US20170257310A1 - Network service header (nsh) relaying of serviceability of a service function - Google Patents
Network service header (nsh) relaying of serviceability of a service function Download PDFInfo
- Publication number
- US20170257310A1 US20170257310A1 US15/058,259 US201615058259A US2017257310A1 US 20170257310 A1 US20170257310 A1 US 20170257310A1 US 201615058259 A US201615058259 A US 201615058259A US 2017257310 A1 US2017257310 A1 US 2017257310A1
- Authority
- US
- United States
- Prior art keywords
- service function
- service
- packet
- peer detection
- status
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/302—Route determination based on requested QoS
- H04L45/306—Route determination based on the nature of the carried application
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/64—Routing or path finding of packets in data switching networks using an overlay routing layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/11—Identifying congestion
- H04L47/115—Identifying congestion using a dedicated packet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/31—Flow control; Congestion control by tagging of packets, e.g. using discard eligibility [DE] bits
-
- H04L67/16—
-
- H04L67/2804—
Definitions
- the present disclosure relates to applying service function chains in networks.
- Service Function Chaining enables virtualized networking functions to be implemented as part of a cloud network.
- a Service Function Chain defines an ordered list of a plurality of service functions (e.g., firewall, compression, intrusion detection/prevention, load balancing, etc.) that may be applied to packet flows in the network.
- a flow enters the network through a classifier node that generates a Service Function Path for that flow according to the Service Function Chain policy.
- the classifier node encapsulates each packet of the flow with a Network Service Header that indicates the service functions to which the flow will be subjected, and the order the service functions will be applied.
- Service Function Chaining and Network Service Headers provide a scalable, extensible, and standardized way of sharing metadata between both network nodes and service nodes within a network topology. This allows for disparate nodes that require shared context, but do not communicate directly, to share that context via metadata within the packets traversing the network or service topology.
- FIG. 1 is a system block diagram showing a Service Function Chain network environment with monitoring of the performance of service functions, according to an example embodiment.
- FIG. 2 is a simplified block diagram of a service function device within the Service Function Chain network environment, according to an example embodiment.
- FIG. 3 is a simplified block diagram of a classifier network element within the Service Function Chain network environment, according to an example embodiment.
- FIG. 4 is a ladder diagram that shows messages passed between peer service function nodes when the performance of one of the service functions is compromised, according to an example embodiment.
- FIG. 5 is a ladder diagram that shows messages passed between nodes in a service function chain when the performance of one of the service functions is compromised, according to an example embodiment.
- FIG. 6 is a flowchart showing the operations of a service function node that suffers from degradation in its ability to perform the service function, according to an example embodiment.
- FIG. 7 is a flowchart showing the operations of a node in a service function path when another node is degraded in its ability to perform a service function, according to an example embodiment.
- a service function node configured to perform at least one service function on a data flow that follows a service function path
- degradation in performing the service function is detected.
- the service function node generates a status indicator for the degradation in performing the service function and inserts the status indicator into a peer detection packet.
- the peer detection packet encapsulates an inner packet with a header that indicates the service function path.
- the service function node forwards the peer detection packet to a neighboring service function node along the service function path.
- the Service Function Chaining provides both metadata of a data flow and steers the flow to appropriate service functions.
- the Service Function Chaining encapsulation carries information that identifies a Service Function Path.
- the Service Function Path comprises an ordered list of service functions that act on the packets in the data flow.
- one or more service functions may be unavailable (e.g., the network path is broken) or overloaded (e.g., due to processing other traffic).
- a service function may use ping-like messages, which operate at a low level.
- GRE Generic Routing Encapsulation
- Network Service Headers as defined by various Request for Comments published by the Internet Engineering Task Force (IETF) for example, are used to indicate the status of each service function, and a service function that receives a packet with a Network Service Header carrying this additional information may react appropriately, e.g., using a different Service Function Path or a different service function node.
- IETF Internet Engineering Task Force
- a source endpoint 110 sends a data flow to destination endpoint 120 through the Service Function Chain system 130 .
- Endpoints 110 and/or 120 may include, for example, smart phones, tablets, laptop computers, desktop computers, virtual machine applications running in a datacenter, or other types of computing devices.
- Service Function Chain system 130 comprises a service classifier node 140 , network devices (e.g., Service Function Forwarders) 150 , 160 , and 170 .
- Network device 150 forwards packets in data flows to service functions 152 and 154 .
- Network device 160 forwards packets in data flows to service function 162 .
- Network device 170 forwards packets in data flows to service functions 172 and 174 .
- all of the service function nodes attached to one Service Function Forwarder such as service functions 152 and 154 attached to network node 150 , perform the same service function.
- the Service Function Forwarder may load balance performance of the service function by sending packets to a plurality of instances of the service function.
- the service function nodes attached to each Service Function Forwarder may provide different service functions.
- each Service Function Forwarder node handles all of the instances of a given service function in a Service Function Path.
- a service function may be repeated at different Service Function Forwarders, e.g., service function node 152 may perform the same service function as service function node 162 .
- Service function 172 includes service function (SF) degradation logic 180 to monitor the performance of the service function. Other service functions in addition to the service function 172 may also include service function degradation logic to monitor their respective performance.
- Service classifier 140 includes Service Function Path degradation logic 190 to determine the performance of the service functions in a particular Service Function Path and handle any degradation in performance.
- degradation in performance of a service function may include a complete failure of a service function node such that the service function cannot perform any tasks on any data flows.
- degradation in performance of the service function may include processing the data flows with the service function more slowly than expected such that a bottleneck at the degraded service function slows the data flow throughout the entire Service Function Path.
- the Service Function Chain system 130 is shown with one service classifier, three Service Function Forwarder (SFF) network nodes, and five service function nodes, but the techniques presented herein may be applied to Service Function Chaining systems with any number of SFF network nodes and any number of service functions. Additional network elements, either inside the Service Function Chain system 130 or outside of the system 130 may also be included to transmit the flows between source endpoint 110 and destination endpoint 120 . Additional service classifiers may also be included in the Service Function Chain system 130 , e.g., to handle return data flows from the destination endpoint 120 to the source endpoint 110 . In another example, one or more of the nodes in the Service Function Chain system 130 may be physical devices or virtual machines running in a data center.
- SFF Service Function Forwarder
- Dead peer detection involves an exchange of low-level packets between two nodes, i.e., peer nodes, to detect whether the nodes remain in communication with each other.
