Truong-Xuan Do Internet Draft Younghan Kim Intended status: Informational Soongsil University, Korea Expires: Jan 2018 Jul 1, 2017 High Availability Mechanisms for Service Function Chaining draft-xuan-nfvrg-ha-sfc-02 Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on Jan 2018. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Expires Jan 1,2018 [Page 1]  Internet-Draft Jul 1, 2017 Abstract In the NFV domain, the high availability for SFC is the combination of HA for individual service chain components and dynamic adjustment This document considers the high availability mechanisms for service chain from the viewpoint of the interaction between virtual network function, virtual link, NFV-MANO, and NFVI. Table of Contents 1. Introduction...................................................3 2. Conventions used in this document..............................3 3. High availability of SFC.......................................4 3.1. SFP adjustment............................................8 3.2. High availability for VNF.................................5 3.2.1 active standby........................................4 3.2.2 active active.........................................5 3.2.3 load balancing........................................6 3.3. High availability for NFV-MANO............................6 3.4. High availability for service function forwarder..........6 3.5. High availability for virtual link........................7 4. Multisite considerations.......................................7 5. Security Considerations........................................8 6. IANA Considerations............................................8 7. References.....................................................8 7.1. Normative References......................................8 7.2. Informative References....................................8 Expires Jan 1,2018 [Page 2]  Internet-Draft Jul 1, 2017 1. Introduction Network function virtualization (NFV) offers a great flexibility, CAPEX and OPEX reduction, and short time-to-market for provisioning network services in cloud environment. For traditional networks, the service function deployments are relatively static and are tightly coupled to network topology and physical resources. Therefore, the design of network service availability is done hop by hop and the service of each hop is configured and operated independently. There is no mechanism for managing the end-to-end service availability. In NFV, the service deployment is more dynamic, flexible, visible, and automated. The service function chain could be adjusted dynamically in case of failure. However, the interaction between the HA mechanisms for individual components and service chain has not been discussed yet. In this document, we considers the high availability mechanisms for individual virtual network functions, virtual link, service function forwarder, and interaction beetween those individual mechanisms with the service chain adjustment. 2. Conventions used in this document The terms about SFC, SFP, SFF, SF, and classifier are defined in [RFC7665]. The terms about VNF, VNFFG, VL, NFV-MANO are defined in [ETSI-NFV-ARCH]. The terms VNF and VNFFG are also called SF and SFC respectively. In this document, we assume that there are some mappings between the term SFC in [RFC7665] and VNFFG in [ETSI-NFV-MANO]. The packets are encapsulated by the network service header (NSH) when traversing the service chain or VNFFG. The control plane for the SFC is placed in the NFV-MANO. Expires Jan 1,2018 [Page 3]  Internet-Draft Jul 1, 2017 3. High availability of SFC The high availability for SFC is ensured by the HA for individual service chain compnents and the adjustment of service function path. Depending on customer type and traffic type, the different redundancy methods for each service chain component (VNF, VL) are applied to achieve the corresponding Service Availability Level (SAL) [ETSI-NFV-REL001]. 3.1. SFP adjustment Service function chain can have serveral service function paths (SFP) which are created by the combination of service function instances located in different physical hardware nodes. The high availability of service function chain can be ensured by adjusting the current SFP to create a new SFP. The high availability is one of use cases for SFC adjustment in the [ietf-sfc-control-plane]. The SFP adjustment also takes into account some policies defined by network operators. 3.2. High availability of Virtual Network Function The high availability of VNFs are done using popular redundancy methods such as Active-Standby, Active-Active [ETSI-NFV-REL003]. 3.2.1 Active-Standby configuration for VNF In this case, the VNF is configured using active standby mode. when the active VNF fails, the NFV-MANO detects the failure. The NFV-MANO will configure the virtual router to map the external connection point (eCP) to the internal connection point (iCP2) of the standby VNF. The IP address of the VNF4 exposed to outside doesn't change, and the SFP adjustment is not required in this case. +-----------------------------------------------------+ +---------+ | +--------+ Fail | | | | | VNF2 | +----------------------^+ | | +--+ +--+ | | |NFV-MANO | | +-----+ | +--------+ | +---+----+ +--------+ | | | | | +----+ | | VNF4 | | VNF4 | | | | | |VNF1 | | +--+(active)| |(standby| | | | | | | | +--------+ | +--------+ +-+------+ | | | | +--^--+ | | VNF3 +--+ | | + + | | | +--+ | +-iCP1---iCP2-+ configure mapping | | | +------+-+ | Virtual +^----+----+ | | | ^ | router | | | | | | | +----+eCP+----+ | | | | | | | | +---------+ +----|-----------------|-----------------|------------+ +----|-----------------|-----------------|------------+ | +--|-----------------|-----------------|--+ | | | | Virtualization| layer | | | | +--|-----------------|-----------------|--+ | | | | | | | +--+----+ | +----+-----+ | | |SFF1 | | | SFF3 | | | | +-------------------------+ | | | +----+--+ | +---+------+ | | | +----+-----+ | | | | | SFF2 | | | | +----------+ +----------+ | | NFVI +----------+ | +-----------------------------------------------------+ Figure 1. Service function chaining with VNFs at active-standby Expires Jan 1,2018 [Page 4]  Internet-Draft Jul 1, 2017 3.2.2. Active-Active configuration for VNF In this case, two VNF4s are active and use different IP addresses. In active active mode, two internal connection points of VNFs are connected to the two external connection points of virtual routers. when one active VNF4 fails, the NFV-MANO needs to perform the SFP adjustment to direct packet to the another active VNF4. +-----------------------------------------------------+ +---------+ | +--------+ Fail | | | | | VNF2 | +---------------------^+ | | +--+ +--+ | | | | | +-----+ | +--------+ | +---+----+ +--------+ | |NFV-MANO | | | +----+ | | VNF4 | | VNF4 | | | | | |VNF1 | | +--+(active)| |(active)| | | | | | | | +---------+ | +--------+ +-+------+ | | | | +--^--+ | | VNF3 +-+ | | | | | | | +--+ | +iCP1--iCP2+ | | | | | +------+--+ | Virtual | | | | | | ^ | Router | | | | | | | +eCP1--eCP2+ | | | | | | | | | +----+----+ +----|-----------------|--------------|-------|-------+ | +----|-----------------|--------------|-------|-------+ | | +--|-----------------|--------------|-----+ | | | | | | Virtualization| layer | | | | | | +--|-----------------|--------------|-----+ | | | | | | | | | | | +--+----+ | +-+-------++ | SFC | | |SFF1 | | | SFF3 | | adjustment | | +-------------------------+ | | | | +----+--+ | +---+------+ +^-------+ | | +----+-----+ | | | | | SFF2 | | | | +----------+ +----------+ | | NFVI +----------+ | +-----------------------------------------------------+ Figure 2. Service function chaining with VNFs at active-active Expires Jan 1,2018 [Page 5]  Internet-Draft Jul 1, 2017 3.2.3. Load balancing configuration In this case, a load balancer is deployed before active VNFs. These VNFs should be managed by a cluster manager placed on NFV-MANO. The traffic is distributed among VNFs in a cluster by the load balancer. When a VNF fails, the traffic comming to the failed VNF will be forwarded to another alive VNF in the cluster to process instead. In this case, the SFP adjustment is not needed. 3.3. High availability for NFV-MANO Clustering or redundancy mechanisms can be used to provide HA for NFV-MANO. Mechanisms depends on the sub components of the NFV-MANO. If the sub component is stateless, the cluster and load balancing can be used. If the sub component is stateful, other mechanisms such as active active or active standby can be used. 3.4. High availability for service function forwarder In the NFV environment, the service function forwarder is implemented as virtual switch (e.g. openvswitch). The virtual switch connects virtual NIC of the VMs to the physical NICs. The virtual switch redundancy is typically implemented by bonding multiple physical NICs to it. +-------------------------------+ | openvswitch (SFF) | | | | +---------------+ | | | vNIC (bonding)| | +--------++-------------+-------+ | | | | +---+-+ +-+----+ |pNIC1| | pNIC2| +-----+ +------+ Figure 3. NIC bonding for SFF HA Expires Jan 1,2018 [Page 6]  Internet-Draft Jul 1, 2017 3.5. High availability for virtual link Virtual links connect different connection points using different type of transport networks and protocols, such as VLAN, VXLAN, MPLS, IP. The recovery of failed or congested virtual links could use fast rerouting algorithms, e.g. MPLS fast rerouting. The SAL will determine the threshold of virtual link bandwidth or latency and rerouting algorithms to make another virtual link. In this case, the SFP adjustment is not required. +------------+ +---------+ | service +-^+ | | availability | | | level + | | +------------+ | | | NFV-MANO| | (E2E) | +-------+ +--------+ +-------+ | | | SFF1 | | SFF2 | | SFF3 | | | | | | | | | | | +---+---+ +--+-+---+ +----+--+ +----+----+ | | | | | | | | | +----v------+ | +------------+ | | +----------+ | | WAN | | | Transport | | | | Transport+--+ link | controller| +-----+ network +-----+ +--+ network +-----fails--^+--+--+--^--+ +-----^---+--+ +------+---+ | | | | | ^ reroute | | | | | reroute +--------------------+ | | +------------------------------------------------+ | | | +-----------------link fails--------------------+ Figure 4. High availability for virtual links 4. Multisite considerations In the case of multisite cloud-based SFC, if high availability mechanisms for VNF are deloyed over multisite (e.g. the active and standby machines are distributed into multiple geographical locations). Thus, when an active VNF fails, a standby VNF will be awoken in another site. In order to guarantee the high availability of SFC, the SFP should be adjusted and the SFF attached to failed VNF should tunnel packets to standby VNF in another site. The state synchronization is required among VNFs over multisites. The state synchronization can be done by direct links among multiple cloud locations or via the central NFV-MANO. Expires Jan 1,2018 [Page 7] Internet-Draft Jul 1, 2017 5. Security Considerations TBD. 6. IANA Considerations TBD. 7. References 7.1. Normative References [RFC7665] J. Halpern, C. Pignataro, "Service Function Chaining (SFC) architecture", IETF RFC 7665, Oct 2015 7.2. Informative References [ETSI-NFV-ARCH] Network Function Virtualisation (NFV): architectural framework [ETSI-NFV-REL001] Network Functions Virtualisation (NFV); Resiliency Requirements [ETSI-NFV-REL002] Network Functions Virtualisation (NFV); Reliability; Report on Scalable Architectures for Reliability Management [ETSI-NFV-REL003] Network Functions Virtualisation (NFV); Reliability; Report on Models and Features for End-to-End Reliability Expires Jan 1,2018 [Page 8]  Internet-Draft Jul 1, 2017 Authors' Addresses Truong-Xuan Do Soongsil University Changui Bldg. 403, (156-743) 511 Sangdo-Dong, Dongjak-Gu, Seoul, Korea Phone: +82 10 4473 6869 Email: thespring1989@gmail.com Younghan Kim Soongsil University 11F Hyungnam Engineering Bldg. 1107, (156-743) 511 Sangdo-Dong, Dongjak-Gu, Seoul, Korea Phone: +82-2-820-0904 Email: younghak@ssu.ac.kr Expires Jan 1,2018 [Page 9]