Ask Your Question
1

SFC correlation/encapsulation setting is ignored

asked 2018-12-23 19:52:05 -0500

Gabriel Rebello gravatar image

We deployed a single-VNF service function chain using tacker-client 0.11.0 and tacker-server 0.9.1 on OpenStack Queens. Tacker automatically set our SFC port-chain correlation (pc_corr) to 'mpls' and VNF port pair correlation (pp_corr) to 'None'. In https://docs.openstack.org/networking-sfc/queens/contributor/ietf_sfc_encapsulation.html (the networking-sfc document) for Queens it reads

pc_corr is the correlation mechanism (SFC Encapsulation) to be used for the entire port-chain. The values may be None, 'mpls', or 'nsh'.

pp_corr is the correlation mechanism supported by an individual SF. The values may be 'None', 'mpls', or 'nsh'.

The backend driver compares pc_corr and pp_corr to determine if SFC Proxy is needed for a SF that is not capable of processing the SFC Encapsulation mechanism. For example, if pc_corr is 'mpls' and pp_corr is None, then SFC Proxy is needed.

Through the OVS SFC driver and agent, the vswitches on the multiple nodes where networking-sfc is deployed will be configured with the set of flows that allow classification, encapsulation, decapsulation and forwarding of MPLS tagged or untagged packets. Applying the IETF SFC view to this, Open vSwitch switches thus implement the logical elements of Classifier, Service Function Forwarder (SFF) and SFC Proxy.

Hence, we expected encapsulation/decapsulation to be performed transparently by the OpenVSwitch backend driver so that packets traverse SFC-unaware VNFs as regular packets. However, we can see NSH packets, not even MPLS, reaching the VNF interface. We confirmed the packets are NSH using Wireshark.

It seems like OpenVSwitch is encapsulating packets as NSH before each VNF regardless of the set correlation values. Any clue on what could be happening?

Thanks in advance.

SFC commands outputs:

[root@overcloud-controller-0 heat-admin]# openstack sfc port pair show 350132d7-c157-4311-8abf-58bc5fed1fbf
+-----------------------------+--------------------------------------+ | Field                       | Value  |
+-----------------------------+--------------------------------------+ | Description                 | port pair for GTA-OpenWRT            | | Egress Logical Port         | 320667e8-4a15-454d-9b66-5f3f0c0ae710 | | ID                          | 350132d7-c157-4311-8abf-58bc5fed1fbf | | Ingress Logical Port        | 320667e8-4a15-454d-9b66-5f3f0c0ae710 | | Name                        | GTA-OpenWRT-connection-points        | | Project                     | 55ba7aaa2e62405e937a0bb5cb32b1ca     | | Service Function Parameters | {u'weight': 1, **u'correlation': None}** | | tenant_id                   | 55ba7aaa2e62405e937a0bb5cb32b1ca     |
+-----------------------------+--------------------------------------+

 [root@overcloud-controller-0 heat-admin]# openstack sfc port chain show e0975001-e43c-4477-b5b9-9aaf74ec406a
+------------------+-----------------------------------------------------------------------------------------------------------------------------+ | Field            | Value             |
+------------------+-----------------------------------------------------------------------------------------------------------------------------+ | Chain ID         | 1                 | | Chain Parameters | {u'symmetric': False, **u'correlation': u'mpls'**}        | | Description      | port-chain for Tacker VNFFG                           | | Flow Classifiers | [u'042fcde8-de2c-4c7c-970b-4edd1c1d8a2a', u'0d46d604-e2ac-4a8f-bfab-4ddd68040c40', u'1265e451-1890-42f5-bbb6-459b4ce56527'] | | ID               | e0975001-e43c-4477-b5b9-9aaf74ec406a   | | Name             | GTA-OpenWRT-SingleNode-port-chain      | | Port Pair Groups | [u'8dfffd78-07f5-4f7c-8c90-5bef69a01bcc'] | | Project          | 55ba7aaa2e62405e937a0bb5cb32b1ca       | | tenant_id        | 55ba7aaa2e62405e937a0bb5cb32b1ca       |
+------------------+-----------------------------------------------------------------------------------------------------------------------------+

 [root@overcloud-controller-0 heat-admin]# openstack sfc flow classifier list
+--------------------------------------+---------------------+------------------------------------------------------------+
| ID                                   | Name                | Summary                                                    |
+--------------------------------------+---------------------+------------------------------------------------------------+
| 042fcde8-de2c-4c7c-970b-4edd1c1d8a2a | gta-classifier-tcp  | protocol: TCP,                                             |
|                                      |                     | source[port]: any[any:any],                                |
|                                      |                     | destination[port]: any[1:65535],                           |
|                                      |                     | neutron_source_port: 185a57ba-1fc7-4fd3-bbe9-bdf6b1ad1e5b, |
|                                      |                     | neutron_destination_port: None,                            |
|                                      |                     | l7_parameters: {}                                          |
| 0d46d604-e2ac-4a8f-bfab-4ddd68040c40 | gta-classifier-icmp | protocol: ICMP,                                            |
|                                      |                     | source[port]: any[any:any],                                |
|                                      |                     | destination[port]: any[any:any],                           |
|                                      |                     | neutron_source_port: 185a57ba-1fc7-4fd3-bbe9-bdf6b1ad1e5b, |
|                                      |                     | neutron_destination_port: None,                            |
|                                      |                     | l7_parameters: {}                                          |
| 1265e451-1890-42f5-bbb6-459b4ce56527 | gta-classifier-udp  | protocol: UDP,                                             |
|                                      |                     | source[port]: any[any:any],                                |
|                                      |                     | destination[port]: any[1:65535],                           |
|                                      |                     | neutron_source_port: 185a57ba-1fc7-4fd3-bbe9-bdf6b1ad1e5b, |
|                                      |                     | neutron_destination_port: None,                            |
|                                      |                     | l7_parameters: {}                                          |
+--------------------------------------+---------------------+------------------------------------------------------------+
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2018-12-28 20:18:05 -0500

hoangphuoc gravatar image

Currently, I have a patch that let users can choose 'nsh' or 'mpls' for SFC encapsulation. But when I test creating SFC, only 'mpls' encapsulation works. So, I need to check networking-sfc to fix this issue if it is possible.

Here is my patch for that: https://review.openstack.org/#/c/620680

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2018-12-23 19:52:05 -0500

Seen: 41 times

Last updated: Dec 28 '18