ovn4nfv - sfc
TRANSCRIPT
OVN4NFV - SFCGoal: To have Cloud native SFC through K8s CustomresourcesOverviewContacts: [email protected]; [email protected]
Agenda
• Why network functions in Edge & K8s clusters?
• Edge-computing scenario to describe the K8s networking requirements
• Networking requirements
• OVN4NFV –SFC
• SDEWAN Use case
Application Transformation(AR/VR apps, Gaming, Analytics and Even traditional applications due to sovereignty and context)
mS4 mS4
mS3
mS2
mS1 mS1
WAN
Public/Private cloud
An App consisting of four Micro-services ms1 talks to ms2, ms2 to ms3 and ms3 to ms4ms1” is user facing service
“ms1”, “ms2” are expected to be there together“ms2” is stateful and hence need to talk to each other
• Proximity• Data sovereignty• Economics• Context
mS2
mS1 mS1
Network (LAN/WAN)
Edge Platform
Edge 1
mS2
mS1 mS1
Edge N
WAN
WAN
mS4
mS3
mS4
Public/Private cloud
Centralized computing to Geo distributed computing
Edge Platform
Cloud platform
Cloud Platform
External System
How does NFV based deployment with Cloud-native applications look like (Taking SDWAN with security NFs as an example)
Internet
Hardware (Multiple Nodes)
K8S Cluster
K8S Master
EXTRouterSDWAN
CNF
Provider Network 2
(OVN)
Virtual Network2
(OVN with LB)
SLB
Virtual Network1 (OVN
with LB)
Default Virtual network (OVN)
resident 1 Applications (Micro-Services)
POD POD PODIngress(L7 LB)
resident 2 Applications (Micro-Services)
POD POD POD
Ingress
(L7 LB)Ingress(L7 LB)
Provider network 1 (OVN using L2 breakout, OVN LB on L2 Switch)
Corp networks
M1
M2
M3
Mx Desktop/laptop/servers
SLB NGFW
View in Slide show
Networking Requirements
Internet
Hardware (Multiple Nodes)
K8S Cluster
K8S Master
EXTRouterSDWAN
CNF
Provider Network 2
(OVN)
Virtual Network2
(OVN with LB)
SLB
Virtual Network1 (OVN
with LB)
Default Virtual network (OVN)
resident 1 Applications (Micro-Services)
POD POD PODIngress(L7 LB)
resident 2 Applications (Micro-Services)
POD POD POD
Ingress
(L7 LB)Ingress(L7 LB)
Provider network 1 (OVN using L2 breakout, OVN LB on L2 Switch)
Corp networks
M1
M2
M3 SLB NGFW
Dynamic virtual Networks
Network function chainingNetwork function load
balancing
No changes to NFs No changes to AppsConfiguration via
operatorsFinite network
SRIOV Overlay networkingSmart NIC friendly & AF_XDP
for packet processing NFs
Provider networks Multiple interfacesFeatureReqmts
Considerations
Why did we choose OVN in for Edge Networking?
One of the best programmable controller
Hides OVS complexity
L2 CNI – Support for unicast, multicast, broadcast applications
One site level IPAM – No IP address restriction with number of nodes
Possible to implement critical features with table based pipeline(Firewall, Routing, Switching, Load balancing)
SmartNIC friendly
Broader eco-system
OVN for K8S and NFV Architecture blocks
Master
Virtual NW manager
Direct Provider Manager
sfc Manager
POD Watcher
Synchronizer (gRPC)
NFN grpc agentVLAN configurator
Route configurator
Linux KernelK
8s clu
ster
CNI Server
NFN Operator:• Exposes virtual, provider, chaining CRDs to
external world.• Programs OVN to create L2 switches.• Watches for PODs being coming up
• Assigns IP addresses for every network of the deployment.
• Looks for replicas and auto create routes for chaining to work.
• Create LBs for distributing the load across CNF replicas.
