ovn4nfv - sfc

32
OVN4NFV - SFC Goal: To have Cloud native SFC through K8s Custom resources Overview Contacts: [email protected] ; [email protected]

Upload: others

Post on 03-Oct-2021

24 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: OVN4NFV - SFC

OVN4NFV - SFCGoal: To have Cloud native SFC through K8s CustomresourcesOverviewContacts: [email protected]; [email protected]

Page 2: OVN4NFV - SFC

Agenda

• Why network functions in Edge & K8s clusters?

• Edge-computing scenario to describe the K8s networking requirements

• Networking requirements

• OVN4NFV –SFC

• SDEWAN Use case

Page 3: OVN4NFV - SFC

Application Transformation(AR/VR apps, Gaming, Analytics and Even traditional applications due to sovereignty and context)

mS4 mS4

mS3

mS2

mS1 mS1

WAN

Public/Private cloud

An App consisting of four Micro-services ms1 talks to ms2, ms2 to ms3 and ms3 to ms4ms1” is user facing service

“ms1”, “ms2” are expected to be there together“ms2” is stateful and hence need to talk to each other

• Proximity• Data sovereignty• Economics• Context

mS2

mS1 mS1

Network (LAN/WAN)

Edge Platform

Edge 1

mS2

mS1 mS1

Edge N

WAN

WAN

mS4

mS3

mS4

Public/Private cloud

Centralized computing to Geo distributed computing

Edge Platform

Cloud platform

Cloud Platform

External System

Page 4: OVN4NFV - SFC

How does NFV based deployment with Cloud-native applications look like (Taking SDWAN with security NFs as an example)

Internet

Hardware (Multiple Nodes)

K8S Cluster

K8S Master

EXTRouterSDWAN

CNF

Provider Network 2

(OVN)

Virtual Network2

(OVN with LB)

SLB

Virtual Network1 (OVN

with LB)

Default Virtual network (OVN)

resident 1 Applications (Micro-Services)

POD POD PODIngress(L7 LB)

resident 2 Applications (Micro-Services)

POD POD POD

Ingress

(L7 LB)Ingress(L7 LB)

Provider network 1 (OVN using L2 breakout, OVN LB on L2 Switch)

Corp networks

M1

M2

M3

Mx Desktop/laptop/servers

SLB NGFW

View in Slide show

Page 5: OVN4NFV - SFC

Networking Requirements

Internet

Hardware (Multiple Nodes)

K8S Cluster

K8S Master

EXTRouterSDWAN

CNF

Provider Network 2

(OVN)

Virtual Network2

(OVN with LB)

SLB

Virtual Network1 (OVN

with LB)

Default Virtual network (OVN)

resident 1 Applications (Micro-Services)

POD POD PODIngress(L7 LB)

resident 2 Applications (Micro-Services)

POD POD POD

Ingress

(L7 LB)Ingress(L7 LB)

Provider network 1 (OVN using L2 breakout, OVN LB on L2 Switch)

Corp networks

M1

M2

M3 SLB NGFW

Dynamic virtual Networks

Network function chainingNetwork function load

balancing

No changes to NFs No changes to AppsConfiguration via

operatorsFinite network

SRIOV Overlay networkingSmart NIC friendly & AF_XDP

for packet processing NFs

Provider networks Multiple interfacesFeatureReqmts

Considerations

Page 6: OVN4NFV - SFC

Why did we choose OVN in for Edge Networking?

One of the best programmable controller

Hides OVS complexity

L2 CNI – Support for unicast, multicast, broadcast applications

One site level IPAM – No IP address restriction with number of nodes

Possible to implement critical features with table based pipeline(Firewall, Routing, Switching, Load balancing)

SmartNIC friendly

Broader eco-system

Page 7: OVN4NFV - SFC

OVN for K8S and NFV Architecture blocks

Master

Virtual NW manager

Direct Provider Manager

sfc Manager

POD Watcher

Synchronizer (gRPC)

NFN grpc agentVLAN configurator

Route configurator

Linux KernelK

8s clu

ster

CNI Server

NFN Operator:• Exposes virtual, provider, chaining CRDs to

external world.• Programs OVN to create L2 switches.• Watches for PODs being coming up

• Assigns IP addresses for every network of the deployment.

