Requirements for Service Function
ChainingFrance TelecomRennes35000Francemohamed.boucadair@orange.comFrance TelecomRennes35000Francechristian.jacquenet@orange.comHuawei Technologies Co., Ltd.Bantian, Longgang districtShenzhen 518129,Chinajiangyuanlong@huawei.comAffirmed NetworksActon,MAUSARon_Parker@affirmednetworks.comCisco Systems, Inc.USAcpignata@cisco.comSFCThis document identifies the requirements for the Service Function
Chaining (SFC).The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.This document identifies the requirements for the Service Function
Chaining (SFC).The overall problem space is described in . The Service Function
Chaining Framework is documented in .The reader should be familiar with the terms defined in and .The following set of functional requirements should be considered for
the design of the Service Function Chaining solution:The solution MUST NOT make any assumption on whether Service
Functions (SF) are deployed directly on physical hardware, as one or
more Virtual Machines, or any combination thereof.The solution MUST NOT make any assumption on whether Service
Functions each reside on a separate addressable Network Element,
horizontal scaling of Service Functions, are co-resident on a single
addressable Network Element, or any combination thereof. Note: Communications between Service Functions co-resident on
same Network Element are considered implementation-specific.
These considerations are out of scope of the SFC specification
effort.The solution MUST NOT require any IANA registry for Service
Functions.The solution MUST NOT assume predefined order of Service
Functions. In particular, the solution MUST NOT require any IANA
registry to store typical Service Function Chains.The identification of instantiated Service Function Chains is
local to each administrative domain; it is policy-based and
deployment-specific.The solution MUST allow multiple instances of a given Service
Function ( i.e., a Service Function can be embedded in multiple
Network Elements).This is used for load-balancing, load-sharing, prevent from
failures (e.g., hot or cold standby protection mechanism),
accommodate planned maintenance operations, etc.How these multiple devices are involved in the service
delivery is deployment-specific.The solution MUST allow for multiple Service Chains to be
simultaneously enforced within an administrative domain.The solution MUST allow the same Service Function to be involved
in multiple Service Function Chains.The solution MUST support multiple SFC-enabled domains be
deployed within the same administrative domain.The solution MUST be able to associate the same or distinct
Service Function Chains for each direction (inbound/outbound) of the
traffic. In particular, unidirectional Service Function Chains,
bi-directional Service Function Chains, or any combination thereof
MUST be supported.The solution MUST be able to dynamically enforce Service Function
Chains. In particular, the solution MUST allow the update or the
withdrawal of existing Service Function Chains, the definition of a
new Service Function Chain, the addition of new Service Functions
without having any impact on other existing Service Functions or
other Service Function Chains.The solution MUST provide means to control the SF-inferred
information to be leaked outside an SFC-enabled domain. In
particular, an administrative entity MUST be able to prevent Service
Function Chaining logic and related policies from being exposed
outside its administrative domain.The solution SHOULD minimize fragmentation; in particular a
minimal set of SFC-specific information should be conveyed in the
data packet.The per-SF Map forwarding MUST be undertaken without relying
on dedicated resources to treat fragments. In particular, Out of
order fragments MUST be forwarded on a per-SF Map basis without
relying on any state.Of course, some SFs (e.g., NAT) may require dedicated
resources (e.g., resources to store fragmented packets) or
specific behavior (e.g, limit the time interval to accept
fragments). The solution MUST NOT interfere with such
practices.The solution MUST NOT make any assumption on how RIBs (Routing
Information Bases) and FIBs (Forwarding Information Bases) are
populated. Particularly, the solution does not make any assumption
on protocols and mechanisms used to build these tables.The solution MUST be transport independent.The Service Function Chaining should operate regardless of
the network transport used by the administrative entity. In
particular, the solution can be used whatever the switching
technologies deployed in the underlying transport
infrastructure.Techniques such as MPLS are neither required nor
excluded.The solution MUST allow for chaining logics where involved
Service Functions are not within the same layer 3 subnet.The solution MUST NOT exclude Service Functions to be within the
same IP subnet (this is deployment-specific).An administrative entity, grouping its Service Functions within
the same IP subnet, SHOULD be able to avoid encapsulation overhead
.The solution MUST NOT make any assumption on how the traffic is
to be bound to a given chaining policy. In other words,
classification rules are deployment-specific and policy-based. For
instance, classification can rely on a subset of the information
carried in a received packet such as 5-tuple classification.The solution MUST support classifying traffic into Service
Function Chains.The solution MUST NOT require every Service Function be
co-located with a SFC Classifier; this is a deployment-specific
decision.The solution MAY allow reclassification at the Service Functions
(i.e., a Service Function can also be co-located with a classifier).
