD.
There are attempts to create standards for MD-type 1 for some
environment such as datacenters and mobile networks. However, each
of them is too specific for a particular use case, and it is
difficult to generalize them for all environments. MD-type 2 with is
variable length is proposed to provide more flexibility for operator/
vendor-specific SFC and not likely to be standardized. In
conclusion, there is a lack of strong reasons to have standards for
MD.
Therefore, instead of standardizing MD, this document focuses on
making multiple MD schemes working seamlessly together in an SFC
domain. In detail, this document lists some use cases which require
the coexistence of multiple MD schemes and propose an architecture to
solve the issue.
2. Use cases
2.1. Heterogenous SFs compatibility
As mentioned, each SF needs different SFC information to process
packets, update MD, or select service paths. And each SF gathers
that information with its format/scheme, depends on its vendor. An
example this use case is third-party SFs, which are controlled by
external entities, and proprietary black-boxed SF. To ensure the
compatibility of a heterogeneous SF collection in SFC domains,
conversions between MD scheme are required. SFs should register
their MD scheme to the SFC control plane.
2.2. Reduce MD size
There are only 4x4 bytes for MD in MD-type 1, which MUST be supported
by all NSH-aware SFs, but there might be more information need to be
carried throughout an SFC domain. Even though MD-type 2 can be used
to carry a large amount of SFC metadata, it is not necessary for all
SFs. An SF only needs a part of the data in that MD, hence providing
them more information is redundant and in some situation, might cause
information leaking. Using multiple MD schemes reduces the size of
MD by using all bytes in MD-type 1 effectively and providing
sufficient metadata for each SF.
2.3. Multi-domain SFC
An SFC can be established throughout multiple SFC domains, as
described in SFC use cases in data center [I-D.ietf-sfc-dc-use-cases]
and Hierarchical SFC [I-D.ietf-sfc-hierarchical]. Occasionally, each
Vu Anh Vu, et al. Expires December 27, 2017 [Page 3]
Internet-Draft MD scheme Interoperation June 2017
SFC domain has a different MD scheme, and as a result, the MD-type
translation is required when the traffic traverses between domains.
Figure 1 illustrates a scenario where a SFC includes two domains with
different MD schemes. When a packet exits a domain and enters
another, the MD converter in the second domain will translate MD
scheme 1 to MD scheme 2. Surely, control planes of the domains have
to coordinate with each other to have the correct translation.
+--------------------+ +-------------------+
|SFC domain 1 | |SFC domain 2 |
| +---------------+ | | +---------------+ |
| | Control plane +<------>+ Control plane | |
| +---------------+ | | +----+----------+ |
| | | | |
Service Path | | | +----v----+ |
+---------------------------+---->+ MD +--------------->
| +---------+ | | |Converter| |
| | MD | | | +---------+ |
<---------------+Converter+<--------------------------------+
| +---------+ | | | Reversed
+--------------------+ +-------------------+ Path
Figure 1: A Multiple MD in Multi-domain SFC scenario
3. MD scheme Conversion
An SFC domain with multiple MD schemes can be logically divided into
multiple MD scheme domains, each of them contains SFs and SFFs that
have the same MD scheme. Between MD scheme domain, there are MD
scheme converters to translate and alter MD in packets when they
travel across domains. Figure 2 show the architecture where
Subsequent CFs, which are the most suitable components to be MD
scheme converters due to their ability to update MD in packets, are
placed between MD scheme domains and responsible for MD translation.
In other way, the SFC control plane can intercept NSH packet
directly between different MD scheme domain and convert MD sheme
which is available in the next MD scheme domain. After conversion,
the control plane makes a new NSH header, encapsulates the original
packet and forward to the sebsequent located between two different
MD sheme domain. In this case, packet process cost in the subseqeunt
CF can be reduced.
Vu Anh Vu, et al. Expires December 27, 2017 [Page 4]
Internet-Draft MD scheme Interoperation June 2017
+..................+ +.........+
. MD scheme . .MD scheme.
. domain 1 . .domain 2 .
. . . .
+------+ . . +-------+ . . +-------+
| | . +-----+ +-----+ . | Sub- | . +-----+ . | Sub- |
| CF +---+ SFF +--+ SFF +---+sequent+---+ SFF +--+ ... -+sequent+- ...
| | . +--+--+ +--+--+ . | CF | . +--+--+ . | CF |
+------+ . | | . +-------+ . | . +-------+
. +-+-+ +-+-+ . . +-+-+ .
. |SF | |SF | . . |SF | .
. +---+ +---+ . . +---+ .
+..................+ +.........+
Figure 2: MD scheme Conversion with Subsequent CF
4. Acknowledgements
TBD
5. IANA Considerations
This document does not require any IANA actions.
6. Security Considerations
TBD
7. Normative References
[I-D.ietf-sfc-dc-use-cases]
Surendra, S., Tufail, M., Majee, S., Captari, C., and S.
Homma, "Service Function Chaining Use Cases In Data
Centers", draft-ietf-sfc-dc-use-cases-05 (work in
progress), August 2016.
[I-D.ietf-sfc-hierarchical]
Dolson, D., Homma, S., Lopez, D., Boucadair, M., Liu, D.,
Ao, T., and V. Vu, "Hierarchical Service Function Chaining
(hSFC)", draft-ietf-sfc-hierarchical-01 (work in
progress), September 2016.
[I-D.ietf-sfc-nsh]
Quinn, P. and U. Elzur, "Network Service Header", draft-
ietf-sfc-nsh-10 (work in progress), September 2016.
Vu Anh Vu, et al. Expires December 27, 2017 [Page 5]
Internet-Draft MD scheme Interoperation June 2017
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function
Chaining (SFC) Architecture", RFC 7665,
DOI 10.17487/RFC7665, October 2015,
<http://www.rfc-editor.org/info/rfc7665>.
Authors' Addresses
Vu Anh Vu
Soongsil University
369 Sangdo-ro
Dongjak-gu, Seoul 06978
South Korea
Email: vuva@dcn.ssu.ac.kr
Younghan Kim
Soongsil University
369 Sangdo-ro
Dongjak-gu, Seoul 06978
South Korea
Email: younghak@ssu.ac.kr
Kyoungjae Sun
Soongsil University
369 Sangdo-ro
Dongjak-gu, Seoul 06978
South Korea
Email: gomjae@ssu.ac.kr
Vu Anh Vu, et al. Expires December 27, 2017 [Page 6]