idnits 2.17.1 

draft-hares-vnf-pool-use-case-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (July 4, 2014) is 3585 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  == Unused Reference: 'RFC2119' is defined on line 571, but no explicit
     reference was found in the text


     Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------


2	VNF BOF                                                         S. Hares
3	Internet-Draft                                                    Huawei
4	Intended status: Informational                              July 4, 2014
5	Expires: January 5, 2015

7	   Use Cases for Resource Pools with Virtual Network Functions (VNFs)
8	                    draft-hares-vnf-pool-use-case-02

10	Abstract

12	   This draft describes use cases the author has observed in
13	   demonstrations or deployments for virtualized network functions
14	   (VNFs) supported by VNF Pools.  Several of these demonstrations
15	   combined VNF Pools into VNFsets.  The use cases were: cloud bursting,
16	   parental controls, load balancer for multipath (L1-L7), WAN
17	   optimization that runs either between access nodes and Data Centers,
18	   WAN optimization between mobile phones and Data Centers (through
19	   access nodes), application placement optimization, and optimized
20	   placement of web applications utilizing minimal data transfer.

22	Status of This Memo

24	   This Internet-Draft is submitted in full conformance with the
25	   provisions of BCP 78 and BCP 79.

27	   Internet-Drafts are working documents of the Internet Engineering
28	   Task Force (IETF).  Note that other groups may also distribute
29	   working documents as Internet-Drafts.  The list of current Internet-
30	   Drafts is at http://datatracker.ietf.org/drafts/current/.

32	   Internet-Drafts are draft documents valid for a maximum of six months
33	   and may be updated, replaced, or obsoleted by other documents at any
34	   time.  It is inappropriate to use Internet-Drafts as reference
35	   material or to cite them other than as "work in progress."

37	   This Internet-Draft will expire on January 5, 2015.

39	Copyright Notice

41	   Copyright (c) 2014 IETF Trust and the persons identified as the
42	   document authors.  All rights reserved.

44	   This document is subject to BCP 78 and the IETF Trust's Legal
45	   Provisions Relating to IETF Documents
46	   (http://trustee.ietf.org/license-info) in effect on the date of
47	   publication of this document.  Please review these documents
48	   carefully, as they describe your rights and restrictions with respect
49	   to this document.  Code Components extracted from this document must
50	   include Simplified BSD License text as described in Section 4.e of
51	   the Trust Legal Provisions and are provided without warranty as
52	   described in the Simplified BSD License.

54	Table of Contents

56	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
57	   2.  Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . .   3
58	   3.  Use Case List . . . . . . . . . . . . . . . . . . . . . . . .   4
59	   4.  Cloud Bursting Use Case . . . . . . . . . . . . . . . . . . .   5
60	   5.  Stateful Parental Controls  . . . . . . . . . . . . . . . . .   6
61	   6.  Load balancer . . . . . . . . . . . . . . . . . . . . . . . .   7
62	   7.  Android phone TCP WAN optimization  . . . . . . . . . . . . .   9
63	   8.  SOHO device optimization  . . . . . . . . . . . . . . . . . .  10
64	   9.  Application Scaling . . . . . . . . . . . . . . . . . . . . .  11
65	   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
66	   11. Security Considerations . . . . . . . . . . . . . . . . . . .  12
67	   12. References  . . . . . . . . . . . . . . . . . . . . . . . . .  12
68	     12.1.  Normative References . . . . . . . . . . . . . . . . . .  12
69	     12.2.  Informative References . . . . . . . . . . . . . . . . .  12
70	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  13

72	1.  Introduction

74	   This draft focuses on providing one person's observations on the
75	   deployment of Virtualized Network Functions which are supported by
76	   VNF Pool where the VNF Pools may be grouped into VNF Sets.  This
77	   version of the draft no longer needs to explain the basic
78	   architecture and problems since [I-D.zong-vnfpool-problem-statement]
79	   provides an excellent description of the following:

