KEMBAR78
Establishing Service Function Chaining | PDF | Networks | Network Architecture
Scribd
Upload
127 views40 pages

Establishing Service Function Chaining

This document provides an overview of a joint research project between telecommunications companies in Asia-Pacific to establish service function chaining architecture on OpenStack. It introduces network function virtualization, service function chaining, soft patch panel, and the Asia Pacific Telecommunication Innovation Initiative Working Project 4. The document outlines the project including an overview, implementation details, and progress to date. It also introduces the participants from Telkom Indonesia who are leading the research.

Uploaded by

pete
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
127 views40 pages

Establishing Service Function Chaining

This document provides an overview of a joint research project between telecommunications companies in Asia-Pacific to establish service function chaining architecture on OpenStack. It introduces network function virtualization, service function chaining, soft patch panel, and the Asia Pacific Telecommunication Innovation Initiative Working Project 4. The document outlines the project including an overview, implementation details, and progress to date. It also introduces the participants from Telkom Indonesia who are leading the research.

Uploaded by

pete
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 40

Establishing Service Function Chaining

Architecture on OpenStack for Internet


VNF Use-case
A joint research & PoC activities among APAC(Asia-Pacific) Telco Service Provider

Ibrahim Zein Abdillah Restu Nursobah


(900058) – Eng. 2 Service Control & Research Assistant
Lab Cloud & Node Platform
Infrastructure Research & Standardization
TELKOM – Divisi Digital Service (n.k.a Media & Digital Department)
About Us
Ibrahim
Zein Restu
Abdillah Nursobah
29 years old 23 years old
ibrahim.zein@telkom.co.id
restu.nursobah@gmail.com
ibrahimza27@gmail.com
Ibrahim-zein-abdillah restunursobah

Employment Record :
• (2014 – Present) PT. Telekomunikasi Indonesia, Tbk.
• Eng. 2 Service Control – DDS/MDD (2017 – Present)
• Eng. 3 Service Control – IDeC/DDS (2014 - 2017) Employment Record :
• (2012-2013) PT. Huawei Services • (2019 – Present) Lab. CNP (Cloud & Node Platform) – Telkom DDS
• OSS Competence Center Engineer (2013) • Research Assistant (2019 – Present)
• NOC SLM Carrier And Roaming Engineer (2012 – 2013) • (2018) Telkom DDS - Student Internship Program
Education : • Lab CNP-IRS Telkom DDS Intern (2019)
Bachelor of Engineering (B.Eng.), Telecommunication Education :
& Multimedia – Electrical Engineering [2018 – 2012]
Bachelor of Engineering (B.Eng.), Telecommunication
Award : • ASEAN Outstanding Engineering Award [2018] Engineering [2015 – 2019]
• Top 5 Best Employee Telkom Group BP V [2019]
Certification : Certification :
Outline

1. Overview 2. Implementation 3. Progress &


A brief overview of NFV; Network topology; SFC on Results
Network acceleration OVS, OVS-DPDK & SPP Progress & results;
technology; SFC; SPP; & Working Project timeline
ATII-WP4
1. Overview

A brief overview of:


• NFV (Network Function Virtualization),
• Network acceleration technology,
• SFC (Service Function Chaining),
• SPP (Soft Patch Panel),
• ATII-WP4 (APAC Telco Innovation Initiative –
Working Project 4)
NFV (Network Function Virtualization)
NFV (Network function virtualization) is a concept or principle of separating network functions from the hardware they run on by
using virtual hardware abstraction. This aims to transform the way that network operators architect networks by evolving standard
IT virtualisation technology to consolidate many network equipment types onto industry standard high volume servers, switches
and storage, which could be located in Datacentres, Network Nodes and in the end user premises.

