This is an extremely contested question. It seems appropriate to me
to view vnfpool as a layered mechanism, where a layer handling the
reliability/redundancy mechanism may carry other traffic, but that
traffic is opaque to the pooling mechanism. That traffic might
include service state. But, this is my second go-'round on state
transfer (third, if you include sami, the first one being rserpool
itself) and I really think it's best to be left out of scope with
no specific future plans for the time being, but to allow a generic
transport mechanism in the pooling traffic.

Melinda

Ning:



This charter is really good. The focus to a Pool for single VNF of a single
type is a great place to start. Once we get a working situation we can go
out to important issues like state synchronization. Like Diego, I agree we
should place the state synchronization “out of scope for this phase”.



Sue Hares



From: vnfpool [mailto:vnfpool-***@ietf.org] On Behalf Of Diego R. Lopez
Sent: Tuesday, June 03, 2014 6:23 PM
To: Zongning
Cc: ***@ietf.org
Subject: Re: [vnfpool] new VNFPool draft charter



Hi,



It looks really good to me, Ning!



I am just wondering whether we could give state synchronization a special
category (of being "out of scope in this phase" or similar) because I think
it is a extremely relevant issue.



Be goode,



On 3 Jun 2014, at 11:35 , Zongning <***@huawei.com> wrote:





Hi, folks,



Please see the below new draft charter of VNFPool. We believe that we have
updated the charter to address most of the comments from London BoF. Main
changes are:

1) We narrow down our scope to only focus on the redundancy model and
the related interfaces associated with the VNF Pool in a single VNF.

2) Service state synchronization between VNF instances is
out-of-scope. We may consider how to maintain the pool states in a VNF Pool
only for pooling purpose.

3) We assume that a VNF Pool contains redundant VNF instances of same
functional type. Different types of VNFs are envisoned to be held in
separate VNF Pools.

4) We do not address reliability related control or routing between
adjacent VNFs in the service graph. This is also applied to update the
relation between VNF Pool and SFC WG.



==========================================================================

Network functions such as firewalls, load balancers, and WAN optimizers are
conventionally deployed as specialized hardware servers in both network
operators' networks and data center networks as the building blocks of the
network services. There is a trend to implement such network functions as
software instances running on general purpose servers, via a virtualization
layer (i.e., hypervisors). These virtualized functions are called
Virtualized Network Functions (VNFs), which can be used to build network
services.



The use of VNFs introduces additional challenges to the reliability of the
provided network services. A single VNF instance would typically not have
built-in reliability mechanisms on its host (i.e., a general purpose
server). Instead, there are more factors of risk such as software failure at
various levels including hypervisors and virtual machines, hardware failure,
and instance migration that can make a VNF instance unreliable.



In order to provide a reliable function, a VNF may adopt a pooling mechanism
by using a number of VNF instances providing the same function, which we
call a “VNF Pool”. Conceptionally, a Pool Manager is used to manage the VNF
Pool, e.g., selects active/standby VNF instances, and potentially interacts
with a service control entity. Such a service control entity is an entity
that orchestrates a set of network functions to build network services. The
major benefit of using VNF Pool is that reliability mechanisms such as
redundancy model are achieved by the VNF Pool inside the VNF and thus not
visible to the service control entity. A VNF Pool-enabled VNF still appears
as a normal VNF when orchestrated by a service control entity.



Questions that are raised by the addition of a pooling mechanism to VNF
include:

· How to manage the redundancy model, e.g., select active/standby
VNF instances in a VNF Pool?

· What pool states need to be maintained to support the pooling
mechanism itself, and how are such states maintained?

· What information is exchanged between a VNF and a service
control entity? For example, how can a VNF Pool be addressed by the service
control entity?

· When a live VNF instance goes out of service, how does the
service control entity learn which instance in a VNF Pool will replace it,
and learn the characteristics of the new instance?

