WO2018174759A1 - Apparatuses, methods, computer programs and computer program products for service function chaining - Google Patents

Apparatuses, methods, computer programs and computer program products for service function chaining Download PDF

Info

Publication number
WO2018174759A1
WO2018174759A1 PCT/SE2017/050281 SE2017050281W WO2018174759A1 WO 2018174759 A1 WO2018174759 A1 WO 2018174759A1 SE 2017050281 W SE2017050281 W SE 2017050281W WO 2018174759 A1 WO2018174759 A1 WO 2018174759A1
Authority
WO
WIPO (PCT)
Prior art keywords
service function
packet
service
memory
memory block
Prior art date
Application number
PCT/SE2017/050281
Other languages
French (fr)
Inventor
Daniel TURULL
Vinay YADHAV
Chakri PADALA
Ganapathy Raman MADANAGOPAL
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/SE2017/050281 priority Critical patent/WO2018174759A1/en
Publication of WO2018174759A1 publication Critical patent/WO2018174759A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/64Routing or path finding of packets in data switching networks using an overlay routing layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/306Route determination based on the nature of the carried application

Definitions

  • TECHNIMAL FIELD [001] Disclosed are embodiments related to service function chaining.
  • a network service function (or "service function" for short) is an entity (e.g., software module) in a network node that is responsible for processing (e.g., modifying, dropping, encrypting, decrypting, etc.) network packets that the service function receives.
  • the service function is also responsible for forwarding the processed packets toward the intended destination (e.g., forwarding the processed packet to another service function).
  • the service function may process the received packets at one or multiple network/OSI layer(s) based on the intended functionality. There can be multiple such service functions in a network with each providing the same set of functionalities or a different set of functionalities.
  • a packet may be required to "traverse" a series of service functions - that is, there may be a policy rule indicating that certain types of packets (or all packets) must be processed by each one of a series of service functions.
  • An ordered set of service functions that a packet must traverse is called a service function chain (or "service chain” for short).
  • a packet or a series of packets (a.k.a., "packet flow” or "flow”) might be required to traverse one or more certain service chains.
  • a different dedicated hardware device is configured to implement each different service function in a service chain.
  • a dedicated hardware device is commonly referred to as a "middlebox.”
  • middlebox there may be many middleboxes in a network having many service chains where each service chain comprises many service functions.
  • one or more virtual machines may be used to implement the service functions of a service chain.
  • VMs virtual machines
  • a packet that traverses a service chain implemented using VMs needs to be transferred between the different VMs in order to be processed by the different service functions.
  • the Master When data received by the Master from a first Worker of a service chain must be sent to a second Worker of the chain, the Master will make a copy of the processed packet stored in the buffer shared with the first Worker and store this copy in the buffer shared with the second Worker, as each Worker has access only to its own buffer.
  • the service chaining embodiments disclosed herein do not suffer from the inefficiencies of the prior systems, like the one disclosed in Cerrato.
  • a packet that is required to traverse a certain service chain i.e., that must be processed by each service function that is included in the service chain
  • the device stores the packet (or a part of the packet) in a memory block of a shared memory pool controlled by a memory controller.
  • the memory controller is configured such that each service function of the service chain is granted access to read from and/or write to the memory block.
  • the packet does not have to be copied from one memory block to another memory block in order for the packet to traverse the service chain.
  • overhead is significantly reduced, which leads to a reduction in the latency in the processing of packets as the packets traverse the service chain.
  • the method begins with a network interface module (NIM) receiving a first packet, which comprises a header and payload.
  • NIM network interface module
  • the NIM determines that a first service chain should process the first packet, wherein the first service chain comprises a first set of service functions (SFs) comprising SF1 and SF2.
  • SFs service functions
  • determining that the first service chain should process the first packet comprises the classifier examining at least the header of the first packet to determine whether the first service chain should process the first packet. More specifically, for example, classifier may extract information from the header of the packet and use this extracted information together with configuration data to determine whether the extracted information is mapped to a service chain.
  • the process further includes the NIM storing at least a portion of the first packet in a memory block of memory pool (e.g., the entire packet or one or more sub portions are stored in the memory block).
  • storing at least a portion of the first packet in the memory block comprises the NIM transmitting, to the memory pool via an interconnect, at least the portion of the first packet, wherein the memory controller selects a memory block and places at least the portion of the first packet in the memory block. The memory controller may then transmit to the NIM a pointer to the selected memory block so that the NIM can inform at least SF1 of the location of packet (or the portion of the packet) in the memory pool.
  • the method further includes a step in which the memory controller is configured to allow both SF1 and SF2 to write to and read from the memory block.
  • the step of configuring the memory controller to allow SF1 and SF2 to write to and read from the memory block is performed by the NIM as a result of the NIM determining that the received packet should traverse the first service chain.
  • the memory block is a memory block reserved for the first service chain, and the step of configuring the memory controller to allow SF1 and SF2 to write to and read from the memory block is performed before the first packet is received.
  • configuring the memory controller to allow both SFl and SF2 to write to and read from the memory block comprises the NIM transmitting to the memory controller a message comprising at least one of: i) first identification information comprising a first service function identifier (ID) identifying SFl and a second service function ID identifying SF2 and ii) second identification information comprising a first processor ID identifying a processor that executes SFl and a second processor ID identifying a processor that executes SF2.
  • the method further includes, triggering SFl to process the first packet (e.g., the
  • NIM sends a notification message to SFl or an interrupt to processor PI, which implements SFl) as a result of determining that the first service chain should process the first packet.
  • the first service function sends to the memory controller a first memory access request to access the memory block.
  • the memory controller determines whether the first service function is authorized to access the memory block and allowing the first service function to access the memory block in response to a determination that the first service function is authorized to access the memory block.
  • the method further includes triggering the second service function to process the first packet after the first service function accesses the memory block.
  • the second service function sends to the memory controller a second memory access request to access the memory block.
  • the memory controller determines whether the second service function is authorized to access the memory block and allowing the second service function to access the memory block in response to a determination that the second service function is authorized to access the memory block.
  • the method further includes providing at least a portion of the first packet to the first service function as a result of determining that the first service chain should process the first packet.
  • providing at least a portion of the first packet to the first service function as a result of determining that the first service chain should process the first packet comprises storing at least a header of the first packet in a memory that is local to a processor that executes the first service function.
  • the method for service chaining is performed by a network interface module (NIM) and the method includes: receiving a first packet comprising a header and payload; determining that a first service chain should process the first packet, the first service chain comprising a first set of service functions comprising a first service function and a second service function; storing at least a portion of the first packet in a memory block of a memory pool controlled by a memory controller; as a result of determining that the first service chain should process the first packet, triggering the first service function to process the first packet; and configuring the memory controller to allow both the first service function and the second service function to write to and read from the memory block.
  • NIM network interface module
  • a distinct advantage of the above described embodiment is that it reduces overhead, thereby reducing latency, by reducing the number of time a packet needs to be copied.
  • FIG. 1 is a functional block diagram of an apparatus according to some embodiments.
  • FIG. 2 is a diagram illustrating hardware components of an apparatus according to some embodiments.
