In our last blog post we explored how Service Function Chaining (SFC) differs from the traditional model of creating a sequence of functions. Another key difference is that the path through the SFC can be “dynamic”, as noted in this Intel white paper. The dynamic qualities of the SFC can take many different forms. For example, classifiers at the chain ingress can control which elements of the service chain data passes through via metadata applied to the packet (see illustration below). Additionally, the entire service chain can be reconfigured dynamically as service needs change (scaling).
Traditionally, paths through elements have been controlled by L2/L3 switches/routers. As topologies have become more complex, overlay (virtual) networks have been applied to manage these topologies. The additional capability inherent in SFCs is that these paths can be service-aware – not just source/destination aware – on (potentially) a packet-by-packet basis.
A very simple example is illustrated below. Client1 is making HTTP requests, Client2 wishes to establish a SIP connection to the vIPBX. At a high level all traffic entering/leaving the SFC is directed to the Firewall. Client1’s traffic passes only through the Firewall and SFFs before reaching the terminating service; Client2’s traffic passes through the Firewall and SFFs and reaches a different terminating service. The determination of the path is determined by the interaction of the “classifier” (a logical function) and the SFFs. The logical function determined by the classifier could take many forms:
- It might effectively do nothing and rely on the flow tables present in the SFF (which were populated by some other mechanism).
- It might directly manipulate the flow tables based as the result of how it classified traffic
- It might attach “service headers” to the traffic that the SFFs could match against their flow tables.
Service headers are a currently a subject of much discussion and can range from something as simple as an MPLS-like tag or a rich “network service header” as described in various IETF drafts (see RFC 7498 for a general SFC problem statement).
In conclusion, the above model can be compared to the initial model of a fixed sequence of ordered physical devices connected in series (likely through static L2 paths). The capacity of the SFC to (auto) scale and (auto) path provides valuable benefits not realizable with static physical device chains.