• Looks for replicas and auto create routes for chaining to work.

• Create LBs for distributing the load across CNF replicas.

NFN agent:• Performs CNI operations.• Configures VLAN and Routes in Linux kernel (in

case of routes, it could do it in both root and network namespaces)

• Communicates with OVSDB to inform of provider interfaces. (creates ovs bridge and creates external-ids:ovn-bridge-mappings)

Direct configurator

sfc configurator

CNI shim

VLAN Provider manager

Kubelet

svc:

ovn

-nb

-tcp

:66

41

svc:ovn-sb-tcp:6642

nfn-operator

nfn-agent

OVN Controller

OVSDB

OVS-vswitchd

ovn-controller

OVN North DB

OVN NorthD

OVN South DB

ovn-control-plane

Min

ion

-01

Min

ion

-02

Min

ion

-n

Page 8: OVN4NFV - SFC

Network traffic between pods

Master

Minion-01 Minion-02

eth0eth0

br-int

veth-p11 veth-p12

ovn4nfv-node1 genev_sys_6081

br-int

veth-p22 veth-p21

genev_sys_6081 ovn4nfv-node2

pod11

eth0

pod12

eth0

pod22

eth0

pod21

eth0

eth0

ovn4nfv-node0 ovn4nfv-node1 ovn4nfv-node2

ovn4nfvk8s-default-nw

Geneve

kube_pod_subnet:10.244.64.0/18

10.233.64.7

10.233.64.6

10.233.64.8

10.233.64.2

10.233.64.7 10.233.64.8

10.233.64.310.233.64.410.233.64.5

192.168.121.2

192.168.121.18

192.168.121.28

SNAT

External traffic

Inter traffic

Intra traffic

Page 9: OVN4NFV - SFC

Virtual Network CR

apiVersion: k8splugin.opnfv.org/v1alpha1kind: Networkmetadata:name: ovn-priv-net

spec:cniType: Ovn4nfvipv4subnets:- subnet: 172.16.33.0/24name: subnet1gateway: 172.16.33.1/24excludeIps: 172.16.33.2 172.16.33.5..172.16.33.10

Creates OVN Switch with this configuration

Page 10: OVN4NFV - SFC

Dynamic Multiple Network Interfaces

Pod Annotation k8splugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [

{ "name": “ovn-priv-net”, "interfaceRequest": "eth1" },{ "name": “ovn-prot-net”, "interfaceRequest": "eth2" }

]}’

• Assumes primary/first interface provided by another CNI• Supports Static IP addresses

Page 11: OVN4NFV - SFC

Provider Network CR

apiVersion: k8splugin.opnfv.org/v1alpha1kind: OvnProviderNetworkmetadata:name: ovn-provider-net

spec:cniType: Ovn4nfvipv4subnets:- subnet: 172.16.33.0/24name: subnet1gateway: 172.16.33.1/24excludeIps: 172.16.33.2 172.16.33.5..172.16.33.10

providerNetworkType: vlanvlan:vlanId: 100providerInterfaceName: eth0Node: node1,node2logicalInterfaceName: eth0.100

Create OVN Switch and configures nodes

Page 12: OVN4NFV - SFC

Provider Network Functionality

• CR creates OVN Switch• Per Node (can be list of nodes, “all” nodes or “any” node)

• Creates VLAN interfaces• Creates OVS Bridge and attaches VLAN interface• Configure ovs external-ids:ovn-bridge-mappings

• Pod annotation for attaching Provider network to a Podk8splugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [

{ "name": “ovn-provider-net”, "interfaceRequest": “net0" }]}’