81	   o  Terminology of VNF, VNF Pools, elements of VNF Pools, VNF Pool
82	      Managers, and VNF Sets;

84	   o  Challenges to the reliability of VNFs (without Pools);

86	   o  Challenges to reliability within VNFs (redundancy and state
87	      synchronization),

89	   o  Interactions with Service Control Entity managing the VNF
90	      functions

92	   o  and the needs for reliable transport

94	   This document simply introduces unique terms, and then describes
95	   authors experience the VNF Pools and VNF Managers when the VNF Pools
96	   contain only one type of function.  The VNF Pools may operate in a
97	   set of VNF Pools.  This document no longer examines VNF Set
98	   management because is out of the scope of the VNF Charter.

100	   Virtual Network functions supported by Virtual Network Pools and
101	   organized into Virtual Sets have been observed to be more reliable
102	   and be able to expand (or contract horizontally).  By being more
103	   reliable, this author observed that individual failures of virtual
104	   functions due to software or system constraints (load) were survived
105	   by switching over to another NFV function within the VNF Pool.  For
106	   example, with compatible software functions running, the current and
107	   previous software ran a network applications (E.g. open source NAT or
108	   open source DPI), a failure on one VNF running the current software
109	   could quickly be replaced by a "hot standby" in the Pool running the
110	   previous version.  Upon increased traffic, one VNF function (for
111	   firewalls) could be expanded to multiple firewalls each handling a
112	   portion of the traffic.  In a sense, the VNF expands horizontally to
113	   handle the increased traffic.  In the same way, as traffic
114	   diminished, this VNF can contract.

116	   This document describes each use case by describing the application
117	   and how the VNF function when operating within VNF Pools within the
118	   VNF Set that makes up the application.  While some of these use cases
119	   had multiple VNF Sets, VNF Set management is outside of the scope of
120	   the VNF Pool work.  Therefore, the explanations have been simplified
121	   to consider all the VNF Pools into one set.

123	   One final note, the author knows she has only provided abstract
124	   descriptions of these deployments, but out of respect for products
125	   and companies the abstract description is best.

127	2.  Terms

129	   The VNF Problem statement [I-D.zong-vnfpool-problem-statement]
130	   defines the terms reliability, VNF, VNF Pool, VNF Pool Element, VNF
131	   Pool User, VNF Pool Manager, and VNF Set.  This draft uses these
132	   definitions.  The following definitions are not defined within the
133	   VNF problem statement: Cloud Bursting, Stateful parental controls,
134	   WAN optimization, and application placement.  These terms are defined
135	   below.

137	   Cloud Bursting: the ability for Virtual processing to burst through
138	   the limits of one virtual environment and automatically transfers a
139	   portion of the processing to another virtual environment.

141	   Stateful parental controls: the ability for network access devices to
142	   have content filters that react to traffic, location, and user.
143	   These controls follow the user across multiple access points within a
144	   home network, or in a carrier network.

146	   WAN optimization: the ability to optimize traffic across a Wide-Area
147	   network.  WAN optimization often makes use of TCP FLOW optimizations
148	   (with IETF TCP features) and TCP de-duplication of packets,

150	   Application placement: ability for coordinating software to place
151	   applications based a combination of compute resources, data storage,
152	   network service, and security concerns.  Application placement may
153	   involve movement of some application data, movement of some
154	   applications (data and compute), and movement of network resources to
155	   service the applications.  One type of network resource movement is
156	   the movement of virtual network functions (VNFs) which are defined,
157	   created, allocated with resources in a way to provide an integral
158	   unit to the application placement control software.

160	   OTT (Over the Top): This industry terms implies an overlay network
161	   that is overlaid on existing networks as a virtual network.