The WG initially focuses on several reliability mechanisms that are mainly
associated with a redundancy model based on a VNF Pool in a VNF. Additional
mechanisms that may be needed include state maintenance in a VNF Pool only
for pooling purpose (service state synchronization is out of scope). The WG
assumes that a VNF Pool contains redundant VNF instances of same functional
type. Different types of VNFs are envisoned to be held in separate VNF
Pools. The WG will address the reliability of an individual VNF, but not the
reliability related to the control or the routing between adjacent VNFs that
can form a network service.

Specifically, the WG will work on the following technical aspects:

· Redundancy management within a VNF Pool, such as the signaling
between the Pool Manager and the instances in the pool for instance
registration, backup instances selection, and switching between active and
standby instances.

· The protocol between the Pool Manager and the underlying network
to collect the network information required for appropriate
placement/selection of backup instances.

· The protocol between a VNF and the service control entity to
exchange operational information between a VNF Pool and the service control
entity.

· Identify and analyze reliable transport protocols, such as MPTCP
and SCTP for reliable delivery of the messages associated with the
redundancy management within a VNF Pool.

· Analysis of pooling security characteristics and requirements to
identify and mitigate threats against the pooling mechanism. Identification
of an appropriate trust model between pool members, and between pool members
and Pool Manager.

The WG plans to deliver a problem statement, a set of use cases, VNF Pool
requirements and an architecture covering the aforementioned technical
aspects, and applicability and gap analysis of existing technologies such as
RSerPool. It is our expectation that we will be able to rely heavily on
existing IETF technologies, but that gaps will be found around problems like
redundancy mechanisms, state maintenance solely for pooling purposes,
reliable transport, and trust/security, all of which will need to be
considered and addressed. The WG will include consideration of the
manageability of a VNF Pool. The WG will seek re-chartering before adopting
any work to develop new, or extend existing, protocols.



In particular, we will work closely with the SFC WG, as we believe that SFC
and VNF Pool are independent but complementary. SFC would essentially see a
VNF Pool-enabled VNF as a normal service function and therefore be able to
merge it into an SFC just like any other service functions. Information
exchanged between the VNF Pool and the SFC may include some operational
information from the VNF Pool including the pool address, pool instance
characteristic, and so on, as requested by the SFC WG.



Goals and Milestones:

December 2014 - Submit VNFPool Problem Statement to IESG for publication as
Informational

April 2015 - Submit VNFPool Use Cases to IESG for publication as
Informational

August 2015 - Submit VNFPool Requirements, including the manageability of
VNF Pool to IESG for publication as Informational

August 2015 - Submit VNFPool Architecture to IESG for publication as
Proposed Standard

December 2015 - Submit Applicability and Gap Analysis of RSerPool to IESG
for publication as Informational

==========================================================================



Your comments and suggestions to the charter text are highly appreciated!



Thanks.



-Ning

_______________________________________________
vnfpool mailing list
<mailto:***@ietf.org> ***@ietf.org
<https://www.ietf.org/mailman/listinfo/vnfpool>
https://www.ietf.org/mailman/listinfo/vnfpool




--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D

http://people.tid.es/diego.lopez/

e-mail: ***@tid.es
Tel: +34 913 129 041
Mobile: +34 682 051 091
-----------------------------------------





_____


Este mensaje se dirige exclusivamente a su destinatario. Puede consultar
nuestra política de envío y recepción de correo electrónico en el enlace
situado más abajo.
This message is intended exclusively for its addressee. We only send and
receive email on the basis of the terms set out at:
http://www.tid.es/ES/PAGINAS/disclaimer.aspx

Georgios,

I support the proposed charter in general, and this proposed change in
particular. This is important work and is a very necessary part of a VNF
implementation. Working on it in the IETF allows us to take advantage of
related experience and expertise and have output that's useful to the work
in the SFC WG.

Cheers,
Andy

Hi, Linda,

Thanks for re-wording. I will incorporate some of the suggested changes in the final charter. Specifically, the below sentence means that a VNF appears to outside entity such as service control entity a normal, single VNF (instance), although internally there is a pool for high reliability.
¡°A VNF Pool-enabled VNF still appears as a normal VNF when orchestrated by a service control entity.¡±

We do have a dedicated paragraph about relation between VNFPool and SFC šC it is the last paragraph of the main text, just above the milestone part. In that paragraph, we don¡¯t emphasize much on how VNFPool and SFC are different (as they are different in nature), but describe how they relate and work with each other.

-Ning

·¢ŒþÈË: Linda Dunbar
·¢ËÍʱŒä: 2014Äê6ÔÂ5ÈÕ 4:13
ÊÕŒþÈË: Zongning; ***@ietf.org
Ö÷Ìâ: RE: new VNFPool draft charter

Ning,

I made some wording changes to the proposed charter. The attached Word document has the changes mark, making it easier to see. In case the mailing list doesn¡¯t allow attachment, here is the proposed changes.

Should we also add a paragraph to show why/how VNFpool is different from SFC?

Linda


Network functions such as firewalls, load balancers, and WAN optimizers are conventionally deployed as specialized hardware servers in both network operators' networks and data center networks as the building blocks of the network services. There is a trend to implement such network functions as software instances running on general purpose servers, via a virtualization layer (i.e., hypervisors). These virtualized functions are called Virtualized Network Functions (VNFs), which can be instantiated to build network services.

The use of VNFs introduces additional challenges to the reliability of the provided network services. A single VNF instance would typically not have built-in reliability mechanisms on its host (i.e., a general purpose server). Instead, there are more factors of risk such as software failure at various levels including hypervisors and virtual machines, hardware failure, and instance migration that can make a VNF instance unreliable.

In order to achieve higher reliability, a pool of VNFs that perform the same function can be grouped together for the network services. Conceptionally, multiple instances of a same function are grouped together and managed by its Pool Manager. Different functions have different pool manager. A Pool Manager is responsible for monitoring the status of the instances in the pool, selecting active/standby instances for specific services, and potentially interacts with other entities, e.g. service control entity or service orchestration system. The major benefit of using VNF Pool is that reliability mechanisms such as redundancy & protection are achieved by the VNF Pool and thus not visible to the service control entity. A VNF Pool-enabled VNF still appears as a normal VNF when orchestrated by a service control entity.[L1]

Questions that are raised by the addition of a pooling mechanism to VNF include:

¡€ How to manage the redundancy model, e.g., select active/standby VNF instances in a VNF Pool?

¡€ What pool states need to be maintained to support the pooling mechanism itself, and how are such states maintained?

¡€ What information is exchanged between a VNF and a service control entity? For example, how can a VNF Pool be addressed by the service control entity?

¡€ When a live VNF instance goes out of service, how does the service control entity learn which instance in a VNF Pool will replace it, and learn the characteristics of the new instance?
The WG initially focuses on several reliability mechanisms that are mainly associated with a redundancy model based on a VNF Pool in a VNF. Additional mechanisms might include state maintenance of instances in a VNF Pool only for pooling purpose (service state synchronization is out of scope). The WG assumes that a VNF Pool contains identical VNF instances of same functional type. Different types of VNFs are envisoned to be held in separate VNF Pools. The WG will address the reliability of an individual VNF, but not the reliability related to the control or the routing between adjacent VNFs that can form a network service.





From: vnfpool [mailto:vnfpool-***@ietf.org] On Behalf Of Zongning
Sent: Tuesday, June 03, 2014 4:36 AM
To: ***@ietf.org<mailto:***@ietf.org>
Subject: [vnfpool] new VNFPool draft charter

Hi, folks,

Please see the below new draft charter of VNFPool. We believe that we have updated the charter to address most of the comments from London BoF. Main changes are:

1) We narrow down our scope to only focus on the redundancy model and the related interfaces associated with the VNF Pool in a single VNF.

2) Service state synchronization between VNF instances is out-of-scope. We may consider how to maintain the pool states in a VNF Pool only for pooling purpose.

3) We assume that a VNF Pool contains redundant VNF instances of same functional type. Different types of VNFs are envisoned to be held in separate VNF Pools.

4) We do not address reliability related control or routing between adjacent VNFs in the service graph. This is also applied to update the relation between VNF Pool and SFC WG.

==========================================================================
Network functions such as firewalls, load balancers, and WAN optimizers are conventionally deployed as specialized hardware servers in both network operators' networks and data center networks as the building blocks of the network services. There is a trend to implement such network functions as software instances running on general purpose servers, via a virtualization layer (i.e., hypervisors). These virtualized functions are called Virtualized Network Functions (VNFs), which can be used to build network services.

The use of VNFs introduces additional challenges to the reliability of the provided network services. A single VNF instance would typically not have built-in reliability mechanisms on its host (i.e., a general purpose server). Instead, there are more factors of risk such as software failure at various levels including hypervisors and virtual machines, hardware failure, and instance migration that can make a VNF instance unreliable.

In order to provide a reliable function, a VNF may adopt a pooling mechanism by using a number of VNF instances providing the same function, which we call a ¡°VNF Pool¡±. Conceptionally, a Pool Manager is used to manage the VNF Pool, e.g., selects active/standby VNF instances, and potentially interacts with a service control entity. Such a service control entity is an entity that orchestrates a set of network functions to build network services. The major benefit of using VNF Pool is that reliability mechanisms such as redundancy model are achieved by the VNF Pool inside the VNF and thus not visible to the service control entity. A VNF Pool-enabled VNF still appears as a normal VNF when orchestrated by a service control entity.

Questions that are raised by the addition of a pooling mechanism to VNF include:

¡€ How to manage the redundancy model, e.g., select active/standby VNF instances in a VNF Pool?

¡€ What pool states need to be maintained to support the pooling mechanism itself, and how are such states maintained?

¡€ What information is exchanged between a VNF and a service control entity? For example, how can a VNF Pool be addressed by the service control entity?

¡€ When a live VNF instance goes out of service, how does the service control entity learn which instance in a VNF Pool will replace it, and learn the characteristics of the new instance?
The WG initially focuses on several reliability mechanisms that are mainly associated with a redundancy model based on a VNF Pool in a VNF. Additional mechanisms that may be needed include state maintenance in a VNF Pool only for pooling purpose (service state synchronization is out of scope). The WG assumes that a VNF Pool contains redundant VNF instances of same functional type. Different types of VNFs are envisoned to be held in separate VNF Pools. The WG will address the reliability of an individual VNF, but not the reliability related to the control or the routing between adjacent VNFs that can form a network service.
Specifically, the WG will work on the following technical aspects:

¡€ Redundancy management within a VNF Pool, such as the signaling between the Pool Manager and the instances in the pool for instance registration, backup instances selection, and switching between active and standby instances.

¡€ The protocol between the Pool Manager and the underlying network to collect the network information required for appropriate placement/selection of backup instances.

¡€ The protocol between a VNF and the service control entity to exchange operational information between a VNF Pool and the service control entity.

¡€ Identify and analyze reliable transport protocols, such as MPTCP and SCTP for reliable delivery of the messages associated with the redundancy management within a VNF Pool.

¡€ Analysis of pooling security characteristics and requirements to identify and mitigate threats against the pooling mechanism. Identification of an appropriate trust model between pool members, and between pool members and Pool Manager.
The WG plans to deliver a problem statement, a set of use cases, VNF Pool requirements and an architecture covering the aforementioned technical aspects, and applicability and gap analysis of existing technologies such as RSerPool. It is our expectation that we will be able to rely heavily on existing IETF technologies, but that gaps will be found around problems like redundancy mechanisms, state maintenance solely for pooling purposes, reliable transport, and trust/security, all of which will need to be considered and addressed. The WG will include consideration of the manageability of a VNF Pool. The WG will seek re-chartering before adopting any work to develop new, or extend existing, protocols.

In particular, we will work closely with the SFC WG, as we believe that SFC and VNF Pool are independent but complementary. SFC would essentially see a VNF Pool-enabled VNF as a normal service function and therefore be able to merge it into an SFC just like any other service functions. Information exchanged between the VNF Pool and the SFC may include some operational information from the VNF Pool including the pool address, pool instance characteristic, and so on, as requested by the SFC WG.

Goals and Milestones:
December 2014 - Submit VNFPool Problem Statement to IESG for publication as Informational
April 2015 - Submit VNFPool Use Cases to IESG for publication as Informational
August 2015 - Submit VNFPool Requirements, including the manageability of VNF Pool to IESG for publication as Informational
August 2015 - Submit VNFPool Architecture to IESG for publication as Proposed Standard
December 2015 - Submit Applicability and Gap Analysis of RSerPool to IESG for publication as Informational
==========================================================================

Your comments and suggestions to the charter text are highly appreciated!

Thanks.

-Ning
________________________________

Not clear of the intent.



Do you mean: ¡°VNF instances in the VNF pool are still visible by the service control entity¡±?

Linda and Ning.



My understanding from this charter is that the pool would be transparent to
whatever entity used it.



If it was a pool of firewalls, then the VNF would be a firewall. It would be
hidden to SFC or SDN controller wanting to use the firewall that it was part
of a pool.



This comes from section 4 in the problem statement that states:

"The main benefit of using VNF Pool is the pooling mechanism such as
redundancy management are achieved by the VNF Pool inside the VNF and
transparent to the Service Control Entity. The Service control Entity
simply interacts with the Pool Manager in each VNF to request and
orchestrate the network functions with desired reliability level."



To me, in my past work this was important to make the overall process work
simply. Is this the source of your astute question?



Sue





From: vnfpool [mailto:vnfpool-***@ietf.org] On Behalf Of Linda Dunbar
Sent: Wednesday, June 04, 2014 4:13 PM
To: Zongning; ***@ietf.org
Subject: Re: [vnfpool] new VNFPool draft charter



Ning,



I made some wording changes to the proposed charter. The attached Word
document has the changes mark, making it easier to see. In case the mailing
list doesn't allow attachment, here is the proposed changes.



Should we also add a paragraph to show why/how VNFpool is different from
SFC?



Linda





Network functions such as firewalls, load balancers, and WAN optimizers are
conventionally deployed as specialized hardware servers in both network
operators' networks and data center networks as the building blocks of the
network services. There is a trend to implement such network functions as
software instances running on general purpose servers, via a virtualization
layer (i.e., hypervisors). These virtualized functions are called
Virtualized Network Functions (VNFs), which can be instantiated to build
network services.



The use of VNFs introduces additional challenges to the reliability of the
provided network services. A single VNF instance would typically not have
built-in reliability mechanisms on its host (i.e., a general purpose
server). Instead, there are more factors of risk such as software failure at
various levels including hypervisors and virtual machines, hardware failure,
and instance migration that can make a VNF instance unreliable.



In order to achieve higher reliability, a pool of VNFs that perform the same
function can be grouped together for the network services. Conceptionally,
multiple instances of a same function are grouped together and managed by
its Pool Manager. Different functions have different pool manager. A Pool
Manager is responsible for monitoring the status of the instances in the
pool, selecting active/standby instances for specific services, and
potentially interacts with other entities, e.g. service control entity or
service orchestration system. The major benefit of using VNF Pool is that
reliability mechanisms such as redundancy & protection are achieved by the
VNF Pool and thus not visible to the service control entity. A VNF
Pool-enabled VNF still appears as a normal VNF when orchestrated by a
service control entity.[L1] <>



Questions that are raised by the addition of a pooling mechanism to VNF
include:

. How to manage the redundancy model, e.g., select active/standby VNF
instances in a VNF Pool?

. What pool states need to be maintained to support the pooling
mechanism itself, and how are such states maintained?

. What information is exchanged between a VNF and a service control
entity? For example, how can a VNF Pool be addressed by the service control
entity?

. When a live VNF instance goes out of service, how does the service
control entity learn which instance in a VNF Pool will replace it, and learn
the characteristics of the new instance?

The WG initially focuses on several reliability mechanisms that are mainly
associated with a redundancy model based on a VNF Pool in a VNF. Additional
mechanisms might include state maintenance of instances in a VNF Pool only
for pooling purpose (service state synchronization is out of scope). The WG
assumes that a VNF Pool contains identical VNF instances of same functional
type. Different types of VNFs are envisoned to be held in separate VNF
Pools. The WG will address the reliability of an individual VNF, but not the
reliability related to the control or the routing between adjacent VNFs that
can form a network service.











From: vnfpool [mailto:vnfpool-***@ietf.org] On Behalf Of Zongning
Sent: Tuesday, June 03, 2014 4:36 AM
To: ***@ietf.org
Subject: [vnfpool] new VNFPool draft charter



Hi, folks,



Please see the below new draft charter of VNFPool. We believe that we have
updated the charter to address most of the comments from London BoF. Main
changes are:

1) We narrow down our scope to only focus on the redundancy model and
the related interfaces associated with the VNF Pool in a single VNF.

2) Service state synchronization between VNF instances is
out-of-scope. We may consider how to maintain the pool states in a VNF Pool
only for pooling purpose.

3) We assume that a VNF Pool contains redundant VNF instances of same
functional type. Different types of VNFs are envisoned to be held in
separate VNF Pools.

4) We do not address reliability related control or routing between
adjacent VNFs in the service graph. This is also applied to update the
relation between VNF Pool and SFC WG.



==========================================================================

Network functions such as firewalls, load balancers, and WAN optimizers are
conventionally deployed as specialized hardware servers in both network
operators' networks and data center networks as the building blocks of the
network services. There is a trend to implement such network functions as
software instances running on general purpose servers, via a virtualization
layer (i.e., hypervisors). These virtualized functions are called
Virtualized Network Functions (VNFs), which can be used to build network
services.



The use of VNFs introduces additional challenges to the reliability of the
provided network services. A single VNF instance would typically not have
built-in reliability mechanisms on its host (i.e., a general purpose
server). Instead, there are more factors of risk such as software failure at
various levels including hypervisors and virtual machines, hardware failure,
and instance migration that can make a VNF instance unreliable.



In order to provide a reliable function, a VNF may adopt a pooling mechanism
by using a number of VNF instances providing the same function, which we
call a "VNF Pool". Conceptionally, a Pool Manager is used to manage the VNF
Pool, e.g., selects active/standby VNF instances, and potentially interacts
with a service control entity. Such a service control entity is an entity
that orchestrates a set of network functions to build network services. The
major benefit of using VNF Pool is that reliability mechanisms such as
redundancy model are achieved by the VNF Pool inside the VNF and thus not
visible to the service control entity. A VNF Pool-enabled VNF still appears
as a normal VNF when orchestrated by a service control entity.



Questions that are raised by the addition of a pooling mechanism to VNF
include:

. How to manage the redundancy model, e.g., select active/standby VNF
instances in a VNF Pool?

. What pool states need to be maintained to support the pooling
mechanism itself, and how are such states maintained?

. What information is exchanged between a VNF and a service control
entity? For example, how can a VNF Pool be addressed by the service control
entity?

. When a live VNF instance goes out of service, how does the service
control entity learn which instance in a VNF Pool will replace it, and learn
the characteristics of the new instance?

The WG initially focuses on several reliability mechanisms that are mainly
associated with a redundancy model based on a VNF Pool in a VNF. Additional
mechanisms that may be needed include state maintenance in a VNF Pool only
for pooling purpose (service state synchronization is out of scope). The WG
assumes that a VNF Pool contains redundant VNF instances of same functional
type. Different types of VNFs are envisoned to be held in separate VNF
Pools. The WG will address the reliability of an individual VNF, but not the
reliability related to the control or the routing between adjacent VNFs that
can form a network service.

Specifically, the WG will work on the following technical aspects:

. Redundancy management within a VNF Pool, such as the signaling
between the Pool Manager and the instances in the pool for instance
registration, backup instances selection, and switching between active and
standby instances.

