Service Chaining: The ABCs of Network Visibility
2021-09-24 | 10 min read
In this post we look at a way to increase the speed of data moving through your network. Service chaining is a powerful tool for automating the movement of data packets and it’s getting a lot of attention these days as a way to improve the quality and speed of application delivery.
Purpose of Service Chaining
A ‘service chain’ is a set of network services which are performed in a specific order and ‘service chaining’ refers to steering the traffic through such a “chain”. It’s like a recipe where actions are performed in a preordained order. Services can be performed in parallel or in serial, depending on the situation. The chain can be implemented by cabling individual devices together or, increasingly, by using software provisioning to control the flow of data through the selected services. Monitoring tools that are linked together in this way are sometimes referred to as a daisy-chain. The use of service chains is linked to the automation of functions that have been either embedded in single purpose hardware devices, dictated by physical topologies, or performed manually--which are increasingly perceived as too costly and inflexible in our fast-moving digital economy.
Figure 1 – Traditional / Static Service Chain implemented by Operator
In the example scenario illustrated in Figure 1 above (“Example service function chain implemented by network operators today”), Subscriber 1 wishes to access video content on their mobile device. The user would simply need the video optimization service, as well as basic firewalling. However, the user’s traffic will have to traverse the entire chain. Adding to this, services must often be applied in a specific order, which implies the need for complex routing techniques and VLANs to ensure that this performed correctly. This example highlights the sub-optimal use of network and compute resources, as the entire service chain has to be traversed, regardless of whether this is required or not.
Service Chaining Use Cases
Service chaining is one of several approaches that make it possible to centrally manage and direct the operation of IT resources, to increase efficiency and time-to-market, as well as decrease costs.
Use Case - Real-Time Network Monitoring
With real-time monitoring, you need to keep traffic moving quickly and your security tools working efficiently. Chaining tools together allows to you to pass only the suspicious traffic to additional tools for deeper inspection or to a honeypot to be quarantined. Packets without anomalies are moved along quickly, to maintain maximum response time. A common example is the use of a Security Information and Event Management (SIEM) solution to filter out suspicious traffic for further analysis by other tools in the daisy-chain. Traffic without exception is quickly sent back through the network to support the fastest possible response time.
Use case - Out-of-Band Monitoring
Out-of-band monitoring tools can be chained for similar reasons. An example would be to take the result of application classification provided by a Keysight network packet broker and send the application-specific information on to the best tool for analyzing a given packet type. Meta data can also be added to the packets to let tools farther in the chain know more about the origin or destination of the traffic.
Use case - Value Added Traffic Management
Service chaining is also common when administrators must enable multiple resources or processes to be used. Examples are to enforce policies, perform QoS monitoring, to gather real-time analytics for traffic flow adjustments, are enforced to ensure quality of service
Use case - Service Management
The concept of service chaining plays a strong role in helping carriers provide services to end users with speed and accuracy or helping providers deliver a service with an excellent experience. One example is the chain of special-purpose platforms that video packets must pass through before delivery to the end customer, beginning with video optimization, then transparent caching, then (optional) parental controls, and finally a Wireless Access Point (WAP) gateway. These services are linked or chained together so that tasks necessary for all of these services do not have to be performed multiple times. Details about each user—such as their device, location, or whether they are subject to parental control—are also used to dynamically steer traffic through the necessary services.
Figure 2 - Dynamic service chain using SDN & NFV
As illustrated in Figure above (“Example of dynamic service chain using SDN & NFV”), when traffic arrives at the network gateways, it is now labelled by a dedicated classification device with the use of deep packet inspection (DPI). The traffic is then intelligently forwarded to the required services, based on the service identifier. The identifier itself can be derived from a field in the traffic such as: network service header (NSH), virtual local area network (VLAN), Source MAC Address (SMAC), or it can be directly programmed in the switch flow-tables. This allows for network and compute resources to be used more efficiently, as traffic only flows through the required services. The provider is thereby relieved from continuously having to over-provision the network.
Advantages of Service Chaining
- Enable Network Function Virtualization (NFV): Once upon a time, specialized network appliances ruled the data center and in many places they still do. When you consider their purpose, however, you can identify multiple functions taking place inside each appliance. For instance, a firewall might perform network address translation, deep packet inspection, and access control. The hardware appliance was designed to perform these functions at wire speed. But in recent years, many of the functions once performed by expensive hardware appliances are being redesigned as software functions that can be run on any generic and low-cost CPUs. This process is called network function virtualization and the goal is to achieve the same results as the appliance, but at greater efficiency and less cost.
- Reduce Latency: In order to get acceptable performance in a virtualized environment however, services that run as software on a generic CPU must be chained together, to accelerate total processing speed or latency. Any time services are grouped together in a way that forces processing to proceed from step-to-setp, latency can be reduced and speed accelerated.
- Reduce Redundant Inspections: Without the ability to chain together certain functions, a particular packet may need to pass through a particular service more than once to meet the qualifications for other types of inspection tools. For instance, in the case of security monitoring, SSL traffic can pass through a powerful decryption tool and the exposed content can be sent through a series of additional inspection tools. This avoids the need to send the traffic through decryption for each tool, which would increase latency and multiply the cycles being consumed on the decryption tool. A more efficient and more cost-effective result is achieved by sending decrypted traffic through multiple tools before passing it through to the trusted network. • Apply Consistent Policies: Pre-set service chains help ensure that actions are taken in a specific sequence, and nothing is overlooked. This reduces errors and increases the chance that abnormalities will be identified in time to prevent damage to an organization’s data or other resources.
- Increase Flexibility: The ability to define service chains dynamically, based on the user, device, location, service level, or other characteristic is a powerful capability in the fast-moving digital economy. Well defined rules and policies can help decrease the time to deliver a service and increase the quality of the user experience.
Service chaining is a useful concept that can help you organize operational tasks into more manageable groups. As programmability becomes the norm in network management, organizations will find more ways to use service chaining to increase network visibility, improve security monitoring, and increase the speed and quality of applications.