No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - SFC

CloudEngine 6800 and 5800 V200R003C00

This document describes the configurations of Service function chain (SFC).
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SFC Implementation

SFC Implementation

NSH Packet

NSH packets can be transmitted on various types of network, such as VLAN and VXLAN. Figure 2-1 shows the NSH packet encapsulation format.
Figure 2-1  NSH packet encapsulation format
After entering an SFC domain, packets are encapsulated with NSH headers. Figure 2-2 shows the NSH packet format.
Figure 2-2  NSH packet format
Table 2-2  Fields in an NSH packet

Field

Description

Ver

NSH version number. Currently, only the version number of 0 is supported.

O

Packet type.
  • 0: data packet
  • 1: operation, administration, and maintenance (OAM) packet

C

Key metadata exists. When the MD type is 1, the value of this field is 0.

Reserved

This field is set to 0 when an NSH packet is sent and is ignored when an NSH packet is received.

Length

Total length of an NSH packet. The value of this field indicates an integral multiple of 4 bytes. If the MD type is set to 1, the length is fixed at 6, indicating that the packet length is 6 x 4 bytes (24 bytes). If the MD type is set to 2, the length is 2 or greater.

MD type

Metadata format.
  • 1: The metadata length is fixed at 16 bytes.
  • 2: The metadata length is variable.
Currently, only the MD type of 1 is supported.

Next Protocol

Packet type before NSH encapsulation.
  • 0x1: IPv4 packet
  • 0x2: IPv6 packet
  • 0x3: Ethernet packet
  • 0x4: NSH packet
  • 0x5: Multiprotocol Label Switching (MPLS) packet
  • 0x6 to 0xFD: undefined
  • 0xFE to 0xFF: experimental
Currently, only IPv4 packets are supported.

SPI

ID of an SFP.

SI

Index of the SF through which traffic is passing.

Metadata

Metadata field. It is the basic element used for exchanging context information. The field length can be fixed or variable. Currently, only the fixed length is supported.

Working Mechanism

The SFC feature is typically used on a VXLAN network. The following describes how SFC works when NSH-aware SFs connect to centralized and distributed VXLAN gateways.

Centralized VXLAN Gateway Networking

In a centralized VXLAN gateway networking, SFs connect to the network in routing mode. Packets pass through an FW (SF1) and an LB (SF2) in sequence and are forwarded by the egress gateway. The SC and the first SFF are deployed both on the centralized VXLAN gateway. If SF1 and SF2 are NSH-unaware, the gateway needs to provide the SFC proxy function. North-south traffic presented by the solid arrowed line is used as an example.
Figure 2-3  Centralized VXLAN gateway networking
Figure 2-4 shows the abstracted SFP. The following figure shows the formats of packets on outbound interfaces during traffic forwarding.
Figure 2-4  Packet forwarding process in a centralized VXLAN gateway networking
  1. Traffic reaching an SFF (spine in the figure) is classified based on 5-tuple information and then redirected to the SFC. The SFF queries the NSH forwarding table based on the SPI or SI in the NSH. The next hop is the IP address of SF1 (10.1.1.2), and the outbound interface is on a VXLAN tunnel.

  2. The SFF removes the ETH header in a packet and encapsulates the packet with NSH and VXLAN headers. The VNI in the VXLAN header is the same as the VNI of the tenant VPN instance. Based on the destination IP address (DIP) in the VXLAN header, the SFF can obtain the outbound interface.

  3. Upon receiving the packet, SF1 removes outer encapsulation, analyzes the packet, and decreases the SI by 1. SF1 then encapsulates the packet with the NSH header and forwards the NSH-encapsulated packet to the leaf for VXLAN encapsulation. The leaf encapsulates the packet with the VXLAN header and sends the packet to the SFF.

  4. Upon receiving the encapsulated packet, the SFF queries the NSH forwarding table based on the SPI or SI in the NSH. The next hop is the IP address of SF2 (10.2.2.2), and the outbound interface is on a VXLAN tunnel. Then the SFF removes the ETH header in the packet and encapsulates the packet with NSH and VXLAN headers.

  5. Upon receiving the packet, SF2 removes outer encapsulation, analyzes the packet, and decreases the SI by 1. SF1 then encapsulates the packet with the NSH header and forwards the NSH-encapsulated packet to the leaf for VXLAN encapsulation. The leaf encapsulates the packet with the VXLAN header and sends the packet to the SFF.