NFN agent:• Performs CNI operations.• Configures VLAN and Routes in Linux kernel (in
case of routes, it could do it in both root and network namespaces)
• Communicates with OVSDB to inform of provider interfaces. (creates ovs bridge and creates external-ids:ovn-bridge-mappings)
Direct configurator
sfc configurator
CNI shim
VLAN Provider manager
Kubelet
svc:
ovn
-nb
-tcp
:66
41
svc:ovn-sb-tcp:6642
nfn-operator
nfn-agent
OVN Controller
OVSDB
OVS-vswitchd
ovn-controller
OVN North DB
OVN NorthD
OVN South DB
ovn-control-plane
Min
ion
-01
Min
ion
-02
Min
ion
-n
Network traffic between pods
Master
Minion-01 Minion-02
eth0eth0
br-int
veth-p11 veth-p12
ovn4nfv-node1 genev_sys_6081
br-int
veth-p22 veth-p21
genev_sys_6081 ovn4nfv-node2
pod11
eth0
pod12
eth0
pod22
eth0
pod21
eth0
eth0
ovn4nfv-node0 ovn4nfv-node1 ovn4nfv-node2
ovn4nfvk8s-default-nw
Geneve
kube_pod_subnet:10.244.64.0/18
10.233.64.7
10.233.64.6
10.233.64.8
10.233.64.2
10.233.64.7 10.233.64.8
10.233.64.310.233.64.410.233.64.5
192.168.121.2
192.168.121.18
192.168.121.28
SNAT
External traffic
Inter traffic
Intra traffic
Virtual Network CR
apiVersion: k8splugin.opnfv.org/v1alpha1kind: Networkmetadata:name: ovn-priv-net
spec:cniType: Ovn4nfvipv4subnets:- subnet: 172.16.33.0/24name: subnet1gateway: 172.16.33.1/24excludeIps: 172.16.33.2 172.16.33.5..172.16.33.10
Creates OVN Switch with this configuration
Dynamic Multiple Network Interfaces
Pod Annotation k8splugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [
{ "name": “ovn-priv-net”, "interfaceRequest": "eth1" },{ "name": “ovn-prot-net”, "interfaceRequest": "eth2" }
]}’
• Assumes primary/first interface provided by another CNI• Supports Static IP addresses
Provider Network CR
apiVersion: k8splugin.opnfv.org/v1alpha1kind: OvnProviderNetworkmetadata:name: ovn-provider-net
spec:cniType: Ovn4nfvipv4subnets:- subnet: 172.16.33.0/24name: subnet1gateway: 172.16.33.1/24excludeIps: 172.16.33.2 172.16.33.5..172.16.33.10
providerNetworkType: vlanvlan:vlanId: 100providerInterfaceName: eth0Node: node1,node2logicalInterfaceName: eth0.100
Create OVN Switch and configures nodes
Provider Network Functionality
• CR creates OVN Switch• Per Node (can be list of nodes, “all” nodes or “any” node)
• Creates VLAN interfaces• Creates OVS Bridge and attaches VLAN interface• Configure ovs external-ids:ovn-bridge-mappings
• Pod annotation for attaching Provider network to a Podk8splugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [
{ "name": “ovn-provider-net”, "interfaceRequest": “net0" }]}’
Network Chaining CR
apiVersion: k8splugin.opnfv.org/v1alpha1kind: NetworkChainingmetadata:name: chain1namespace: vFW
spec:type: RoutingroutingSpec:leftNetwork:- networkName: ovn-provider1gatewayIP: 10.1.5.1subnet: 10.1.5.0/24
rightNetwork:- networkName: ovn-provider1gatewayIP: 10.1.10.1subnet: default
networkChain: app=slb, ovn-net1, app=ngfw, ovn-net2, app=sdwancnf
Inserts routes in Container Namespaces
Test scenario – to comprehend multiple deployment
variations
TM1
TM2 (External
Router)
Internet
MS2 (Dynamic
IP)
MS1(Dynamic
IP)
SLBNGFW
SDEWAN CNF
172.30.10.0/24 (Left -Provider network)
172.30.20.0/24(Right - Provider network)
DHCP Server
External existing entities VNF/CNFsDefault route: 172.30.10.3
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2
172.30.33.3 172.30.44.2
172.30.44.3 172.30.20.3
Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3
172.30.33.0/24 via 172.30.20.3
172.30.44.0/24 via 172.30.20.3
Default route: 172.30.20.2
