HPE FlexFabric 5940 Switch Series Service Chain Configuration Guide

Brand: HPE

Model: FlexFabric 5940 Switch Series Service Chain

Type: Configuration Guide

HPE FlexFabric 5940 Switch Series

Service Chain Configuration Guide

Software version: Release 671x and later

Document version: 6W100-20230822

The information contained herein is subject to change without notice. The only warranties for Hewlett Packard

Enterprise products and services are set forth in the express warranty statements accompanying such

products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett

Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or

copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software

Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s

standard commercial license.

Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard

Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise

website.

Acknowledgments

Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the

United States and other countries.

Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the

United States and/or other countries.

Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.

Java and Oracle are registered trademarks of Oracle and/or its affiliates.

UNIX® is a registered trademark of The Open Group.

Contents

Configuring service chains ············································································· 1

Overview ···························································································································································· 1

Service chain functions ······································································································································ 1

Node types ························································································································································· 1

Nodes supported by the switches ······················································································································ 1

Using a switch as a proxy node ························································································································· 1

Network framework ···································································································································· 1

How it works ··············································································································································· 2

Using a switch as an access point ····················································································································· 2

Network framework ···································································································································· 2

Packet format ············································································································································· 3

Configuring a service chain ································································································································ 4

Document conventions and icons ·································································· 5

Conventions ······················································································································································· 5

Network topology icons ······································································································································ 6

Support and other resources ········································································· 7

Accessing Hewlett Packard Enterprise Support································································································· 7

Accessing updates ············································································································································· 7

Websites ···················································································································································· 8

Customer self repair ··································································································································· 8

Remote support ·········································································································································· 8

Documentation feedback ··························································································································· 8

Index ············································································································ 10

Configuring service chains

Overview

Service chain is a forwarding technology used to guide network traffic through service nodes. It is

based on the Overlay technology and combines the software defined network (SDN) centralized

management theory. You can configure service chains by using a virtual converged framework

controller (VCFC).

A switch in a service chain can act as a proxy node or an access point.

Service chain functions

Service chain implements the following functions:

•

Decoupling the tenant logical network and the physical network, and separating the control

plane from the forwarding plane.

•

Service resource allocation and deployment on demand with no physical topology restrictions.

•

Dynamic creation and automatic deployment of network function virtualization (NFV) resource

pools.

•

Tenant-specific service arrangement and modification without affecting the physical topology

and other tenants.

Node types

A service chain can have the following types of nodes:

•

Proxy node—A switch that uses service chain policies deployed by a VCFC to determine

whether to forward a packet into a service chain.

•

Access point—A switch that acts as a VXLAN tunnel end point (VTEP). It uses routing policies

deployed by the VCFC to verify whether a packet is qualified to enter a service chain. If the

packet is qualified, the access point encapsulates the packet into a VXLAN packet.

•

Service node—A physical device or a NFV device that applies services to the received traffic. A

service chain can contain multiple service nodes.

Nodes supported by the switches

A switch can act as a proxy node or an access point, but it cannot act as a service node.

Using a switch as a proxy node

Network framework

Figure 1 shows the framework of a service chain network with a switch acting as a proxy node.

Figure 1 Network framework

How it works

The VCFC deploys service chain policies to the proxy node based on different tenant applications.

The proxy node uses the service chain policies to perform packet forwarding and service chain

processing as follows:

1. When the proxy node receives an IP packet, it uses a service chain policy to verify whether the

packet is qualified to enter a service chain.

 If the packet is qualified, the proxy node forwards the packet to a service node.

 If the packet is not qualified, the proxy node forwards the packet without service chain

processing.

2. When the service node receives the packet, it processes the packet and then forwards it back to

the proxy node.

3. When the proxy node receives the packet, it verifies whether the packet is qualified to enter

another service chain.

This procedure is repeated so that the packet can be processed by different service nodes.

Using a switch as an access point

Network framework

Figure 2 shows the framework of a service chain network with switches acting as access points.

VCF controller

Host A

IP network

Packet

Service chain 1

Service node 1:

Service list: FW

Service node 2:

Service list: IPS

Service node 3:

Service list: LB

Service node

Proxy node

Figure 2 Network framework

Packet format

Figure 3 shows the format of a VXLAN packet that carries service chain information.

Figure 3 Packet format

A service chain uses the following fields in the VXLAN header to identify packets:

•

Flags—When the S bit is set to 1, the Service chain field is valid. When the S bit is set to 0, the

Service chain field is invalid.

•

Service chain—A 24-bit field that includes the D bit and service path ID. When the D bit is set to

0, the packet is a forward packet. When the D bit is set to 1, the packet is a reverse packet. The

23-bit service path ID is used to identify a service chain.