163	   Shared risk group (SRG): Shared risk groups occur when different VNFs
164	   in a VNF Pool all exist upon the same instance of a virtual form or
165	   hypervisor.  When a hypervisor fails, all the VNF instances on the
166	   same hypervisor will fail,

168	3.  Use Case List

170	   The use cases described in this draft are:

172	   o  Cloud Bursting

174	   o  stateful parental controls implemented in access nodes and
175	      firewalls (stateful and regular)

177	   o  load balancer doing multipath (supports L1-L7 optimization),

179	   o  WAN optimization between access nodes and Data Centers,

181	   o  WAN optimization between mobile phones through access nodes to/
182	      from Data center (E.g Riverbed WAN),

184	   o  Application placement optimization using optimized DNS and DCHP
185	      VNFs,

187	   o  Application placement optimization to minimize data transfer.

189	   The uses cases are done in the order of VNF sets to VNF single
190	   operations.  The Cloud bursting obviously takes a set of VNF Pools to
191	   lift up services in a cloud environment and move these to another
192	   cloud environment.

194	   Deployment of VNF functions into critical network functions requires
195	   that multiple sources exist to reduce risk of software or hardware
196	   issues, and to respond to economic pressure to continually improve
197	   while reducing prices.  Multi-vendor sources for these VNF, VNF
198	   Pools, and VNR sets comes at the price of designing (or adopting an
199	   existing) interoperability VNF Pool manager for VNF Pools.

201	4.  Cloud Bursting Use Case

203	   Description:

205	   Three cases of cloud bursting exist.  Public clouds adding more
206	   resources upon demand.  Private clouds adding more resources upon
207	   demand from private cloud resources.  Private clouds adding more
208	   resources from the public cloud.  In the public/private cloud, the
209	   orchestration system looks within pools of additional resources to
210	   fit the request for more resources for a particular time.  Verizon
211	   provided examples of cloud bursing at ONS 2012, and Terremark
212	   utilizes cloud bursing to obtain more resources
213	   (http://www.terremark.com/services/it-infrastructure/cloud-services/
214	   enterprise-cloud/architecture/) operating over open-source
215	   hypervisors (2012, 2013).

217	   VNFs within the VNF Pools operate as management systems and networks
218	   router/switches (virtual switches, routers, end systems) to spin up
219	   additional transport process (TCP/STCP) and move work jobs via
220	   standard interfaces (libvirt, CLI, REST, and JASON), and provide
221	   standardized value-added functions.  These value-added functions
222	   include the following:

224	   o  VNFs in VNF Pools of system monitoring and orchestration

226	   o  VNF in VNF Pools for virtual firewall to protect the data

228	   o  VNF in VNF Pools for DPI or DDOS during

230	   o  VNF in VNF specialized DNS that controls private/public cloud move

232	   o  VNF in VNF WAN applications that create a large pipeline for for
233	      movement of data and applications within Cloud (Private/Public) or
234	      between clouds

236	   o  VNFs in VNF Pools for smart access to the could

238	   Why VNF in VNF Pools for network router/switch or host system
239	   functions
240	   VNFs in VNF Pools allow cloud bursting to temporarily expand
241	   horizontally to take the load as the processing groups move between
242	   clouds.  Each of the functions has a scaling within its own pool
243	   which allows the bursts of effort to grab or release the amount of
244	   functions.  The VNFs doing system monitoring of the move and the
245	   orchestration are also included in the features that grab or release
246	   functions.

248	   Why VNF Pools:

250	   Bursty nature of action of Cloud Bursting requires being able utilize
251	   VNFs within Pools to expand horizontally for the estimated cloud
252	   bursting activities.  However, if the cloud bursting expands beyond
253	   the resources estimated by the orchestration software then the VNFs
254	   within the pool can expand the service.

256	   Why Multi-vendor interoperable VNF Pools?:

258	   Cloud bursting is a critical business infrastructure which needs
259	   highly reliable software that can be maintained by Cloud operations.
260	   Critical infrastructure requires multi-sources.  Either the Cloud
261	   operations creates a team to maintain VNF Pool software from Open
262	   Source code bases, or the equipment vendors provide interoperable VNF
263	   Pool Managers and VNF Pools that run across multiple platforms.

