Scalable Software Switch Based Service Function Chaining for 5G Network Slicing

Service Function Chaining (SFC) is a key enabler for network slicing in the Fifth-Generation (5G) mobile networks. Despite the ongoing standardisation activities and open source projects in addressing SFC, built-in 5G network support for SFC has not been sufficiently addressed on 5G Multi-tenant infrastructures. This paper proposes an Service Function Forwarder (SFF) and Classifier which is able to provide network slicing capabilities to the Service Data Plane in this type of infrastructures. The proposed prototype has been implemented as an extension of the popular Open Virtual Switch (OVS). The results of the empirical validation demonstrate that the proposed prototype is able to deal simultaneously with up to 8192 network slices with a maximum delay of 11 microseconds and 0% packet loss processing traffic at speeds up to 20 Gbps in a 5G architecture. The performance values achieved in this work are compliant with the 5G KPI expectation.


I. INTRODUCTION
Service Function Chaining (SFC) [1], also termed as Network Service Chaining, is a technique that uses the capabilities supplied by Software Defined Networks (SDN) to create composed network services, that is, an ordered and connected sequence of Service Functions (SF) that must be applied to a specific packet and/or flow that has been classified previously.Some examples of SFs are L2-7 firewalls, Deep Packet Inspection (DPI), video optimizers, load balancing servers and Network Address Translation (NAT), among others.From network operator's point of view, SFC offers tenants and network users with suites or catalogues of network services with different requirements and characteristics that can be dynamically deployed on demand in an automated manner into the multi-tenant infrastructure.
It is widely accepted that the concept of Network Slicing is one of the most significant cornerstones in 5G infrastructures.There is no unique, clear and precise definition of Network Slice, and it depends on the perspective of the different stakeholders (Vertical business, Internet Service Providers -ISP, Mobile Network Operators -MNO).For instance, Next Generation Mobile Networks (NGMN) [2] defines a network slice as a set of network services running on top of physical resources where both network services and resources conform a logical network to deliver specific requirements.This proposal of network slice fits perfectly from the perspective of a network manager that provides network services through SFCs to the different tenants and users within a 5G multi-tenant infrastructure.
There are several proposals to standardize SFC and diverse open source projects that provide SFC reference implementations such as OpenStack [3] and OpenDayLight (ODL) [4], both using the forwarding capabilities of OpenVSwitch [5].
However, as far as the authors know, there is currently no proposed solution providing built-in 5G multi-tenant network support for the network services provided as part of the features of the network slices.5G multi-tenant infrastructures needs to deal with tenant isolation and 5G user mobility.This work addresses such lack of support by providing a novel 5G-aware scalable OpenVSwitch (OVS) support for network slicing beyond the current state-of-the-art.The following list outlines the major contributions of this paper: • Novel packet classification capabilities to allow the definition of network slices on the novel 5G multi-tenant networks.
• Support for handling a large number of SFCs, used to provide tailored network services as part of the previous definition of network slice.• Empirical validation based on the extension of the Open-VSwitch reference implementation.• Scalability and performance evaluation based on a prototypical implementation in a realistic testbed.
The reminder of the paper is structures as it follows.Section II overviews the current state of the art on SFC standards and projects that offer different approaches to providing support for SFC capabilities in 5G and multi-tenant overlay networks.Section III explains details about the proposed 5G architecture with SFC capabilities and support for network slicing.Section IV explains how the OpenVSwitch base implementation has been extended to be able to operate as an SFC-aware classifier and Service Function Forwarder (SFF) providing network slicing capabilities.Section V validates the proposed solution and provides a performance and scalability analysis.Finally, section VI is focused on conclusions and future work.Concerning standardization, the European Telecommunications Standards Institute (ETSI) describes a Network Service (NS) as a chain of NFVs and highlights the demand for a new set of orchestration and management functions to be added to the traditional model of operations, maintenance, management and provisioning used in legacy networks where Network Functions are tightly coupled to the physical infrastructure they run on [6].In [7], ETSI identifies the most common patterns for using SDN in an NFV architectural framework and proposes a framework with 3 main components: Virtual Network Functions (VNFs) and two subsystems termed respectively Management and Orchestration (MANO) and Network Functions Virtualization Infrastructure (NFVI) where NFVs are deployed.In the RFC 7665 [1], IETF describes an SDNbased SFC architecture in which, in the data plane, an SFC classifier performs a classification of user traffic to determine which SFs must be chained to process the traffic based on application requirements.The Open Networking Foundation (ONF) and C. Zhang et al. [8] propose an architecture based on SDN technology following the IETF SFC specification and providing the requirements for the North Bound Interface (NBI) and OpenFlow (OF) extensions that would be needed to enable SFC capabilities.

