Presentation is loading. Please wait.

Presentation is loading. Please wait.

Service Function Chaining-Enabled

Published byΕυρυδίκη Κοσμόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "Service Function Chaining-Enabled"— Presentation transcript:

1 Service Function Chaining-Enabled
I2NSF Architecture (draft-hyun-i2nsf-nsf-triggered-steering-05) IETF 101, London March 21, 2018 Sangwon Hyun, Jaehoon (Paul) Jeong [Presenter], Jung-Soo Park, and Susan Hare

2 Updates from the Previous Version
Changes from draft-hyun-i2nsf-nsf-triggered-steering-04: Section 7.4 has been added in order to discuss the implementation considerations of a Service Function Chaining (SFC)-enabled I2NSF Architecture. This section discusses the implementation of traffic steering by using OpenDaylight Controller supporting SFC. The references have been updated to reflect the latest documents.

3 SFC Consideration Security Controller configures the classifier with service function chain/path information. Security Controller generates the forwarding information table of NSFs and configures the SFF with it. Arial Security Controller Forwarding information table to identify the next NSF from a given SPI and SI NSF path information Mapping between capability names and NSFs SPI SI NH Transport protocol 2 1 GRE SPI 1: NSF1 SPI 2: NSF1  NSF2 Classifier SFF

4 SFC Implementation Consideration
I2NSF Security Controller Function SDN Switch Controller Function SDN Switch Traffic Steering Function Operate to support Service Function Chain SFC element(e.g., SF, SFF, SFC, SFP…) is created, updated, deleted for NSF Chain I2NSF Security Controller Function Arial According to security policy rules, generates the policies of the identified NSF Chain. Security Controller SDN Switch Controller Deliver NSF Chain SDN Switch Controller Function Deliver the generated traffic forwarding rule Data Plane Elements processes Forwarding traffic based on the traffic forwarding rules SDN Switch (e,g,. SFF) SDN Switch Traffic Steering Function

5 Next Steps The Service Function Chaining (SFC) of NSFs chaining with capability names (e.g., firewall, DPI, and DDoS attack mitigation) is required to fit into the I2NSF framework. For this, we need to consider a new interface called I2NSF-SFC Interface to support the Service Function Chaining (SFC) of NSFs. Design of I2NSF-SFC Interface We will design the Information Model & YANG Data Model of I2NSF-SFC Interface. Arial

6 Appendix (1/3) SFC-based Packet Forwarding in I2NSF
To trigger an advanced security action, NSF1 appends the capability name required for the advanced security action into NSH. Classifier SFF NSF1 NSF2 packet NSH Re-classification request & response NSH includes Service Path Identifier (e.g., SPI=1) Service Index (e.g., SI=255) Capability name required for an advanced security action (e.g., DPI) SPI 1: NSF1 SPI 2: NSF1  NSF2

7 Appendix (2/3) Classifier SFF ❶ NSF1 NSF2 SPI 1: NSF1
packet NSH Re-classification request & response NSH includes Service Path Identifier (e.g., SPI=1) Service Index (e.g., SI=2) NSF name required for an advanced security action (e.g., DPI) SPI 1: NSF1 SPI 2: NSF1  NSF2 The classifier may be co-resident with the NSFs. Identify the particular NSF for DPI (NSF2 is a DPI.) specified in NSH and determine the new NSF path of the packet Re-classification to change the existing path into the new one (SPI=2, SI=1) `

8 Appendix (3/3) Classifier SFF NSF1 NSF2 ❶ SPI 1: NSF1
packet NSH Re-classification request & response SPI 1: NSF1 SPI 2: NSF1  NSF2 Packet forwarding Interpret the NSF path information Identify the next NSF on the path Forward the packet to the next NSF SPI=2, SI=1 SPI SI NH Transport protocol 2 1 GRE

Download ppt "Service Function Chaining-Enabled"

Similar presentations

Surendra Kumar Jim Guichard Paul Quinn Cisco Systems, Inc.