265	5.  Stateful Parental Controls

267	   Description:

269	   Parental content filters are targeted filters that are installed
270	   based on an identification of a user.  When the centralized
271	   controller detects the User (via traffic pattern, role identification
272	   (ABFAB, HTTP)), an orchestration manager installs the appropriate
273	   software to guarantee filters.  Two types of security exist:
274	   authentication and authorization.  In authentication, ACL and other
275	   port based filtering is set per customer for the user.  This
276	   filtering may block, prioritize, or transfer to a black hole
277	   recording device different traffic.  In authorization, the systems
278	   create a web of trust via an identity server (for HTTP 1.0 SAML
279	   template defined by OASIS and IETF ABFAB information for non-http).

281	   The following is a list of some of the VNF functions found in VNF
282	   Pools in the Stateful Parental Control Model

284	   o  VNF Pool for the specialized Access filters

286	   o  VNF Pool for open source DPIs (snort, etc.) to find
287	      "inappropriate" material,

289	   o  VNF Pool for specialized DPI inspection,

291	   o  VNF Pool probes on hyper-visors,

293	   o  VNF POol for management functions depositing configuration in Open
294	      Flow switches, Ethernet Switches, Virtual switches, routers,
295	      firewalls, and access nodes.

297	   o  VNF Pool for access firewall

299	   o  VNF Pool for spam filters for mail

301	   o  VNF Pool for DDOS software,

303	   o  VNF Pool for DNS/DHCP servers that allow the linking of the the
304	      Public services to a instantly created VNFs for specialized access

306	   o  VNF Pool to move filters within Cloud (Private/Public) or between
307	      clouds in anticipation of the persons movement (If in central
308	      London, spread to other access nodes along public transportation
309	      (Tube) lines or to hotels.).

311	   o  VNF Pool to do additional user identification of the systems

313	   Why VNF Pools

315	   The bursty nature of user access is dependent on the detection of the
316	   movement of the user.  At the moment the public software identifies
317	   the user, this VNF Pool set operates to expand horizontally to
318	   provide the necessary service to provide these parental features.
319	   The VNF Pools allow groups of these parental ' families to be
320	   instantiated.

322	   Why inter-operable VNF Pool Managers

324	   The VNF functions may go between the mobile devices the user moves
325	   with (E.g.  Android Pad or Android Phone) and the local network
326	   systems supported by the Carrier, the hotel, or the airport systems.
327	   Inter-operable VNF Pool Managers means that some NVF functions may
328	   move from Android Pad /Android Phone to carrier's equipment.

330	6.  Load balancer

332	   Description:

334	   Load balancers (such as Riverbed or Cisco) look to balance traffic in
335	   different layers of the stack (L1-L7).  SDN meta controllers
336	   (OpenDaylight, Vyatta) monitor work with the time-critical OTT
337	   control process (which creates and manages the OTT VPNs (L2/L3/MPLS))
338	   to determine where the load is at any specific time, and to track it
339	   over time.  The SDN orchestration devices work with the SDN OTT
340	   control process to adjust to readjust the load at L1-L7.

342	   The VNF functions that use VNF Pools in the load balancing service
343	   are:

345	   o  VNFs for network probes in all devices (mobile phone, ipad, access
346	      devices, vswitch, vrouter, tcp optimizer, DPI, hypervisors, VMs
347	      dumming storage, VMs creating the network;

349	   o  VNFs for depositing configuration in Ethernet switches (open-flow
350	      or IEEE 802.1), routers, firewalls, access nodes;

352	   o  VNFs for firewall;

354	   o  VNFs to do Traffic capacity/load balance calculation;

356	   o  VNFs running orchestrator monitor/change algorithms; and

358	   o  VNFs to users or specific traffic to aid in load balancing.

360	   Why VNF Pools:

362	   True end-to-end Load balancing requires load balancing across
363	   multiple layers with VNF pools to support different functions.
364	   Multi-vendors solutions will allow meta controllers to balance
365	   traffic to reduce costs in networks.  Current Enterprise customers
366	   find the load balancing operates with TCP WAN optimization to utilize
367	   all network bandwidth effectively.