  • FIG. 3 is a flow chart illustrating a process according to some embodiments.
  • FIG. 4 illustrates an example use case.
  • FIG. 5 is a flow chart illustrating a process according to some embodiments.
  • FIG. 6 is a flow chart illustrating a process according to some embodiments.
  • FIG. 7 is a block diagram of a network interface module according to some embodiments.
  • FIG. 8 is a block diagram of a memory controller according to some embodiments.
  • FIG. 9 illustrates functional modules of a network interface module according to some embodiments.
  • FIG. 1 is a functional block diagram of an apparatus 100 according to some embodiments.
  • Apparatus 100 includes a network interface module (NIM) 102 that is connected (directly or indirectly) to a packet network 110 (e.g., the Internet) and to a memory pool 104 having a memory controller 106 for controlling access to memory blocks 108 in memory pool 104.
  • NIM network interface module
  • Apparatus 100 further includes multiple service functions.
  • apparatus 100 includes at least three service functions: SF1, SF2, and SF3.
  • SF1, SF2, and SF3 service functions
  • each of the service functions SF1, SF2 and SF3 is part of one or more services chains.
  • a first service chain may comprise or consists of SF1->SF2
  • a second service chain may comprise or consist of SF2->SF3.
  • FIG. 2 illustrates an example hardware implementation of apparatus 100.
  • the example hardware implementation is a disaggregated system 200.
  • apparatus 100 may be implemented using other hardware architectures.
  • disaggregated system 200 includes a pool of network interface modules (NIMs) comprising at least NIM 102, which comprises at least one network interface 204 (e.g., an Ethernet interface) for connecting NIM 102 to network 110 and a classifier 206 for classifying packets received from network 110 via interface 204.
  • NIMs network interface modules
  • System 200 further includes an interconnect 210, a memory pool 104 and a processor pool 220 comprising a one or more processors.
  • processor pool 220 includes the following n processors: PI, P2, P3, Pn.
  • the processor pool 200 contains a local memory for each processor.
  • Each processor of processor pool 220 may execute one or more service functions (e.g., each processor may execute code that implements a service function).
  • the interconnect 210 functions to interconnect NIM 102, memory pool 104 and each of the processors of processor pool 220.
  • the NIM 102 contains an input/out (I/O) unit 208 for interfacing NIM 102 to interconnect 210.
  • I/O input/out
  • a possible example is a PCIe interface with MR-IOV that enables the communication between different components of system 200.
  • the classifier 206 is configured to examine packets received via interface 204 to identify the service chain(s), if any, that the packets need to traverse. Additionally, classifier 206 interacts with the memory controller 106 in the memory pool 104 to store a received packet (or at least part of a received packet) in a memory region (a.k.a., "memory block") of memory pool 204. The memory controller 106 oversees allowing/denying access to specific regions ("blocks”) in the memory pool 104.
  • FIG. 3 is a flow chart that illustrates a process 300, according to some embodiments.
  • Process 300 may begin in step 302, in which NIM 102 receives a packet (e.g., a packet is received at NIM 102 via interface 204).
  • a packet e.g., a packet is received at NIM 102 via interface 204.
  • NIM 102 (e.g., classifier 206) examines the packet (e.g., examines a header of the packet such as an IP header or TCP header) to determine the service chain (i.e., the ordered set of service functions) that should process the packet, if any.
  • NIM 102 may be have configuration data (e.g., policy rule) that maps packet information to a service chain for processing the packet from which the packet information was obtained.
  • the configuration data may include a table that maps a well-known TCP port number (e.g., 80) to a particular service chain (e.g., a service chain for processing HTTP packets).
  • NIM 102 may examine the TCP header of the received packet to determine the TCP destination port number and then use the determined TCP destination port number and configuration data to determine whether any service chains are mapped to the port number and to identify the mapped service chains.
  • the configuration data may be created by an administrator or an orchestrator tool.
  • NIM 102 stores the packet in a memory block of memory pool 104
  • NIM 102 utilizes the interconnect 210 to transmit the packet to memory controller 106, which then places the packet in a memory block.
  • NIM 102 may instruct memory controller 106 to place the packet in a specific memory block reserved for the service chain determined in step 304.
  • the memory controller 106 places the packet in an arbitrary memory block and provides to NIM 102 a pointer to the memory block.
  • NIM 102 stores the header of the in a memory that is local to the processor that executes the first service function of the determined service chain.
  • NIM 102 configures memory controller 106 to allow each service function of the determined service chain to access (read and/or write) the memory block that contains the packet. For instance, in one embodiment, NIM 102 determines the processor ID of each processor that executes one of the service chains and provides to memory controller configuration settings 401 (see FIG. 4) that include the determined processor IDs and an instruction to configure its access control module (not shown) to allow the identified processors to access the memory block. In another embodiment, NIM 102 the configuration settings 401 include the IDs of the service functions that comprise the service chain and an instruction to configure the access control module to allow the identified service functions to access the memory block. In some embodiments, this step is performed before step 302.
  • NIM 102 triggers the first service function (SF) to process the packet (e.g. process the packet's header). For example, in step 310, NIM 102 may send a notification to the first SF in the service chain, which notification triggers the first service function (SF) to process the packet.
  • the notification may be in the form of an interrupt or a notification message.
  • the notification may include the pointer or may trigger the first SF to obtain the pointer (e.g., request the pointer from NIM 102).
  • the first SF may obtain a pointer to this memory block from a location configuration data (e.g., a local configuration file).
  • step 312 once the first service function is triggered, the first service function accesses the packet (e.g., access the header of the packet) and, depending on how the first service function is configured, the service function may modify the packet. The modification could be performed on the local copy of the header or on the packet stored in the memory pool.
  • step 314 a determination is made as to whether the packet must be processed by further SFs in the service chain. This determination may be made by the current notified SF in the service chain or the NIM 102. If it is determined that the packet must be processed by further SFs in the service chain, then a further notification is sent to the next SF in the chain when the current notified SF finishes its processing (step 316). This further notification may come from NIM 102 or it may come from the current notified SF, as is illustrated in FIG. 4. If there are no further SFs in the chain, then in step 318 the memory block storing the packet may be released.
  • FIG. 5 An example use case is illustrated in FIG. 5.
  • SCs service chains
  • a first SC that consists of SFl followed by SF2 (as shown by the dotted line)
  • a second SC that consists of SF2 followed by SF3 (as shown by the strong line).
  • packet A and packet B two packets have arrived into the system.
  • classifier 206 determines that packet A should be processed by the first SC (i.e., processed by SFl and then processed by SF2). This determination in this use case is based on a policy information and information obtained from one or more headers of packet A (e.g., an IP header and a TCP header). For example, classifier 206 determines whether the information obtained from packet A matches a policy rule and, if so, classifier then determines whether the policy rule identifies one more service chains that must be invoked to process packet A. In this example, classifier 206 has determined that the first SC must be invoked.
  • a policy information and information obtained from one or more headers of packet A e.g., an IP header and a TCP header.
  • classifier 206 determines whether the information obtained from packet A matches a policy rule and, if so, classifier then determines whether the policy rule identifies one more service chains that must be invoked to process packet A. In this example, classifier 206 has determined that the first SC must be invoked.
  • Classifier 206 in this use case, stores packet A in memory block 501, instructs memory controller 106 to allow PI, which executes SFl, and P2, which executes SF2, to access memory block 501, and sends a signal to PI to activate SFl. Additionally, at least the headers of packet A are stored in the local memory 221 that is accessible to the processor PI. In the case of packet B, classifier 206 matches packet B to the second SC, instructs the memory controller 106 to enable P2 and P3 to access memory block 502, which is the memory block in which packet B is stored, and sends a signal to P2 to activate SF2. Upon activation, SFl and SF2 will begin the process or processing packet A and packet B, respectively.
  • SF1 when SF1 has finished processing packet A, SF1 signals SF2 (i.e. the next SF in the first SC) to process the header and/or the payload stored in memory block 501, and when SF2 finishes processing packet A, SF2 signals NIM 102, which then transmits the processed packet A to another node.
