Avalon Experiment by Eight Bells Ltd. Avalon’s key contribution is the implementation of Dynamic Service Function Chains based on higher layer inspection (L7) in comparison to transitional Layer2 to Layer4 existing implementation. The key concept in Avalon’s implementation is the method designed and developed to identify traffic patterns in an asynchronous way without limiting the throughput of the overall system. AVALON developed an intelligent traffic steering mechanism to optimize the number and sequence (chain) of service functions. Dynamic SFC is based on higher layer inspection (Layer 7), i.e., traffic identification and classification at the application layer. To achieve this goal, the OpenStack-compatible Open Virtual Switch (OVS) has been extended adding an interface interacting with an external Deep Packet Inspection (DPI) VNF. The choice to host DPI functionality externally from OVS inside a VNF (and not as an embedded flow classifier in OVS) was carefully selected for several reasons. Firstly, in this way, the DPI VNF remains self-contained and the scaling capabilities of a VNF can be used on demand. Moreover, the OVS is in charge to only switching the traffic in an efficient and predictable way. By design, OVS targets to real-time packet processing and with the support of DPDK packet processing libraries, it can fulfill real-time, carrier-grade switching requirements of telecom operators (which are higher as compared to those of a data center switch). AVALON implementation consists of two experiments demonstrating the use of the L7-aware OVS: 1. In Experiment 1 has been deployed the AVALON Classifier VNF, which classify the traffic, a Firewall VNF and a Rate Limiter which cut the bandwidth of the traffic tagged by the classifier. 2. Experiment 2 extends the first one adding the benefits of programmable function chaining, in this case, every type of traffic is redirected in this way: a. SSL traffic goes through DPI, Firewall and Rate Limiter VNFs b. BitTorrent traffic goes through DPI and Rate Limiter VNF c. FTP as a use case of general application data goes through DPI and Firewall VNFs Traffic is tagged using the TOS header and the DPI engine is based on the open source project nDPI. This component is able to detect HTTP/FTP/BitTorrent traffic even if it is directed to different ports than the defaults, inspecting the packets transmitted. All VNF descriptors and relevant deployment scripts are packaged in Network Service Descriptor (NSD) and deployed to Softfire infrastructure by facilitating Openbaton’s APIs and the experimenter’s portal and tools as provided by Softfire. All software module and required configuration are installed during the instantiation of Avalon’s VMs as described TOSCA (Topology and Orchestration Specification for Cloud Applications) formatted YAML files. A separated VNFM (Virtual Network Function Manager) nor an EMS (Element Manager System) is included in deployed topology so these functionalities are offloaded to Openbaton’s generic VNFM. Automated deployment is also facilitated by a provisioning script. The experiment developed by 8bells demonstrated how network virtualization is a key technology in the next NFV/SDN ecosystem enabling new interesting features for network operators and service providers, allowing resource optimization and more secure environments. Listen to the Eight Bells interview. The demo of the Avalon experiment is available here. YOU too can exploit and use the SoftFIRE platform for achieving your results. Participate in the SoftFIRE GRAND Challenge