• NFVI: Network Fuction Virtualization


Infrastructure
• VNF: Virtualized Network Function
• NFV-MANO: NFV Management &
Orchestration

source: ETSI
NFV Deployment Model
VNF

Virtualization

Hardware

TCO & Risk

source: materi NFV Cisco & Ericsson


NFV Driver & Challenges

source: sdxcentral
Network Acceleration Technology
vSwitch DHA (Direct Hardware Access)

OVS PCI-Passtrough OVS-DPDK SR-IOV


(Open vSwitch) (OVS – Data Plane (Single-Root I/O
Development Kit) Virtualization)

VNF (s) VNF A VNF B VNF (s) VNF A VNF B


User vnic vnic vnic vnic vnic vnic
space
User User OVS- User
Kernel space DPDK
space space PF Driver
space
Kernel Kernel Kernel
OVS
space space space
VF VF PF
Network Network
Network Card Network Card Network Card
Card Card
• Bypass kernel • Bypass kernel • Bypass kernel
• Regular OVS traffic
• Direct passtrough from NIC to vNIC • DPDK traffic • Direct passtrough from vNIC to VF
• Kernel interrupts & memory copy
• Dedicated NIC to vNIC mapping • Poll mode driver • Dedicated NIC for multiple vNIC(s)
Performance
Flexibility
Cost Efficiency
SFC (Service Function Chaining)
Network service chaining, also known as service function chaining (SFC) is a capability that uses software-defined networking
(SDN) capabilities to create a service chain of connected network services (such as L4-7 like firewalls, network address translation
[NAT], intrusion protection) and connects them in a virtual chain.

Network service chaining capabilities mean that a large number of virtual network functions can be connected together in an NFV
environment. Because it’s done in software using virtual circuits, these connections can be set up and torn down as needed with
service chain provisioning through the NFV orchestration layer.

source: sdxcentral
SPP (Soft Patch Panel)
• Flexibility of configuration and Performance of
processing are the key requirements for virtual
switching function for service chaining. It's difficult
to satisfy both of them.
• SPP(Soft Patch Panel) is a new technology to meet
both of requirements with Intel DPDK.

source: NTT, ATII


ATII - WP4
Asia Pacific Telecommunication
Working Project 4
Innovation Initiative

Project Theme Member


High value-added network NTT
WP1
services Telkom
Telkom
WP2 Server platform virtualization
NTT
NTT
Flexible access network
WP3 Telkom
virtualization
VNPT
NTT
vSwitch for service function
WP4 Telkom
chaining
VNPT
• NTT and Telkom Indonesia established ATII in April 2017, to promote
Ensuring the reliability of
the creation of new network services considering social problems in the WP5 ICT equipment by reducing
NTT
APAC region and to promote technical studies. Telkom
lightning malfunction
• ATII has extended to three operators structure with VNPT’s joining.

source: ATII
2. Implementation

• SFC research topology (virtualized internet access


service use case)
• SFC implementation on OpenStack with OVS
• SFC implementation on OpenStack with OVS-DPDK
• SFC implementation on OpenStack with SPP
SFC research topology
(virtualized internet access service use case)

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf) (iPerf) (iPerf) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101

Instances/ VM in Openstack:

client : Ubuntu Server 16.04 +


LXDE, iperf, traceroute
server : Ubuntu Server 16.04,
iperf, traceroute, nginx
ntopng : Ubuntu Server 18.04,
ntopng
SFC Implementation on Openstack with OVS
Neutron Port

Source : https://docs.openstack.org/newton/networking-guide/config-sfc.html
SFC Implementation on Openstack with OVS (2)
SFC Instalation in Openstack - Using local.conf

enable_plugin networking-sfc <GITURL> [GITREF]

Example :

enable_plugin networking-sfc https://opendev.org/openstack/networking-sfc stable/queens


NETWORKING_SFC_DIR="$DEST/networking-sfc"
NEUTRON_FLOWCLASSIFIER_PLUGIN="networking_sfc.services.flowclassifier.plugin.FlowClassifierPlugin"
NEUTRON_SFC_PLUGIN="networking_sfc.services.sfc.plugin.SfcPlugin"
NEUTRON_FLOWCLASSIFIER_DRIVERS="ovs"
NEUTRON_SFC_DRIVERS="ovs"

