SFC With NSH And OVS
SFC with NSH and OVSThomas Graf (@tgraf )Uri Elzur (@ElzurUri)Russell Bryant (@russellbryant)Danny ZhouNovember 16th, 2015
What is SFC?Programmable chains of Network FunctionsVNF1Endpoint AVNF2VNF3Endpoint B
Why SFC for OVS? Service functions are being virtualized, become morescalable and are migrated to live in VMs OVS is usually the first forwarding point to redirectpackets to a service graph
What is NSH?VNF1VNF2VNF3PACKETPACKETNSH1 2 3NSH1 2 3e.g. VXLANe.g. VXLANEndpointAEndpointBPACKET Carries service graph service metadata in additional header Allows VNFs to exchange metadata
Is NSH just another encap for OVS? Almost, but an NSH vport won’t work: Guests (VNFs) require to see the NSH headers A push/pop action like VLAN is a better comparison Lightweight Tunnel (LWT) in datapath requires somework to feed encapsulated packets back into OVS forforwarding to VNF
NSH-Based SFC in OvSPass metadata / changemetadata / add externalheaders as metadataControlPlanefwd-table(SPI, SI,Symmetric,end of chain)VM(VNF)NSH awareSF (VNF)LCL2 UDP VXLAN-gpeNext protocol NSHLCL2 UDP VXLAN-gpeNext protocol NSHL2 UDPSFFLCVxLANdecapLCEncapCLASSIFYNSH-aware OpenvSwitchNSH-awareSFF(act Forwardingas SFF)CLASSIFYNSHEncapTxPort ( vTEP) SF is “trusted” Keep state E.g. NAT, SI Decap/Encap from local to external Shared VNI – VxLAN and gpe?SFFPlainOldvSwitchUDPUDP VXLAN-gpeNext protocol NSHVXLANNSHNext IPv4SPI, Rx Control of vSwitch Port vTEP decap action? OvS recognize & pass VxLAN-gpe and NSH(NSH patch/s ) Local Circuit header required to form a “legal”NSH packet Ability to pass LC tunnel NSH headers to SF Header passing exclusively to SFs? How to identify an SF? Multi-tenant SF: External VXLAN SHOULD be sent to SF Authority of SFF or OvS?PlaneNSHEncapLCVXLANNSHNext IPv4SPI, MetadataNSHNext IPv4SPI, MetadataVxLANgpeEncapPort( vTEP)Originalpacket3 packetformatexamplesL2 UDPL2 UDP VXLAN-gpeNext protocol NSHVXLANNSHNext IPv4SPI, MetadataOriginalpacketOriginalpacket6
SFC, ODL and OvS OF TablesPort SSIFY ngDistributedLBaaS
SFC in NFV systems with OpenDaylightFunctional code, 2nd release in progressUsed by OPNFV, allows the orchestrator tocreate Service Graph
SFC use by OPNFV
OpenStack SFC API Proposed SFC API for OpenStack Neutron -- “networking-sfc” /api.html API defines a service chain as: Flow classifier - definition of what traffic enters the chain An ordered list of Neutron ports that define the chain Correlation type -- chain metadata encapsulation type8
SFC in OVN Status: discussion and early prototyping Prototype based on chaining logical ports on a single logical switch Seems like SFC will have a place in OVN Lots of questions to answer to come up with a design
SFC in OVN - Metadata Metadata in and out of the VM networking-sfc defines use of an MPLS header NSH seems to have the most interest Metadata between hosts OVN uses Geneve today Could use vxlan-gpe NSH in the future
SFC in OVN -- Classifier OVN already exposes a nice traffic matching syntax We can reuse this for SFC See “match” for ACLs in OVN Northbound DB Examples: HTTP: ip && tcp && tcp.dst {80,443} SIP: ip && ((tcp && tcp.dst {5060,5061}) (udp && udp.dst {5060,5061}))
SFC in OVN’s Northbound DB Could add as a new action to ACLs Are priorities enough, or do we need separate stages for ACLs and chaining? Defining chains Could be arguments to a chain() action Can add new tables for structured chaining definition if needed
Conclusions and next steps Asks of OVS for SFC NSH encap/decap, VxLAN-gpe encap/decap, VxLAN to VxLAN-gpe interop Local Circuit and External, control Tunnel port actions! Multi Tenant support – allow external headers and multi VNI to a multi-tenant SF SF privileges vs. VM Expose data plane / local capabilities to orchestrator for best SF placement Watch ovs-dev for discussion of OVN SFC design in coming weeks
A push/pop action like VLAN is a better comparison Lightweight Tunnel (LWT) in datapath requires some work to feed encapsulated packets back into OVS for forwarding to VNF . 6 . OpenStack SFC API Proposed SFC API for OpenStack Neutron -- “networking-sfc”
OpenStack and OVS: From Love-Hate Relationship to Match Made in Heaven Chloe Jian Ma Senior Director, Cloud Market Development Erez Cohen Senior Director, . Action Classify Action SR-IOV VM 11/11/2015 Mellanox OVS Offload for OPNFV. OVS Architecture and Operations 11/11/2015 Mellanox OVS Offload for OPNFV 9 OVS-vswitchd
War also known as SFC II or as it is often referred to in this manual just plain SFC. SFC is a game of Starship combat set in the 23rd century world of Star Trek. In SFC II, a new more immersing single player and online experience has been added; known collectively as the Metaverse. The Metaverse will allow you to play as a member of
SFC pour SIMATIC S7 1 Principes fondamentaux de SFC 2 Démarrage et commande 3 Création de la structure de projet 4 Modification des propriétés du diagramme, du type et de l'instance 5 Configurer des commandes séquentielles 6 Compilation des diagrammes et des types SFC 7 Chargement dans l'AS 8 Comportement des commandes séquentielles
AHV uses Open vSwitch (OVS) to connect the CVM, the hypervisor, and guest VMs to each other and to the physical network. The OVS service, which starts automatically, runs on each AHV node. Open vSwitch OVS is an open source software switch implemented in the Linux kernel and designed to work in a multiserver virtualization environment.
deepwater well intervention system offers a means to safely connect in a 6-3/8 inch borehole, from a vessel or rig on the water's surface, to subsea wells up to 15,000 psi in water as deep as 10,000 feet (3,000 m). Trident-OVS 15K Light Well Intervention System Subsea Systems Trident-OVS Light Well Intervention System 3 BOOST PRODUCTION
Click the Browse button and navigate to the sfc.exe file (C:\Program Files\Cisco\AMP\x.x.x.x\sfc.exe for versions 5.1.1 and higher or C:\Program Files\Sourcefire\FireAMP\x.x.x\sfc.exe for prev ious versions by default where x.x.x is the AMP for Endpoints Connector version number) and click OK. 7. Click the Add button then click Save changes.
pragmatic to facilitate remote working arrangements and different methods of achieving regulatory . we may raise objections to listing applications or direct The Stock Exchange of Hong Kong Limited (SEHK) to suspend trading in a . SFC Annual Report 2019-20 Strategic Priorities. SFC Annual Report 2019-20 Message from Chairman and CEO .
organisasi yang sejenis, lembaga, dana pensiun, bentuk usaha tetap serta bentuk badan usaha lainnya; o. Perdagangan adalah kegiatan jual beli barang atau jasa yang dilakukan secara terus menerus dengan tujuan pengalihan hak atas barang atau jasa dengan disertai imbalan atau kompensasi; p. Perusahaan adalah setiap bentuk usaha yang menjalankan .