Page 13: OVN4NFV - SFC

Network Chaining CR

apiVersion: k8splugin.opnfv.org/v1alpha1kind: NetworkChainingmetadata:name: chain1namespace: vFW

spec:type: RoutingroutingSpec:leftNetwork:- networkName: ovn-provider1gatewayIP: 10.1.5.1subnet: 10.1.5.0/24

rightNetwork:- networkName: ovn-provider1gatewayIP: 10.1.10.1subnet: default

networkChain: app=slb, ovn-net1, app=ngfw, ovn-net2, app=sdwancnf

Inserts routes in Container Namespaces

Page 14: OVN4NFV - SFC

Test scenario – to comprehend multiple deployment

variations

TM1

TM2 (External

Router)

Internet

MS2 (Dynamic

IP)

MS1(Dynamic

IP)

SLBNGFW

SDEWAN CNF

172.30.10.0/24 (Left -Provider network)

172.30.20.0/24(Right - Provider network)

DHCP Server

External existing entities VNF/CNFsDefault route: 172.30.10.3

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2

172.30.33.3 172.30.44.2

172.30.44.3 172.30.20.3

Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3

172.30.33.0/24 via 172.30.20.3

172.30.44.0/24 via 172.30.20.3

Default route: 172.30.20.2

Routes:Default via 172.30.20.2172.30.10.0/24 via 172.30.44.2172.30.33.0/24 via 172.30.44.2

Routes:Default via 172.30.44.3

172.30.10.0/24 via 172.30.33.2

Routes:Default via 172.30.33.3172.30.44.0/24via 172.30.33.3

172.30.10.0/24 via 172.30.10.2

172.30.10.101

Page 15: OVN4NFV - SFC

Traffic from external entities with sfc

TM1

TM2 (External

Router)

Internet

MS2 (Dynamic

IP)

MS1(Dynamic

IP)

SLBNGFW

SDEWAN CNF

172.30.10.0/24 (Left -Provider network)

172.30.20.0/24(Right - Provider network)

DHCP Server

External existing entities VNF/CNFsDefault route: 172.30.10.3

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2

172.30.33.3 172.30.44.2

172.30.44.3 172.30.20.3

Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3

172.30.33.0/24 via 172.30.20.3

172.30.44.0/24 via 172.30.20.3

Default route: 172.30.20.2

Routes:Default via 172.30.20.2172.30.10.0/24 via 172.30.44.2172.30.33.0/24 via 172.30.44.2

Routes:Default via 172.30.44.3

172.30.10.0/24 via 172.30.33.2

Routes:Default via 172.30.33.3172.30.44.0/24via 172.30.33.3

172.30.10.0/24 via 172.30.10.2

172.30.10.101

Page 16: OVN4NFV - SFC

Traffic from pod within the cluster with sfc

TM1

TM2 (External

Router)

Internet

MS2 (Dynamic

IP)

MS1(Dynamic

IP)

SLBNGFW

SDEWAN CNF

172.30.10.0/24 (Left -Provider network)

172.30.20.0/24(Right - Provider network)

DHCP Server

External existing entities VNF/CNFsDefault route: 172.30.10.3

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2

172.30.33.3 172.30.44.2

172.30.44.3 172.30.20.3

Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3

172.30.33.0/24 via 172.30.20.3

172.30.44.0/24 via 172.30.20.3

Default route: 172.30.20.2

Routes:Default via 172.30.20.2172.30.10.0/24 via 172.30.44.2172.30.33.0/24 via 172.30.44.2

Routes:Default via 172.30.44.3

172.30.10.0/24 via 172.30.33.2

Routes:Default via 172.30.33.3172.30.44.0/24via 172.30.33.3

172.30.10.0/24 via 172.30.10.2

172.30.10.101

Page 17: OVN4NFV - SFC

Traffic from external entities – Firewall icmp reject

TM1

TM2 (External

Router)

Internet

MS2 (Dynamic

IP)

MS1(Dynamic

IP)

