Service Chaining
In today’s fast-paced digital era, businesses constantly seek ways to optimize operations and provide seamless customer services. One of the critical techniques that has gained traction in recent years is service chaining. This blog post will delve into service chaining and explore how it can revolutionize connectivity and improve efficiency in various industries.
Service chaining is the process of linking multiple network services to create a cohesive and streamlined workflow. It involves the sequential execution of different services within a network architecture, where the output of one service becomes the input for the next. By establishing a predefined sequence of operations, service chaining enables the automation and orchestration of complex tasks, ultimately enhancing overall network performance.
Highlights: Service Chaining
- The Role of NFV
Many perspectives exist on Network Function Virtualization (NFV) and Software-Defined Networking (SDN). It depends on who you ask and what side they lay on – server or network departments in the service provider, data center, or branch. I view SDN in the data center/WAN and NFV anywhere at the network edge. While the NFV use cases vary from enterprise, service provider, and branch requirements, it’s about simplifying management and orchestration.
- NFV Enables Service Chaining
NFV with network service chaining enables you to bring network services that used to be at the customer edge to the nearest POP or data center to run on a virtualization environment. For example, a newly installed CPE obtains its configuration from a PnP server, and a tunnel (VXLAN, GRE, LISP, IPSec, or Layer 2) can be created to local POP consisting of, for example, vCPE, vFW, or vESE virtual services. MP-BGP is then used across the SP WAN for route propagation to the data center.
Before you proceed, you may find the following posts helpful:
Network Service Chaining. |
|
Back to Basics With Service Chaining
Service chaining is required to move traffic to these virtualized services. Therefore, the role of service chaining is to help automate traffic flow between services in a virtual network. It also optimizes network resources to improve application performance using the best routing path. An example sequence is passing through the firewall, encryption, and software-defined WAN.
Benefits of Service Chaining:
1. Enhanced Connectivity: Service chaining enables the seamless integration of multiple network services, resulting in improved connectivity and faster data transmission. Service chaining ensures a more reliable and efficient network infrastructure by eliminating the need for manual intervention and reducing latency.
2. Increased Efficiency: With service chaining, businesses can optimize workflows and streamline operations. By automating the execution of different services, valuable time and resources are saved, allowing organizations to focus on core activities and deliver services more efficiently.
3. Flexibility and Scalability: Service chaining allows organizations to adapt to changing business requirements. As new services emerge or existing ones need to be modified, service chaining allows for easy integration and scalability, ensuring the network remains agile and responsive to evolving demands.
4. Improved Security: Service chaining is vital in enhancing network security. Organizations can create a comprehensive and layered defense mechanism by chaining security services together. This approach enables the identification and mitigation of potential threats, ensuring the integrity and confidentiality of data.
Use Cases of Service Chaining:
1. Cloud Computing: Service chaining is widely used in cloud computing environments to optimize the delivery of services. Organizations can ensure scalable and secure cloud-based applications by chaining together services such as load balancing, firewalls, and content delivery networks.
2. Network Function Virtualization (NFV): NFV leverages service chaining to virtualize network functions, such as routers, firewalls, and intrusion detection systems. Through service chaining, NFV enables cost-effective deployment and management of network services, eliminating the need for physical hardware.
3. Internet of Things (IoT): Service chaining becomes crucial in connecting and securing many devices as the IoT expands. Organizations can ensure the smooth operation of IoT deployments by chaining together services such as authentication, encryption, and data filtering.
Network Service Chaining
Service chains are policy constructs that can perform application traffic steering through a series of service nodes. Services nodes may be firewalls, load balancers, intrusion detection devices, and virtual email security agents.
For example, we want to add a stateful packet engine to an application flow. In a classic case, we usually implement a physical or virtual firewall as the default gateway. All traffic leaving the host will follow its default gateway, and traffic gets inspected.
This type of design is a typical topology-dependent service chain. What if you need to go one step further and add several service devices to the chain? For example, an IPS or load balancer. This will soon become a complicated design, and complexity comes at a cost in troubleshooting and maintenance.
The lack of end-to-end service visibility
Service chaining is static and bound to topology for insertion and policy selection. One of the major drawbacks is that network service deployments are tightly coupled to the network topology. These limits network agility, especially in a virtual environment. They are typically built through manual configuration and are prone to human error. Policy-based routing (PBR) and VLAN stitching are existing technologies used for service chaining. They lack end-to-end service visibility, and troubleshooting is complicated.
- A key point: Policy-based routing.
PBR is configured per box, per flow, and autonomous routing protocols do not understand it. PBR breaks routing. You usually build that chain statically if you have to run traffic through some network service. Still, in a data center that uses a lot of multi-tenancy and is highly segmented, you need to route traffic in a much more flexible way.
Implementing network services and security policies into an application network has traditionally been complex. Implementing service nodes into an application path, independent of location, has challenged many data centers and cloud providers.
Service chaining and the virtual switch
The concept of service chaining was seen initially in the Nexus 1000V virtual switch. It implements a service-chaining technology known as vPath. vPath provides traffic interception and re-routes to the required service node. It initially lacked because it could only service chain one service at a time and for one type of device, the Virtual Security Gateway (VSG).
It was later expanded to service multiple workloads between multiple service hops. While vPath was a success, it could only work with virtual nodes. A solution was needed to enable physical and virtual nodes to be in the virtual chaining path.
Network Service Header (NSH)
Cisco has developed the Network Service Header (NSH). It creates a dedicated service plane independent of the underlying transport networks. It is inserted by a node into encapsulated packets or frames, usually at ingress, and describes a series of service nodes a packet should be routed to. It also adds additional metadata about the packet. The packets are then encapsulated in an outer header for transport.
Service Function Forwarder (SFF)
The traffic is sent via an overlay to the Service Function Forwarder (SFF), which looks at the service path header and tells it what service needs to be applied at the particular chain. NSH requires NSH-aware nodes, i.e., front-end service nodes, but it doesn’t require any change to the transport network. The SFF is an NSH-aware forwarder in front of the service node.
The SFF only needs to know how to do a simple lookup and ask for a location. The locator can be delivered via SDN controller ODL, LISP, and BGP. Because the control and data plane are decoupled, it is simplified. The abstraction between the control and data plane allows you to build more complicated (scale and topology) service chains with NSH rather than using flows.
Conclusion:
Service chaining presents a transformative approach to network architecture by enabling the seamless integration of multiple services. Service chaining offers numerous benefits across various industries, from enhancing connectivity and efficiency to improving security and scalability. As businesses strive for optimization and increased productivity, embracing service chaining can be a game-changer in pursuing excellence in the digital age.