  • SF2 when SF2 has finished processing packet B, SF2 signals SF3 (i.e. the next SF in the second SC) to process the header and/or the payload stored in memory block 502, and when SF3 finishes processing packet B, SF3 signals NIM 102, which then transmits the processed packet B to another node.
  • FIG. 6 is another flow chart illustrating a service chaining process 600 according to some embodiments.
  • process 600 may begin with step 602, in which NIM 102 receives a first packet, which comprises a header and payload.
  • NIM 102 determines that a first service chain should process the first packet, wherein the first service chain comprises a first set of service functions comprising SF1 and SF2.
  • determining that the first service chain should process the first packet comprises classifier 106 examining at least the header of the first packet to determine whether the first service chain should process the first packet, as described above. More specifically, for example classifier may extract information from the header of the packet and use this extracted information together with configuration data to determine whether the extracted information is mapped to a service chain.
  • NIM 102 stores at least a portion of the first packet in a memory block of memory pool 104.
  • storing at least a portion of the first packet in the memory block comprises NIM 102 transmitting, to the memory pool via interconnect 210, at least the portion of the first packet, wherein the memory controller selects a memory block and places at least the portion of the first packet in the memory block. The memory controller may then transmit to the NIM a pointer to the selected memory block so that the NIM can inform at least SF1 of the location of packet (or the portion of the packet) in the memory pool.
  • process 600 further includes step 607, in which memory controller 106 is configured to allow both SF1 and SF2 to write to and read from the memory block.
  • the step of configuring memory controller 106 to allow SF1 and SF2 to write to and read from the memory block is performed by NIM 102 as a result of NIM 102 determining that the received packet should traverse the first service chain.
  • the memory block is a memory block reserved for the first service chain, and the step of configuring memory controller 106 to allow SF1 and SF2 to write to and read from the memory block is performed before the first packet is received.
  • configuring memory controller 106 to allow both SF1 and SF2 to write to and read from the memory block comprises NIM 102 transmitting to memory controller 106 a message comprising at least one of: i) first identification information comprising a first service function identifier (ID) identifying SF1 and a second service function ID identifying SF2 and ii) second identification information comprising a first processor ID identifying a processor that executes SF1 (i.e., processor PI) and a second processor ID identifying a processor that executes SF2 (i.e., processor P2).
  • step 608 as a result of determining that the first service chain should process the first packet, SF1 is triggered to process the first packet (e.g., NIM 102 sends a notification message to SF1 or an interrupt to processor PI, which implements SF1).
  • SF1 is triggered to process the first packet (e.g., NIM 102 sends a notification message to SF1 or an interrupt to processor PI, which implements SF1).
  • step 610 after the first service function is triggered, the first service function sends to the memory controller a first memory access request to access the memory block.
  • step 612 in response to the first memory access request, the memory controller determining whether the first service function is authorized to access the memory block and allowing the first service function to access the memory block in response to a determination that the first service function is authorized to access the memory block.
  • step 614 after the first service function accesses the memory block, triggering the second service function to process the first packet.
  • step 616 after the second service function is triggered, the second service function sends to the memory controller a second memory access request to access the memory block.
  • step 618 in response to the second memory access request, the memory controller determining whether the second service function is authorized to access the memory block and allowing the second service function to access the memory block in response to a determination that the second service function is authorized to access the memory block.
  • FIG. 7 is a block diagram of NIM 102 according to some embodiments. As shown in FIG.
  • NIM 102 may comprise: a data processing apparatus (DPA) 702, which may include one or more processors (P) 755 (e.g., a general purpose microprocessor and/or one or more other processors, such as an application specific integrated circuit (ASIC), field- programmable gate arrays (FPGAs), and the like); I/O unit 208; network interface 204, which comprises a transmitter (Tx) 745 and a receiver (Rx) 747 for enabling NIM 102 to transmit data to and receive data from other nodes connected to network 110 (e.g., an Internet Protocol (IP) network) to which network interface 204 is connected; and local storage unit (a.k.a., "data storage system”) 708, which may include one or more non-volatile storage devices and/or one or more volatile storage devices (e.g., random access memory (RAM)).
  • DPA data processing apparatus
  • P processors
  • P e.g., a general purpose microprocessor and/or one or more other processors, such as
  • CPP 741 includes a computer readable medium (CRM) 742 storing a computer program (CP) 743 comprising computer readable instructions (CRI) 744.
  • CRM 742 may be a non-transitory computer readable medium, such as, but not limited, to magnetic media (e.g., a hard disk), optical media, memory devices (e.g., random access memory), and the like.
  • the CRI 744 of computer program 743 is configured such that when executed by data processing apparatus 702, the CRI causes NIM 102 to perform steps described herein (e.g., steps described herein with reference to the flow charts).
  • NIM 102 may be configured to perform steps described herein without the need for code. That is, for example, data processing apparatus 702 may consist merely of one or more ASICs. Hence, the features of the embodiments described herein may be implemented in hardware and/or software.
  • FIG. 8 is a block diagram of memory controller 106 according to some embodiments.
  • memory controller 106 may comprise: a data processing apparatus (DPA) 802, which may include one or more processors (P) 855 (e.g., a general purpose microprocessor and/or one or more other processors, such as an application specific integrated circuit (ASIC), field-programmable gate arrays (FPGAs), and the like); first I/O unit 847 for enabling memory controller 106 to transmit data to and receive data from other nodes connected to interconnect 210 to which I/O unit 847 is connected; a second I/O unit 848 for enabling memory controller to write data to and read data from memory blocks 108; and local storage unit (a.k.a., "data storage system”) 808, which may include one or more non-volatile storage devices and/or one or more volatile storage devices (e.g., random access memory (RAM)).
  • DPA data processing apparatus
  • P processors
  • ASIC application specific integrated circuit
  • FPGAs field-programmable
  • CPP 841 includes a computer readable medium (CRM) 842 storing a computer program (CP) 843 comprising computer readable instructions (CRI) 844.
  • CRM 842 may be a non-transitory computer readable medium, such as, but not limited, to magnetic media (e.g., a hard disk), optical media, memory devices (e.g., random access memory), and the like.
  • the CRI 844 of computer program 843 is configured such that when executed by data processing apparatus 802, the CRI causes memory controller 106 to perform steps described herein (e.g., steps described herein with reference to the flow charts).
  • memory controller 106 may be configured to perform steps described herein without the need for code. That is, for example, data processing apparatus 802 may consist merely of one or more ASICs. Hence, the features of the embodiments described herein may be implemented in hardware and/or software.
  • FIG. 9 illustrates functional modules of NIM 102 according to some embodiments.
  • NIM 102 may include: a receiving module 902 operable to utilize network interface 204 to receive a first packet comprising a header and payload; a classifier module 206 configured to determine whether a first service chain should process the first packet, the first service chain comprising a first set of service functions comprising a first service function and a second service function; a storing module 904 configured to store at least a portion of the first packet in a memory block of a memory pool controlled by a memory controller; a triggering module 906 configured to trigger the first service function to process the first packet as a result of determining that the first service chain should process the first packet; and a configuring module 908 configured to configure the memory controller to allow both the first service function and the second service function to write to and read from the memory block.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This disclosure is related to service chaining. When a packet that is required to traverse a certain service chain (i.e., the packet must be processed by each service function that is included in the service chain) is received at device (e.g., a network interface module), the device stores the packet (or a part of the packet) in a memory block of a shared memory pool controlled by a memory controller. Advantageously, the memory controller is configured such that each service function of the service chain is granted access to read from and/or write to the memory block. In this way, the packet does not have to be copied from one memory block to another memory block in order for the packet to traverse the service chain.