SLBNGFW

SDEWAN CNF

172.30.10.0/24 (Left -Provider network)

172.30.20.0/24(Right - Provider network)

DHCP Server

External existing entities VNF/CNFsDefault route: 172.30.10.3

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2

172.30.33.3 172.30.44.2

172.30.44.3 172.30.20.3

Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3

172.30.33.0/24 via 172.30.20.3

172.30.44.0/24 via 172.30.20.3

Default route: 172.30.20.2

Routes:Default via 172.30.20.2172.30.10.0/24 via 172.30.44.2172.30.33.0/24 via 172.30.44.2

Routes:Default via 172.30.44.3

172.30.10.0/24 via 172.30.33.2

Routes:Default via 172.30.33.3172.30.44.0/24via 172.30.33.3

172.30.10.0/24 via 172.30.10.2

172.30.10.101

Page 18: OVN4NFV - SFC

Traffic from pod within the cluster – Firewall icmp reject

TM1

TM2 (External

Router)

Internet

MS2 (Dynamic

IP)

MS1(Dynamic

IP)

SLBNGFW

SDEWAN CNF

172.30.10.0/24 (Left -Provider network)

172.30.20.0/24(Right - Provider network)

DHCP Server

External existing entities VNF/CNFsDefault route: 172.30.10.3

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2

172.30.33.3 172.30.44.2

172.30.44.3 172.30.20.3

Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3

172.30.33.0/24 via 172.30.20.3

172.30.44.0/24 via 172.30.20.3

Default route: 172.30.20.2

Routes:Default via 172.30.20.2172.30.10.0/24 via 172.30.44.2172.30.33.0/24 via 172.30.44.2

Routes:Default via 172.30.44.3

172.30.10.0/24 via 172.30.33.2

Routes:Default via 172.30.33.3172.30.44.0/24via 172.30.33.3

172.30.10.0/24 via 172.30.10.2

172.30.10.101

Page 19: OVN4NFV - SFC

OVN4NFV Status

Current• Dynamic Network Creation • VLAN Provider Network Support – Controller and Agent• Direct Provider Network Support – Controller and Agent• SFC feature – Controller and Agent • Kubespray default primary network plugin• Tested with sdewan CNFs and SDEWAN Controller

Link to Repo:https://github.com/akraino-edge-stack/icn-ovn4nfv-k8s-network-controllerhttps://github.com/kubernetes-sigs/kubespray/blob/master/docs/ovn4nfv.md

Page 20: OVN4NFV - SFC

Upcoming features in OVN4NFV

Work In Progress• Multiple SFC Network chaining – Working on 4 SFC models• SRIOV NIC as primary network interfaces• Using OVN Load balancer for Kubernetes service(without kube-proxy)• SFC support with OVN load balancer support for NF Elasticity• Network policy with OVS• Proxy less service mesh with OVN & Ipsec in network namespace• IPv6 support• Traffic interception method with 5G UPF• Kubespray Centos CI/CD, SFC advance testing

Page 21: OVN4NFV - SFC

SFC Model in KubernetesGoal: Labels eliminates Pod annotationsOverviewContacts: [email protected]; [email protected]

Page 22: OVN4NFV - SFC

POD1NS1

POD2NS2

POD3NS2

POD MNS1

POD NNS2

POD KNS2

SFC Chain

Model 1Only Labels

Page 23: OVN4NFV - SFC

vNAT CNF

SLB

NGFW

SDEWANCNF

172.30.20.0/24(virtual network 2)

External existing entities VNF/CNFs

Default route: 172.30.10.3

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2172.30.33.3 172.30.44.2

172.30.44.3

172.30.20.3

Routes:Default via 169.254.1.1172.30.10.0/24 via 172.30.20.3172.30.33.0/24 via 172.30.20.3172.30.44.0/24 via 172.30.20.3