How it works

The VCFC deploys routing policies to access points and service nodes based on different tenant

applications. The access points and the service nodes use the routing policies to perform packet

forwarding and service chain processing as follows:

1. When an access point receives an IP packet, it uses the routing policy to verify whether the

packet is qualified to enter a service chain.

 If the packet is qualified, the access point encapsulates the packet into a VXLAN packet and

adds service chain information to the VXLAN header. The packet is then forwarded to a

service node.

 If the packet is not qualified, the access point forwards the packet without service chain

processing.

Access point Access point

Server Server

Site 1 Site 2

Service node 1

Service list: FW

Service node

VCF controller

VXLAN packets

IP packets

Service node 2

Service list: NAT

Service node 3

Service list: LB

Original Layer 2 frame

Outer UDP

header VXLAN

header

Outer IP header

Flags

SRRRIRRR Service chain

VXLAN ID Reserved

Service path ID

2. When the service node receives the VXLAN packet, it performs the following tasks:

a. Decapsulates the packet.

b. Performs a local lookup for a service chain matching the service path ID in the VXLAN

header of the packet. If a match is found, the service node applies the service to the packet.

c. Encapsulates the packet into a VXLAN packet and adds service chain information to the

VXLAN header of the packet according to the routing policy.

d. Forwards the packet to the next service node.

3. After the last service node completes processing the packet, it encapsulates the packet into a

VXLAN packet without adding service chain information to the VXLAN header. The packet is

then forwarded to the peer access point.

Configuring a service chain

You can configure a service chain only by using a VCFC. For more information, see the VCFC

configuration guide.

Document conventions and icons

Conventions

This section describes the conventions used in the documentation.

Command conventions

Convention

Description

Boldface Bold text represents commands and keywords that you enter literally as shown.

Italic Italic text represents arguments that you replace with actual values.

[ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from which

you select one.

[ x | y | ... ]

Square brackets enclose a set of optional syntax choices separated by vertical bars,

from which you select one or none.

{ x | y | ... } *

Asterisk marked braces enclose a set of required syntax choices separated by vertical

bars, from which you select at least one.

[ x | y | ... ] *

Asterisk marked square brackets enclose optional syntax choices separated by vertical

bars, from which you select one choice, multiple choices, or none.

&<1-n> The argument or keyword and argument combination before the ampersand (&) sign

can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions

Convention

Description

Boldface Window names, button names, field names, and menu items are in Boldface. For

example, the New User window opens; click OK.

> Multi-level menus are separated by angle brackets. For example, File > Create >

Folder.

Symbols

Convention

Description

WARNING! An alert that calls attention to important information that if not understood or followed

can result in personal injury.

CAUTION:

An alert that calls attention to important information that if not understood or followed

can result in data loss, data corruption, or damage to hardware or software.

IMPORTANT:

An alert that calls attention to essential information.

NOTE:

An alert that contains additional or supplementary information.

TIP:

An alert that provides helpful information.

Network topology icons

Convention

Description

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that

supports Layer 2 forwarding and other Layer 2 features.

Represents an access controller, a unified wired-WLAN module, or the access

controller engine on a unified wired-WLAN switch.

Represents an access point.

Represents a wireless terminator unit.

Represents a wireless terminator.

Represents a mesh access point.

Represents omnidirectional signals.

Represents directional signals.

Represents a security product, such as a firewall, UTM, multiservice security

gateway, or load balancing device.

Represents a security module, such as a firewall, load balancing, NetStream, SSL

VPN, IPS, or ACG module.

Examples provided in this document

Examples in this document might use devices that differ from your device in hardware model,

configuration, or software version. It is normal that the port numbers, sample output, screenshots,

and other information in the examples differ from what you have on your device.

Support and other resources

Accessing Hewlett Packard Enterprise Support

•

For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website:

www.hpe.com/assistance

•

To access documentation and support services, go to the Hewlett Packard Enterprise Support

Center website:

www.hpe.com/support/hpesc

Information to collect

•

Technical support registration number (if applicable)

•

Product name, model or version, and serial number

•

Operating system name and version

•

Firmware version

•

Error messages

•

Product-specific reports and logs

•

Add-on products or components

•

Third-party products or components

Accessing updates

•

Some software products provide a mechanism for accessing software updates through the

product interface. Review your product documentation to identify the recommended software

update method.

•

To download product updates, go to either of the following:

 Hewlett Packard Enterprise Support Center Get connected with updates page:

www.hpe.com/support/e-updates

 Software Depot website:

www.hpe.com/support/softwaredepot

•

To view and update your entitlements, and to link your contracts, Care Packs, and warranties

with your profile, go to the Hewlett Packard Enterprise Support Center More Information on

Access to Support Materials page:

www.hpe.com/support/AccessToSupportMaterials

IMPORTANT:

Access to some updates might require product entitlement when accessed through the Hewlett

Packard Enterprise Support Center. You must have an HP Passport set up with relevant

entitlements.