Description

APPARATUSES, METHODS, COMPUTER PROGRAMS AND COMPUTER PROGRAM PRODUCTS FOR SERVICE FUNCTION CHAINING
TECHNIMAL FIELD [001] Disclosed are embodiments related to service function chaining.
BACKGROUND
[002] Conventionally, a network service function (or "service function" for short) is an entity (e.g., software module) in a network node that is responsible for processing (e.g., modifying, dropping, encrypting, decrypting, etc.) network packets that the service function receives. In some environments, the service function is also responsible for forwarding the processed packets toward the intended destination (e.g., forwarding the processed packet to another service function). The service function may process the received packets at one or multiple network/OSI layer(s) based on the intended functionality. There can be multiple such service functions in a network with each providing the same set of functionalities or a different set of functionalities.
[003] Based on various policies, a packet may be required to "traverse" a series of service functions - that is, there may be a policy rule indicating that certain types of packets (or all packets) must be processed by each one of a series of service functions. An ordered set of service functions that a packet must traverse is called a service function chain (or "service chain" for short). Accordingly, based on a policy rules, a packet or a series of packets (a.k.a., "packet flow" or "flow") might be required to traverse one or more certain service chains.
[004] In some cases, a different dedicated hardware device is configured to implement each different service function in a service chain. Such a dedicated hardware device is commonly referred to as a "middlebox." Hence, there may be many middleboxes in a network having many service chains where each service chain comprises many service functions.
[005] In other cases, one or more virtual machines (VMs) may be used to implement the service functions of a service chain. In such a VM scenario there is typically a virtual switch to interconnect the different VMs that implement the different service functions of the service chain. A packet that traverses a service chain implemented using VMs needs to be transferred between the different VMs in order to be processed by the different service functions.
[006] For example, the reference entitled "An Efficient Data Exchange Algorithm for
Chained Network Functions," by Ivano Cerrato et. al. (hereafter Cerrato), describes a data exchange mechanism in a system that includes a virtual switch ("Master") and a plurality of service functions, including a first service function ("First Worker") and a second service function ("Second Worker"). The described data exchange mechanisms is based on a set of lock- free ring buffers, wherein each such ring buffer is shared by the Master and only a single one of the Workers to thereby isolate each Worker from each of the other Workers. Each shared ring buffer is used for communication in both directions because data provided by the Master to a Worker will eventually come back to the Master itself. Accordingly, the algorithm allows the Worker to return data back to the Master without any copy. When data received by the Master from a first Worker of a service chain must be sent to a second Worker of the chain, the Master will make a copy of the processed packet stored in the buffer shared with the first Worker and store this copy in the buffer shared with the second Worker, as each Worker has access only to its own buffer.
SUMMARY
[007] The data exchange mechanism disclosed in Cerrato is disadvantageous for the reason that a the packet will be copied multiple times for isolation issues if that packet is required to traverse a service chain that consists of a multiple Workers. Copying the packet multiple times is highly inefficient because it increases the overhead on processing the packets in a service chain.
[008] The service chaining embodiments disclosed herein do not suffer from the inefficiencies of the prior systems, like the one disclosed in Cerrato. For example, when a packet that is required to traverse a certain service chain (i.e., that must be processed by each service function that is included in the service chain) is received at device (e.g., a network interface module), the device stores the packet (or a part of the packet) in a memory block of a shared memory pool controlled by a memory controller. Advantageously, the memory controller is configured such that each service function of the service chain is granted access to read from and/or write to the memory block. In this way, the packet does not have to be copied from one memory block to another memory block in order for the packet to traverse the service chain. Hence, overhead is significantly reduced, which leads to a reduction in the latency in the processing of packets as the packets traverse the service chain.
[009] Accordingly, in one aspect there is provided a method for service chaining. In some embodiments, the method begins with a network interface module (NIM) receiving a first packet, which comprises a header and payload. Next, the NIM (e.g., a classifier of the NIM) determines that a first service chain should process the first packet, wherein the first service chain comprises a first set of service functions (SFs) comprising SF1 and SF2. In some embodiments, determining that the first service chain should process the first packet comprises the classifier examining at least the header of the first packet to determine whether the first service chain should process the first packet. More specifically, for example, classifier may extract information from the header of the packet and use this extracted information together with configuration data to determine whether the extracted information is mapped to a service chain.
[0010] The process further includes the NIM storing at least a portion of the first packet in a memory block of memory pool (e.g., the entire packet or one or more sub portions are stored in the memory block). In some embodiments, storing at least a portion of the first packet in the memory block comprises the NIM transmitting, to the memory pool via an interconnect, at least the portion of the first packet, wherein the memory controller selects a memory block and places at least the portion of the first packet in the memory block. The memory controller may then transmit to the NIM a pointer to the selected memory block so that the NIM can inform at least SF1 of the location of packet (or the portion of the packet) in the memory pool.
[0011] In some embodiments, the method further includes a step in which the memory controller is configured to allow both SF1 and SF2 to write to and read from the memory block. In some embodiments, the step of configuring the memory controller to allow SF1 and SF2 to write to and read from the memory block is performed by the NIM as a result of the NIM determining that the received packet should traverse the first service chain. In other
embodiments, the memory block is a memory block reserved for the first service chain, and the step of configuring the memory controller to allow SF1 and SF2 to write to and read from the memory block is performed before the first packet is received. In some embodiments, configuring the memory controller to allow both SFl and SF2 to write to and read from the memory block comprises the NIM transmitting to the memory controller a message comprising at least one of: i) first identification information comprising a first service function identifier (ID) identifying SFl and a second service function ID identifying SF2 and ii) second identification information comprising a first processor ID identifying a processor that executes SFl and a second processor ID identifying a processor that executes SF2.
[0012] The method further includes, triggering SFl to process the first packet (e.g., the
NIM sends a notification message to SFl or an interrupt to processor PI, which implements SFl) as a result of determining that the first service chain should process the first packet. After the first service function is triggered, the first service function sends to the memory controller a first memory access request to access the memory block. In response to the first memory access request, the memory controller determines whether the first service function is authorized to access the memory block and allowing the first service function to access the memory block in response to a determination that the first service function is authorized to access the memory block.
[0013] The method further includes triggering the second service function to process the first packet after the first service function accesses the memory block. After the second service function is triggered, the second service function sends to the memory controller a second memory access request to access the memory block. In response to the second memory access request, the memory controller determines whether the second service function is authorized to access the memory block and allowing the second service function to access the memory block in response to a determination that the second service function is authorized to access the memory block.
[0014] In some embodiments, the method further includes providing at least a portion of the first packet to the first service function as a result of determining that the first service chain should process the first packet. In some embodiments, providing at least a portion of the first packet to the first service function as a result of determining that the first service chain should process the first packet comprises storing at least a header of the first packet in a memory that is local to a processor that executes the first service function. [0015] In another embodiment, the method for service chaining is performed by a network interface module (NIM) and the method includes: receiving a first packet comprising a header and payload; determining that a first service chain should process the first packet, the first service chain comprising a first set of service functions comprising a first service function and a second service function; storing at least a portion of the first packet in a memory block of a memory pool controlled by a memory controller; as a result of determining that the first service chain should process the first packet, triggering the first service function to process the first packet; and configuring the memory controller to allow both the first service function and the second service function to write to and read from the memory block.