IP : 172.30.20.4

net2 net3

Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 dev net2172.30.20.0/24 via 172.30.33.3 dev net2172.30.33.0/24 dev net3172.30.44.0/24 via 172.30.33.3 dev net2192.168.121.0/27 via 169.254.1.1

Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0

Routes:default via 172.30.20.2 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.10.0/24 via 172.30.44.2 dev net2172.30.44.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2172.30.20.4/32 via 172.30.20.4 dev net3192.168.121.0/27 via 169.254.1.1 dev eth0

net2 net3

net2

net3

172.30.10.0/24( virtual network 1)

Virtual router

CNF

Routes:Default via 169.254.1.1172.30.10.0/24 via 172.30.60.3172.30.33.0/24 via 172.30.60.3172.30.44.0/24 via 172.30.60.3

IP : 172.30.20.2

nginx

PrimaryNetworks

(Calico/Flannel/Canal)

Pod X

Routes:default via 172.30.50.3 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth010.154.128.0/18 dev net1 169.254.1.1 dev eth0 192.168.121.0/27 via 169.254.1.1

net2

net2

net2

eth0

eth0

eth0

Using only one virtual networks at head – tail of SFC

& pod labelsInter traffic with SFC

External traffic with SFC

Inter traffic without SFC

Internet

Pod X

Pod y

Pod z

App: vPWG

App: vBNG

App:vNat

App:vRouter

Page 24: OVN4NFV - SFC

vNAT CNF

SLB

NGFW

SDEWANCNF

172.30.20.0/24(virtual network 3)

External existing entities VNF/CNFs

Default route: 172.30.10.3

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2172.30.33.3 172.30.44.2

172.30.44.3

172.30.20.3

Routes:Default via 169.254.1.1172.30.10.0/24 via 172.30.20.3172.30.33.0/24 via 172.30.20.3172.30.44.0/24 via 172.30.20.3

IP : 172.30.20.4

net2 net3

Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 dev net2172.30.20.0/24 via 172.30.33.3 dev net2172.30.33.0/24 dev net3172.30.44.0/24 via 172.30.33.3 dev net2192.168.121.0/27 via 169.254.1.1

Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.40.0/24 dev net3172.30.10.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0

Routes:default via 172.30.20.2 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.10.0/24 via 172.30.44.2 dev net2172.30.44.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2172.30.20.4/32 via 172.30.20.4 dev net3192.168.121.0/27 via 169.254.1.1 dev eth0

net2 net3

net2

net3

172.30.10.0/24( virtual network 1)

Pod z

Virtual router

CNF

Routes:Default via 169.254.1.1172.30.10.0/24 via 172.30.60.3172.30.33.0/24 via 172.30.60.3172.30.44.0/24 via 172.30.60.3

Pod X

Pod y

IP : 172.30.20.2

nginx

PrimaryNetworks

(Calico/Flannel/Canal)

Pod X

Routes:default via 172.30.50.3 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth010.154.128.0/18 dev net1 169.254.1.1 dev eth0 192.168.121.0/27 via 169.254.1.1

net2

net2

net2

eth0

eth0

eth0

Using only one virtual networks at head – tail of SFC

& pod labelsInter traffic with SFC

External traffic with SFC

Inter traffic without SFC

Internet

App: vPWG

App: vBNG

App:vNat

App:vRouter

Page 25: OVN4NFV - SFC

SFC Chain

M1

VLAN X

VLAN Y

VLAN A

VLAN B

Model 2Provider

network only

Page 26: OVN4NFV - SFC

Using provider networks only(only servers connected)

Server 2

SLBWeb Proxy

vFW CNF

172.30.20.0/24(Provider network 3)

External existing entities VNF/CNFs

Default route: 172.30.10.3

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2172.30.33.3 172.30.44.2

172.30.44.3 172.30.20.3

net2 net3net2 net3

net2 net3

172.30.10.0/24( Provider network 1)

Server 1

172.30.50.0/24(Provider network 2)

