Re: [sfc] WG adoption of draft-quinn-sfc-problem-statement-02

["Reinaldo Penno (repenno)" <repenno@cisco.com>]

You bring  good point, but it seems it still aligned with current proposal.

A Service Chain does not specify the actual stateless firewall (out of the
hundreds of function equivalent firewalls) that are going to be used in a
chain. Just that a firewall is present on a chain.

A Service Function Path is an instantiation of a Service Chain. It
specifies the actual firewall (say, firewall-3) that will be traversed by
the packets. The Service Path needs to be known before hand or stitched
run-time (given the dynamic LB decision) since a forwarding decision need
to be made regardless.

So, in your example there would one chain, many service paths. Other
combinations are possible of course depending on implementation strategy.




From:  Linda Dunbar <linda.dunbar@huawei.com>
Date:  Friday, January 24, 2014 at 8:35 AM
To:  "Paul Quinn (paulq)" <paulq@cisco.com>, "mikebianc@aol.com"
<mikebianc@aol.com>
Cc:  "Jim Guichard (jguichar)" <jguichar@cisco.com>, Cathy Zhang
<Cathy.H.Zhang@huawei.com>, "<jmh@joelhalpern.com>" <jmh@joelhalpern.com>,
"<sfc@ietf.org>" <sfc@ietf.org>, "<Ron_Parker@affirmednetworks.com>"
<Ron_Parker@affirmednetworks.com>
Subject:  Re: [sfc] WG adoption of draft-quinn-sfc-problem-statement-02


If a service function has a small number of instances, say less than 10,
and they are relative stable, then it is doable for Service Chain to
specify the specific
 instances. 
 
But if there are large number of instances, say in hundreds, and those
instances¹ location/presence change over time (e.g. in NFV environment),
then it is not
 scalable to have Service Chain path to specify the specific instances.
The instances selection should be left up to implementation, or at least
out of the SFC WG scope.

 
Linda

 
From: Paul Quinn (paulq) [mailto:paulq@cisco.com]








To contextualize my comments:

Assuming you needed to insert a CDN into a chain and had 8 equally viable
instances (cdn1..cdn8), I see two primary methods of choosing which
instance receives a particular
 flow:

1.  The chain includes either the pool of services (CDN) or a shim service
(proxy, service lb) where the specific instance is selected on the fly

2. The specific instance is part of the chain (cdn1)

 

If the latter (instance in chain), should SFC include a mechanism for
remapping the chain to use another instance?

In either case, should the selection of the instance ("service
distribution"? anyone? anyone?) be part of SFC or left up to
implementation?
 

 

 

It depends :)  In case #1, does the "shim service" present itself as a SF?
 It might still have policy dependencies about being coupled with cdn, but
is it externally "visible"?

 




Since we've already discussed dynamically inserting and removing services
into or from a chain (long flow use cases draft), it seems that specifying
the specific service instance
 in a chain (#1 above) for a flow would be simpler than introducing a shim
proxyish service.  This approach might also simplify the requirements for
stateful v non-stateful services.

 




________________________________________

From: Ron_Parker@affirmednetworks.com<Ron_Parker@affirmednetworks.com>
To: Joel M. Halpern<jmh@joelhalpern.com>,Linda
Dunbar<linda.dunbar@huawei.com>,Cathy Zhang<Cathy.H.Zhang@huawei.com>,Paul
 Quinn (paulq)<paulq@cisco.com>,Jim Guichard (jguichar)<jguichar@cisco.com>
cc: sfc@ietf.org<sfc@ietf.org>
Sent: Friday, January 24, 2014
Subject: Re: [sfc] WG adoption of draft-quinn-sfc-problem-statement-02

Hi, Joel.

I think you raise an excellent point on the ambiguity of load balancing. I
would propose that there are more than 2 cases of load balancing:

* mid-box service function (e.g., firewall) with internal load balancing
* mid-box service function (e.g., firewall) requiring external load
balancing
* explicitly addressed service (e.g., DB server) with internal load
balancing
* explicitly addressed service (e.g., Web HTTP server) requiring external
load balancing

>From an SFC perspective, I think we can ignore the cases where the mid-box
or explicit application is internally load balanced. Such applications
would typically present a single locator (i.e., IP address) to the outside
world and manage redirection internally
 to the clustered application.

I think the last bullet, external load balancing for an explicitly
addressed service (e.g., Web HTTP server) lends itself to load balancing
as an explicit service function from an SFC perspective. That is, the
service function in the service function chain
 is "load balancer".

The second bullet, external load balancing for mid-box service function
(e.g., firewall), is slightly trickier. From an SFC perspective, my view
is that the service function that appears in the service function chain is
still firewall and not load balancer.
 However, I do think that SFC should explicitly embrace the concept of a
"load-balanced service function". I tried to address this in
http://datatracker.ietf.org/doc/draft-parker-sfc-chain-to-path/ and would
appreciate any feedback.

Thanks.

Ron


-----Original Message-----


From: sfc [mailto:sfc-bounces@ietf.org] On Behalf Of Joel M. Halpern
Sent: Thursday, January 23, 2014 10:36 PM
To: Linda Dunbar; Cathy Zhang; Paul Quinn (paulq); Jim Guichard (jguichar)
Cc: sfc@ietf.org
Subject: Re: [sfc] WG adoption of draft-quinn-sfc-problem-statement-02

For apps that have their own internal load balancer, I agree that there is
no point in the tenant using the data center offered load balancer service.
But many apps do not have their own custom load balancer. So a data center
might well offer load balancing as a service for those tenants who want it.

My only point was to distinguish load balancing as a service selected by
the customer from load balancing used by the oeprator internall;y to
deliver some other service.

Yours,
Joel

On 1/23/14 10:18 PM, Linda Dunbar wrote:
> Joel,
> Questions inserted below:
> -----Original Message-----
> From: sfc [mailto:sfc-bounces@ietf.org] On Behalf Of Joel M. Halpern
> Sent: Thursday, January 23, 2014 3:17 PM
> To: Cathy Zhang; Paul Quinn (paulq); Jim Guichard (jguichar)
> Cc: sfc@ietf.org
> Subject: Re: [sfc] WG adoption of draft-quinn-sfc-problem-statement-02
> In looking at the services, we need to be careful about who the
> service is for. Using load balancing as an example, there are two
>different cases.
> One case, common in a data center, will bw where load balncing is
> part of the service being delivered to the tenant, to help manage the
> tenants application traffic.
> [Linda] do you mean when "Load Balancing" among cluster of servers for
> one tenant application being offered as a service?
> Isn't this kind of "load balancing" application specific? Like Oracle
> DB has its own Load Balancer among cluster of servers.
> A different situation is when load balancing is used internally to the
> service chaining to manage instances of the internal services (where
> cardinality is invisible to the tenant / user).
> In the former case, LB is a service. And has to be able to direct
> traffic to the correct tenant application instance.
> In the latter case, the load balancing may well be bundled in with a
> collection of co-located service instances, with the whole looking
> like a service instance to service chaining and the end user. (There
> appear to be a multiplicity of ways to deliver this behavior. How
> much we need to specify in the architecture remains to be seen.)
> Yours, Joel _______________________________________________
> sfc mailing list
> sfc@ietf.org <mailto:sfc@ietf.org>
> https://www.ietf.org/mailman/listinfo/sfc
_______________________________________________
sfc mailing list
sfc@ietf.org
https://www.ietf.org/mailman/listinfo/sfc
_______________________________________________
sfc mailing list
sfc@ietf.org
https://www.ietf.org/mailman/listinfo/sfc
_______________________________________________
sfc mailing list
sfc@ietf.org
https://www.ietf.org/mailman/listinfo/sfc