- Peer nodes may include two service function nodes that perform neighboring service functions in the Service Function Path.
- the service classifier and the service function node performing the first service function may also be peer nodes.
- peer nodes in a Service Function Path use GRE keepalive messages for dead peer detection.
- peer nodes may use an Internet Security Association and Key Management Protocol (ISAKMP) message exchange of an R-U-THERE message and an R-U-THERE-ACK response.
- ISAKMP Internet Security Association and Key Management Protocol
- the low-level packet exchange by peer nodes will be referred to hereinafter as peer detection messages, peer detection requests, and peer detection responses.
- the service function degradation logic 180 will add metadata to the Network Service Header in a peer detection message.
- the metadata may include a status indicator that allows the service function node 172 to indicate its current status.
- the status indicator may be similar to Hypertext Transfer Protocol (HTTP) response codes, i.e., 1xx for informational codes, 2xx for success codes, 3xx for redirection codes, 4xx for client error codes, and 5xx for server error codes. Sub-codes within the code classes may provide further information describing the status of the service function node 172 .
- the Network Service Header may be integrity protected and encrypted to ensure that the status indicator carried in the metadata of the Network Service Header is not compromised.
- the peer detection message is received by a neighboring peer node, such as the previous service function node 162 in the Service Function Path. Additionally, Service Function Forwarder 170 and/or Service Function Forwarder 160 may receive the peer detection message with the status indicator.
- the Network Service Header may include additional information, such as statistical information on the performance of the service function node 172 . The Service Function Forwarders may use this statistical information to make an informed load distribution decision among the instances of the same service function. Any node that receives a status indicator that a service function node is not able to perform adequately will ensure that existing flows are unaffected, especially if the service functions in the Service Function Path are stateful. Redirection to a new service function node or an alternative Service Function path will typically only be relevant for subsequent flows.
- the service function node 172 may insert the status indicator into the Network Service Header metadata of a peer detection response.
- the service function node 172 may send the status indicator in its own peer detection request, particularly if the service function node 172 wants to immediately notify that it can no longer service packets. This peer detection request may be sent multiple times to handle packet loss and ensure that the status indicator is received by the peer node.
- Service function node 172 configured to perform a service function.
- Service function node 172 includes, among other possible components, a processor 210 to process instructions relevant to processing packets in data flow, and memory 220 to store a variety of data and software instructions (e.g., service function logic 225 , service function degradation logic 180 , etc.)
- the service function node 172 further includes a network interface unit 230 configured to communicate with other computing devices over a computer network.
- Memory 220 may include read only memory (ROM), random access memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible (e.g., non-transitory) memory storage devices.
- the processor 210 is, for example, a microprocessor or microcontroller that executes instructions for implementing the processes described herein.
- the memory 220 may comprise one or more tangible (non-transitory) computer readable storage media (e.g., a memory device) encoded with software comprising computer executable instructions and when the software is executed (e.g., by the processor 210 ) it is operable to perform the operations described herein.
- the service function node 172 may be a physical device or a virtual (software) device. In the latter case, the service function node 172 is embodied as software running on a computer node (e.g., in a datacenter or other environment) through which traffic is directed and for which determinations are made as to how packets are to be routed into a Service Function Chain.
- a computer node e.g., in a datacenter or other environment
- Classifier 140 includes, among other possible components, a processor 310 to process instructions relevant to processing communication packets for a Service Function Chain system, and memory 320 to store a variety of data and software instructions (e.g., Classification logic 330 , Service Function Path degradation logic 190 , communication packets, etc.).
- the classifier 140 also includes a network processor application specific integrated circuit (ASIC) 340 to process communication packets that flow through the classifier device 140 .
- Network processor ASIC 340 processes communication packets be sent to and received from ports 350 , 351 , 352 , 353 , 354 , and 355 . While only six ports are shown in this example, any number of ports may be included in classifier device 140 .
- Memory 320 may include read only memory (ROM), random access memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible (e.g., non-transitory) memory storage devices.
- the processor 310 is, for example, a microprocessor or microcontroller that executes instructions for implementing the processes described herein.
- the memory 320 may comprise one or more tangible (non-transitory) computer readable storage media (e.g., a memory device) encoded with software comprising computer executable instructions and when the software is executed (e.g., by the processor 310 ) it is operable to perform the operations described herein.
- the classifier network device 140 may be a physical device or a virtual (software) device. In the latter case, the classifier network device 140 is embodied as software running on a compute node (e.g., in a datacenter or other environment) through which traffic is directed and for which determinations are made as to how packets are to be routed into a Service Function Chain.
- a compute node e.g., in a datacenter or other environment
- Service function node 162 initiates a peer detection exchange with service function node 172 by sending peer detection request message 410 .
- the peer detection reply 415 may include a status indicator which indicates that the service function node 172 is successfully performing the service function at the time that message 415 is sent.
- the performance of the service function in service function node 172 starts to be degraded at 420 .
- the degradation may be, for example, a slowdown in the processing of packets with the service function. Alternatively, the degradation may be a total inability of the service function node 172 to perform the service function.
- the service function node 172 sends a peer detection reply 435 with a status indicator.
- the status indicator is included in metadata of the Network Service Header of the peer detection reply 435 , and indicates the degradation in the performance of the service function at service function node 172 .
- the Service Function Path includes service functions A, B, and C. Packets in this Service Function Path start at the classifier 140 and proceed to service function A performed at service function node 152 . After service function node 152 , the packets continue to service function B performed at service function node 162 and service function C performed at service function node 172 . After a service function degradation is detected, that information is propagated throughout the Service Function Path to ensure that each node can take the most appropriate action in resolving the degradation. Since the mode of encapsulation of the peer detection messages may vary between peers, the status indicator may be propagated throughout the Service Function Path using different formats. In the example of FIG. 5 , the status indicator is converted from an R-U-THERE exchange to a GRE keepalive exchange.
- the classifier 140 and the service function node 152 are peer nodes that detect each other through a GRE peer detection exchange 510 .
- the service function node 152 and service function node 162 are peer nodes that detect each other through GRE peer detection exchange 512 .
- the service function node 162 and service function node 172 are peer nodes that detect each other through an R-U-THERE message exchange 514 .
- the peer detection exchanges 510 and 512 are in a different format than peer detection exchange 514 , and are typically independent exchanges of low level peer detection request and response messages.