172.30.50.3

net4Default route: 172.30.50.3

Router

Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3172.30.33.0/24 via 172.30.20.3172.30.44.0/24 via 172.30.20.310.233.97.0/24 via 172.30.20.3

172.30.60.0/24(Provider network 4)

net4

172.30.60.3

Packetgenerator

Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1

Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3192.168.121.0/27 via 169.254.1.1 dev eth0

Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0

IP : 172.30.20.4

IP : 172.30.60.2

Internet

Page 27: OVN4NFV - SFC

Using provider networks only(only servers connected)

Server 2

SLBWeb Proxy

vFW CNF

172.30.20.0/24(Provider network 3)

External existing entities VNF/CNFs

Default route: 172.30.10.3

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2172.30.33.3 172.30.44.2

172.30.44.3 172.30.20.3

net2 net3net2 net3

net2 net3

172.30.10.0/24( Provider network 1)

Server 1

172.30.50.0/24(Provider network 2)

172.30.50.3

net4Default route: 172.30.50.3

Router

Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3172.30.33.0/24 via 172.30.20.3172.30.44.0/24 via 172.30.20.310.233.97.0/24 via 172.30.20.3

172.30.60.0/24(Provider network 4)

net4

172.30.60.3

Packetgenerator

Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1

Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3192.168.121.0/27 via 169.254.1.1 dev eth0

Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0

IP : 172.30.20.4

Inter traffic with SFC

External traffic with SFC

IP : 172.30.60.2

Internet

Page 28: OVN4NFV - SFC

SFC Chain

M1

VLAN X

VLAN Y

VLAN A

VLAN B

POD1NS1

POD2NS2

POD3NS2

POD MNS1

POD NNS2

POD KNS2

Model 3 & 4Hybrid model

Labels + provider network

Page 29: OVN4NFV - SFC

Using 2 provider networks & one Virtual networks with pod

labels

SLBWeb Proxy

vFW CNF

172.30.20.0/24(Provider network 3)

External existing entities VNF/CNFs

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2172.30.33.3 172.30.44.2

172.30.44.3

172.30.20.3

net2

net3net2 net3

net2

net3

172.30.10.0/24( Provider network 1)

Server 1

172.30.50.0/24(Provider network 2)

172.30.50.3net4

Default route: 172.30.50.3

Routes:Default via WANIP172.30.10.0/24 via 172.30.20.3172.30.33.0/24 via 172.30.20.3172.30.44.0/24 via 172.30.20.310.233.97.0/24 via 172.30.20.3

net4

172.30.60.3

Packetgenerator

Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1

Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0

Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0

IP : 172.30.20.4

IP : 172.30.60.2

Pod 2

nginxnet2eth0

net2

Pod 1

routers

172.30.60.0/24(Provider network 4)

server2

Pod N

Pod M

nginxnet2 eth0

172.30.70.0/24( virtual network 1) 172.30.80.0/24

( virtual network 2)

Internet

App: vBNG

App: vPNG App: vNAT

PrimaryNetworks

(Calico/Flannel/Canal)

PrimaryNetworks

(Calico/Flannel/Canal)

Page 30: OVN4NFV - SFC

SLBWeb Proxy

vFW CNF

172.30.20.0/24(Provider network 3)

External existing entities VNF/CNFs

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2172.30.33.3 172.30.44.2

172.30.44.3 172.30.20.3

net2

net3net2 net3

net2 net3

172.30.10.0/24( Provider network 1)

Server 1

172.30.50.0/24(Provider network 2)

172.30.50.3net4

Default route: 172.30.50.3

net4

172.30.60.3

Packetgenerator

Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1

Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0

Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0

IP : 172.30.20.4

IP : 172.30.60.2

Pod 2

nginxnet2eth0

net2

Pod 1

routers

172.30.60.0/24(Provider network 4)

server2

Pod N

Pod M

nginx

Inter traffic with SFC

External traffic with SFC

Inter traffic without SFC

net2 eth0

Using 2 provider networks & one Virtual networks with pod

labels – Model 3

Internet

App: vBNG

App: vPNG App: vNAT

172.30.70.0/24( virtual network 1) 172.30.80.0/24

( virtual network 2)