  6. Upon receiving the encapsulated packet, the SFF queries the NSH forwarding table and determines whether the SI is the same as the SI of the last hop. If so, the SFF removes the NSH, encapsulates the packet with an ETH header, and forwards the packet out of the SFC domain. If not, the SFF queries the NSH forwarding table to continue forwarding the packets in the SFC domain.

Distributed VXLAN Gateway Networking

In a distributed VXLAN gateway networking, SFs connect to the network in routing mode. Packets pass through two FWs (SF1 and SF2) in sequence and are forwarded by the egress gateway. The VXLAN gateway connected to a tenant server is used as the SC, and VXLAN gateways connected to SFs are used as SFFs. An SFF can forward NSH packets to the next-hop SF or SFF. If SF1 to SF3 are NSH-unaware SFs, the SFFs need to provide the SFC proxy function. North-south traffic marked in solid lines is used as an example, and the SC, SFF1, and SFF2 are leaf devices, as shown in Figure 2-5.
Figure 2-5  Distributed VXLAN gateway networking
Figure 2-6 shows the abstracted SFP. The following figure shows the formats of packets on outbound interfaces during traffic forwarding.
Figure 2-6  Packet forwarding process in a distributed VXLAN gateway networking
  1. Traffic reaching an SC is classified based on 5-tuple information and then redirected to the SFC. The SC queries the NSH forwarding table based on the SPI or SI in the NSH. The next hop is the IP address of the virtual bridge domain interface (VBDIF) on SFF1, and the outbound interface is on a VXLAN tunnel. The SC removes the ETH header in a packet and encapsulates the packet with NSH and VXLAN headers. The VNI in the VXLAN header is the same as the VNI of the tenant VPN instance. Based on the DIP in the VXLAN header, the SC can obtain the ARP outbound interface.

  2. Upon receiving IP over NSH over VXLAN packets, SFF1 removes the VXLAN header and queries the NSH forwarding table based on the SPI or SI. The next hop is the IP address of SF1, based on which SFF1 queries ARP information and constructs a new ETH header.

  3. Upon receiving the packet, SF1 removes outer encapsulation, analyzes the packet, and decreases the SI by 1. SF1 then encapsulates the packet with NSH and ETH headers, and forwards the packet to SFF1.

  4. Upon receiving the encapsulated packet, SFF1 removes the ETH header of the packet and queries the NSH forwarding table based on the SPI or SI in the NSH. The next hop is the IP address of SFF2. Then SFF1 encapsulates the packet with NSH and ETH headers.

  5. Upon receiving the encapsulated packet, SFF2 removes the ETH header of the packet and queries the NSH forwarding table based on the SPI or SI in the NSH. The next hop is the IP address of SF2. Then SFF2 encapsulates the packet with NSH and ETH headers.

  6. Upon receiving the packet, SF2 removes outer encapsulation, analyzes the packet, and decreases the SI by 1. SF1 then encapsulates the packet with NSH and ETH headers, and forwards the packet to SFF2.

  7. Upon receiving the encapsulated packet, SFF2 queries the NSH forwarding table and determines whether the SI is the same as the SI of the last hop. If so, SFF2 removes the NSH, and normally processes and forwards the packet out of the SFC domain. If not, SFF2 queries the NSH forwarding table to continue forwarding the packets in the SFC domain.

The preceding packet forwarding processes apply when SFs are NSH-aware. If SFs are NSH-unaware, the SI is processed in a different way. NSH-unaware SFs do not process NSH packets. Therefore, the SFC proxy is responsible for decreasing the SI by 1.

Table 2-3 lists differences of SFC implementation in the centralized and distributed VXLAN gateway networking modes.
Table 2-3  Differences of SFC implementation in the centralized and distributed VXLAN gateway networking modes

Difference

Centralized VXLAN Gateway Networking

Distributed VXLAN Gateway Networking

SC and SFF locations

The SC and SFF are deployed both on the centralized VXLAN gateway.

The VXLAN gateway connected to a tenant server is used as the SC, and VXLAN gateways connected to SFs are used as SFFs. In practice, a VXLAN gateway connected to SFs usually serves both as the SC and SFF.

Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004362

Views: 4932

Downloads: 82

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next