- the peer detection exchanges 510 , 512 , and 514 may be repeated at intervals to allow each node to detect neighboring nodes.
- the performance of the service function C in service function node 172 starts to be degraded at 520 .
- the service function node 172 sends an R-U-THERE message 530 to the service function node 162 and includes a status indicator in the metadata of the Network Service Header in the R-U-THERE message 530 .
- the status indicator indicates that service function C is degraded at service function node 172 .
- the service function node 162 responds with an R-U-THERE-ACK response message 535 to complete the peer detection exchange.
- the service function node 162 may initiate the R-U-THERE peer detection exchange instead of service function node 172 .
- the service function node 172 will include the status indicator in the R-U-THERE-ACK message.
- the service function node 162 propagates the status information back up the Service Function Path to ensure that the most appropriate action is taken by each node in the Service Function Path.
- the service function node 162 inserts a status indicator into the metadata of the Network Service Header of GRE peer detection reply message 545 .
- the status indicator indicates that the service function C is degraded at the service function node 172 .
- the service function node 162 may not wait for the service function node 152 to initiate the GRE keepalive exchange and may send its own GRE keepalive message with the status indicator.
- the service function node 152 propagates the status information up the Service Function Path by sending a GRE peer detection request 550 to the service classifier node 140 .
- the GRE peer detection request 550 includes in a Network Service Header the status indicator that indicates that service function C is degraded at service function node 172 .
- the service classifier 140 completes the GRE peer detection exchange with reply message 555 .
- the service function node 152 may wait for the service classifier 140 to initiate the GRE keepalive peer detection exchange. In this case, the service function node 152 will insert the status indicator into the GRE peer detection reply message.
- FIG. 5 focuses on GRE and R-U-THERE (e.g., Internet Protocol Security (IPSec)) peer detection encapsulation mechanisms
- GRE and R-U-THERE e.g., Internet Protocol Security (IPSec)
- IPSec Internet Protocol Security
- other modes of encapsulation e.g., Virtual Extensible Local Area Network—Generic Protocol Extension (VxLAN-gpe), Ethernet, etc.
- VxLAN-gpe Virtual Extensible Local Area Network—Generic Protocol Extension
- Ethernet etc.
- GRE or IPSec is used to transport the Network Service Header from a connector to the cloud network.
- the Cloud Web Security service may relay its status back to the connector.
- the connector may continue to tunnel into a specified Cloud Web Security data center as long as the Cloud Web Security service is functioning.
- the connector may switch to a suggested alternative data center if it receives a redirection status indicator from the primary data center.
- the address of the alternative data center may be included in the redirection status from the primary data center.
- the connector may switch to a predetermined secondary data center if the Cloud Web Security service returns an error status indicator.
- a flowchart is shown for a process 600 by which a service function node notifies a peer node of a degradation in the performance of a service function.
- the service function node detects degradation in a service function (e.g., a partial or complete inability to process packets in a timely manner) at the node.
- the service function node generates a status indicator that describes the degradation in step 620 .
- the service function node inserts the status indicator into metadata of a Network Service Header in a peer detection packet.
- the peer detection packet may be a GRE keepalive message or a response to a GRE keepalive message from a peer node.
- the service function node forwards the peer detection packet with the status indicator to a neighboring service function node.
- the neighboring service function node i.e., a peer node, may be the initiator or the responder in a GRE keepalive exchange.
- the peer detection packet encapsulates an inner packet including the Network Service Header.
- the Network Service Header will typically be used to encapsulate a payload for the Service Function Chaining system and includes an indication of the particular Service Function Path for the payload.
- a flowchart is shown for a process 700 by which a peer node receives a status indicator of a degraded service function and reacts to the status indicator appropriately.
- a peer node receives a peer detection packet from a service function node.
- the peer node detects a status indicator indicating that the performance of a service function at a service function node is degraded.
- the service function node with degraded performance may be the peer service function node from which the peer detection packet was received. Alternatively, the service function node with degraded performance may be further down the Service Function Path.
- the peer node propagates the status of the degraded service function to a previous node in the Service Function Path, e.g., in another peer detection message, in step 740 . If the peer node is the service classifier, then the peer node/service classifier adjusts the Service Function Path in step 750 . In one example, the service classifier may adjust the Service Function Path by directing subsequent packets in the data flow to a second Service Function Path that does not include degraded service function node.
- the techniques presented herein provide for a mechanism to convey the status of a service function using the Network Service Header of a peer detection message.
- a service function node that receives a Network Service Header with this status information may then react appropriately, e.g., by altering the Service Function Path, or by picking an alternative service function node to provide the service function.
- the liveliness of the service function nodes will be detected.
- the Network Service Header metadata may convey the service function node liveliness to the service classifier, which may change the Service Function Path.
- the Network Service Header metadata may convey the service function node liveliness to a Service Function Forwarder, which may forward data to a different instance of the service function at a different service function node.
- the status of a service function may be relayed within the data plane without any need for a separate control plane.
- the techniques presented herein provide for a computer-implemented method performed at a service function node in a Service Function Path.
- the method comprises detecting degradation in performing the service function.
- the method further comprises generating a status indicator for the degradation in performing the service function and inserting the status indicator into a peer detection packet.
- the peer detection packet encapsulates an inner packet with a network service header that indicates the service function path.
- the computing device forwards the peer detection packet to a neighboring service function device along the service function path.
- the techniques presented herein provide for an apparatus comprising a network interface unit and a processor.
- the network interface unit is configured to communicate with a plurality of (physical or virtual) service function devices in a service function path.
- the processor is configured to perform at least one service function on a data flow that follows the service function path.
- the processor is configured to detect degradation in performing the service function and generate a status indicator for the degradation in performing the service function.
- the processor is further configured to insert the status indicator into a peer detection packet that encapsulates an inner packet.
- the inner packet includes a network service header that indicates the service function path.
- the processor is configured to cause the network interface unit to forward the peer detection packet to a neighboring service function along the service function path.
- the techniques presented herein provide for a computer-implemented method performed at a peer node in a Service Function Path.
- the method comprises receiving a peer detection packet from a (physical or virtual) service function device in the Service Function Path.
- the peer detection packet comprises an inner packet with a network service header.
- the method further comprises detecting a status indicator in the network service header.
- the status indicator indicates degradation in performing a service function at the service function device.