[0016] As mentioned above, a distinct advantage of the above described embodiment is that it reduces overhead, thereby reducing latency, by reducing the number of time a packet needs to be copied.
BRIEF DESCRIPTION OF THE DRAWINGS
[0017] The accompanying drawings, which are incorporated herein and form part of the specification, illustrate various embodiments.
[0018] FIG. 1 is a functional block diagram of an apparatus according to some embodiments.
[0019] FIG. 2 is a diagram illustrating hardware components of an apparatus according to some embodiments.
[0020] FIG. 3 is a flow chart illustrating a process according to some embodiments.
[0021] FIG. 4 illustrates an example use case.
[0022] FIG. 5 is a flow chart illustrating a process according to some embodiments.
[0023] FIG. 6 is a flow chart illustrating a process according to some embodiments.
[0024] FIG. 7 is a block diagram of a network interface module according to some embodiments.
[0025] FIG. 8 is a block diagram of a memory controller according to some
embodiments. [0026] FIG. 9 illustrates functional modules of a network interface module according to some embodiments.
DETAILED DESCRIPTION
[0027] FIG. 1 is a functional block diagram of an apparatus 100 according to some embodiments. Apparatus 100 includes a network interface module (NIM) 102 that is connected (directly or indirectly) to a packet network 110 (e.g., the Internet) and to a memory pool 104 having a memory controller 106 for controlling access to memory blocks 108 in memory pool 104. Apparatus 100 further includes multiple service functions. In the example shown in FIG. 1, apparatus 100 includes at least three service functions: SF1, SF2, and SF3. In some
embodiments, each of the service functions SF1, SF2 and SF3 is part of one or more services chains. For example, a first service chain may comprise or consists of SF1->SF2, and a second service chain may comprise or consist of SF2->SF3.
[0028] FIG. 2 illustrates an example hardware implementation of apparatus 100. The example hardware implementation is a disaggregated system 200. However, apparatus 100 may be implemented using other hardware architectures. In the example shown, disaggregated system 200 includes a pool of network interface modules (NIMs) comprising at least NIM 102, which comprises at least one network interface 204 (e.g., an Ethernet interface) for connecting NIM 102 to network 110 and a classifier 206 for classifying packets received from network 110 via interface 204.
[0029] System 200 further includes an interconnect 210, a memory pool 104 and a processor pool 220 comprising a one or more processors. In the example shown, processor pool 220 includes the following n processors: PI, P2, P3, Pn. In some embodiments, the processor pool 200 contains a local memory for each processor. Each processor of processor pool 220 may execute one or more service functions (e.g., each processor may execute code that implements a service function).
[0030] The interconnect 210 functions to interconnect NIM 102, memory pool 104 and each of the processors of processor pool 220. As further shown, the NIM 102 contains an input/out (I/O) unit 208 for interfacing NIM 102 to interconnect 210. A possible example is a PCIe interface with MR-IOV that enables the communication between different components of system 200.
[0031] The classifier 206 is configured to examine packets received via interface 204 to identify the service chain(s), if any, that the packets need to traverse. Additionally, classifier 206 interacts with the memory controller 106 in the memory pool 104 to store a received packet (or at least part of a received packet) in a memory region (a.k.a., "memory block") of memory pool 204. The memory controller 106 oversees allowing/denying access to specific regions ("blocks") in the memory pool 104.
[0032] FIG. 3 is a flow chart that illustrates a process 300, according to some
embodiments, for service chaining (an embodiment of process 300 is also illustrated in the message flow diagram of FIG. 4). Process 300 may begin in step 302, in which NIM 102 receives a packet (e.g., a packet is received at NIM 102 via interface 204).
[0033] In step 304, NIM 102 (e.g., classifier 206) examines the packet (e.g., examines a header of the packet such as an IP header or TCP header) to determine the service chain (i.e., the ordered set of service functions) that should process the packet, if any. For instance, NIM 102 may be have configuration data (e.g., policy rule) that maps packet information to a service chain for processing the packet from which the packet information was obtained. As a specific example, the configuration data may include a table that maps a well-known TCP port number (e.g., 80) to a particular service chain (e.g., a service chain for processing HTTP packets). And NIM 102 may examine the TCP header of the received packet to determine the TCP destination port number and then use the determined TCP destination port number and configuration data to determine whether any service chains are mapped to the port number and to identify the mapped service chains. The configuration data may be created by an administrator or an orchestrator tool.
[0034] In step 306, NIM 102 stores the packet in a memory block of memory pool 104
(assuming NIM 102 has determined that the packet must traverse at least one service chain). For example, in step 306 NIM 102 utilizes the interconnect 210 to transmit the packet to memory controller 106, which then places the packet in a memory block. In some embodiments, NIM 102 may instruct memory controller 106 to place the packet in a specific memory block reserved for the service chain determined in step 304. In other embodiments, the memory controller 106 places the packet in an arbitrary memory block and provides to NIM 102 a pointer to the memory block. Also, in some embodiments, NIM 102 stores the header of the in a memory that is local to the processor that executes the first service function of the determined service chain.
[0035] In some embodiments, the next step (step 308), NIM 102 configures memory controller 106 to allow each service function of the determined service chain to access (read and/or write) the memory block that contains the packet. For instance, in one embodiment, NIM 102 determines the processor ID of each processor that executes one of the service chains and provides to memory controller configuration settings 401 (see FIG. 4) that include the determined processor IDs and an instruction to configure its access control module (not shown) to allow the identified processors to access the memory block. In another embodiment, NIM 102 the configuration settings 401 include the IDs of the service functions that comprise the service chain and an instruction to configure the access control module to allow the identified service functions to access the memory block. In some embodiments, this step is performed before step 302.
[0036] In step 310, after NIM 102 determines a service chain that the received packet must traverse, NIM 102 triggers the first service function (SF) to process the packet (e.g. process the packet's header). For example, in step 310, NIM 102 may send a notification to the first SF in the service chain, which notification triggers the first service function (SF) to process the packet. The notification may be in the form of an interrupt or a notification message. In embodiments in which NIM 102 receives a pointer from the memory controller referencing the location in the memory pool that stores the packet, the notification may include the pointer or may trigger the first SF to obtain the pointer (e.g., request the pointer from NIM 102). In embodiments in which the packet is stored in the memory block reserved from the service chain, the first SF may obtain a pointer to this memory block from a location configuration data (e.g., a local configuration file).
[0037] In step 312, once the first service function is triggered, the first service function accesses the packet (e.g., access the header of the packet) and, depending on how the first service function is configured, the service function may modify the packet. The modification could be performed on the local copy of the header or on the packet stored in the memory pool. [0038] In step 314, a determination is made as to whether the packet must be processed by further SFs in the service chain. This determination may be made by the current notified SF in the service chain or the NIM 102. If it is determined that the packet must be processed by further SFs in the service chain, then a further notification is sent to the next SF in the chain when the current notified SF finishes its processing (step 316). This further notification may come from NIM 102 or it may come from the current notified SF, as is illustrated in FIG. 4. If there are no further SFs in the chain, then in step 318 the memory block storing the packet may be released.
[0039] Example Use Case
[0040] An example use case is illustrated in FIG. 5. In this use case there are two service chains (SCs): a first SC that consists of SFl followed by SF2 (as shown by the dotted line) and a second SC that consists of SF2 followed by SF3 (as shown by the strong line). As illustrated in FIG. 5, two packets have arrived into the system (packet A and packet B).
[0041] When the packet A arrives, classifier 206 determines that packet A should be processed by the first SC (i.e., processed by SFl and then processed by SF2). This determination in this use case is based on a policy information and information obtained from one or more headers of packet A (e.g., an IP header and a TCP header). For example, classifier 206 determines whether the information obtained from packet A matches a policy rule and, if so, classifier then determines whether the policy rule identifies one more service chains that must be invoked to process packet A. In this example, classifier 206 has determined that the first SC must be invoked. Classifier 206, in this use case, stores packet A in memory block 501, instructs memory controller 106 to allow PI, which executes SFl, and P2, which executes SF2, to access memory block 501, and sends a signal to PI to activate SFl. Additionally, at least the headers of packet A are stored in the local memory 221 that is accessible to the processor PI. In the case of packet B, classifier 206 matches packet B to the second SC, instructs the memory controller 106 to enable P2 and P3 to access memory block 502, which is the memory block in which packet B is stored, and sends a signal to P2 to activate SF2. Upon activation, SFl and SF2 will begin the process or processing packet A and packet B, respectively. [0042] In this use case, when SF1 has finished processing packet A, SF1 signals SF2 (i.e. the next SF in the first SC) to process the header and/or the payload stored in memory block 501, and when SF2 finishes processing packet A, SF2 signals NIM 102, which then transmits the processed packet A to another node. Likewise, when SF2 has finished processing packet B, SF2 signals SF3 (i.e. the next SF in the second SC) to process the header and/or the payload stored in memory block 502, and when SF3 finishes processing packet B, SF3 signals NIM 102, which then transmits the processed packet B to another node.
