Service Function Chaining Vu Anh Vu Internet-Draft Younghan Kim Intended status: Informational Kyoungjae Sun Expires: September 12, 2017 Soongsil University March 11, 2017 Interoperation of multiple Metadata schemes in SFC draft-vu-sfc-md-scheme-interoperation-01 Abstract Metadata carries SFC information shared amongst SFC components. Each service function requires different metadata, therefore a common metadata scheme for all SFs in SFC domain is redundant and sometime unsecured. This document describes use cases for using multiple NSH Metadata schemes in single and multiple SFC domains and proposes a general architecture and method for coordinating heterogenous Metadata schemes in SFC. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 12, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Vu Anh Vu, et al. Expires September 12, 2017 [Page 1] Internet-Draft MD scheme Interoperation March 2017 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 1.2. Problem Statement . . . . . . . . . . . . . . . . . . . . 2 2. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Heterogenous SFs compatibility . . . . . . . . . . . . . 3 2.2. Reduce MD size . . . . . . . . . . . . . . . . . . . . . 3 2.3. Multi-domain SFC . . . . . . . . . . . . . . . . . . . . 3 3. MD scheme Conversion . . . . . . . . . . . . . . . . . . . . 4 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 7. Normative References . . . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.2. Problem Statement SFC Architecture document [RFC7665] has defined the purposes of shared Metadata in SFC. Network Service Header (NSH) document [I-D.ietf-sfc-nsh] defines NSH structures, including 2 type of Metadata (MD), and is not repeated here. The NSH document [I-D.ietf-sfc-nsh] defines two types of Metadata in NSH: MD-type 1, which has fixed 4x4 byte length, and MD-type 2 having variable lengths. Every SFs in an SFC-enabled domain MUST support MD-type 1 and SHOULD support MD-type 2. However, the semantics of each byte in MD is up to operators to define. Each operator has its own SFC configuration, hence the SFC MD is different from operator to operator. Operators define MD with their SFC configuration, but their SFs use it, and most of the time SFs are not developed by their operator. Certainly, SF developers always try to make their products compatible with as many environments as possible. Letting operator defining MD give them the flexibility, but sacrifice the Vu Anh Vu, et al. Expires September 12, 2017 [Page 2] Internet-Draft MD scheme Interoperation March 2017 compatibility of SFs. More or less, operator and SF developer should have some agreements, or standards, about the semantic of MD. There are attempts to create standards for MD-type 1 for some environment such as datacenters and mobile networks. However, each of them is too specific for a particular use case, and it is difficult to generalize them for all environments. MD-type 2 with is variable length is proposed to provide more flexibility for operator/ vendor-specific SFC and not likely to be standardized. In conclusion, there is a lack of strong reasons to have standards for MD. Therefore, instead of standardizing MD, this document focuses on making multiple MD schemes working seamlessly together in an SFC domain. In detail, this document lists some use cases which require the coexistence of multiple MD schemes and propose an architecture to solve the issue. 2. Use cases 2.1. Heterogenous SFs compatibility As mentioned, each SF needs different SFC information to process packets, update MD, or select service paths. And each SF gathers that information with its format/scheme, depends on its vendor. An example this use case is third-party SFs, which are controlled by external entities, and proprietary black-boxed SF. To ensure the compatibility of a heterogeneous SF collection in SFC domains, conversions between MD scheme are required. SFs should register their MD scheme to the SFC control plane. 