Routes:Default via 172.30.20.2172.30.10.0/24 via 172.30.44.2172.30.33.0/24 via 172.30.44.2
Routes:Default via 172.30.44.3
172.30.10.0/24 via 172.30.33.2
Routes:Default via 172.30.33.3172.30.44.0/24via 172.30.33.3
172.30.10.0/24 via 172.30.10.2
172.30.10.101
Traffic from external entities with sfc
TM1
TM2 (External
Router)
Internet
MS2 (Dynamic
IP)
MS1(Dynamic
IP)
SLBNGFW
SDEWAN CNF
172.30.10.0/24 (Left -Provider network)
172.30.20.0/24(Right - Provider network)
DHCP Server
External existing entities VNF/CNFsDefault route: 172.30.10.3
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2
172.30.33.3 172.30.44.2
172.30.44.3 172.30.20.3
Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3
172.30.33.0/24 via 172.30.20.3
172.30.44.0/24 via 172.30.20.3
Default route: 172.30.20.2
Routes:Default via 172.30.20.2172.30.10.0/24 via 172.30.44.2172.30.33.0/24 via 172.30.44.2
Routes:Default via 172.30.44.3
172.30.10.0/24 via 172.30.33.2
Routes:Default via 172.30.33.3172.30.44.0/24via 172.30.33.3
172.30.10.0/24 via 172.30.10.2
172.30.10.101
Traffic from pod within the cluster with sfc
TM1
TM2 (External
Router)
Internet
MS2 (Dynamic
IP)
MS1(Dynamic
IP)
SLBNGFW
SDEWAN CNF
172.30.10.0/24 (Left -Provider network)
172.30.20.0/24(Right - Provider network)
DHCP Server
External existing entities VNF/CNFsDefault route: 172.30.10.3
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2
172.30.33.3 172.30.44.2
172.30.44.3 172.30.20.3
Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3
172.30.33.0/24 via 172.30.20.3
172.30.44.0/24 via 172.30.20.3
Default route: 172.30.20.2
Routes:Default via 172.30.20.2172.30.10.0/24 via 172.30.44.2172.30.33.0/24 via 172.30.44.2
Routes:Default via 172.30.44.3
172.30.10.0/24 via 172.30.33.2
Routes:Default via 172.30.33.3172.30.44.0/24via 172.30.33.3
172.30.10.0/24 via 172.30.10.2
172.30.10.101
Traffic from external entities – Firewall icmp reject
TM1
TM2 (External
Router)
Internet
MS2 (Dynamic
IP)
MS1(Dynamic
IP)
SLBNGFW
SDEWAN CNF
172.30.10.0/24 (Left -Provider network)
172.30.20.0/24(Right - Provider network)
DHCP Server
External existing entities VNF/CNFsDefault route: 172.30.10.3
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2
172.30.33.3 172.30.44.2
172.30.44.3 172.30.20.3
Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3
172.30.33.0/24 via 172.30.20.3
172.30.44.0/24 via 172.30.20.3
Default route: 172.30.20.2
Routes:Default via 172.30.20.2172.30.10.0/24 via 172.30.44.2172.30.33.0/24 via 172.30.44.2
Routes:Default via 172.30.44.3
172.30.10.0/24 via 172.30.33.2
Routes:Default via 172.30.33.3172.30.44.0/24via 172.30.33.3
172.30.10.0/24 via 172.30.10.2
172.30.10.101
Traffic from pod within the cluster – Firewall icmp reject
TM1
TM2 (External
Router)
Internet
MS2 (Dynamic
IP)
MS1(Dynamic
IP)
SLBNGFW
SDEWAN CNF
172.30.10.0/24 (Left -Provider network)
172.30.20.0/24(Right - Provider network)
DHCP Server
External existing entities VNF/CNFsDefault route: 172.30.10.3
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2
172.30.33.3 172.30.44.2
172.30.44.3 172.30.20.3
Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3
172.30.33.0/24 via 172.30.20.3
172.30.44.0/24 via 172.30.20.3
Default route: 172.30.20.2
Routes:Default via 172.30.20.2172.30.10.0/24 via 172.30.44.2172.30.33.0/24 via 172.30.44.2
Routes:Default via 172.30.44.3
172.30.10.0/24 via 172.30.33.2
Routes:Default via 172.30.33.3172.30.44.0/24via 172.30.33.3
172.30.10.0/24 via 172.30.10.2
172.30.10.101
OVN4NFV Status