- the method also comprises adjusting the service function path to compensate for the degradation in performing the service function at the service function device.
- a non-transitory computer readable storage media is provided that is encoded with instructions that, when executed by a processor, cause the processor to perform any of the methods described and shown herein.
Abstract
At a service function node configured to perform at least one service function on a data flow that follows a service function path, degradation in performing the service function is detected. The service function node generates a status indicator for the degradation in performing the service function and inserts the status indicator into a peer detection packet. The peer detection packet encapsulates an inner packet with a header that indicates the service function path. The service function node forwards the peer detection packet to a neighboring service function node along the service function path.
Description
- The present disclosure relates to applying service function chains in networks.
- Service Function Chaining enables virtualized networking functions to be implemented as part of a cloud network. A Service Function Chain defines an ordered list of a plurality of service functions (e.g., firewall, compression, intrusion detection/prevention, load balancing, etc.) that may be applied to packet flows in the network. A flow enters the network through a classifier node that generates a Service Function Path for that flow according to the Service Function Chain policy. The classifier node encapsulates each packet of the flow with a Network Service Header that indicates the service functions to which the flow will be subjected, and the order the service functions will be applied.
- Service Function Chaining and Network Service Headers provide a scalable, extensible, and standardized way of sharing metadata between both network nodes and service nodes within a network topology. This allows for disparate nodes that require shared context, but do not communicate directly, to share that context via metadata within the packets traversing the network or service topology.
-
FIG. 1 is a system block diagram showing a Service Function Chain network environment with monitoring of the performance of service functions, according to an example embodiment. -
FIG. 2 is a simplified block diagram of a service function device within the Service Function Chain network environment, according to an example embodiment. -
FIG. 3 is a simplified block diagram of a classifier network element within the Service Function Chain network environment, according to an example embodiment. -
FIG. 4 is a ladder diagram that shows messages passed between peer service function nodes when the performance of one of the service functions is compromised, according to an example embodiment. -
FIG. 5 is a ladder diagram that shows messages passed between nodes in a service function chain when the performance of one of the service functions is compromised, according to an example embodiment. -
FIG. 6 is a flowchart showing the operations of a service function node that suffers from degradation in its ability to perform the service function, according to an example embodiment. -
FIG. 7 is a flowchart showing the operations of a node in a service function path when another node is degraded in its ability to perform a service function, according to an example embodiment. - At a service function node configured to perform at least one service function on a data flow that follows a service function path, degradation in performing the service function is detected. The service function node generates a status indicator for the degradation in performing the service function and inserts the status indicator into a peer detection packet. The peer detection packet encapsulates an inner packet with a header that indicates the service function path. The service function node forwards the peer detection packet to a neighboring service function node along the service function path.
- Service Function Chaining provides both metadata of a data flow and steers the flow to appropriate service functions. The Service Function Chaining encapsulation carries information that identifies a Service Function Path. The Service Function Path comprises an ordered list of service functions that act on the packets in the data flow. In one example, one or more service functions may be unavailable (e.g., the network path is broken) or overloaded (e.g., due to processing other traffic). To determine if the network path to the next service function is available, a service function may use ping-like messages, which operate at a low level. In one example, a Generic Routing Encapsulation (GRE) tunnel may use a GRE keepalive message exchange.
- The techniques described herein provide for carrying additional information regarding the status of the service function beyond a mere link-level “ping” test. Network Service Headers, as defined by various Request for Comments published by the Internet Engineering Task Force (IETF) for example, are used to indicate the status of each service function, and a service function that receives a packet with a Network Service Header carrying this additional information may react appropriately, e.g., using a different Service Function Path or a different service function node.
- Referring now to
FIG. 1 , a simplified block diagram of adata flow system 100 between two endpoint devices is shown. Asource endpoint 110 sends a data flow todestination endpoint 120 through the ServiceFunction Chain system 130.Endpoints 110 and/or 120 may include, for example, smart phones, tablets, laptop computers, desktop computers, virtual machine applications running in a datacenter, or other types of computing devices. ServiceFunction Chain system 130 comprises aservice classifier node 140, network devices (e.g., Service Function Forwarders) 150, 160, and 170.Network device 150 forwards packets in data flows toservice functions Network device 160 forwards packets in data flows toservice function 162.Network device 170 forwards packets in data flows toservice functions - In one example, all of the service function nodes attached to one Service Function Forwarder, such as
service functions network node 150, perform the same service function. The Service Function Forwarder may load balance performance of the service function by sending packets to a plurality of instances of the service function. Alternatively, the service function nodes attached to each Service Function Forwarder may provide different service functions. In another example, each Service Function Forwarder node handles all of the instances of a given service function in a Service Function Path. Alternatively, a service function may be repeated at different Service Function Forwarders, e.g.,service function node 152 may perform the same service function asservice function node 162. -
Service function 172 includes service function (SF)degradation logic 180 to monitor the performance of the service function. Other service functions in addition to theservice function 172 may also include service function degradation logic to monitor their respective performance.Service classifier 140 includes Service FunctionPath degradation logic 190 to determine the performance of the service functions in a particular Service Function Path and handle any degradation in performance. In one example, degradation in performance of a service function may include a complete failure of a service function node such that the service function cannot perform any tasks on any data flows. Alternatively, degradation in performance of the service function may include processing the data flows with the service function more slowly than expected such that a bottleneck at the degraded service function slows the data flow throughout the entire Service Function Path. - In the example shown in
FIG. 1 , the ServiceFunction Chain system 130 is shown with one service classifier, three Service Function Forwarder (SFF) network nodes, and five service function nodes, but the techniques presented herein may be applied to Service Function Chaining systems with any number of SFF network nodes and any number of service functions. Additional network elements, either inside the ServiceFunction Chain system 130 or outside of thesystem 130 may also be included to transmit the flows betweensource endpoint 110 anddestination endpoint 120. Additional service classifiers may also be included in the ServiceFunction Chain system 130, e.g., to handle return data flows from thedestination endpoint 120 to thesource endpoint 110. In another example, one or more of the nodes in the ServiceFunction Chain system 130 may be physical devices or virtual machines running in a data center. - Dead peer detection involves an exchange of low-level packets between two nodes, i.e., peer nodes, to detect whether the nodes remain in communication with each other. Peer nodes may include two service function nodes that perform neighboring service functions in the Service Function Path. The service classifier and the service function node performing the first service function may also be peer nodes. In one example, peer nodes in a Service Function Path use GRE keepalive messages for dead peer detection. Alternatively, peer nodes may use an Internet Security Association and Key Management Protocol (ISAKMP) message exchange of an R-U-THERE message and an R-U-THERE-ACK response. In general, the low-level packet exchange by peer nodes will be referred to hereinafter as peer detection messages, peer detection requests, and peer detection responses.