II. RELATED WORK
Regarding implementations and projects, OpenDayLight (ODL) is an open-source project that it is hosted by the Linux Foundation.ODL provides SFC capabilities based on the IETF SFC specification.SFC is implemented in both OVSDB NetVirt and Group Based Policy (GBP) SDN applications.Both SDN applications make use of OpenVSwitch as classifier controllers [9].OpenStack [3] [10] is an open source platform for management, provisioning and orchestration of network resources that steers traffic through neutron ports chaining.OpenStack also provide support for SFC using the SFF ca-pabilities provided by OpenVSwitch [5].The ONOS project [11] is a SDN controller hosted by the Linux Foundation that also leverages OVS for SFC.
All of these standards and open source projects are able to work on traditional IP networks.Also, the most advance SDN controllers are also able to provider SFC for the different tenant/overlay networks they are dealing with.But, to the best of our knowledge, there is not any existing solution that provides support for 5G networks that are created in the context of a network, mainly in mobile network operators (MNO) scenarios or scenario with virtualization, which is one of the main drivers of 5G networks.This is exactly what is being provided in this contribution.
Next Service Header (NSH) [12] is a data plane protocol that allows SFC encapsulation providing topological independence, service chaining, independent transport encapsulation and exchange context information between participating entities and SFs.Another benefit of using SFC, through the use of SDN, is the optimization of network resources and the improvement of applications performance.Our approach follows the usage of NSH as a way to implement SFC for network slicing.

III. PROPOSED ARCHITECTURE
Figure 1 shows an overview of the logical architecture of an SFC-enabled service data plane (SDP) domain deployed in a 5G multi-tenant network.The figure focuses on the service data plane.How the service control plane addresses the management, orchestration and provisioning of the service data plane components and the deployment of SFCs within the logical service data plane is beyond the scope of this work.One architectural principle of SFC is the topological independence from the underlying network infrastructure.In other words, the service data plane is unaware of the underlying network configuration and where the logical components and services are placed across the 5G infrastructure.In figure 1, it can be appreciated how the links between the entities that compose the SDP are labeled as logical connections.For instance, SFF-1 could be a virtual switch running on an edge computer, SF-2 could be placed in a virtual machine on a different edge computer and the connection between them could pass through several switches, routers, virtual interfaces and NICs as well as different transport protocols and overlay networks could be used.By decoupling the SDP from the underlying network, all this information is transparent to the logical components of the SDP.As a result, SFC allows a more flexible SF deployment solution when compared to traditional static and topological-bound SF deployment models.This leads to a better optimization of physical resources, enhancing of performance applications and an agile on-demand service delivery which is a paramount challenge in current data centers and 5G networks where virtualization plays a key role.
Four logical entities can be located in a SFC architecture: Classifiers, Service Function Forwarders (SFFs), SFC proxies and Service Functions (SFs).The entry node to an SFC domain is a classifier.The role of the classifier is to map the arriving traffic to service chains and encapsulate the packet in a NSH header containing information about the SFC the packet will traverse and metadata extracted as a result of packet inspection.Since SFC supports reclassification to allow branching to another service chain, classifiers can be allocated at any point within the service data plane.SFF is responsible for steering the traffic to the SFs that are logically connected to it using the information provided in the NSH encapsulation.Each of these logical connections is referred as a hop in the SF chain.A SF is an entity that provides specific treatment to traffic traversing a service chain.A SFC-aware SF is able to deal with SFC encapsulation.Finally, the role of SFC Proxy is to provide support for integration of SFC-unaware SFs, receiving packets on behalf of the SF.
An SF chain defines a network service as a sequence of ordered network functions.A network slice includes in its definition network services and thus they can be provided by an SF chain.In 5G multi-tenant network is imperative to extend the programmability of the service data plane to enable network slicing capabilities that meet the peculiarities imposed by 5G multi-tenant networks where it is involved the use of overlay networks to cope with 5G user mobility across the antennas and tenant isolation.Hence, it is needed to supply a fine-grained control mechanism for 5G traffic and tenant traffic together.
In the proposed 5G multi-tenant architecture, the SFs are placed in virtual machines across the edge and core network segments where each VM belongs to the administrative domain of a tenant.Connectivity between VMs belonging the same tenant across the physical layer of the 5G architecture is delivered by OpenVSwitch instances that fulfill both SFF and classifier capabilities.To provide 5G network slicing capabilities in a SFC-enabled domain, the OVS classifier has significantly been extended (see subsection III-A).Several modules, APIs and data structures of the OVS architecture has been also extended to provide such capabilities as well as communication with the service control plane and they are explained in section IV).   2 depicts the proposed SFC-aware 5G multi-tenant parser that provides an extension over the traditional IP traffic classifiers.The parser consist of a set of Metadata Extractor Modules (MEM).Each MEM is responsible for extracting metadata for a specific protocol and sending the packet to the next MEM according with the next detected protocol.Subsequently, this metadata will be used by the SFF nodes to, according to the rules injected by the service control layer, determine to which SF the packet will be steered.The metadata can be also used for other purposes such as firewalls, connection tracking or QoS policies, for instance.