Source : https://opendev.org/openstack/networking-sfc/src/branch/master/devstack
SFC Implementation on Openstack with OVS (3)
SFC Instalation in Openstack - Manual
1. Install python-networking-sfc
First Step install python-networking-sfc, use command:
$ pip install -c --user https://opendev.org/openstack/requirements/raw/branch/master/upper-constraints.txt?h=stable/queens
networking-sfc==6.0.0
Make sure the networking sfc version matches the openstack version used, for example here we use the version 6 (Queens)

2. Configure neutron.conf
Enable the service plugins in neutron-server by adding them in neutron.conf
$ sudo nano /etc/neutron/neutron.conf

add syntax flow_classifier and sfc on service_plugins


service_plugins = flow_classifier,sfc

[sfc]
drivers = ovs

[flowclassifier]
drivers = ovs
Source : https://docs.openstack.org/networking-sfc/queens/install/index.html
SFC Implementation on Openstack with OVS (4)
SFC Instalation in Openstack - Manual
3. Configure ml2_conf.ini
enable the networking-sfc extension in the Open vSwitch agent. The configuration file name can change, the default one is
/etc/neutron/plugins/ml2/ml2_conf.ini
[agent]
extensions = sfc
4. Restart and update database setup

After all done, you can run some command


$ systemctl restart devstack@q-svc
or
$ systemctl restart neutron-server

$ systemctl restart devstack@q-agt


or
$ systemctl restart neutron-openvswitch-agent

$ neutron-db-manage --subproject networking-sfc upgrade head


Source : https://docs.openstack.org/networking-sfc/queens/install/index.html
SFC Implementation on Openstack with OVS (5)
Service Chain

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101
ingress egress ingress egress

sfc-client sfc-client-2 sfc-client-3 ntopng ntopng-2 sfc-server

Service Service Service


Chain 1 Chain 2 Chain 3
SFC Implementation on Openstack with OVS (6)
Create Port Pair

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101
ingress egress ingress egress
ppntopng ppntopng-2

#port pair
$ openstack sfc port pair create --ingress (port) --egress (port) name_port_pair
SFC Implementation on Openstack with OVS (7)
Create Port Pair Group

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101
ingress egress ingress egress

ppgntopng ppgntopng-2

#port pair group


$ openstack sfc port pair group create --port-pair (port_pair_1) --port-pair (port_pair_n) name_port_pair_group
SFC Implementation on Openstack with OVS (8)
Create Flow Classifier for Service Chain 1

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101

#flow classifier
$ openstack sfc flow classifier create --ethertype IPv4 --source-ip-prefix
192.168.0.97/32 --destination-ip-prefix 192.168.0.101/32 --logical-
source-port sfc-client --logical-destination-port sfc-server fcntopng
SFC Implementation on Openstack with OVS (9)
Create Flow Classifier for Service Chain 2

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101

#flow classifier
$ openstack sfc flow classifier create --ethertype IPv4 --source-ip-prefix
192.168.0.97/32 --destination-ip-prefix 192.168.0.101/32 --logical-
source-port sfc-client-2 --logical-destination-port sfc-server fcntopng-2
SFC Implementation on Openstack with OVS (10)
Create Flow Classifier for Service Chain 3

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101

#flow classifier
$ openstack sfc flow classifier create --ethertype IPv4 --source-ip-prefix
192.168.0.97/32 --destination-ip-prefix 192.168.0.101/32 --logical-
source-port sfc-client-3 --logical-destination-port sfc-server fcntopng-3
SFC Implementation on Openstack with OVS (11)
Create Port Chain for Service Chain 1

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101

#port chaining
$ openstack sfc port chain create --port-pair-group
ppgntopng --flow-classifier fcntopng pcntopng
SFC Implementation on Openstack with OVS (12)
Create Port Chain for Service Chain 2

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101

#port chaining
$ openstack sfc port chain create --port-pair-group
ppgntopng-2 --flow-classifier fcntopng pcntopng-2
SFC Implementation on Openstack with OVS (13)
Create Port Chain for Service Chain 3

