OpenStack Summit May 2015 Vancouver

A “Service Chain” is a deployment where a sequence of appliances intermediate traffic between networks. The service chain should be configured and managed in software that adds and removes services from the chain in an automated way.

We will discuss how service chaining can be supported on devices using MPLS/BGP VPN technology implementing Neutron virtual networks.

 

Connecting appliances in a sequence has been done for many years using VLANs. However, "service-chaining" cannot be implemented without solving the problem of how to bring in traffic from a routed network into the set of appliances. The issue is always how to attract the traffic in and forward it out of the service-chain, i.e., how to integrate the service-chain with routing. By using the same mechanism to route traffic in and out of a service chain as well as through its intermediate hops, the implementation of service chains can be significantly simplified.

 

Besides the integration with routing, which is necessary, the main aspect of service-chaining is not the number of services or hops in a chain but rather how to implement a service that is conceptually one hop away but scales horizontally to tens or hundreds of virtual appliances. By using a virtual routing instance (VRF) construct (i.e., a distributed router) to implement service chaining, the load balancing is built-in.

 

We will also discuss the need to integrate Openstack allowed-address-pair extension with dynamic route updates in order to support high-availability services in service chains.

 

We will show how service chaining is applicable to 3GPP networks where IP services offered to wireless subscribers are inherently service chains of appliances. So called Gi or SGi network interfaces in 3GPP provide IP services and connects wireless subscribers to external public or private packet networks (Internet, intranet,  private and public cloud,  IMS, etc). Examples of SGi services are: Web proxies, TCP optimization, video optimization, Intrusion Detection/Preventions Systems (IDS/IPS), Deep Packet Inspection (DPI), CGNAT, firewall, etc.