[0043] FIG. 6 is another flow chart illustrating a service chaining process 600 according to some embodiments. In some embodiments, process 600 may begin with step 602, in which NIM 102 receives a first packet, which comprises a header and payload.
[0044] In step 604, NIM 102 (e.g., classifier 106 of NIM 102) determines that a first service chain should process the first packet, wherein the first service chain comprises a first set of service functions comprising SF1 and SF2. In some embodiments, determining that the first service chain should process the first packet comprises classifier 106 examining at least the header of the first packet to determine whether the first service chain should process the first packet, as described above. More specifically, for example classifier may extract information from the header of the packet and use this extracted information together with configuration data to determine whether the extracted information is mapped to a service chain.
[0045] In step 606, NIM 102 stores at least a portion of the first packet in a memory block of memory pool 104. In some embodiments, storing at least a portion of the first packet in the memory block comprises NIM 102 transmitting, to the memory pool via interconnect 210, at least the portion of the first packet, wherein the memory controller selects a memory block and places at least the portion of the first packet in the memory block. The memory controller may then transmit to the NIM a pointer to the selected memory block so that the NIM can inform at least SF1 of the location of packet (or the portion of the packet) in the memory pool.
[0046] In some embodiments, process 600 further includes step 607, in which memory controller 106 is configured to allow both SF1 and SF2 to write to and read from the memory block. In some embodiments, the step of configuring memory controller 106 to allow SF1 and SF2 to write to and read from the memory block is performed by NIM 102 as a result of NIM 102 determining that the received packet should traverse the first service chain. In other embodiments, the memory block is a memory block reserved for the first service chain, and the step of configuring memory controller 106 to allow SF1 and SF2 to write to and read from the memory block is performed before the first packet is received. In some embodiments, configuring memory controller 106 to allow both SF1 and SF2 to write to and read from the memory block comprises NIM 102 transmitting to memory controller 106 a message comprising at least one of: i) first identification information comprising a first service function identifier (ID) identifying SF1 and a second service function ID identifying SF2 and ii) second identification information comprising a first processor ID identifying a processor that executes SF1 (i.e., processor PI) and a second processor ID identifying a processor that executes SF2 (i.e., processor P2).
[0047] In step 608, as a result of determining that the first service chain should process the first packet, SF1 is triggered to process the first packet (e.g., NIM 102 sends a notification message to SF1 or an interrupt to processor PI, which implements SF1).
[0048] In step 610, after the first service function is triggered, the first service function sends to the memory controller a first memory access request to access the memory block.
[0049] In step 612, in response to the first memory access request, the memory controller determining whether the first service function is authorized to access the memory block and allowing the first service function to access the memory block in response to a determination that the first service function is authorized to access the memory block.
[0050] In step 614, after the first service function accesses the memory block, triggering the second service function to process the first packet.
[0051] In step 616, after the second service function is triggered, the second service function sends to the memory controller a second memory access request to access the memory block.
[0052] In step 618, in response to the second memory access request, the memory controller determining whether the second service function is authorized to access the memory block and allowing the second service function to access the memory block in response to a determination that the second service function is authorized to access the memory block. [0053] FIG. 7 is a block diagram of NIM 102 according to some embodiments. As shown in FIG. 7, NIM 102 may comprise: a data processing apparatus (DPA) 702, which may include one or more processors (P) 755 (e.g., a general purpose microprocessor and/or one or more other processors, such as an application specific integrated circuit (ASIC), field- programmable gate arrays (FPGAs), and the like); I/O unit 208; network interface 204, which comprises a transmitter (Tx) 745 and a receiver (Rx) 747 for enabling NIM 102 to transmit data to and receive data from other nodes connected to network 110 (e.g., an Internet Protocol (IP) network) to which network interface 204 is connected; and local storage unit (a.k.a., "data storage system") 708, which may include one or more non-volatile storage devices and/or one or more volatile storage devices (e.g., random access memory (RAM)). In embodiments where NIM includes a general purpose microprocessor, a computer program product (CPP) 741 may be provided. CPP 741 includes a computer readable medium (CRM) 742 storing a computer program (CP) 743 comprising computer readable instructions (CRI) 744. CRM 742 may be a non-transitory computer readable medium, such as, but not limited, to magnetic media (e.g., a hard disk), optical media, memory devices (e.g., random access memory), and the like. In some embodiments, the CRI 744 of computer program 743 is configured such that when executed by data processing apparatus 702, the CRI causes NIM 102 to perform steps described herein (e.g., steps described herein with reference to the flow charts). In other embodiments, NIM 102 may be configured to perform steps described herein without the need for code. That is, for example, data processing apparatus 702 may consist merely of one or more ASICs. Hence, the features of the embodiments described herein may be implemented in hardware and/or software.
[0054] FIG. 8 is a block diagram of memory controller 106 according to some embodiments. As shown in FIG. 8, memory controller 106 may comprise: a data processing apparatus (DPA) 802, which may include one or more processors (P) 855 (e.g., a general purpose microprocessor and/or one or more other processors, such as an application specific integrated circuit (ASIC), field-programmable gate arrays (FPGAs), and the like); first I/O unit 847 for enabling memory controller 106 to transmit data to and receive data from other nodes connected to interconnect 210 to which I/O unit 847 is connected; a second I/O unit 848 for enabling memory controller to write data to and read data from memory blocks 108; and local storage unit (a.k.a., "data storage system") 808, which may include one or more non-volatile storage devices and/or one or more volatile storage devices (e.g., random access memory (RAM)). In embodiments where NIM includes a general purpose microprocessor, a computer program product (CPP) 841 may be provided. CPP 841 includes a computer readable medium (CRM) 842 storing a computer program (CP) 843 comprising computer readable instructions (CRI) 844. CRM 842 may be a non-transitory computer readable medium, such as, but not limited, to magnetic media (e.g., a hard disk), optical media, memory devices (e.g., random access memory), and the like. In some embodiments, the CRI 844 of computer program 843 is configured such that when executed by data processing apparatus 802, the CRI causes memory controller 106 to perform steps described herein (e.g., steps described herein with reference to the flow charts). In other embodiments, memory controller 106 may be configured to perform steps described herein without the need for code. That is, for example, data processing apparatus 802 may consist merely of one or more ASICs. Hence, the features of the embodiments described herein may be implemented in hardware and/or software.
FIG. 9 illustrates functional modules of NIM 102 according to some embodiments. As shown in FIG. 9, NIM 102 may include: a receiving module 902 operable to utilize network interface 204 to receive a first packet comprising a header and payload; a classifier module 206 configured to determine whether a first service chain should process the first packet, the first service chain comprising a first set of service functions comprising a first service function and a second service function; a storing module 904 configured to store at least a portion of the first packet in a memory block of a memory pool controlled by a memory controller; a triggering module 906 configured to trigger the first service function to process the first packet as a result of determining that the first service chain should process the first packet; and a configuring module 908 configured to configure the memory controller to allow both the first service function and the second service function to write to and read from the memory block.
[0055] While various embodiments of the present disclosure are described herein, it should be understood that they have been presented by way of example only, and not limitation. Thus, the breadth and scope of the present disclosure should not be limited by any of the above-described exemplary embodiments. Moreover, any combination of the above-described elements in all possible variations thereof is encompassed by the disclosure unless otherwise indicated herein or otherwise clearly contradicted by context. [0056] Additionally, while the processes described above and illustrated in the drawings are shown as a sequence of steps, this was done solely for the sake of illustration. Accordingly, it is contemplated that some steps may be added, some steps may be omitted, the order of the steps may be re-arranged, and some steps may be performed in parallel.

