Realize SFC Using ONOS SDN Controller

Mohan Kumar, Senior Software Engineer, Huawei Indian

Cathy Zhang, Principal Architect, Huawei USA

1. Understand OpenStack Neutron SFC Feature: Its Flexible

Architecture to Integrate with Multiple SDN Controllers, Its

APIs, Its Code Status, Second Phase Roadmap.

2. Understand ONOS Controller (Open Network Operating

System) Distributed Architecture For Scalability Support

3. Undertand How Openstack Integrates with ONOS SDN

Controller to Realize the SFC Functionality.

OpenStack Service Chain Overview

What is Service Function Chain ?

Service Chain Management and Control Platform

NAT FW IDS LB Video NAT FW LB

SF

Forwarder

(vSwitch) Cache

QoS

WOC

Classifier Traffic

Destination

Load

Balancer IDS

FW

Traffic

Source

SF

Forwarder

(vSwitch)

OpenStack Neutron Service Chain Architecture

ONOS Controller

ONOS Service Chain

Driver

OVS Service

Chain Driver

Common Service Chain Driver API (C2)

OpenStack API for Service Chain (C1)

Service Chain Driver Manager

OpenStack Server

Compute Node

OVS

Swtich(Classifier)

Service

VM

Service

VM (LB)

Traffic

Source Traffic

Destination

ODL Controller

ODL Service

Chain Driver Dragonflow

Service Chain

Driver

OVN Service

Chain Driver

Dragonflow Controller

OVSDB ETCD Cassandra RamCloud

ONOS Controller

ONOS Service Chain

Driver

OVS Service

Chain Driver

Common Service Chain Driver API (C2)

OpenStack API for Service Chain (C1)

Service Chain Driver Manager

OpenStack Server

Compute Node

OVS

Swtich(Classifier)

Service

VM (FW)

Service

VM (IDS)

Compute Node

OVS Swtich

(Classifier)

Service

VM (NAT) Service

VM(Web)

Traffic

Source Traffic

Destination

ODL Controller

ODL Service

Chain Driver Dragonflow

Service Chain

Driver

OVN Service

Chain Driver

OVN/Dragonflow

Controller

OVSDB ETCD Cassandra RamCloud

OVN/Dragonflow Distributed DB

OpenStack Service Chain API Overview

Flow Classifier

Destination N-Tuple

OpenStack Neutron Service Chain API

Source N-Tuple

Port Pair for IPS1 Neutron Port

for FW1 Neutron Port

for Video Optimizer1

Neutron Port for FW2

Neutron Port for FW3

Traffic

Destination Video

Optimizer

FW IPS

Traffic

Source

Port Pair for IPS2

Neutron Port for Video

Optimizer2

Port-Pair-Group1 Port-Pair-Group2 Port-Pair-Group3

Flow Classifier Flow Classifier

Networking-sfc Project Information

● First Release in Feb 2016 ● Architecture and API Specification Link:

● http://docs.openstack.org/developer/networking-sfc/

● Project Wiki Page: ○ https://wiki.openstack.org/wiki/Neutron/APIForServiceChaining

● Weekly IRC Meeting: ○ Thursday 1700 UTC on #openstack-meeting-4 ○ https://wiki.openstack.org/wiki/Meetings/ServiceFunctionChainin

gMeeting

Second Phase Road Map of Networking-SFC

• Add Support for a Chain of SFs Hosted on

Container

• Add Support for a Chain of SFs Hosted on

Physical Device

• Integrate with VNFM Tacker

• Add ODL SFC Driver, OVN SFC Driver, Dragonflow

SFC Driver to Support the Implementation path on

these Open Source SDN Controllers.

• Support for IETF NSH Encapsulation

• Support for Symmetric SFC Path

ONOS for Openstack

SDN Architecture

OpenStack Networking-SFC

ONOS Controller

vSwitch, Service Function VM/Container/ Physical Device

A new carrier-grade SDN network

operating system designed for

high availability

performance

scale-out.

Mission: “to produce the Open Source

Network Operating System that will

enable service providers to build real

Software Defined Network”

What is Modular ONOS?

SFC in ONOS Architecture

ONOS

Provider

NB API

RESTful

Core

SB API

DEV Link

Switches and Service functions on the Network Data Plane

Apps

PCEP Host

ONOS SFC Manager

ONOS NBI for SFC functions

Vendor Specific

Northbound

Agent

OpenStack Networking-SFC (ONOS SFC Driver)

APP

Southbound

Agent Flow

Net

conf

SB API for SFC provisioning on the device

Host Subsystem

Flow Subsystem

VTN Manager

Device Subsystem

Config Driver

OVSDB

Provider

Demo Topology

VM4 (Destination)

VM3 (SF2) VM1

(Source) VM2 (SF1)

OVS

ingress egress ingress ingress ingress egress egress egress

P1 P2 P3 P4 P5

Packet path before installing SFC VM1 -> VM4

Packet path after installing SFC VM1 -> VM2 -> VM3 -> VM4

P6

● In our demonstration we have source VM, destination VM and a set of service functions VM's spawned using openstack network API

● We use ping packet as data transfer between source and destination. ● Before installing SFC, the packet will directly go to the destination ● After installing SFC the packet will take the defined SFC path and is

processed at each service function before reaching destination.