- If the
service function node 172 is unable to perform its service function(s) or is overloaded in capacity, then the servicefunction degradation logic 180 will add metadata to the Network Service Header in a peer detection message. The metadata may include a status indicator that allows theservice function node 172 to indicate its current status. In one example, the status indicator may be similar to Hypertext Transfer Protocol (HTTP) response codes, i.e., 1xx for informational codes, 2xx for success codes, 3xx for redirection codes, 4xx for client error codes, and 5xx for server error codes. Sub-codes within the code classes may provide further information describing the status of theservice function node 172. In another example, the Network Service Header may be integrity protected and encrypted to ensure that the status indicator carried in the metadata of the Network Service Header is not compromised. - The peer detection message is received by a neighboring peer node, such as the previous
service function node 162 in the Service Function Path. Additionally,Service Function Forwarder 170 and/orService Function Forwarder 160 may receive the peer detection message with the status indicator. The Network Service Header may include additional information, such as statistical information on the performance of theservice function node 172. The Service Function Forwarders may use this statistical information to make an informed load distribution decision among the instances of the same service function. Any node that receives a status indicator that a service function node is not able to perform adequately will ensure that existing flows are unaffected, especially if the service functions in the Service Function Path are stateful. Redirection to a new service function node or an alternative Service Function path will typically only be relevant for subsequent flows. - In another example, the
service function node 172 may insert the status indicator into the Network Service Header metadata of a peer detection response. Alternatively, theservice function node 172 may send the status indicator in its own peer detection request, particularly if theservice function node 172 wants to immediately notify that it can no longer service packets. This peer detection request may be sent multiple times to handle packet loss and ensure that the status indicator is received by the peer node. - Referring now to
FIG. 2 , a simplified block diagram is shown of aservice function node 172 configured to perform a service function.Service function node 172 includes, among other possible components, aprocessor 210 to process instructions relevant to processing packets in data flow, andmemory 220 to store a variety of data and software instructions (e.g.,service function logic 225, servicefunction degradation logic 180, etc.) Theservice function node 172 further includes anetwork interface unit 230 configured to communicate with other computing devices over a computer network. -
Memory 220 may include read only memory (ROM), random access memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible (e.g., non-transitory) memory storage devices. Theprocessor 210 is, for example, a microprocessor or microcontroller that executes instructions for implementing the processes described herein. Thus, in general, thememory 220 may comprise one or more tangible (non-transitory) computer readable storage media (e.g., a memory device) encoded with software comprising computer executable instructions and when the software is executed (e.g., by the processor 210) it is operable to perform the operations described herein. - It is to be understood that the
service function node 172 may be a physical device or a virtual (software) device. In the latter case, theservice function node 172 is embodied as software running on a computer node (e.g., in a datacenter or other environment) through which traffic is directed and for which determinations are made as to how packets are to be routed into a Service Function Chain. - Referring now to
FIG. 3 , a simplified block diagram is shown of aclassifier network device 140 configured to perform the techniques of a classifier node.Classifier 140 includes, among other possible components, aprocessor 310 to process instructions relevant to processing communication packets for a Service Function Chain system, andmemory 320 to store a variety of data and software instructions (e.g.,Classification logic 330, Service FunctionPath degradation logic 190, communication packets, etc.). Theclassifier 140 also includes a network processor application specific integrated circuit (ASIC) 340 to process communication packets that flow through theclassifier device 140.Network processor ASIC 340 processes communication packets be sent to and received fromports classifier device 140. -
Memory 320 may include read only memory (ROM), random access memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible (e.g., non-transitory) memory storage devices. Theprocessor 310 is, for example, a microprocessor or microcontroller that executes instructions for implementing the processes described herein. Thus, in general, thememory 320 may comprise one or more tangible (non-transitory) computer readable storage media (e.g., a memory device) encoded with software comprising computer executable instructions and when the software is executed (e.g., by the processor 310) it is operable to perform the operations described herein. - It is to be understood that the
classifier network device 140 may be a physical device or a virtual (software) device. In the latter case, theclassifier network device 140 is embodied as software running on a compute node (e.g., in a datacenter or other environment) through which traffic is directed and for which determinations are made as to how packets are to be routed into a Service Function Chain. - Referring now to
FIG. 4 , a ladder diagram is shown of peerservice function nodes Service function node 162 initiates a peer detection exchange withservice function node 172 by sending peerdetection request message 410. Thepeer detection reply 415 may include a status indicator which indicates that theservice function node 172 is successfully performing the service function at the time thatmessage 415 is sent. - The performance of the service function in
service function node 172 starts to be degraded at 420. The degradation may be, for example, a slowdown in the processing of packets with the service function. Alternatively, the degradation may be a total inability of theservice function node 172 to perform the service function. In response to the nextpeer detection request 430 from the peerservice function node 162, theservice function node 172 sends apeer detection reply 435 with a status indicator. In one example, the status indicator is included in metadata of the Network Service Header of thepeer detection reply 435, and indicates the degradation in the performance of the service function atservice function node 172. - Referring now to
FIG. 5 , a ladder diagram of peer detection messages exchanged between peers along an entire Service Function Path is shown. In this example, The Service Function Path includes service functions A, B, and C. Packets in this Service Function Path start at theclassifier 140 and proceed to service function A performed atservice function node 152. Afterservice function node 152, the packets continue to service function B performed atservice function node 162 and service function C performed atservice function node 172. After a service function degradation is detected, that information is propagated throughout the Service Function Path to ensure that each node can take the most appropriate action in resolving the degradation. Since the mode of encapsulation of the peer detection messages may vary between peers, the status indicator may be propagated throughout the Service Function Path using different formats. In the example ofFIG. 5 , the status indicator is converted from an R-U-THERE exchange to a GRE keepalive exchange. - In normal operation, the
classifier 140 and theservice function node 152 are peer nodes that detect each other through a GREpeer detection exchange 510. Theservice function node 152 andservice function node 162 are peer nodes that detect each other through GREpeer detection exchange 512. Theservice function node 162 andservice function node 172 are peer nodes that detect each other through an R-U-THEREmessage exchange 514. Thepeer detection exchanges peer detection exchange 514, and are typically independent exchanges of low level peer detection request and response messages. Thepeer detection exchanges - The performance of the service function C in