Claims

Claims:
1. A method (600) for service chaining, the method comprising:
receiving via a network interface module, NIM, a first packet comprising a header and payload;
determining that a first service chain should process the first packet, the first service chain comprising a first set of service functions comprising a first service function and a second service function;
storing at least a portion of the first packet in a memory block of a memory pool controlled by a memory controller;
as a result of determining that the first service chain should process the first packet, triggering the first service function to process the first packet;
after the first service function is triggered, the first service function sends to the memory controller a first memory access request to access the memory block;
in response to the first memory access request, the memory controller determining that the first service function is authorized to access the memory block and allowing the first service function to access the memory block in response to the determination that the first service function is authorized to access the memory block;
after the first service function accesses the memory block, triggering the second service function to process the first packet;
after the second service function is triggered, the second service function sends to the memory controller a second memory access request to access the memory block; and
in response to the second memory access request, the memory controller determining that the second service function is authorized to access the memory block and allowing the second service function to access the memory block in response to the determination that the second service function is authorized to access the memory block.
2. The method of claim 1, wherein determining that the first service chain should process the first packet comprises examining at least the header of the first packet to determine whether the first service chain should process the first packet.
3. The method of claim 1 or 2, wherein triggering the first service function comprises transmitting to the first service function a notification message.
4. The method of claim 3, wherein the notification message comprises information indicating the memory block.
5. The method of any one of claims 1-3, wherein storing at least a portion of the first packet in the memory block comprises transmitting, to the memory pool via an interconnect, at least the portion of the first packet, wherein the memory controller places at least the portion of the first packet in the memory block.
6. The method of claim 5, further comprising the memory controller transmitting to the NIM a pointer to the memory block.
7. The method of any one of claims 1-6, further comprising configuring the memory controller to allow both the first service function and the second service function to write to and read from the memory block.
8. The method of claim 7, wherein the step of configuring the memory controller to allow both the first service function and the second service function to write to and read from the memory block is performed by the NIM as a result of the NIM determining that the received packet should traverse the first service chain.
9. The method of claim 7 or 8, wherein
the memory block is a memory block reserved for the first service chain, and
the step of configuring the memory controller to allow both the first service function and the second service function to write to and read from the memory block is performed before the first packet is received.
10. The method of any one of claim 7-9, wherein configuring the memory controller to allow both the first service function and the second service function to write to and read from the memory block comprises the NIM transmitting to the memory controller a message comprising at least one of: i) first identification information comprising a first service function identifier identifying the first service function and a second service function identifier identifying the second service function, and ii) second identification information comprising a first processor identifier identifying a first processor that executes the first service function and a second processor identifier identifying a second processor that executes the second service function.
11. The method of any one of claims 1-10, further comprising providing at least a portion of the first packet to the first service function as a result of determining that the first service chain should process the first packet.
12. The method of claim 11, wherein providing at least a portion of the first packet to the first service function as a result of determining that the first service chain should process the first packet comprises storing at least a header of the first packet in a memory that is local to a processor that executes the first service function.
13. An apparatus (100) for service chaining, the apparatus being configured to:
receive via a network interface module, NIM, a first packet comprising a header and payload;
determine that a first service chain should process the first packet, the first service chain comprising a first set of service functions comprising a first service function and a second service function;
store at least a portion of the first packet in a memory block of a memory pool controlled by a memory controller;
trigger the first service function to process the first packet as a result of determining that the first service chain should process the first packet;
send, by the first service function to the memory controller, a first memory access request to access the memory block; determine whether the first service function is authorized to access the memory block; allow the first service function to access the memory block in response to a determination that the first service function is authorized to access the memory block;
trigger the second service function to process the first packet after the first service function accesses the memory block;
send, by the second service function to the memory controller, a second memory access request to access the memory block; and
determine whether the second service function is authorized to access the memory block; and
allow the second service function to access the memory block in response to a determination that the second service function is authorized to access the memory block.
14. An apparatus (100) for service chaining, the apparatus comprising:
a network interface module, NIM (102);
a memory pool (104) comprising memory blocks (108) and a memory controller (106); a first processor (PI) configured to implement a first service function;
a second processor (PI) configured to implement a second service function; and an interconnect, wherein NIM (102), PI, P2, and memory controller (106) are each connected to the interconnect, wherein
the NIM is operable to:
receive a first packet comprising a header and payload;
determine that a first service chain should process the first packet, the first service chain comprising the first service function and the second service function;
store at least a portion of the first packet in a memory block of the memory pool; and as a result of determining that the first service chain should process the first packet, triggering the first service function to process the first packet;
the first service function is configured such that after it is triggered to process the packet, the first service function sends to the memory controller a first memory access request to access the memory block; the memory controller is configured to allow the first service function to access the memory block;
the second service function is configured such that after it is triggered to process the packet, the second service function sends to the memory controller a second memory access request to access the memory block;
the memory controller is further configured to allow the first service function to access the memory block.
15. A method for service chaining performed by a network interface module, NIM (102), the method comprising:
receiving a first packet comprising a header and payload;
determining that a first service chain should process the first packet, the first service chain comprising a first set of service functions comprising a first service function and a second service function;
storing at least a portion of the first packet in a memory block of a memory pool controlled by a memory controller;
as a result of determining that the first service chain should process the first packet, triggering the first service function to process the first packet; and
configuring the memory controller to allow both the first service function and the second service function to write to and read from the memory block.
16. The method of claim 15, wherein the step of configuring the memory controller to allow both the first service function and the second service function to write to and read from the memory block is performed by the NIM as a result of the NIM determining that the received packet should traverse the first service chain.
17. The method of claim 15 or 16, wherein
the memory block is a memory block reserved for the first service chain, and the step of configuring the memory controller to allow both the first service function and the second service function to write to and read from the memory block is performed before the first packet is received.
18. The method of any one of claim 15-17, wherein configuring the memory controller to allow both the first service function and the second service function to write to and read from the memory block comprises the NIM transmitting to the memory controller a message comprising at least one of: i) first identification information comprising a first service function identifier identifying the first service function and a second service function identifier identifying the second service function, and ii) second identification information comprising a first processor identifier identifying a first processor that executes the first service function and a second processor identifier identifying a second processor that executes the second service function.
19. A network interface module, NIM (102), wherein the network interface module is configured to:
receive via a network interface (204) a first packet comprising a header and payload; determine that a first service chain should process the first packet, the first service chain comprising a first set of service functions comprising a first service function and a second service function;
store at least a portion of the first packet in a memory block of a memory pool controlled by a memory controller;
trigger the first service function to process the first packet as a result of determining that the first service chain should process the first packet; and
configure the memory controller to allow both the first service function and the second service function to write to and read from the memory block.
20. A network interface module, NIM (102), wherein the network interface module comprises:
a receiving module operable to utilize a network interface to receive a first packet comprising a header and payload; a classifier module configured to determine whether a first service chain should process the first packet, the first service chain comprising a first set of service functions comprising a first service function and a second service function;
a storing module configured to store at least a portion of the first packet in a memory block of a memory pool controlled by a memory controller;
a triggering module configured to trigger the first service function to process the first packet as a result of determining that the first service chain should process the first packet; and a configuring module configured to configure the memory controller to allow both the first service function and the second service function to write to and read from the memory block.
PCT/SE2017/050281 2017-03-23 2017-03-23 Apparatuses, methods, computer programs and computer program products for service function chaining WO2018174759A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SE2017/050281 WO2018174759A1 (en) 2017-03-23 2017-03-23 Apparatuses, methods, computer programs and computer program products for service function chaining

