Configuring a Service Chain
Context
You can configure a service chain to import different service flows on a campus network to different value-added service devices and import the same service flow to multiple value-added service devices in sequence.
Configuring a service chain involves a Controller, firewall, antivirus expert system, and application security gateway. For detailed Controller configuration, see the documentation of the HUAWEI Agile Controller-Campus. For detailed firewall configuration, see the documentation of the HUAWEI USG6000 Series&NGFW Module. For detailed configurations of other security products, see the related product documentation.
You can configure all the data related to the service chain function on a Controller. Therefore, you are recommended to configure and maintain a service chain on a Controller. The following uses the service chain configuration on a switch as an example.
Pre-configuration Tasks
Before configuring a service chain, configure IP addresses for interfaces to ensure network-layer communication between neighbor nodes.
Procedure
- Configuring routes between a switch and the Controller and between a switch and firewall
Configure routes according to networking requirements. Generally, you are advised to configure static routes or OSPF routes for interworking. For details, see "Static Route Configuration" and "OSPF Configuration" in the S12700 and S12700E V200R019C10 Configuration Guide - IP Unicast Routing.
- Run the group-policy controller ip-address1 [ port-number1 ] [ backup ip-address2 [ port-number2 ] ] password password [ src-ip ip-address3 ] [ vpn-instance vpn-instance-name ] command in the system view of the switch to enable the service chain function.
- Configure service chain resources on the Controller.
- Configure service flows on the Controller.
- Configure a service chain on the Controller.
For detailed Controller configuration, see the documentation of the HUAWEI Agile Controller-Campus.