service function node 172 starts to be degraded at 520. Theservice function node 172 sends an R-U-THEREmessage 530 to theservice function node 162 and includes a status indicator in the metadata of the Network Service Header in the R-U-THEREmessage 530. The status indicator indicates that service function C is degraded atservice function node 172. Theservice function node 162 responds with an R-U-THERE-ACK response message 535 to complete the peer detection exchange. In another example, theservice function node 162 may initiate the R-U-THERE peer detection exchange instead ofservice function node 172. In this case, theservice function node 172 will include the status indicator in the R-U-THERE-ACK message. - The
service function node 162 propagates the status information back up the Service Function Path to ensure that the most appropriate action is taken by each node in the Service Function Path. In response to the next GREpeer detection request 540 by theservice function node 152, i.e., the previous node in the Service Function Path, theservice function node 162 inserts a status indicator into the metadata of the Network Service Header of GRE peerdetection reply message 545. The status indicator indicates that the service function C is degraded at theservice function node 172. In another example, theservice function node 162 may not wait for theservice function node 152 to initiate the GRE keepalive exchange and may send its own GRE keepalive message with the status indicator. - The
service function node 152 propagates the status information up the Service Function Path by sending a GREpeer detection request 550 to theservice classifier node 140. The GREpeer detection request 550 includes in a Network Service Header the status indicator that indicates that service function C is degraded atservice function node 172. Theservice classifier 140 completes the GRE peer detection exchange withreply message 555. In another example, theservice function node 152 may wait for theservice classifier 140 to initiate the GRE keepalive peer detection exchange. In this case, theservice function node 152 will insert the status indicator into the GRE peer detection reply message. - While the description of
FIG. 5 focuses on GRE and R-U-THERE (e.g., Internet Protocol Security (IPSec)) peer detection encapsulation mechanisms, other modes of encapsulation (e.g., Virtual Extensible Local Area Network—Generic Protocol Extension (VxLAN-gpe), Ethernet, etc.) may be used to relay the status of a service function in the Network Service Header. In the context of Cloud Web Security, the techniques presented may be used to relay serviceability of service functions. In one example of Cloud Web Security, GRE or IPSec is used to transport the Network Service Header from a connector to the cloud network. The Cloud Web Security service may relay its status back to the connector. The connector may continue to tunnel into a specified Cloud Web Security data center as long as the Cloud Web Security service is functioning. The connector may switch to a suggested alternative data center if it receives a redirection status indicator from the primary data center. In one example, the address of the alternative data center may be included in the redirection status from the primary data center. Alternatively, the connector may switch to a predetermined secondary data center if the Cloud Web Security service returns an error status indicator. - Referring now to
FIG. 6 , a flowchart is shown for aprocess 600 by which a service function node notifies a peer node of a degradation in the performance of a service function. Instep 610, the service function node detects degradation in a service function (e.g., a partial or complete inability to process packets in a timely manner) at the node. The service function node generates a status indicator that describes the degradation instep 620. Instep 630, the service function node inserts the status indicator into metadata of a Network Service Header in a peer detection packet. The peer detection packet may be a GRE keepalive message or a response to a GRE keepalive message from a peer node. Instep 640, the service function node forwards the peer detection packet with the status indicator to a neighboring service function node. The neighboring service function node, i.e., a peer node, may be the initiator or the responder in a GRE keepalive exchange. - In one example, the peer detection packet encapsulates an inner packet including the Network Service Header. The Network Service Header will typically be used to encapsulate a payload for the Service Function Chaining system and includes an indication of the particular Service Function Path for the payload.
- Referring now to
FIG. 7 , a flowchart is shown for aprocess 700 by which a peer node receives a status indicator of a degraded service function and reacts to the status indicator appropriately. Instep 710, a peer node receives a peer detection packet from a service function node. Instep 720, the peer node detects a status indicator indicating that the performance of a service function at a service function node is degraded. In one example, the service function node with degraded performance may be the peer service function node from which the peer detection packet was received. Alternatively, the service function node with degraded performance may be further down the Service Function Path. - If the peer node is not the service classifier for the Service Function Path, as determined in
step 730, then the peer node propagates the status of the degraded service function to a previous node in the Service Function Path, e.g., in another peer detection message, instep 740. If the peer node is the service classifier, then the peer node/service classifier adjusts the Service Function Path instep 750. In one example, the service classifier may adjust the Service Function Path by directing subsequent packets in the data flow to a second Service Function Path that does not include degraded service function node. - In summary, the techniques presented herein provide for a mechanism to convey the status of a service function using the Network Service Header of a peer detection message. A service function node that receives a Network Service Header with this status information may then react appropriately, e.g., by altering the Service Function Path, or by picking an alternative service function node to provide the service function. In this way, the liveliness of the service function nodes will be detected. Additionally, the Network Service Header metadata may convey the service function node liveliness to the service classifier, which may change the Service Function Path. Further, the Network Service Header metadata may convey the service function node liveliness to a Service Function Forwarder, which may forward data to a different instance of the service function at a different service function node. In these examples, the status of a service function may be relayed within the data plane without any need for a separate control plane.
- In one form, the techniques presented herein provide for a computer-implemented method performed at a service function node in a Service Function Path. At a network device or a computing device configured to perform at least one service function on a data flow that follows a service function path, the method comprises detecting degradation in performing the service function. The method further comprises generating a status indicator for the degradation in performing the service function and inserting the status indicator into a peer detection packet. The peer detection packet encapsulates an inner packet with a network service header that indicates the service function path. The computing device forwards the peer detection packet to a neighboring service function device along the service function path.
- In another form, the techniques presented herein provide for an apparatus comprising a network interface unit and a processor. The network interface unit is configured to communicate with a plurality of (physical or virtual) service function devices in a service function path. The processor is configured to perform at least one service function on a data flow that follows the service function path. The processor is configured to detect degradation in performing the service function and generate a status indicator for the degradation in performing the service function. The processor is further configured to insert the status indicator into a peer detection packet that encapsulates an inner packet. The inner packet includes a network service header that indicates the service function path. The processor is configured to cause the network interface unit to forward the peer detection packet to a neighboring service function along the service function path.