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2017/050281 WO2018174759A1 (en) 2017-03-23 2017-03-23 Apparatuses, methods, computer programs and computer program products for service function chaining

Publications (1)

Publication Number Publication Date
WO2018174759A1 true WO2018174759A1 (en) 2018-09-27

Family

ID=58549186

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2017/050281 WO2018174759A1 (en) 2017-03-23 2017-03-23 Apparatuses, methods, computer programs and computer program products for service function chaining

Country Status (1)

Country Link
WO (1) WO2018174759A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021222478A1 (en) * 2020-04-30 2021-11-04 Metaswitch Networks Ltd Processing user traffic in a virtualised network
US20210351992A1 (en) * 2018-11-01 2021-11-11 Hewlett Packard Enterprise Development Lp Virtual network function response to a service interruption

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3001616A2 (en) * 2014-09-24 2016-03-30 Intel Corporation Techniques for routing service chain flow packets between virtual machines
US20160380848A1 (en) * 2015-06-25 2016-12-29 Ixia Packet Copy Management For Service Chain Processing Within Virtual Processing Systems

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3001616A2 (en) * 2014-09-24 2016-03-30 Intel Corporation Techniques for routing service chain flow packets between virtual machines
US20160380848A1 (en) * 2015-06-25 2016-12-29 Ixia Packet Copy Management For Service Chain Processing Within Virtual Processing Systems

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
HAHN WOLFGANG ET AL: "Compound implementation of chained network functions and virtual resource management performance evaluation", NOMS 2016 - 2016 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, IEEE, 25 April 2016 (2016-04-25), pages 1301 - 1304, XP032918299, DOI: 10.1109/NOMS.2016.7503007 *
HALPERN J ET AL: "Service Function Chaining (SFC) Architecture; rfc7665.txt", SERVICE FUNCTION CHAINING (SFC) ARCHITECTURE; RFC7665.TXT, INTERNET ENGINEERING TASK FORCE, IETF; STANDARD, INTERNET SOCIETY (ISOC) 4, RUE DES FALAISES CH- 1205 GENEVA, SWITZERLAND, 20 October 2015 (2015-10-20), pages 1 - 32, XP015107717 *
IVANO CERRATO ET AL: "Using TRILL, FabricPath, and VXLAN: Designing Massively Scalable Data Centers (MSDC) with Overlays", 6 February 2014 (2014-02-06), XP055431486, ISBN: 978-1-58714-393-9, Retrieved from the Internet <URL:http://fulvio.frisso.net/files/Frog2.pdf> [retrieved on 20171204] *
RYO NAKAMURA: "nshkmod/README.md at master . upa/nshkmod . GitHub", 30 December 2015 (2015-12-30), XP055431929, Retrieved from the Internet <URL:https://github.com/upa/nshkmod/blob/master/README.md> [retrieved on 20171205] *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210351992A1 (en) * 2018-11-01 2021-11-11 Hewlett Packard Enterprise Development Lp Virtual network function response to a service interruption
US11627057B2 (en) * 2018-11-01 2023-04-11 Hewlett Packard Enterprise Development Lp Virtual network function response to a service interruption
WO2021222478A1 (en) * 2020-04-30 2021-11-04 Metaswitch Networks Ltd Processing user traffic in a virtualised network
CN115486045A (en) * 2020-04-30 2022-12-16 元开关网络有限公司 Handling user traffic in a virtualized network
US11665098B2 (en) 2020-04-30 2023-05-30 Metaswitch Networks Ltd. Processing user traffic in a virtualised network

Similar Documents

Publication Publication Date Title
US10841243B2 (en) NIC with programmable pipeline
CN110971586B (en) Network interface device and method in a network interface device
US8005022B2 (en) Host operating system bypass for packets destined for a virtual machine
US8036127B2 (en) Notifying network applications of receive overflow conditions
US7643482B2 (en) System and method for virtual switching in a host
US8713202B2 (en) Method and system for network configuration for virtual machines
US7885257B2 (en) Multiple virtual network stack instances using virtual network interface cards
US10218645B2 (en) Low-latency processing in a network node
US8375145B2 (en) Doorbell handling with priority processing function
US9059965B2 (en) Method and system for enforcing security policies on network traffic
US10686872B2 (en) Network interface device
CN109361606B (en) Message processing system and network equipment
US10686731B2 (en) Network interface device
US20090268611A1 (en) Method and system for bandwidth control on a network interface card
US7912926B2 (en) Method and system for network configuration for containers
JP2017098935A (en) Virtual router cluster, data transfer method and apparatus
CN113366459B (en) Network switch with endpoint and direct memory access controller for in-vehicle data transfer
US7746783B1 (en) Method and apparatus for monitoring packets at high data rates
EP3217613A1 (en) Systems and method for single queue multi-stream traffic shaping with delayed completions to avoid head of line blocking
US9755978B1 (en) Method and system for enforcing multiple rate limits with limited on-chip buffering
US7499463B1 (en) Method and apparatus for enforcing bandwidth utilization of a virtual serialization queue
WO2018174759A1 (en) Apparatuses, methods, computer programs and computer program products for service function chaining
KR102082605B1 (en) Method for hardware-assisted network function virtualization and the apparatus thereof
EP3166273B1 (en) Method and system for processing service node ability
US7848331B2 (en) Multi-level packet classification

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17718158

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17718158

Country of ref document: EP

Kind code of ref document: A1