Revision as of 22:33, 18 December 2015

Overview

Service Function Chaining is a mechanism for overriding the basic destination based forwarding that is typical of IP networks. It is conceptually related to Policy Based Routing in physical networks but it is typically thought of as a Software Defined Networking technology. It is often used in conjunction with security functions although it may be used for a broader range of features. Fundamentally SFC is the ability to cause network packet flows to route through a network via a path other than the one that would be chosen by routing table lookups on the packet's destination IP address. It is most commonly used in conjunction with Network Function Virtualization when recreating in a virtual environment a series of network functions that would have traditionally been implemented as a collection of physical network devices connected in series by cables.

A very simple example of a service chain would be one that forces all traffic from point A to point B to go through a firewall even though the firewall is not literally between point A and B from a routing table perspective.

A more complex example is an ordered series of functions, each implemented in multiple VMs, such that traffic must flow through one VM at each hop in the chain but the network uses a hashing algorithm to distribute different flows across multiple VMs at each hop.

An API and initial reference implementation of Service Function Chaining is being developed for Neutron during the Liberty cycle.

• The API specification may be found here: https://github.com/openstack/networking-sfc/blob/master/doc/source/api.rst
• The Blueprint for the overall effort may be found here:https://blueprints.launchpad.net/neutron/+spec/openstack-service-chain-framework
• The Blueprint for the initial API work may be found here: https://blueprints.launchpad.net/neutron/+spec/neutron-api-extension-for-service-chaining
• The reviews related to the initial API work may be found here: https://review.openstack.org/#/q/topic:networking-sfc,n,z

networking-sfc installation steps and testbed setup

If you have previous networking-sfc patches installed on your testbed, then do the following to get the new updated patch code set

1. Clean up networking-sfc

• cd /opt/stack
• rm –rf networking-sfc

2. clone networking-sfc into local repository

• git clone git://git.openstack.org/openstack/networking-sfc.git

3. get networking-sfc unmerged code patches (add missing db migration files, port chain, FC, Common driver manager, SFC OVS Driver, OVS agent) into local repository

• cd networking-sfc
• git fetch https://review.openstack.org/openstack/networking-sfc refs/changes/88/249488/9 && git merge FETCH_HEAD

(or the latest patch set (the number at the end of the URL is the patch set) if there's one newer than PS9 shown here)

4. Get CLI patch into local repository

• git fetch https://review.openstack.org/openstack/networking-sfc refs/changes/08/210008/25 && git cherry-pick FETCH_HEAD

(or the latest patch set (the number at the end of the URL is the patch set) if there's one newer than PS25 shown here)

 fix conflict if any, (currently it's sufficient to simply delete the conflict markings from setup.cfg) then 

• git add .
• git cherry-pick --continue

5. delete and recreate neutron database

6. run unstack.sh and stack.sh

If you have not installed networking-sfc on your testbed before, then do the following to get the patch code set

1. install Linux 14.04

• install git and configure user.email and user.name
• sudo apt-get install software-properties-common
• sudo add-apt-repository cloud-archive:liberty

2. clone networking-sfc into local repository

• sudo mkdir /opt/stack
• sudo chown stack.stack /opt/stack
• cd /opt/stack/
• git clone git://git.openstack.org/openstack/networking-sfc.git

3. get networking-sfc unmerged code patches (add missing db migration files, port chain, FC, Common driver manager, SFC OVS Driver, OVS agent) into local repository

• cd networking-sfc
• git fetch https://review.openstack.org/openstack/networking-sfc refs/changes/88/249488/9 && git merge FETCH_HEAD

(or the latest patch set (the number at the end of the URL is the patch set) if there's one newer than PS9 shown here)

4. Get CLI patch into local repository

• git fetch https://review.openstack.org/openstack/networking-sfc refs/changes/08/210008/25 && git cherry-pick FETCH_HEAD

(or the latest patch set (the number at the end of the URL is the patch set) if there's one newer than PS25 shown here)

 fix conflict if any, (currently it's sufficient to simply delete the conflict markings from setup.cfg) then 

• git add .
• git cherry-pick --continue

5. download devstack

• cd /opt/stack
• git clone git://git.openstack.org/openstack-dev/devstack.git -b stable/liberty

6. copy local.conf to local repository and add the following line:

• enable_plugin networking-sfc git://git.openstack.org/openstack/networking-sfc stable/liberty

OR

• enable_plugin networking-sfc /opt/stack/networking-sfc

7. run stack.sh

• cd devstack
• ./stack.sh

 if it reports some errors, read the error messages and try to fix it.

8. Install OVS 2.3.2 or OVS 2.4. Note that the OVS version should match its supported Linux kernel version in order for the OVS to work properly.

9. run unstack.sh and stack.sh

• ./unstack
• ./stack

In our one-server testbed, all OpenStack components run on one physical server. We created 3 VMs, one for source VM, another for Service Function VM, the last one for destination VM.

Data Path Encapsulation Flow

The initial reference implementation will be based on programming Open vSwitch with flow table entries that override the default MAC based forwarding and instead forward frames based on criteria defined via the Neutron SFC API. It will also be possible for third party SDN implementations with Neutron integration and SFC capabilities (e.g. Contrail, Nuage, etc) to program their respective forwarding planes based on the Neutron SFC API, but this will be dependent upon the respective vendors updating their SDN Controller integration with Neutron.