Current• Dynamic Network Creation • VLAN Provider Network Support – Controller and Agent• Direct Provider Network Support – Controller and Agent• SFC feature – Controller and Agent • Kubespray default primary network plugin• Tested with sdewan CNFs and SDEWAN Controller
Link to Repo:https://github.com/akraino-edge-stack/icn-ovn4nfv-k8s-network-controllerhttps://github.com/kubernetes-sigs/kubespray/blob/master/docs/ovn4nfv.md
Upcoming features in OVN4NFV
Work In Progress• Multiple SFC Network chaining – Working on 4 SFC models• SRIOV NIC as primary network interfaces• Using OVN Load balancer for Kubernetes service(without kube-proxy)• SFC support with OVN load balancer support for NF Elasticity• Network policy with OVS• Proxy less service mesh with OVN & Ipsec in network namespace• IPv6 support• Traffic interception method with 5G UPF• Kubespray Centos CI/CD, SFC advance testing
SFC Model in KubernetesGoal: Labels eliminates Pod annotationsOverviewContacts: [email protected]; [email protected]
POD1NS1
POD2NS2
POD3NS2
POD MNS1
POD NNS2
POD KNS2
SFC Chain
Model 1Only Labels
vNAT CNF
SLB
NGFW
SDEWANCNF
172.30.20.0/24(virtual network 2)
External existing entities VNF/CNFs
Default route: 172.30.10.3
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2172.30.33.3 172.30.44.2
172.30.44.3
172.30.20.3
Routes:Default via 169.254.1.1172.30.10.0/24 via 172.30.20.3172.30.33.0/24 via 172.30.20.3172.30.44.0/24 via 172.30.20.3
IP : 172.30.20.4
net2 net3
Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 dev net2172.30.20.0/24 via 172.30.33.3 dev net2172.30.33.0/24 dev net3172.30.44.0/24 via 172.30.33.3 dev net2192.168.121.0/27 via 169.254.1.1
Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0
Routes:default via 172.30.20.2 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.10.0/24 via 172.30.44.2 dev net2172.30.44.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2172.30.20.4/32 via 172.30.20.4 dev net3192.168.121.0/27 via 169.254.1.1 dev eth0
net2 net3
net2
net3
172.30.10.0/24( virtual network 1)
Virtual router
CNF
Routes:Default via 169.254.1.1172.30.10.0/24 via 172.30.60.3172.30.33.0/24 via 172.30.60.3172.30.44.0/24 via 172.30.60.3
IP : 172.30.20.2
nginx
PrimaryNetworks
(Calico/Flannel/Canal)
Pod X
Routes:default via 172.30.50.3 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth010.154.128.0/18 dev net1 169.254.1.1 dev eth0 192.168.121.0/27 via 169.254.1.1
net2
net2
net2
eth0
eth0
eth0
Using only one virtual networks at head – tail of SFC
& pod labelsInter traffic with SFC
External traffic with SFC
Inter traffic without SFC
Internet
Pod X
Pod y
Pod z
App: vPWG
App: vBNG
App:vNat
App:vRouter
vNAT CNF
SLB
NGFW
SDEWANCNF
172.30.20.0/24(virtual network 3)
External existing entities VNF/CNFs
Default route: 172.30.10.3
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2172.30.33.3 172.30.44.2
172.30.44.3
172.30.20.3
Routes:Default via 169.254.1.1172.30.10.0/24 via 172.30.20.3172.30.33.0/24 via 172.30.20.3172.30.44.0/24 via 172.30.20.3
IP : 172.30.20.4
net2 net3
Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 dev net2172.30.20.0/24 via 172.30.33.3 dev net2172.30.33.0/24 dev net3172.30.44.0/24 via 172.30.33.3 dev net2192.168.121.0/27 via 169.254.1.1
Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.40.0/24 dev net3172.30.10.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0
Routes:default via 172.30.20.2 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.10.0/24 via 172.30.44.2 dev net2172.30.44.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2172.30.20.4/32 via 172.30.20.4 dev net3192.168.121.0/27 via 169.254.1.1 dev eth0