369	   Why inter-operable VNF Pool Managers

371	   Network probes, network traffic capacity calculation, and
372	   configuration of changes operate either when traffic thresholds are
373	   exceeded or upon period timers.  Each of these functions has bursty
374	   needs needing the ability to expand horizontally.

376	   Firewalls are traffic based which may be bursty or steady state
377	   depending on the application profiles.  VNF Pools allow for the
378	   horizontal expansion during bursts.

380	   Long lived traffic flows may be identified by looking for users or
381	   application traffic patterns.  This type of processing function has a
382	   "DPI-Like" processing quality that make require quick examination of
383	   some data.  VNF support in VNF Pools allows the assurance of this
384	   type of support

386	7.  Android phone TCP WAN optimization

388	   Description:

390	   Android phones and Android tablets often communicate across the LTE/
391	   WiFi connections.  Optimization of the link for the low-bandwidth of
392	   LTE or Wifi connections, and the switch between LTE and WiFi requires
393	   monitoring of traffic, choosing link, optimizing TCP (Window and
394	   removing duplicates).

396	   The VNFs that are aided by VPN Pools in this application includes:

398	   o  VNFs for probes in all devices (mobile phone, mobile pads, Wifi
399	      enabled nodes, LTE IP RAN notes)

401	   o  VNFs for depositing configuration in SDN access nodes (Wifi or
402	      LTE)

404	   o  VNFs for to handle remote phone parameter adjustments;

406	   o  VNFs to do firewalls (E.g traffic not allowed over LTE due to
407	      customer policy);

409	   o  VNFs for TCP data de-duplication process;

411	   o  VNFs for Traffic capacity/load balance calculation (see Football
412	      stadium problem below);

414	   o  VNFs for best processing of Video traffic or best network to pull
415	      Video traffic from;

417	   o  VNFs to identify user or user traffic and

419	   o  VNFs to interface to secure data processes.

421	   One scenario to consider is the football stadium scenario.  A person
422	   takes the IPAD to watch the close up replays or send email.  During
423	   fourth quarter, the person receive an urgent call to go home and
424	   walks with the IPAD down the street to the metro-system to return
425	   home.  On the way, the person is utilizing the IPAD to send mail,
426	   watch the football game, and do Skype calls.

428	   This scenario is similar in needs to the parental controls.  The
429	   differences are TCP data de-duplication to improve WAN traffic and
430	   specialized Video traffic handling, plus the mobile phone management
431	   and security.

433	   Why VNF Pools:

435	   The football user case illustrates how the network functions are used
436	   in bursts.  The VNF Pools allow these functions to expand out to fit
437	   the users needs.  The football example also shows how events can
438	   cause massive numbers of these bursty users to occur at the same
439	   time.  Again, the expansion out for these events without reducing
440	   service is key to the quality of user experience for mobile phone or
441	   mobile pad users.

443	   Why Inter-operable VPN Pools handled by VPN Pool Managers:

445	   Phones systems do not want a single vendor for all features.
446	   Multiple interoperable access nodes and Android pad/tablet
447	   implementations require these VNF pools.  The football stadium may
448	   require that several mobile operators or mobile or cable operators
449	   work together to provide this service.

451	8.  SOHO device optimization

453	   Description:

455	   SOHO devices using SDN VM technology must balance traffic movement
456	   between small cells (WiFi or femtocells).  Access policies must be
457	   configured for restriction on this policy.

459	   The VNFs that VNF Pools in this application are:

461	   o  VNFs for probes in all devices (mobile phone, mobile pads, WiFi
462	      enabled nodes, LTE or femtocells)

464	   o  VNFs for VPN to user identification and security.

466	   o  VNFs for depositing configuration in access nodes (Wifi, L),

468	   o  VNFs for handling remote phone parameter adjustments;

470	   o  VNFs for firewall (traffic not allowed over LTE);

472	   o  VNFs for TCP data de-duplication process;

474	   o  VNFs for Traffic capacity/load balancing over single/multiple soho
475	      links;

477	   o  VNFs to allow applications load balance across internal soho links
478	      based on traffic needs and use policy; and

480	   o  VNFs for VPN to user identification and security.

