1 / 8

Virtual Topologies for Service Chaining in BGP IP MPLS VPNs ( draft-rfernando-l3vpn-service-chaning-03)

Virtual Topologies for Service Chaining in BGP IP MPLS VPNs ( draft-rfernando-l3vpn-service-chaning-03). Dhananjaya Rao Rex Fernando Luyuan Fang Maria Napierala Ning So Adrian Farrel IETF 88, November 2013 Vancouver. About this draft.

devona
Download Presentation

Virtual Topologies for Service Chaining in BGP IP MPLS VPNs ( draft-rfernando-l3vpn-service-chaning-03)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Topologies for Service Chaining in BGP IP MPLS VPNs(draft-rfernando-l3vpn-service-chaning-03) DhananjayaRao Rex Fernando Luyuan Fang Maria Napierala Ning So Adrian Farrel IETF 88, November 2013 Vancouver

  2. About this draft • Propose techniques built upon BGP/IP MPLS VPN control plane mechanisms to construct virtual topologies for service chaining. • The virtual service topologies interconnect network zones and constrain the flow of traffic between these zones via a sequence of service nodes • Two approach described: routing control plane, and by network orchestration to realize these virtual service topologies. • 04 hanges: Adrian joined as co-author and updated the draft.

  3. Terminologies • A network zone: a logical grouping of physical assets that supports certain applications. Hosts can communicate freely within a zone. • Service-PE: An IP VPN PE to which a service is attached. Direct incoming traffic from other PEs or from attached hosts to the service node via an MPLS VPN label or IP lookup. • Service node: A physical or virtual service appliance/application. E.g. FWs, LBs, and DPIs. The service node acts as a CE. • Service chain: A sequence of service nodes that interconnect the zones containing the source and destination hosts. Unidirectional and creates a one way traffic flow between source zone and destination zone. • Virtual service topology: a sequence of service-PEs and their attached service nodes created in a specific order. A service topology is constructed via one or more routes that direct the traffic flow among the PEs that form the service chain. • Service-topology-RT: A BGP route attribute that identifies the specific service topology.

  4. Virtual Machine Intra-zone routing • In a data center, servers host VMs where end applications reside • each application VM is a CE from an IP BGP VPN perspective • A collection of CE/VMs that can communicate freely form a zone • APE creates a VRF for its attached CE/VMs in a zone • Intra-zone connectivity achieved by designating a RT per zone (zone-RT) • Applied on all PE VRFs that terminate the CE/VMs that belong to the zone

  5. Inter-zone Routing and Traffic Forwarding • Apply network policies and services in a specific order • Service nodes may be VMs spread across the data center • Inter-zone traffic must follow a predetermined service path and forwarding through one or more service nodes • A sequence of service-PEs and their attached service nodes creates a unidirectional service chain or topology • Two step process: • Virtual Service Topology construction • Inter-zone Routing and Service Chaining Zone: 1 Zone: 3

  6. Inter-zone RoutingInter-zone Traffic Forwarding Zone:1 VRF Service VRF Service VRF Zone:3 VRF FIB/LIB FIB/LIB FIB/LIB FIB/LIB 192.168.1.1/32, VPN In_label (123) 192.168.1.1/32, NH 100.1.1.1/32, VPN label (123) 100.1.1.1/32) NH=SPE2 VPN Out_label (127) 192.168.1.1/32, NH PE0, VPN label (123) 100.1.1.1/32, VPN Out_label (123), VPN In_label (192) 192.168.1.1/32, NH 100.1.1.1/32, VPN label (123) 100.1.1.1/32) NH=SPE1 VPN Out_label (192), VPN In_label (127) Zone: 3 Zone: 1 Zone Prefix = 192.168.1.1/32 Service-PE1 Service-PE2 Zone:3 VRF Zone:1 VRF Service VRF Service VRF PE0 PE1 192 192.168.1.1 127 192.168.1.1 123 192.168.1.1 Dst: 192.168.1.1/32 Dst: 192.168.1.1/32 192.168.1.1 192.168.1.1 192.168.1.1 192.168.1.1 Service1 Service2 Service Node1 Service Node2

  7. Orchestration Driven Approach • Remove the need for the zone or service PEs to determine the appropriate next-hops based on the specified service node sequence. • The central orchestrator performs the necessary policy computations, and construct the forwarding tables for the various VRFs at the PEs. • The orchestrator communicates with the various PEs (typically virtual PEs on the end-servers) to populate the forwarding tables.

  8. Next Steps • Add Nabil back to the draft, as orchestration approach has been added • More feedbacks welcome • Ready to ask for WG adoption and quickly progress to last call

More Related