A. SFC-aware 5G Multi-Tenant Classifier
An innovation that implies an enhancement when compared to traditional parsers is the capability of reentrance between MEMs.Reentrance allows to send a packet to a previously visited MEM (For instance, see the arrow from VXLAN to MAC in figure 2) and enhance the flexibility to support different data paths as well as extract metadata from the inner headers of the encapsulated packets.This inner data is essential to identify fine grained flows in a 5G multi-tenant infrastructure in order to allocate them to the slice of a network service.
It is worth noting the fact that the parser provides support for different encapsulation and tunneling protocols (GTP, VXLAN and VXLAN-GPE).GTP is the protocol used to encapsulate user data and provide 5G-user mobility and connectivity.Once a GTP header is detected, the Tunnel Endpoint Identification (TEI) is extracted and used to uniquely identify a 5G user within a SF chain deployed in a 5G network.VXLAN is the tunneling protocol used to ensure isolation between tenants.As in GTP, the VXLAN network identifier (VNI), which is unique for every tenant, is extracted when parsing a VXLAN header.Finally, VXLAN-GPE is used to provide topological independence to SFCs since service forwarding occurs within the service plane and it must be transport encapsulation agnostic.
Finally, the parser is also able to deal with NSH headers that is the protocol used to convey information about the SF chain responsible for processing the packet, the next hop (SF) in that chain and metadata for exchanging information between SFs.
This proposed parsing extension enables to provide network services that are in the context of a Network Slice created for 5G multi-tenant users.This extended classifier is the main contributions of this work.

IV. PROTOTYPE DETAILS
The proposed classifier and SFF has been implemented extending the functionality provided by OVS version 2.9.2.To achieve the novel 5G network slicing capabilities in SFC domains several modules both in user space and kernel space have been extended across the OVS architecture.The parsers in both the kernel module (openvswitch.ko)and the user-land daemon (vswtichd) have been modified to identify the new fields required to map 5G multi-tenant traffic to SFCs.The netlink communication between kernel and user land has also been extended with the new fields.Regarding management and control features, both ovs-dpctl and ovs-ofctl command line applications have been extended to allow SFC rules to be injected in kernel and user space respectively dynamically on demand.

V. EMPIRICAL RESULTS
This section provides an empirical validation of the suitability of the proposed solution.It also provides an analysis of the performance overhead introduced by the new 5G capabilities and scalability in the number of supported SFCs.The experiments to validate the proposed solution have been carried out on a computer with the following characteristics: Dell T5810 with Intel Xeon E5-2630 v4 CPU with 10 cores and hyper-threading support, 512 Gbyte SSD hard disk and 32 Gbytes of RAM memory.Concerning the followed methodology, each experiment was repeated 10 times.To avoid atypical values, best and worst results were discarded and the final results shown in this paper are the arithmetic mean of the remaining 8 executions.