482	   Why VNF Pools:

484	   SOHO devices will have limited resources for handling probes to find
485	   local devices, change configurations in access devices, adjust remote
486	   phone parameters, firewall traffic, and perform WAN optimization (TCP
487	   de-duplication, prioritizing of traffic (like phones) or load
488	   balancing).  However, SOHOs may only need the probes, configurations
489	   changes, and phone adjustments when users arrive into the home.  The
490	   data related VNF functions will occur as the SOHO office begins to
491	   transfer data.  The VNF pools allow the VNF function to scale up/down
492	   via horizontal expansion.

494	   VPN Pool Growth/Shrinking:

496	   The VPN Pool Manager can handle increasing or decreasing the VNF Pool
497	   size.  Cooperating VNF Pool Managers can be seen to be useful in this
498	   use case, but the cooperating VNF pool managers are outside the scope
499	   of the VNF within a VNF Pool.

501	9.  Application Scaling

503	   Description:

505	   Applications may be placed in a variety of hypervisors.  The rapid
506	   deployment of applications on services may allow millions of
507	   applications to be available within the cloud.  Creating a effective
508	   lookup for the applications or redirecting applications takes an
509	   Network Virtual environment that controls DCHP, DNS, and http access
510	   rapidly. 2 Million URI references for each access node is possible
511	   given the current growth.

513	   VNF within the cloud must scale up to handle the VNF services
514	   required by the network infrastructure.  This includes the network
515	   information functions of DNS, DCHP, URL processing, AAA (Diameter/
516	   Radius).  Fast enactment of these network functions allows an on-
517	   demand creation of a multi-tenancy overlay (IETF NV03).

519	   The VNFs operate in VNF Pools in this application are:

521	   o  VNFs for AAA functions (Diameter, Radius);

523	   o  VNFs for DNS functions;

525	   o  VNFs for DCHP functions

527	   o  VNFs for specialized URL/URI processing;

529	   o  VNFs for handling remote probes on these virtual information
530	      functions;

532	   o  VNFs for handling remote configuration of these virtual
533	      information functions;

535	   o  VNFs for Traffic capacity/load balance calculation;

537	   o  VNFs for determine optimum placement of application (and
538	      application's backup services) to optimize CPU compute, storage or
539	      data

541	   o  VNFs for VPN to user identification and permissions to use data;
542	      and

544	   Wny VNF in VNF Pools

546	   User load patterns or access patterns will impact how much load the
547	   network information VNF functions (DNS, DHCP, URL processing, AAA
548	   (Diameter/Radius) encounter.  The VNF Pools with a good VNF Pool
549	   manager can spread the load locally or between different systems.

551	   The applications and the application usage will also determine how
552	   loaded the VNF Function is that monitors CPU utilization, storage,
553	   and network resources.  Again, the VNF supported by VNF Pools can
554	   expand or shrink horizontally.

556	   The rest of the VNF functions needs for VNF Pools have been described
557	   above.

559	10.  IANA Considerations

561	   This document includes no request to IANA.

563	11.  Security Considerations

565	   This document has no security issues as just contains use cases.

567	12.  References

569	12.1.  Normative References

571	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
572	              Requirement Levels", BCP 14, RFC 2119, March 1997.

574	12.2.  Informative References

576	   [I-D.zong-vnfpool-problem-statement]
577	              Zong, N., Dunbar, L., Shore, M., Lopez, D., and G.
578	              Karagiannis, "Virtualized Network Function (VNF) Pool
579	              Problem Statement", draft-zong-vnfpool-problem-
580	              statement-06 (work in progress), July 2014.

582	Author's Address

584	   Susan Hares
585	   Huawei
586	   7453 Hickory Hill
587	   Saline, CA  48176
588	   USA

590	   Email: shares@ndzh.com