Surendra Kumar Jim Guichard Paul Quinn Cisco Systems, Inc.
Network Service Header (NSH) draft-quinn-sfc-nsh IETF 90

Network Service Header (NSH) draft-quinn-sfc-nsh IETF 90
Report of Interconnectivity Testing of Service Function Chaining by Six Companies NTT Alaxala Networks Cisco Systems Hitachi Alcatel-Lucent Japan et al.

Report of Interconnectivity Testing of Service Function Chaining by Six Companies NTT Alaxala Networks Cisco Systems Hitachi Alcatel-Lucent Japan et al.
Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park

Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park
MIF API draft-ietf-mif-api-extension-05 Dapeng Liu.

MIF API draft-ietf-mif-api-extension-05 Dapeng Liu.
Draft-ietf-sfc-architecture Prepared by Carlos Pignataro and Joel Halpern.

Draft-ietf-sfc-architecture Prepared by Carlos Pignataro and Joel Halpern.
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
DMM Framework based on Functional Elements draft-liebsch-dmm-framework-analysis-02 M. Liebsch, P. Seite, G. Karagiannis IETF88, Vancouver DMM WG 08 th.

DMM Framework based on Functional Elements draft-liebsch-dmm-framework-analysis-02 M. Liebsch, P. Seite, G. Karagiannis IETF88, Vancouver DMM WG 08 th.
Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF.

Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF.
Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace.

Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace.
Service Function Chaining Use Cases draft-liu-service-chaining-use-cases IETF 89 London, March 3, 2014 Will Liu, Hongyu Li, Oliver Huang, Huawei Technologies.

Service Function Chaining Use Cases draft-liu-service-chaining-use-cases IETF 89 London, March 3, 2014 Will Liu, Hongyu Li, Oliver Huang, Huawei Technologies.
Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.

Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.
Update on the IETF Diffserv Working Group NANOG 13 Detroit, MI June 8, 1998 Kathleen M. Nichols

Update on the IETF Diffserv Working Group NANOG 13 Detroit, MI June 8, 1998 Kathleen M. Nichols
1 Header Compression over IPsec (HCoIPsec) Emre Ertekin, Christos Christou, Rohan Jasani {

1 Header Compression over IPsec (HCoIPsec) Emre Ertekin, Christos Christou, Rohan Jasani {
Network Service Header (NSH) draft-quinn-sfc-nsh IETF 89 A. Chauhan Citrix U. Elzur Intel B. McConnell Rackspace C. Wright Red Hat Inc. P. Quinn J. Guichard.

Network Service Header (NSH) draft-quinn-sfc-nsh IETF 89 A. Chauhan Citrix U. Elzur Intel B. McConnell Rackspace C. Wright Red Hat Inc. P. Quinn J. Guichard.
Network Service Header (NSH) draft-ietf-sfc-nsh-04 IETF95, Buenos Aires, March 2016 Paul Quinn, Editor Uri Elzur, Editor.

Network Service Header (NSH) draft-ietf-sfc-nsh-04 IETF95, Buenos Aires, March 2016 Paul Quinn, Editor Uri Elzur, Editor.
J. Halpern (Ericsson), C. Pignataro (Cisco)

J. Halpern (Ericsson), C. Pignataro (Cisco)
Draft-fm-bess-service-chaining-01 Prague, July 2015 Rex Fernando Stuart Mackie Dhananjaya Rao Bruno Rijsman Maria Napierala.

Draft-fm-bess-service-chaining-01 Prague, July 2015 Rex Fernando Stuart Mackie Dhananjaya Rao Bruno Rijsman Maria Napierala.
SFC Trace Issue Analysis and Solutions IETF 94 Yokohama draft-yang-sfc-trace-issue-analysis-00 Xu. Yang L. Zhu G. Karagiannis.

SFC Trace Issue Analysis and Solutions IETF 94 Yokohama draft-yang-sfc-trace-issue-analysis-00 Xu. Yang L. Zhu G. Karagiannis.
Interface to Network Security Functions (I2NSF) Chairs: Linda Dunbar Adrian Farrel IETF 94, Tuesday November 3, 2015, 09.00.

Interface to Network Security Functions (I2NSF) Chairs: Linda Dunbar Adrian Farrel IETF 94, Tuesday November 3, 2015,

Similar presentations

Ads by Google