2.2. Reduce MD size There are only 4x4 bytes for MD in MD-type 1, which MUST be supported by all NSH-aware SFs, but there might be more information need to be carried throughout an SFC domain. Even though MD-type 2 can be used to carry a large amount of SFC metadata, it is not necessary for all SFs. An SF only needs a part of the data in that MD, hence providing them more information is redundant and in some situation, might cause information leaking. Using multiple MD schemes reduces the size of MD by using all bytes in MD-type 1 effectively and providing sufficient metadata for each SF. 2.3. Multi-domain SFC An SFC can be established throughout multiple SFC domains, as described in SFC use cases in data center [I-D.ietf-sfc-dc-use-cases] and Hierarchical SFC [I-D.ietf-sfc-hierarchical]. Occasionally, each Vu Anh Vu, et al. Expires September 12, 2017 [Page 3] Internet-Draft MD scheme Interoperation March 2017 SFC domain has a different MD scheme, and as a result, the MD-type translation is required when the traffic traverses between domains. Figure 1 illustrates a scenario where a SFC includes two domains with different MD schemes. When a packet exits a domain and enters another, the MD converter in the second domain will translate MD scheme 1 to MD scheme 2. Surely, control planes of the domains have to coordinate with each other to have the correct translation. +--------------------+ +-------------------+ |SFC domain 1 | |SFC domain 2 | | +---------------+ | | +---------------+ | | | Control plane +<------>+ Control plane | | | +---------------+ | | +----+----------+ | | | | | | Service Path | | | +----v----+ | +---------------------------+---->+ MD +---------------> | +---------+ | | |Converter| | | | MD | | | +---------+ | <---------------+Converter+<--------------------------------+ | +---------+ | | | Reversed +--------------------+ +-------------------+ Path Figure 1: A Multiple MD in Multi-domain SFC scenario 3. MD scheme Conversion An SFC domain with multiple MD schemes can be logically divided into multiple MD scheme domains, each of them contains SFs and SFFs that have the same MD scheme. Between MD scheme domain, there are MD scheme converters to translate and alter MD in packets when they travel across domains. Figure 2 show the architecture where Subsequent CFs, which are the most suitable components to be MD scheme converters due to their ability to update MD in packets, are placed between MD scheme domains and responsible for MD translation. Vu Anh Vu, et al. Expires September 12, 2017 [Page 4] Internet-Draft MD scheme Interoperation March 2017 +..................+ +.........+ . MD scheme . .MD scheme. . domain 1 . .domain 2 . . . . . +------+ . . +-------+ . . +-------+ | | . +-----+ +-----+ . | Sub- | . +-----+ . | Sub- | | CF +---+ SFF +--+ SFF +---+sequent+---+ SFF +--+ ... -+sequent+- ... | | . +--+--+ +--+--+ . | CF | . +--+--+ . | CF | +------+ . | | . +-------+ . | . +-------+ . +-+-+ +-+-+ . . +-+-+ . . |SF | |SF | . . |SF | . . +---+ +---+ . . +---+ . +..................+ +.........+ Figure 2: MD scheme Conversion with Subsequent CF 4. Acknowledgements TBD 5. IANA Considerations This document does not require any IANA actions. 6. Security Considerations TBD 7. Normative References [I-D.ietf-sfc-dc-use-cases] Surendra, S., Tufail, M., Majee, S., Captari, C., and S. Homma, "Service Function Chaining Use Cases In Data Centers", draft-ietf-sfc-dc-use-cases-05 (work in progress), August 2016. [I-D.ietf-sfc-hierarchical] Dolson, D., Homma, S., Lopez, D., Boucadair, M., Liu, D., Ao, T., and V. Vu, "Hierarchical Service Function Chaining (hSFC)", draft-ietf-sfc-hierarchical-01 (work in progress), September 2016. [I-D.ietf-sfc-nsh] Quinn, P. and U. Elzur, "Network Service Header", draft- ietf-sfc-nsh-10 (work in progress), September 2016. Vu Anh Vu, et al. Expires September 12, 2017 [Page 5] Internet-Draft MD scheme Interoperation March 2017 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function Chaining (SFC) Architecture", RFC 7665, DOI 10.17487/RFC7665, October 2015, . Authors' Addresses Vu Anh Vu Soongsil University 369 Sangdo-ro Dongjak-gu, Seoul 06978 South Korea Email: vuva@dcn.ssu.ac.kr Younghan Kim Soongsil University 369 Sangdo-ro Dongjak-gu, Seoul 06978 South Korea Email: younghak@ssu.ac.kr Kyoungjae Sun Soongsil University 369 Sangdo-ro Dongjak-gu, Seoul 06978 South Korea Email: gomjae@ssu.ac.kr Vu Anh Vu, et al. Expires September 12, 2017 [Page 6]