Quantum -Services' Chaining & Insertion

Havana Design Summit, Portland, April 2013

Big Switch Networks (Sumit Naiksatam, Kanzhe Jiang, KC Wang, Mandeep Dhami, Mike Cohen)

Mirantis (Ilya Shakhat, Eugene Nikanorov)

Red Hat (Gary Kotton)

Many conversations

Design doc: https://docs.google.com/document/d/1iLzieNKxM7xip_lRidmalAhF_6-Yf1b_cePF4yeAnkQ/editSession Etherpad: https://etherpad.openstack.org/Quantum_Services'_Chaining_and_Insertion

Motivation: ● A user needs to leverage more than one network

service in it's virtual topology. ● The order of services is important (a Loadbalancer

is front ended by a Firewall; traffic may need to be steered to FW before hitting the LB).

● How does the user request this composite service?● How does the provider support this?

Network Service 1(Bump-in-the-wire)

Network Service 3(Bump-in-the-wire)

Network Service 2(Tap)

Network Service 1(Bump-in-the-wire)

Network Service 2(L3)

Proposal

● A tenant-facing "Services' Chain" abstraction that lets the user request a composition of services.

● Enhancements to existing services' model to support chaining at the backend.

Network Service 1

Network Service 2

Network Service 3Source

NetworkDestination

Network

Services' Chain

Services' ChainExternal Network

Firewall (Bump-in-the-wire)

Loadbalancer (L3)

Web Tier

App Tier

Firewall

DB Tier

Firewall

Service Chain:[FW (BITW), LB (L3)]source: external_nwdestination: any

● ordered list of service instances

● source_network, destination_network○ Quantum networks (or

default "any")○ Caveats exist, e.g. a

service chain with L3 service at the end of the chain implicitly routes to the destination network

Services' Chain Templates

Issue:Not all services combinations will be validNot all service combinations may be supported

Proposal:Provider publishes service chain templates for supported combination of servicesA service chain template is an ordered list of service-types

Workflow

0. Provider populates service chain templates (may also need to bootstrap service backend, e.g. physical devices)

1. User looks up supported service chain templates

2. User instantiates service chain:2a. For each service in the service chain user provides configuration parameters2b. User commits service chain configuration

3. Provider (Quantum plugin) realizes chain by stitching the traffic flow in the order of the services in the chain

Resource Model

Services' Model Enhancements

Service TypesCategory: Firewall, Loadbalancer, etc.Insertion type: L3, L2, Bump-in-the-wire,TapVendor, version, other meta-info

Service Implementation ContractEach service returns attachment points (e.g. list of ingress, egress Quantum ports)

Prototype Experience

Quantum core plugin is the easiest place to implement chaining

Prototype branch:https://github.com/bigswitch/quantum/tree/sumit/chaining