新浪博客

关于SFC的一些记录(一)--IETF SFC 构架

2016-02-17 12:24阅读:

http://blog.sina.cn/dpool/blog/u/1768097591

前期做了一个SFCdemo,将SFC部署在一个具有分布式交换网络的RACK上,当时仓促赶工,总觉得不过瘾,现在正好有时间把关于SFC的东西从头到尾梳理一遍。
SFC是一个比较新领域,现阶段很多东西在IETF还是草案,处于正在讨论向前不断演进的状态,在这里的把SFC的一些知识和思考记录下来,理解有可能有偏差甚至错误,有了这些记录,可以基于此进行讨论,同时也方便将来矫正现在的思考

1. 什么是SFC
SFCService Function Chain的缩写,直译过来是服务功能链,通常简称服务链
简单地说把服务功能联接起来提供的一个有序的服务组合叫做服务链
SFC的延伸的含义包括服务链的定义,服务链的部署,基于policytraffic steering(不知道中文该怎么说),这里这个记录中谈论的重点是在chain,不是在某个具体的service function
SFCservice是服务的泛指, service 可以是传统的网络服务,例如 firewall load balancerNAT等,也可以是专用的服务 比如 squid HTTP header manipulation,广义上说,服务是为了满足某种业务需要对数据进行存取,监控或者是按照一些特定的规则对数据进行处理。这里的服务主要指的是网络服务(networking service

2. 为什么需要SFC
设计SFC需要解决那些问题?这里用一张来自CiscoPPT
关于SFC的一些记录(一)--IETF <wbr>SFC <wbr>构架
具体可以参考IETF RFC 7498 Problem Statement for Service Function Chaining
https://datatracker.ietf.org/doc/rfc7498/?include_text=1
后面可以看到SFC设计,NSH设计的时候是如何考虑解决这些问题的

3. SFC 构架
学习SFC的构架,需要了解SFC构架中的几个重要基本概念,这里不一一翻译
1 Classification: Locally instantiated matching of traffic flows against policy for subsequent application of the required set of network service functions. The policy may be customer/network/ service specific.
Classifier: An element that performs Classification.
2 Service Function Chain(SFC): A service function chain defines an ordered set of abstract service functions and ordering constraints that must be applied to packets and/or frames and/or flows selected as a result of classification. The implied order may not be a linear progression as the architecture allows for SFCs that copy to more than one branch, and also allows for cases where there is flexibility in the order in which service functions need to be applied.
3 Service Function (SF): A function that is responsible for specific treatment of received packets. A service function can act at various layers of a protocol stack (e.g., at the network layer or other OSI layers). As a logical component, a service function can be realized as a virtual element or be embedded in a physical network element. One or more service functions can be embedded in the samenetwork element. Multiple occurrences of the service function can exist in the same administrative domain.
4 Service Function Forwarder (SFF): A service function forwarder is responsible for forwarding traffic to one or more connected service functions according to information carried in the SFC encapsulation, as well as handling traffic coming back from the SF. Additionally, an SFF is responsible for delivering traffic to a classifier when needed and supported, transporting traffic to another SFF (in the same or different type of overlay), and terminating the Service Function Path (SFP).
5 Service Function Path (SFP): The service function path is a constrained specification of where packets assigned to a certain service function path must go. While it may be so constrained as to identify the exact locations, it can also be less specific. The SFP provides a level of indirection between the fully abstract notion of service chain as a sequence of abstract service functions to be delivered, and the fully specified notion of exactly which SFF/SFs the packet will visit when it actually traverses the network. By allowing the control components to specify this level of indirection, the operator may control the degree of SFF/SF selection authority that is delegated to the network.
6 Rendered Service Path (RSP): Within an SFP, packets themselves are of course transmitted from and to specific places in the network, visiting a specific sequence of SFFs and SFs. This sequence of actual visits by a packet to specific SFFs and SFs in the network is known as the Rendered Service Path.
This definition is included here for use by later documents, such as when solutions may need to discuss the actual sequence of locations the packets visit.
7 SFC-Enabled Domain: A network or region of a network that implements SFC. An SFC-enabled domain is limited to a single network administrative domain.
8 SFC Proxy: Removes and inserts SFC encapsulation on behalf of an SFC-unaware service function. SFC proxies are logical elements.
9 Metadata: Provides the ability to exchange context information between classifiers and SFFs, and among SFs.
这里SFC存在于一个抽象的服务平面,这个平面可以overlay在底层的数据/物理平面,服务平面上的拓扑和数据/物理平面拓扑相互独立
RFC7665定义了服务平面上服务链数据面构架
每个服务链(SFC)的数据平面都是由ClassifierSFFSFSFC Proxy逻辑组件组合而成,用户可以灵活的创建并组合这些逻辑组件,根据policy定义各种有序的服务集合,例如classifier决定哪些数据能够进入服务链并对流进行分类, 然后利用SFF来控制数据流的走向,将多个SF按照一定的顺序串联起来完成某些功能
一个SFC数据面基本构架如下图:
关于SFC的一些记录(一)--IETF <wbr>SFC <wbr>构架
一个完整的SFC抽象服务平面由数据面和控制面构成,基本的框架如下
关于SFC的一些记录(一)--IETF <wbr>SFC <wbr>构架


Orchestrator定义SFC,建立SFP
SFC control & policy plane 实例化SFCSFP,并且将抽象的Policy通过流表等形式实例化到抽象的逻辑模块中
数据面 SFC-domain按照上层的定义policy控制和转发数据流,来实现SFC

SFC在服务平面上描述的抽象的服务功能的有序集合,当数据包/流进入SFC domain时,入口处Classify决定哪些包/流能够进入SFC-domainclassify根据匹配规则为这些/加上SFC报头(SFC encapsulation)SFC报头描述了这个包/流以应该以怎样的顺序经过一个SF集合(SFP),每个SF在描述报头里面都有一个唯一对应的IDClassify后边的SFFs会根据报头的描述的信息按照顺序将数据包/流送到对应的SFs.
这其中还有一个RSP的概念,SFP是一个抽象功能链的实例,描述了一个服务链里服务集合的的顺序,RSP呈现具体的服务路径,描述一个SFP具体的从哪一个classify开始,按照怎样的顺序经过那些逻辑组件(SFFs SFs),最后在哪里结束.SFC构架当中SFC->SFP->RSP 是一个从抽象定义到具体实现的逐步细化
这里还要提一个metadata的概念,SFC平面上的逻辑元素之间需要能够相互传递信息,有了这些信息整个服务链可以对数据做动态灵活的策略处理,比如DPI服务检查数据包里面的内容,根据不同的内容打上标签填在metadata里,然后送到下一个SFF或者SF,下一个SFF可以根据metadata做转发,或者SF

我的更多文章

下载客户端阅读体验更佳

APP专享