net2 net3
net2
net3
172.30.10.0/24( virtual network 1)
Pod z
Virtual router
CNF
Routes:Default via 169.254.1.1172.30.10.0/24 via 172.30.60.3172.30.33.0/24 via 172.30.60.3172.30.44.0/24 via 172.30.60.3
Pod X
Pod y
IP : 172.30.20.2
nginx
PrimaryNetworks
(Calico/Flannel/Canal)
Pod X
Routes:default via 172.30.50.3 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth010.154.128.0/18 dev net1 169.254.1.1 dev eth0 192.168.121.0/27 via 169.254.1.1
net2
net2
net2
eth0
eth0
eth0
Using only one virtual networks at head – tail of SFC
& pod labelsInter traffic with SFC
External traffic with SFC
Inter traffic without SFC
Internet
App: vPWG
App: vBNG
App:vNat
App:vRouter
SFC Chain
M1
VLAN X
VLAN Y
VLAN A
VLAN B
Model 2Provider
network only
Using provider networks only(only servers connected)
Server 2
SLBWeb Proxy
vFW CNF
172.30.20.0/24(Provider network 3)
External existing entities VNF/CNFs
Default route: 172.30.10.3
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2172.30.33.3 172.30.44.2
172.30.44.3 172.30.20.3
net2 net3net2 net3
net2 net3
172.30.10.0/24( Provider network 1)
Server 1
172.30.50.0/24(Provider network 2)
172.30.50.3
net4Default route: 172.30.50.3
Router
Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3172.30.33.0/24 via 172.30.20.3172.30.44.0/24 via 172.30.20.310.233.97.0/24 via 172.30.20.3
172.30.60.0/24(Provider network 4)
net4
172.30.60.3
Packetgenerator
Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1
Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3192.168.121.0/27 via 169.254.1.1 dev eth0
Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0
IP : 172.30.20.4
IP : 172.30.60.2
Internet
Using provider networks only(only servers connected)
Server 2
SLBWeb Proxy
vFW CNF
172.30.20.0/24(Provider network 3)
External existing entities VNF/CNFs
Default route: 172.30.10.3
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2172.30.33.3 172.30.44.2
172.30.44.3 172.30.20.3
net2 net3net2 net3
net2 net3
172.30.10.0/24( Provider network 1)
Server 1
172.30.50.0/24(Provider network 2)
172.30.50.3
net4Default route: 172.30.50.3
Router
Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3172.30.33.0/24 via 172.30.20.3172.30.44.0/24 via 172.30.20.310.233.97.0/24 via 172.30.20.3
172.30.60.0/24(Provider network 4)
net4
172.30.60.3
Packetgenerator
Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1
Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3192.168.121.0/27 via 169.254.1.1 dev eth0
Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0
IP : 172.30.20.4
Inter traffic with SFC
External traffic with SFC
IP : 172.30.60.2
Internet
SFC Chain
M1
VLAN X
VLAN Y
VLAN A
VLAN B
POD1NS1
POD2NS2
POD3NS2
POD MNS1
POD NNS2
POD KNS2
Model 3 & 4Hybrid model
Labels + provider network
Using 2 provider networks & one Virtual networks with pod
labels
SLBWeb Proxy
vFW CNF
172.30.20.0/24(Provider network 3)
External existing entities VNF/CNFs
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2172.30.33.3 172.30.44.2
172.30.44.3
172.30.20.3
net2
net3net2 net3
net2
net3
172.30.10.0/24( Provider network 1)
Server 1
172.30.50.0/24(Provider network 2)
172.30.50.3net4
Default route: 172.30.50.3
Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3172.30.33.0/24 via 172.30.20.3172.30.44.0/24 via 172.30.20.310.233.97.0/24 via 172.30.20.3
net4
172.30.60.3
Packetgenerator
Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1
Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0
Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0
IP : 172.30.20.4
IP : 172.30.60.2
Pod 2
nginxnet2eth0
net2
Pod 1
routers
172.30.60.0/24(Provider network 4)
server2
Pod N
Pod M
nginxnet2 eth0
172.30.70.0/24( virtual network 1) 172.30.80.0/24
( virtual network 2)
Internet
App: vBNG
App: vPNG App: vNAT
PrimaryNetworks
(Calico/Flannel/Canal)
PrimaryNetworks
(Calico/Flannel/Canal)
SLBWeb Proxy
vFW CNF
172.30.20.0/24(Provider network 3)
External existing entities VNF/CNFs
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2172.30.33.3 172.30.44.2
172.30.44.3 172.30.20.3
net2
net3net2 net3
net2 net3
172.30.10.0/24( Provider network 1)
Server 1
172.30.50.0/24(Provider network 2)
172.30.50.3net4
Default route: 172.30.50.3
net4
172.30.60.3
Packetgenerator
Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1
Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0
Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0
IP : 172.30.20.4
IP : 172.30.60.2
Pod 2
nginxnet2eth0
net2
Pod 1
routers
172.30.60.0/24(Provider network 4)
server2
Pod N
Pod M
nginx
Inter traffic with SFC
External traffic with SFC
Inter traffic without SFC
net2 eth0
Using 2 provider networks & one Virtual networks with pod
labels – Model 3
Internet
App: vBNG
App: vPNG App: vNAT
172.30.70.0/24( virtual network 1) 172.30.80.0/24
( virtual network 2)
PrimaryNetworks
(Calico/Flannel/Canal)
PrimaryNetworks
(Calico/Flannel/Canal)
SLBWeb Proxy
vFW CNF
172.30.20.0/24(Provider network 3)
External existing entities VNF/CNFs
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2172.30.33.3 172.30.44.2
172.30.44.3
172.30.20.3
net2
net3net2 net3
net2
net3
172.30.10.0/24( Provider network 1)
Server 1
172.30.50.0/24(Provider network 2)
172.30.50.3net4
Default route: 172.30.50.3
net4
172.30.60.3
Packetgenerator
Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1
Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0
Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0
IP : 172.30.20.4
IP : 172.30.60.2
Pod 2
nginxnet2eth0
net2
Pod 1
routers
172.30.60.0/24(Provider network 4)
server2
Pod N
Pod M
nginx
Inter traffic with SFC
External traffic with SFC
Inter traffic without SFC
net2 eth0
Using 2 provider networks & one Virtual networks with pod
labels – Model 3
Internet
App: vBNG
App: vPNG App: vNAT
172.30.70.0/24( virtual network 1) 172.30.80.0/24
( virtual network 2)
PrimaryNetworks
(Calico/Flannel/Canal)
PrimaryNetworks
(Calico/Flannel/Canal)
SLBWeb Proxy
vFW CNF
172.30.20.0/24(Provider network 3)
External existing entities VNF/CNFs
172.30.10.3
172.30.33.0/24(Dynamic network)
dync-net1
172.30.44.0/24(Dynamic network)
dync-net2
172.30.33.2172.30.33.3 172.30.44.2
172.30.44.3 172.30.20.3
net2
net3net2 net3
net2 net3
172.30.10.0/24( Provider network 1)
Server 1
172.30.50.0/24(Provider network 2)
172.30.50.3net4
Default route: 172.30.50.3
net4
172.30.60.3
Packetgenerator
Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1
Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0
Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0
IP : 172.30.20.4
IP : 172.30.60.2
Pod 2
nginxnet2eth0
net2
Pod 1
routers
172.30.60.0/24(Provider network 4)
server2
Pod N
Pod M
nginx
Inter traffic with SFC
External traffic with SFC
Inter traffic without SFC
net2 eth0
Using 2 provider networks & one Virtual networks with pod
labels – Model 4
Internet
App: vBNG
App: vPNG App: vNAT
172.30.70.0/24( virtual network 1) 172.30.80.0/24
( virtual network 2)
PrimaryNetworks
(Calico/Flannel/Canal)
PrimaryNetworks
(Calico/Flannel/Canal)