Neutron SFC Integration

This chapter contains the following sections:

Neutron SFC Integration Overview

You can check with your OpenStack provider for CLI and GUI support.

The reasons why you should use Neutron SFC Integration:

  • Makes multinode PBR easier

  • Use upstream Openstack API to deploy Service Graph with Multinode PBR

  • No ACI manual configuration

  • Framework for creating service chains using the Neutron API

Configuring Neutron SFC Using the CLI

This section describes how to configure Neutron service function chaining (SFC) using the CLI which have not been tested or supported and are only for informational propose. The CLI reference is provided in the link below:

https://docs.openstack.org/neutron/queens/admin/config-sfc.html

Here are the exception:

  1. Cisco only supports configuring Neutron SFC using the REST API.

  2. Out of the traffic classifiers from the upstream project our driver only supports these:

    • source_ip_prefix- Source IP address or prefix

    • destination_ip_prefix - Destination IP address or prefix

Before you begin

Check with your OpenStack provider for CLI and GUI support.

Procedure

Step 1

Create Left and Right Networks (BD):

Example:

neutron net-create SRC-NET

openstack subnet create --ip-version 4 --gateway 1.1.0.1 --network SRC-NET_ID \
--subnet-range 1.1.0.0/24 --host-route destination=10.0.0.0/16,gateway=1.1.0.1 ''

neutron net-create DST-NET

openstack subnet create --ip-version 4 --gateway 2.2.0.1 --network DST-NET_ID \
--subnet-range 2.2.0.0/24 --host-route destination=0.0.0.0/0,gateway=2.2.0.1 ’’

  1. Create Flow Classifier:

    Example:

    neutron flow-classifier-create --destination-ip-prefix 0.0.0.0/0 --source-ip-prefix \
10.0.1.0/24 --l7-parameters logical_source_network=\
SRC-NET_ID,logical_destination_network=DST-NET_ID CLASSIFIER1
Step 2

Create Src and Dest neutron Ports:

Example:

openstack port create SERVICE1-INGRESS --network SRC-NET_ID --no-security-group \
--disable-port-security --fixed-ip subnet=SRC-SUBNET_ID,ip-address=1.1.0.11

openstack port create SERVICE1-EGRESS --network DST-NET_ID --no-security-group \
--disable-port-security --fixed-ip subnet=DST-SUBNET_ID,ip-address=2.2.0.11
Step 3

Create Port Pair:

Example:

neutron port-pair-create --ingress SERVICE1-INGRESS-PORT_ID --egress \
SERVICE1-EGRESS-PORT_ID PORTPAIR1
Step 4

Create Port Pair Group:

Example:

neutron port-pair-group-create --port-pair PORTPAIR1_ID CLUSTER1
Step 5

Create Service Chain:

Example:

neutron -port-chain-create --flow-classifier CLASSIFIER1_ID --port-pair-group CLUSER1_ID \
SERVICE-CHAIN1
Note 

Once the service chain is established, the egress and ingress interfaces on the service VM (VNF) can only be used for redirected traffic. For example, the DHCP on these interfaces will not be functional. It is recommended to have a separate management interface for managing the VNF configuration including IP configuration of the egress and ingress interface.

Step 6

Create service VM:

Example:

nova boot --flavor medium --image ServiceImage1 --nic \
port-id=SERVICE1-INGRESS-PORT_ID --nic port-id=SERVICE1-INGRESS-_PORT_ID SERVICE-VM-1
Step 7

Add bumps on a wire:

  1. Create more left and right networks (BD):

    Example:

    neutron net-create SRC-NET2

openstack subnet create --ip-version 4 --gateway 1.1.0.1 --network SRC-NET2_ID \
--subnet-range 1.1.0.0/24 --host-route destination=10.0.0.0/16,gateway=1.1.0.1 ''

neutron net-create DST-NET2

openstack subnet create --ip-version 4 --gateway 2.2.0.1 --network DST-NET2_ID \
--subnet-range 2.2.0.0/24 --host-route destination=0.0.0.0/0,gateway=2.2.0.1 ’’

  2. Create Src and Dest neutron Ports for service 2:

    Example:

    openstack port create SERVICE2-INGRESS --network SRC-NET2_ID --no-security-group \
--disable-port-security --fixed-ip subnet=SRC-SUBNET2_ID,ip-address=3.3.0.11

openstack port create SERVICE2-EGRESS --network DST-NET2_ID --no-security-group \
--disable-port-security --fixed-ip subnet=DST-SUBNET2_ID,ip-address=4.4.0.11
Step 8

To add more bumps on a wire:

  1. Create Port Pair for service 2:

    Example:

    neutron port-pair-create --ingress SERVICE2-INGRESS_PORT_ID --egress \
SERVICE2-EGRESS_PORT_ID PORTPAIR2

  2. Create Port Pair Group for service 2:

    Example:

    neutron port-pair-group-create –port-pair PORTPAIR1_ID CLUSTER2

  3. Update Service Chain (add new Port Pair Group):

    Example:

    neutron port-chain-update SERVICE-CHAIN1_ID --flow-classifier CLASSIFIER1_ID \
--port-pair-group CLUSTEER1 --port-pair-group CLUSTER2

  4. Create service2 VM:

    Example:

    nova boot --flavor medium --image ServiceImage1 --nic \
port-id=SERVICE2-INGRESS-PORT_ID --nic port-id=SERVICE2-EGRESS-PORT_ID SERVICE_VM-2