Scenario 1

VM4 (Destination)

VM3 (SF2) VM1

(Source) VM2 (SF1)

OVS

ingress egress ingress ingress ingress egress egress egress

P1 P2 P3 P4 P5 P6

Test : Ping from VM1 to VM4

Packet path before installing SFC, VM1 -> VM4

20.0.0.3 20.0.0.8

Creating port

● Use neutron networking CLI to create ports on OVS (All ports are created on the same network)

● neutron port-create --name p1 net1

● neutron port-create --name p2 net1

● neutron port-create --name p3 net1

● neutron port-create --name p4 net1

● neutron port-create --name p5 net1

● neutron port-create --name p6 net1

● neutron port-create --name p7 net1

● neutron port-create --name p8 net1

OVS P1 P2 P3 P4 P5 P6

Spawning VM's

● Spawn the VM's with the created ports

● Use nova CLI to spawn the VM's

● nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.small --nic port-id=<ingress port> --nic port-id=<egress port> <vm name>

VM4 (Destination)

VM3 (SF2) VM1

(Source) VM2 (SF1)

OVS

ingress ingress ingress ingress egress egress egress

P1 P2 P3 P4 P5 P

6

egress

Ping from VM1 to VM4 Without SFC

VM4 (Destination)

VM3 (SF2) VM1

(Source) VM2 (SF1)

OVS

ingress egress ingress ingress ingress egress egress egress

P1 P2 P3 P4 P5 P6

Packet path before installing SFC VM1 -> VM4

20.0.0.3 20.0.0.8

Scenario 2

VM4 (Destination)

VM3 (SF2) VM1

(Source) VM2 (SF1)

OVS

ingress egress ingress ingress ingress egress egress egress

P1(27) P2(25) P3(26) P4(28) P5(29) P6(30)

Test : Ping from VM1 to VM4

20.0.0.3 20.0.0.8

Packet path after installing SFC(Create port chain) VM1 -> VM2 -> VM3 -> VM4

Note: 5, 6, 7, 8.. are the OVS ports on which the VM's tap interfaces are created

Creating SFC Port pair

● Use Networking-SFC CLI to create port pairs

● neutron port-pair-create <port pair name> --ingress <port id> --egress <port id>

● When a port pair is successfully created, neutron SFC will send a create request to ONOS rest API.

● ONOS will store the respective port pair details in its DB

Create Port pair PP1 with ports P2 and P3

Create Port pair PP2 with ports P4 and P5

OVS P1 P2 P3 P4 P5 P6

Creating Port pair group

● Use Networking-SFC CLI to create port pair group ● neutron port-pair-group-create --port-pairs <port pair name> <port

pair group name> ● Once the port pair group is successfully created, neutron will send a

create request to ONOS rest API for port pair group. ● ONOS will store the respective port pair details in its DB

Create port pair group PPG1 with port pair PP1

Create port pair group PPG2 with port pair PP2

Create Port pair PP1 with ports P2 and P3

Create Port pair PP2 with ports P5 and P6

OVS P1 P2 P3 P4 P5 P6

Create flow classifier

● Use Networking-SFC CLI to create flow classifier.

● Classifier rule is used to select traffic that originates from source with IP prefix 20.0.0.3/32 and goes to destination with IP prefix 20.0.0.8/32 (Source and destination with in the same network), and the chain ingress port is set as the Source VM’s neutron port p1

● neutron flow-classifier-create --source-ip-prefix 20.0.0.3/32 --destination-ip-prefix 20.0.0.8/32 –logical-source-port p1 FC1

● Once the flow classifier is successfully created, neutron will send a create request to ONOS rest API

● ONOS will store the respective flow classifier details in its DB

Create Port chain

● Use Networking-SFC CLI to create port chain ● Create port chain with VM2 as SF1 and VM3 as SF2 ● neutron port-chain-create --port-pair-group PPG1 --port-pair-

group PPG2 --flow-classifier FC1 <port chain name> ● Once the port chain is successfully created, neutron will send a chain

creation request to ONOS rest API for port chain. ● ONOS will store the respective port chain details in its DB and

initiates event to generate and download required flow rules to the switches for setting up the SFC traffic steering path.

Create Port pair PP1 with ports P2 and P3

Create Port pair PP2 with ports P4 and P5

Create port pair group PPG1 with port pair PP1

Create port pair group PPG2 with port pair PP2

SFC

VM3 (SF2) VM2 (SF1)

ingress egress egress

P2 P3 P4 P5 OVS

ingress

● When the ping packet is coming out from VM1, it will meet the classifier rule and the packet is forwarded to VM2.

● There is a SF1 running in VM2, which will receive the packet, process it and send it out on the VM2’s egress port

● The packet coming out from the Egress port of VM2 will qualify the pre-programmed forwarding rule and be forwarded to VM3.

● There is a SF2 running in VM3, which will receive the packet process it, and send it out on the egress port of VM3

● The packet coming out from Egress port of VM3 will satisfy the normal forwarding rules to the destination, and forwarded to VM4.

VM4 (Destination)

VM3 (SF2) VM1

(Source) VM2 (SF1)

OVS

ingress egress ingress ingress ingress egress egress egress

P1(27) P2(25) P3(26) P4(28) P5(29) P6(30)

Ping from VM1 to VM4 With SFC

Thank You