The configuration of classification rules in such context are the
responsibility of the administrative entity managing that
SFC-enabled domain.The solution MUST be able to forward the traffic between two
Service Functions (involved in the same Service Function Chain)
without relying on the original destination address in a data
packet.The solution MUST allow for the association of a context with the
data packets. In particular:The solution MUST support the ability to invoke
differentiated sets of policies for a Service Function (called
Profiles). A profile denotes a set of policies configured to a
local Service Function (e.g., content-filter-child,
content-filter-adult).Few profiles should be assumed per Service Function to
accommodate the need for scalable solutions.Finer-grained of policies should be configured directly
to each Service Function; no need to overload the design of
Service Function Chains with policies of low-level
granularity.The solution MUST allow for Operations, Administration, and
Maintenance (OAM) features . In
particular, Support means to verify the completion of the forwarding
actions derived from the contents of the SF Map until the Border
Node is reached (see Section 3.4.1 of ).Support means to ensure coherent classification rules are
installed to all SFC Classifiers.Support means to correlate between the classification
policies and observed forwarding actions.Support in-band liveness and functionality checking of
instantiated Service Function Chains.The solution MUST prevent the same Service Function to be invoked
multiple times in the context of the same Service Function Chain (at
the risk of generating Service Function Loop).The solution MUST allow for load-balancing.Load-balancing may be provided by legacy technologies or
protocols (e.g., make use of load-balancers)Load-balancing may be part of the Service Function
itself.Load-balancer may be considered as a Service Function
element.Because of the possible complications, load balancing SHOULD
NOT be driven by the SFC Classifier.The solution MUST separate provisioning-related aspects from the
actual handling of packets (including forwarding decisions).The solution SHOULD means to detect the liveness of involved
Service Functions.Means to dynamically discover Service Functions SHOULD be
supported.Service Functions may be reachable using IPv4 and/or IPv6. The
administrative domain entity MUST be able to define and enforce
policies with regards to the address family to be used when invoking
a Service Function. A SF Map may be composed of IPv4 addresses, IPv6 addresses,
or a mix of both IPv4 and IPv6 addresses.Multiple Service Functions can be reachable using the same IP
address. Each of these Service Functions is unambiguously
identified with a Service Function Identifier.The solution MUST allow for gradual deployment in legacy
infrastructures, and therefore coexist with legacy technologies that
cannot support SFC-specific capabilities, such as SFC Map
interpretation and processing. The solution MUST be able to work in
a domain that may be partly composed of opaque elements, i.e.,
elements that do not support SFC-specific capabilities.The solution MUST be able to provide different SLAs (Service
Level Agreements, ).
In particular,The solution MUST allow for different levels of service to be
provided for traffic streams (e.g., configure Classes of Service
(CoSes)).The solution MUST be compatible with Diffserv .The solution SHOULD support the two modes defined in .ECN re-marking, when required, MUST be performed according to
.Authors of this document do not require any action from IANA.Below are listed some security-related requirements to be taken into
account when designing the Service Function Chaining solution:The solution MUST provide means to prevent leaking any
information that would be used as a hint to guess internal
engineering practices (e.g., network topology, service
infrastructure topology, hints on the enabled mechanisms to protect
internal service infrastructures, etc.).In particular, topology hiding means MUST supported to avoid
exposing the topology of an SFC-enabled domain (including the
set of involved Service Functions).The solution MUST support means to defend against
denial-of-service and theft of service (e.g., illegitimate access to
the service). For example, a user should not be granted access to
connectivity services it didn't subscribed to such as
illegitimate access to network resources.The solution MUST NOT interfere with IPsec (in particular IPsec integrity checks).The following individuals contributed text to the document:Many thanks to K. Gray for his review.