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101

#port chaining
$ openstack sfc port chain create --port-pair-group
ppgntopng --port-pair-group ppgntopng-2 --flow-
classifier fcntopng pcntopng-3
vDPI Setup
SFC Implementation on Openstack with OVS-DPDK

• Opendev respository ovs-dpdk


https://opendev.org/x/networking-ovs-dpdk
• Installation :
https://opendev.org/x/networking-ovs-
dpdk/src/branch/master/doc/source/installation.rst
• Sample local.conf for deployment :
https://opendev.org/x/networking-ovs-
dpdk/src/branch/master/doc/source/_downloads/
• Getting started with Openstack and OVS-DPDK using Ubuntu :
https://opendev.org/x/networking-ovs-
dpdk/src/branch/master/doc/source/getstarted/devstack/ubuntu
.rst
SFC Implementation on Openstack with SPP
• Opendev respository networking-spp :
https://opendev.org/x/networking-spp
• Installation :
https://opendev.org/x/networking-spp/src/branch/master/doc/source/installation.rst
3. Progress & Results

• Research progress report


• Working project timeline
Progress and Result : SFC on OVS
Target Test

1. Function Test:
a) Traffic Flow for Service Chain 1: Client-1 → vDPI-1 → Server
b) Traffic Flow for Service Chain 2: Client-2 → vDPI-2 → Server
c) Traffic Flow for Service Chain 3: Client-3 → vDPI-1 → vDPI-2 → Server

2. Througput Test:
a) Througput Test Without Service Chain : Client-1 → Server
b) Througput Test for Service Chain 1: Client-1 → vDPI-1 → Server
c) Througput Test for Service Chain 2: Client-2 → vDPI-2 → Server
d) Througput Test for Service Chain 3: Client-3 → vDPI-1 → vDPI-2 → Server
Research Progress Report
Service Chain

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101

Service Service Service


Chain 1 Chain 2 Chain 3
Research Progress Report (2)
Without Service Chain

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101
Research Progress Report (3)
Service Chain 1

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101
Research Progress Report (4)
Service Chain 2

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101
Research Progress Report (5)
Service Chain 3

Server
Client-1 Client-2 Client-3 vDPI-1 vDPI-2 (iPerf
(iPerf-1) (iPerf-2) (iPerf-3) (ntopng) (ntopng-2) Server)
ens3 ens3 ens3 ens6 ens3 ens3
IP: 192.168.0.97 IP: 192.168.0.28 IP: 192.168.0.31 IP: 192.168.0.99 IP: 192.168.0.100 IP: 192.168.0.101
Conclusion : SFC on OvS
Result

1. Function Test:
a) Traffic Flow for Service Chain 1: Client-1 → vDPI-1 → Server = OK
b) Traffic Flow for Service Chain 2: Client-2 → vDPI-2 → Server = OK
c) Traffic Flow for Service Chain 3: Client-3 → vDPI-1 → vDPI-2 → Server = OK

2. Througput Test:
a) Througput Test Without Service Chain : Client-1 → Server = 16,4 Gbps
b) Througput Test for Service Chain 1: Client-1 → vDPI-1 → Server = 2,75 Gbps
c) Througput Test for Service Chain 2: Client-2 → vDPI-2 → Server = 2,20 Gbps
d) Througput Test for Service Chain 3: Client-3 → vDPI-1 → vDPI-2 → Server = 2,11 Gbps
Working Project Timeline

Juni Juli Agustus September


SFC
Working Project
SFC Research Implementation SFC Openstack
Establishment : Defining
Topology on Openstack OVS Test
Use Case
with OVS

Oktober November Desember


SFC
SFC Implementation on
SFC Openstack Implementation SFC Openstack
Openstack with OVS-
OVS-DPDK Test on Openstack SPP Test
DPDK
with SPP

source: ATII –WP4


vSwitch & Network Acceleration Comparison

source: NTT
Thank you!

You might also like