Websites

Website

Link

Networking websites

Hewlett Packard Enterprise Information Library for

Networking www.hpe.com/networking/resourcefinder

Hewlett Packard Enterprise Networking website www.hpe.com/info/networking

Hewlett Packard Enterprise My Networking website www.hpe.com/networking/support

Hewlett Packard Enterprise My Networking Portal www.hpe.com/networking/mynetworking

Hewlett Packard Enterprise Networking Warranty www.hpe.com/networking/warranty

General websites

Hewlett Packard Enterprise Information Library www.hpe.com/info/enterprise/docs

Hewlett Packard Enterprise Support Center www.hpe.com/support/hpesc

Hewlett Packard Enterprise Support Services Central ssc.hpe.com/portal/site/ssc/

Contact Hewlett Packard Enterprise Worldwide www.hpe.com/assistance

Subscription Service/Support Alerts www.hpe.com/support/e-updates

Software Depot www.hpe.com/support/softwaredepot

Customer Self Repair (not applicable to all devices) www.hpe.com/support/selfrepair

Insight Remote Support (not applicable to all devices) www.hpe.com/info/insightremotesupport/docs

Customer self repair

Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If

a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your

convenience. Some parts do not qualify for CSR. Your Hewlett Packard Enterprise authorized

service provider will determine whether a repair can be accomplished by CSR.

For more information about CSR, contact your local service provider or go to the CSR website:

www.hpe.com/support/selfrepair

Remote support

Remote support is available with supported devices as part of your warranty, Care Pack Service, or

contractual support agreement. It provides intelligent event diagnosis, and automatic, secure

submission of hardware event notifications to Hewlett Packard Enterprise, which will initiate a fast

and accurate resolution based on your product’s service level. Hewlett Packard Enterprise strongly

recommends that you register your device for remote support.

For more information and device support details, go to the following website:

www.hpe.com/info/insightremotesupport/docs

Documentation feedback

Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help

us improve the documentation, send any errors, suggestions, or comments to Documentation

Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,

part number, edition, and publication date located on the front cover of the document. For online help

content, include the product name, product version, help edition, and publication date located on the

legal notices page.

Index

access point

service chain switch as access point, 2

service chain switch as access point (how it

works), 3

service chain switch as access point (network

framework), 2

service chain switch as access point (packet

format), 3

configuring

service chain, 1, 4

format

service chain switch as access point (packet

format), 3

forwarding

service chain configuration, 1, 4

framework

service chain switch as access point (how it

works), 3

service chain switch as access point (network

framework), 2

service chain switch as proxy node (network

framework), 1

function

service chain, 1

network

service chain function, 1

service chain node type, 1

service chain switch as access point, 2

service chain switch as access point (how it

works), 3

service chain switch as access point (network

framework), 2

service chain switch as access point (packet

format), 3

service chain switch as proxy node, 1

service chain switch as proxy node (how it

works), 2

service chain switch as proxy node (network

framework), 1

service chain switch-supported node type, 1

network management

service chain configuration, 1, 4

node

service chain configuration, 1, 4

service chain switch as proxy node, 1

service chain switch as proxy node (how it works),

service chain switch as proxy node (network

framework), 1

service chain type, 1

packet

service chain configuration, 1, 4

service chain switch as access point (packet

format), 3

point

service chain switch as access point, 2

service chain switch as access point (how it

works), 3

service chain switch as access point (network

framework), 2

service chain switch as access point (packet

format), 3

procedure

configuring service chain, 4

proxy

service chain switch as proxy node, 1

service chain switch as proxy node (how it works),

service chain switch as proxy node (network

framework), 1

routing

service chain configuration, 1, 4

service chain

configuration, 1, 4

function, 1

node type, 1

switch as access point, 2

switch as access point (how it works), 3

switch as access point (network framework), 2

switch as access point (packet format), 3

switch as proxy node, 1

switch as proxy node (how it works), 2

switch as proxy node (network framework), 1

switch-supported node type, 1

switch

service chain node type, 1

traffic

service chain configuration, 1, 4

service chain switch as access point, 2

service chain switch as proxy node, 1

VCFC

service chain configuration, 1, 4

HPE FlexFabric 5940 Switch Series Service Chain Configuration Guide

HPE FlexFabric 5940 Switch Series Service Chain Configuration Guide

HPE FlexFabric 5940 Switch Series Service Chain Configuration Guide

Related papers

Other documents