Service Function Chaining

Service Function Chaining (SFC) is a technique for selecting and steering data traffic flows through various ‘service functions’ that is being investigated and developed by the Internet Engineering Task Force (IETF) Network Working Group. In order to realize the full promise and potential of this technique, there are a number of challenges that must be overcome, which are described in the various work-in-progress Internet-Draft documents listed here: http://datatracker.ietf.org/doc/active/#sfc.

Functions commonly deployed as SFs (Service Functions) within a chain, such as many VAS (Value-Added Services), have received a lot of early adoption by operators pursuing NFV strategies. Examples are content caches, video optimization platforms, parental controls content filters, load balancers, and so on.

Sandvine and PeerApp demonstrated an entirely virtualized SFC implementation at the Intel Developer’s Forum in September 2014 and since that time the NFV.net reference architecture has been enhanced to include SFC deployment that includes VNFs for PeerApp’s Content Caching, Openwave Mobility’s Media Optimization, and Openwave Mobility’s Parental Controls:

multidivert_full_snake_NFV
Sandvine holds the patent (US 2004/0193714 A1) on the industry-leading ‘Divert’ capability that enables intelligent arbitration and management of multiple service gateways. The Divert feature enables the Sandvine PTS (Policy Traffic Switch) Virtual Series to act as a unified point of service intelligence in an NFV network and to redirect traffic flows, on an application-aware, subscriber-aware, and/or content/MIME-type-aware basis to third-party systems (i.e. virtualized service nodes) for further processing. The service nodes then return the processed traffic back to the PTS Virtual Series for reinsertion onto the wire.

From the beginning, this feature was significantly different than, and markedly superior to, alternative methods of steering traffic flows. These advantages stem from the fact that Sandvine owns the intellectual property for the only viable means of logically inlining service nodes on a per-flow basis, after a connection is established and the application and/or content type is known.

Other redirection architectures utilize techniques that lack the granularity, operational simplicity, subscriber experience and cost optimizations that Sandvine’s SFC mechanism offers. Typically, this involves some combination of non-application-aware policy-based routing and/or load balancers, which utilize port-based redirection. Some vendors have also experimented with ‘predictive analysis’ where ‘educated guesses’ are made viz a new flow’s application or protocol. Other vendors have occasionally also employed variations of the so-called ‘late-bind’ technique whereby they answer the SYN for every flow in an effort to build state and application-awareness but this technique has generally fallen out of favor due to a propensity to outages (e.g. if there’s a SYN-flood attack, if the destination server is down and the load balancer continues trying to build state, etc.). All of these methods are at best inaccurate and at worst can have a deleterious impact on network services.

Sandvine’s SFC capability allows the PTS Virtual Series to apply policy to millions of traffic flows to accurately identify individual flows that are ideal for each service function. This enables the PTS Virtual Series to pre-filter large volumes of traffic to find the specific flows that a given service nodes requires. This improves the efficiency of the various service functions and simplifies operations for the provider.

The Sandvine SFC mechanism also balances load across a group of service nodes and group members are health checked to automatically shift load in the case of a failure on one or more of the nodes. Furthermore, new VNF nodes can be dynamically added to the group of service nodes as network demands require, and traffic will load balance across the enhanced group. In the event that a service node is unavailable, the solution will not steer to it and traffic will continue uninterrupted.

Sandvine has been using its Multiple Divert SFC technique as a means of service chaining for a number of years and is therefore able to share a number of insights in regards to current challenges and solutions, while also looking forward to improvements that may be realized via the adoption of IETF guidelines and/or emergent technologies.

For example, Sandvine is well-positioned to take the role of the classifying function that specifies and adds the NSH (Network Service Header) to packets in order to steer them through the service chain, although the IETF has not yet finalized a standard format for this.