- In yet another form, the techniques presented herein provide for a computer-implemented method performed at a peer node in a Service Function Path. The method comprises receiving a peer detection packet from a (physical or virtual) service function device in the Service Function Path. The peer detection packet comprises an inner packet with a network service header. The method further comprises detecting a status indicator in the network service header. The status indicator indicates degradation in performing a service function at the service function device. The method also comprises adjusting the service function path to compensate for the degradation in performing the service function at the service function device.
- In still another form, a non-transitory computer readable storage media is provided that is encoded with instructions that, when executed by a processor, cause the processor to perform any of the methods described and shown herein.
- The above description is intended by way of example only. Various modifications and structural changes may be made therein without departing from the scope of the concepts described herein and within the scope and range of equivalents of the claims.
Claims (20)
1. A method comprising:
at a computing device configured to perform at least one service function on a data flow that follows a service function path, detecting a degradation in performing the service function;
generating a status indicator for the degradation in performing the service function;
inserting the status indicator into a peer detection packet, the peer detection packet encapsulating an inner packet with a header that indicates the service function path; and
forwarding the peer detection packet to a neighboring service function device along the service function path.
2. The method of claim 1 , wherein the status indicator is inserted as metadata in a network service header of the inner packet of the peer detection packet.
3. The method of claim 1 , further comprising inserting service function statistical information into the network service header, wherein the service function statistical information describes the performance level of the computing device in performing the at least one service function.
4. The method of claim 1 , wherein the status indicator indicates one or more of a success status, a redirection status, or a server error status.
5. The method of claim 1 , further comprising:
receiving a peer detection request packet from the neighboring service function device; and
replying to the peer detection request packet with the peer detection packet including the status code.
6. The method of claim 1 , wherein the peer detection packet comprises a Generic Routing Encapsulation (GRE) keepalive notification packet, a GRE response packet, an Internet Security Association and Key Management Protocol (ISAKMP) R-U-THERE message, or an ISAKMP R-U-THERE-ACK message.
7. An apparatus comprising:
a network interface unit configured to communicate with a plurality of service function devices in a service function path; and
a processor configured to:
perform at least one service function on a data flow that follows the service function path;
detect a degradation in performing the service function;
generate a status indicator for the degradation in performing the service function;
insert the status indicator into a peer detection packet, the peer detection packet encapsulating an inner packet with a header that indicates the service function path; and
cause the network interface unit to forward the peer detection packet to a neighboring service function device along the service function path.
8. The apparatus of claim 7 , wherein the processor is configured to insert the status indicator as metadata in a network service header of the inner packet of the peer detection packet.
9. The apparatus of claim 7 , wherein the status indicator indicates one or more of a success status, a redirection status, or a server error status.
10. The apparatus of claim 7 , wherein the processor is further configured to:
receive a peer detection request packet, via the network interface unit, from the neighboring service function device; and
cause the network interface unit to reply to the peer detection request packet with the peer detection packet including the status indicator.
11. The apparatus of claim 7 , wherein the peer detection packet comprises a Generic Routing Encapsulation (GRE) keepalive notification packet, a GRE response packet, an Internet Security Association and Key Management Protocol (ISAKMP) R-U-THERE message, or an ISAKMP R-U-THERE-ACK message.
12. A method comprising:
receiving a peer detection packet from a service function device in a service function path, the peer detection packet comprising an inner packet with a header;
detecting an status indicator in the header, the status indicator indicating a degradation in performing a service function at the service function device; and
adjusting the service function path to compensate for the degradation in performing the service function at the service function device.
13. The method of claim 12 , wherein the status indicator is detected as metadata in a network service header.
14. The method of claim 12 , wherein the status indicator indicates one or more of a success status, a redirection status, or a server error status.
15. The method of claim 14 , further comprising:
responsive to the status indicator indicating a redirection status, adjusting the service function path by redirecting future data flows to an alternative data center as indicated in the redirection status; and
responsive to the status indicator indicating a server error status, adjusting the service function path by redirecting the future data flows to a predetermined secondary data center.
16. The method of claim 12 , wherein adjusting the service function path comprises sending a new peer detection packet to a previous device in the service function path.
17. The method of claim 16 , wherein the previous device is a previous service function device, a service function classifier device, or service function forwarder device.
18. The method of claim 12 , wherein adjusting the service function path comprises classifying a data flow into a new service function path that avoids the service function device.
19. The method of claim 12 , wherein adjusting the service function path comprises providing the service function from a different service function device.