PrimaryNetworks

(Calico/Flannel/Canal)

PrimaryNetworks

(Calico/Flannel/Canal)

Page 31: OVN4NFV - SFC

SLBWeb Proxy

vFW CNF

172.30.20.0/24(Provider network 3)

External existing entities VNF/CNFs

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2172.30.33.3 172.30.44.2

172.30.44.3

172.30.20.3

net2

net3net2 net3

net2

net3

172.30.10.0/24( Provider network 1)

Server 1

172.30.50.0/24(Provider network 2)

172.30.50.3net4

Default route: 172.30.50.3

net4

172.30.60.3

Packetgenerator

Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1

Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0

Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0

IP : 172.30.20.4

IP : 172.30.60.2

Pod 2

nginxnet2eth0

net2

Pod 1

routers

172.30.60.0/24(Provider network 4)

server2

Pod N

Pod M

nginx

Inter traffic with SFC

External traffic with SFC

Inter traffic without SFC

net2 eth0

Using 2 provider networks & one Virtual networks with pod

labels – Model 3

Internet

App: vBNG

App: vPNG App: vNAT

172.30.70.0/24( virtual network 1) 172.30.80.0/24

( virtual network 2)

PrimaryNetworks

(Calico/Flannel/Canal)

PrimaryNetworks

(Calico/Flannel/Canal)

Page 32: OVN4NFV - SFC

SLBWeb Proxy

vFW CNF

172.30.20.0/24(Provider network 3)

External existing entities VNF/CNFs

172.30.10.3

172.30.33.0/24(Dynamic network)

dync-net1

172.30.44.0/24(Dynamic network)

dync-net2

172.30.33.2172.30.33.3 172.30.44.2

172.30.44.3 172.30.20.3

net2

net3net2 net3

net2 net3

172.30.10.0/24( Provider network 1)

Server 1

172.30.50.0/24(Provider network 2)

172.30.50.3net4

Default route: 172.30.50.3

net4

172.30.60.3

Packetgenerator

Routes:default via 172.30.33.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.33.3 dev net3172.30.44.0/24 via 172.30.33.3 dev net3192.168.121.0/27 via 169.254.1.1

Routes:default via 172.30.44.3 dev net310.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.10.0/24 via 172.30.33.2 dev net2172.30.50.0/24 via 172.30.33.2 dev net2172.30.20.0/24 via 172.30.44.3 dev net3172.30.60.0/24 via 172.30.44.3 dev net3 192.168.121.0/27 via 169.254.1.1 dev eth0

Routes:default via 172.30.60.2 dev net410.154.128.0/18 dev net1 10.69.0.0/12 via 169.254.1.1 dev eth010.233.64.0/18 via 169.254.1.1 dev eth0169.254.1.1 dev eth0172.30.20.0/24 via 172.30.20.2 dev net3172.30.20.0/24 via 172.30.60.2 dev net4 172.30.10.0/24 via 172.30.44.2 dev net2172.30.50.0/24 via 172.30.44.2 dev net2172.30.33.0/24 via 172.30.44.2 dev net2192.168.121.0/27 via 169.254.1.1 dev eth0

IP : 172.30.20.4

IP : 172.30.60.2

Pod 2

nginxnet2eth0

net2

Pod 1

routers

172.30.60.0/24(Provider network 4)

server2

Pod N

Pod M

nginx

Inter traffic with SFC

External traffic with SFC

Inter traffic without SFC

net2 eth0

Using 2 provider networks & one Virtual networks with pod

labels – Model 4

Internet

App: vBNG

App: vPNG App: vNAT

172.30.70.0/24( virtual network 1) 172.30.80.0/24

( virtual network 2)

PrimaryNetworks

(Calico/Flannel/Canal)

PrimaryNetworks

(Calico/Flannel/Canal)