A. Testbed
Figure 3 shows the testbed deployed to perform the empirical validation of the proposed solution.The experiments are driven by the Automated Experiment Management Agent that deploys a customized configuration for each experiment.First, The match-action table of the SFF is populated with the SFC rules via a dedicated management interface (see 1 in Fig. 3).Then, the Traffic Generator Agent generates a PCAP file that is sent in parallel by the Traffic Sender Agent (see 2 y 3 in  The implementation of a novel classifier with more complex logic that enables parsing of more protocols than traditional IP traffic-based classifiers penalizes overall performance in terms on delay.Figure 4 depicts the average delay in comparison to the original reference OVS implementation v2.9.2.The shown data corresponds to the average delay of traffic sent at 20 Gbps during 10 seconds ranging different packet sizes (from 64 to 1500 bytes).As is it can be observed, the behavior of the delay is roughly the same for traditional IP traffic which is an indicator of the efficiency in the implementation of the new capabilities.For 5G multi-tenant traffic, the extra overhead is barely 0.2 microseconds which is a perfectly acceptable value.The total delay when processing 5G multi-tenant traffic is less than 2 microseconds which fulfills the 5G KPI expectations.

C. Scalability Results
In terms of scalability, it is important to know how many slices the proposed SFF classifier can handle before exposing unacceptable overheads.Figure 5 provides an analysis of the Thus, each 5G flow is mapped to a different network slice inserted in the SFF and forwarded to a different SF.As it can be appreciated in figure 5, the delay remains fairly constant and below 3 microseconds up to 4096 SFC hops (support for 2048 network slices) regardless the received bandwidth.Between 4096 and 16834 (8192 network slices) SFC hops, the behavior is slightly irregular with peaks of 11 microseconds.At any case, these values are well within the 5G KPIs.In all cases there is a 0% packet loss and therefore no graph is shown for the packet loss.

VI. CONCLUSION AND FUTURE WORK
This work proposes a novel SFF and classifier software solution that provides network slicing support for SFC in 5G multi-tenant networks where the scope of the network slice definition fits with a set of network services.A fine-grained classification of the traffic allows to offer tailored services to tenants and 5G users.The proposal has been empirically validated and the results show satisfactory and promising performance: 16834 SFC hops can be handled concurrently in a stressful scenario processing 20 Gbps, introducing a maximum delay of 11 microseconds and 0% of packet loss.The achieved results fulfill the parameters suggested in the 5G Key Performance Indicators (KPI).
As a future work, this ongoing research will focus on how to provide a mechanism to ensure performance isolation between SF chains in order to warranty QoS requirements along the whole data path in terms of bandwidth, delay and jitter.The idea is to combine these foreseen capabilities with the ability described in this contribution.Besides, the classifier will be extended to be able to identify other protocols used in virtualization environments ant multi-tenant architectures like GRE, STT or GENEVE.The impact of this extension on the overall performance of the system will be evaluated.

Figure
Figure2depicts the proposed SFC-aware 5G multi-tenant parser that provides an extension over the traditional IP traffic classifiers.The parser consist of a set of Metadata Extractor Modules (MEM).Each MEM is responsible for extracting metadata for a specific protocol and sending the packet to the next MEM according with the next detected protocol.Subsequently, this metadata will be used by the SFF nodes to, according to the rules injected by the service control layer, determine to which SF the packet will be steered.The

Fig. 3 .
Fig. 3. Testbed deployed for carrying out the experiments

Fig. 4 .
Fig.3).The traffic is then received by our extended version of OpenVSwitch where it is processed by the SFF and sent back.The received traffic is then captured by the Traffic Receiver Agent and saved in a pcap file.Finally, the Results Analyzer Agent compares both sent and received pcap files to obtain the results of the experiment.B.Overhead Results.

Fig. 5 .
Fig. 5. Analysis of delay over 5G multi-tenant traffic for the proposed 5G multi-tenant SFC-aware classifier and Service Function Forwarder (SFF)