20. The method of claim 19 , further comprising determining the different service function device based on service function statistical information in the header.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/058,259 US20170257310A1 (en) | 2016-03-02 | 2016-03-02 | Network service header (nsh) relaying of serviceability of a service function |
US16/558,367 US11343178B2 (en) | 2016-03-02 | 2019-09-03 | Network service header (NSH) relaying of serviceability of a service function |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/058,259 US20170257310A1 (en) | 2016-03-02 | 2016-03-02 | Network service header (nsh) relaying of serviceability of a service function |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/558,367 Division US11343178B2 (en) | 2016-03-02 | 2019-09-03 | Network service header (NSH) relaying of serviceability of a service function |
Publications (1)
Publication Number | Publication Date |
---|---|
US20170257310A1 true US20170257310A1 (en) | 2017-09-07 |
Family
ID=59724429
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/058,259 Abandoned US20170257310A1 (en) | 2016-03-02 | 2016-03-02 | Network service header (nsh) relaying of serviceability of a service function |
US16/558,367 Active US11343178B2 (en) | 2016-03-02 | 2019-09-03 | Network service header (NSH) relaying of serviceability of a service function |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/558,367 Active US11343178B2 (en) | 2016-03-02 | 2019-09-03 | Network service header (NSH) relaying of serviceability of a service function |
Country Status (1)
Country | Link |
---|---|
US (2) | US20170257310A1 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180241680A1 (en) * | 2017-01-30 | 2018-08-23 | Sandvine Incorporated Ulc | System and method for traffic steering and analysis |
US10158565B2 (en) * | 2016-08-26 | 2018-12-18 | Cisco Technology, Inc. | Network services across non-contiguous subnets of a label switched network separated by a non-label switched network |
US20190140950A1 (en) * | 2016-07-01 | 2019-05-09 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for forwarding packet in service function chaining sfc |
US20190222521A1 (en) * | 2016-09-30 | 2019-07-18 | Nokia Solutions And Networks Oy | Controlling service function chaining |
CN112988434A (en) * | 2019-12-13 | 2021-06-18 | 中国银联股份有限公司 | Service fuse, service fusing method and computer-readable storage medium |
US11095546B2 (en) * | 2016-05-30 | 2021-08-17 | Huawei Technologies Co., Ltd. | Network device service quality detection method and apparatus |
US11343178B2 (en) | 2016-03-02 | 2022-05-24 | Cisco Technology, Inc. | Network service header (NSH) relaying of serviceability of a service function |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220150160A1 (en) * | 2020-11-06 | 2022-05-12 | Juniper Networks, Inc. | Backup service function notification and synchronization |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7895425B2 (en) | 2007-08-03 | 2011-02-22 | Cisco Technology, Inc. | Operation, administration and maintenance (OAM) in a service insertion architecture (SIA) |
KR20100099838A (en) | 2009-03-04 | 2010-09-15 | 삼성전자주식회사 | Apparatus and method for transmitting coexistence beacon protocol packet in corgnitive radio wireless communication system |
US20130346593A1 (en) | 2012-06-22 | 2013-12-26 | Nokia Corporation | Method and apparatus for providing transition to an alternate service based on performance degradation of an initial service |
US9444675B2 (en) * | 2013-06-07 | 2016-09-13 | Cisco Technology, Inc. | Determining the operations performed along a service path/service chain |
US9825856B2 (en) | 2014-01-06 | 2017-11-21 | Futurewei Technologies, Inc. | Service function chaining in a packet network |
CN105471725B (en) | 2014-08-05 | 2019-01-22 | 新华三技术有限公司 | Pass through the method for routing and device of autonomous system |
US9621520B2 (en) | 2015-03-19 | 2017-04-11 | Cisco Technology, Inc. | Network service packet header security |
US20170257310A1 (en) | 2016-03-02 | 2017-09-07 | Cisco Technology, Inc. | Network service header (nsh) relaying of serviceability of a service function |
-
2016
- 2016-03-02 US US15/058,259 patent/US20170257310A1/en not_active Abandoned
-
2019
- 2019-09-03 US US16/558,367 patent/US11343178B2/en active Active
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11343178B2 (en) | 2016-03-02 | 2022-05-24 | Cisco Technology, Inc. | Network service header (NSH) relaying of serviceability of a service function |
US11095546B2 (en) * | 2016-05-30 | 2021-08-17 | Huawei Technologies Co., Ltd. | Network device service quality detection method and apparatus |
US20190140950A1 (en) * | 2016-07-01 | 2019-05-09 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for forwarding packet in service function chaining sfc |
US11075839B2 (en) * | 2016-07-01 | 2021-07-27 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for forwarding packet in service function chaining SFC |
US11671364B2 (en) | 2016-07-01 | 2023-06-06 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for forwarding packet in service function chaining SFC |
US10158565B2 (en) * | 2016-08-26 | 2018-12-18 | Cisco Technology, Inc. | Network services across non-contiguous subnets of a label switched network separated by a non-label switched network |
US10728142B2 (en) * | 2016-08-26 | 2020-07-28 | Cisco Technology, Inc. | Network services across non-contiguous subnets of a label switched network separated by a non-label switched network |
US20190222521A1 (en) * | 2016-09-30 | 2019-07-18 | Nokia Solutions And Networks Oy | Controlling service function chaining |
US11671372B2 (en) * | 2016-09-30 | 2023-06-06 | Nokia Solutions And Networks Oy | Controlling service function chaining |
US20180241680A1 (en) * | 2017-01-30 | 2018-08-23 | Sandvine Incorporated Ulc | System and method for traffic steering and analysis |
US10778586B2 (en) * | 2017-01-30 | 2020-09-15 | Sandvince Corporation | System and method for traffic steering and analysis |
CN112988434A (en) * | 2019-12-13 | 2021-06-18 | 中国银联股份有限公司 | Service fuse, service fusing method and computer-readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
US20200007438A1 (en) | 2020-01-02 |
US11343178B2 (en) | 2022-05-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11343178B2 (en) | Network service header (NSH) relaying of serviceability of a service function | |
US20200259834A1 (en) | Fast heartbeat liveness between packet processing engines using media access control security (macsec) communication | |
CN109391560B (en) | Network congestion notification method, proxy node and computer equipment | |
US20180123910A1 (en) | Minimally invasive monitoring of path quality | |
CN107078963B (en) | Route tracing in virtual extensible local area networks | |
EP3506565B1 (en) | Packet loss detection for user datagram protocol (udp) traffic | |
US20170054640A1 (en) | Device and method for establishing connection in load-balancing system | |
CN113326228B (en) | Message forwarding method, device and equipment based on remote direct data storage | |
US20220029900A1 (en) | Detecting sources of computer network failures | |
US10027627B2 (en) | Context sharing between endpoint device and network security device using in-band communications | |
US11463345B2 (en) | Monitoring BGP routes of a device in a network | |
US20200076724A1 (en) | Path management for segment routing based mobile user-plane using seamless bfd | |
US20130054817A1 (en) | Disaggregated server load balancing | |
US20230216788A1 (en) | Systems and methods for securing network paths | |
US9106546B1 (en) | Explicit congestion notification in mixed fabric network communications | |
CN111641545B (en) | Tunnel detection method and device, equipment and storage medium | |
Rajaboevich et al. | Analysis of methods for measuring available bandwidth and classification of network traffic | |
CN113452663B (en) | Network Service Control Based on Application Characteristics | |
US8855141B2 (en) | Methods, systems, and computer readable media for utilizing metadata to detect user datagram protocol (UDP) packet traffic loss | |
US9455911B1 (en) | In-band centralized control with connection-oriented control protocols | |
US8660143B2 (en) | Data packet interception system | |
US20230379363A1 (en) | Proxy detection systems and methods | |
KR101892272B1 (en) | Apparatus and method of failure classification based on bidirectional forwarding detection protocol | |
US10469377B2 (en) | Service insertion forwarding | |
KR101466944B1 (en) | Method for controlling application data and network device thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PATIL, PRASHANTH;REDDY, K. TIRUMALESWAR;STITES, STEVEN RICHARD;AND OTHERS;SIGNING DATES FROM 20160224 TO 20160225;REEL/FRAME:037868/0815 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |