[Read Notes] Use the ICN information naming method to enhance SDN's management of the service chain

Key words to understand:

First, the service chain:

When the data message is transmitted in the network, it needs to go through a variety of business nodes to ensure that the network can provide users with safe, fast and stable network service according to the design requirements.

Service Chain: The service chain can be understood as a form of business when network traffic passes through these points of business (primarily security devices such as firewalls, LB, etc.) in the established order required by the business logic .

Working principle:

A service chain usually has an entry node and an egress node, and each node of the service chain knows where the next service node of the current service chain is, and is sent through the overlay network to the next Service node processing. In the last node of the service chain, the packet is vtep according to the final purpose of the data message, and the message is forwarded.

1. What vendors support this technology?

China Three, Cisco

2. Features of the H3C service chain

H3C's service chain scheme is based on overlay technology, which combines the theory of SDN centralized control, which is controlled by VCFC (VCF Controller). It is the key to support virtualization, business Network programmability, with the following features:

• It realizes the decoupling between the tenant logical network and the physical group network, and the separation of the control plane and the network forwarding plane.
• Business resource pooling, which can be allocated, deployed according to tenant network requirements, decoupled from the physical location of the business resources, breaking the limits of the physical topology, and providing personalized business for each tenant.
• Enables dynamic creation and automated deployment of NFV resource pools.
• Enables flexible orchestration, modification of the tenant's business without compromising the physical topology and other tenants.
• Realize the high reliability of the service chain (load sharing, redundant backup) and problem location monitoring and other functions.

How is the 5.H3C service chain deployed?

Through the built-in service chain function module in the VCF controller, the service Chain function module provides a north-to-the-API for use by a variety of cloud management systems, while the service chain is deployed through a south-to-interface, management Service node. It can manage all of the service nodes, or you can configure multiple service chains on each node.

6. What kind of messages need to be processed into the service chain?

Whether the data message to enter the service chain, into which service chain, enter the service chain after the use of the profile is in the data message into the overlay network, according to the policy issued by the VCF controller. The VCF controller will be based on different tenant applications, flexible classification strategy, and ensure that the message within the service chain between the nodes passed.

Service chain Network Specific requirements:

7. What are the requirements for providing a service chain network?

• Flexible: After DPI (deep packet detection), you may need to increase the intrusion detection function (instruction detection, attack network behavior) or remove the virus scanning function
• Dynamic: NFV provides more dpi or Firewall, depending on the needs of most streams
• Extensions: 1. Number of functions 2. Number of flows 3. Network size
• Reliable: Recovers within 10s of milliseconds

Second, intermediate equipment

Middlebox

A middlebox or network appliance is a computer networking device that transforms, inspects, filters, or otherwise Manipulates traffic for purposes and other than packet forwarding. [1] Common examples of middleboxes include firewalls, which filter unwanted or malicious traffic, and network address Tran Slators, which modify packets ' source and destination addresses. Dedicated Middlebox hardware is widely deployed in enterprise networks to improve network security and performance, Howeve R, even home network routers often has integrated firewall, NAT, or other Middlebox functionality. [2] The widespread deployment of middleboxes and other network appliances have resulted in some challenges and criticism du E to poor interaction with higher layer protocols.

Intermediate devices provide services, rather than forwarding. There is a firewall, address translation and other intermediary devices. Dedicated Middlebox hardware dedicated hardware

Middlebox Effect:

1. Modify Header: NAT, Proxy

2. Throw the bad bag: Fire-wall

3. Collect Data information: DPI

Real traffic is required through some pre-determined functions, rather than the shortest path determined by IP address, there is a deviation, these services are connected to form a service chain, the flow is like this service chain one by one through these functional box middlebox, improve the quality of the information users receive. The NFV presence enables Middlebox to provide functionality virtualization.

[Read Notes] Use the ICN information naming method to enhance SDN's management of the service chain