. The protocol between the Pool Manager and the underlying network
to collect the network information required for appropriate
placement/selection of backup instances.

. The protocol between a VNF and the service control entity to
exchange operational information between a VNF Pool and the service control
entity.

. Identify and analyze reliable transport protocols, such as MPTCP
and SCTP for reliable delivery of the messages associated with the
redundancy management within a VNF Pool.

. Analysis of pooling security characteristics and requirements to
identify and mitigate threats against the pooling mechanism. Identification
of an appropriate trust model between pool members, and between pool members
and Pool Manager.

The WG plans to deliver a problem statement, a set of use cases, VNF Pool
requirements and an architecture covering the aforementioned technical
aspects, and applicability and gap analysis of existing technologies such as
RSerPool. It is our expectation that we will be able to rely heavily on
existing IETF technologies, but that gaps will be found around problems like
redundancy mechanisms, state maintenance solely for pooling purposes,
reliable transport, and trust/security, all of which will need to be
considered and addressed. The WG will include consideration of the
manageability of a VNF Pool. The WG will seek re-chartering before adopting
any work to develop new, or extend existing, protocols.



In particular, we will work closely with the SFC WG, as we believe that SFC
and VNF Pool are independent but complementary. SFC would essentially see a
VNF Pool-enabled VNF as a normal service function and therefore be able to
merge it into an SFC just like any other service functions. Information
exchanged between the VNF Pool and the SFC may include some operational
information from the VNF Pool including the pool address, pool instance
characteristic, and so on, as requested by the SFC WG.



Goals and Milestones:

December 2014 - Submit VNFPool Problem Statement to IESG for publication as
Informational

April 2015 - Submit VNFPool Use Cases to IESG for publication as
Informational

August 2015 - Submit VNFPool Requirements, including the manageability of
VNF Pool to IESG for publication as Informational

August 2015 - Submit VNFPool Architecture to IESG for publication as
Proposed Standard

December 2015 - Submit Applicability and Gap Analysis of RSerPool to IESG
for publication as Informational

==========================================================================



Your comments and suggestions to the charter text are highly appreciated!



Thanks.



-Ning

_____

Not clear of the intent.



Do you mean: "VNF instances in the VNF pool are still visible by the service
control entity"?

Typically in an IETF context it implies mechanism.
My general sense is that doing security requirements
separately is generally not successful, and that
including them in this sort of context tends to lead
to overly generic requirements that may not be
applicable to the technology that's ultimately adopted.

Melinda

Hi, Pedro,

Thanks for your support. I guess “the network service” here could be “the network function”. Or we could delete the words after “grouped together” to avoid duplication.

-Ning

发件人: PEDRO ANDRES ARANDA GUTIERREZ [mailto:***@tid.es]
发送时闎: 2014幎6月5日 15:46
收件人: Zongning; Linda Dunbar; ***@ietf.org
䞻题: Re: [vnfpool] 答倍: new VNFPool draft charter

Hi,

I support the WG Charter. However, I have a small concern regarding the first sentence in the third paragraph:

In order to achieve higher reliability, a pool of VNFs that perform the same function can be grouped together for the network services.

There is no mention to ‘the network services’ before.

Best,/PA

Dr. Pedro A. Aranda Gutiérrez

Technology Exploration -
Network Innovation & Virtualisation

mailto:***@tid.es
Telefónica, Investigación y Desarrollo
C/ D. Ramón de la Cruz,84
28006 Madrid, Spain

Fragen sind nicht da, um beantwortet zu werden.
Fragen sind da, um gestellt zu werden.
Georg Kreisler

De: Zongning <***@huawei.com<mailto:***@huawei.com>>
Fecha: jueves, 5 de junio de 2014 03:11
Para: Linda Dunbar <***@huawei.com<mailto:***@huawei.com>>, "***@ietf.org<mailto:***@ietf.org>" <***@ietf.org<mailto:***@ietf.org>>
Asunto: [vnfpool] 答倍: new VNFPool draft charter

Hi, Linda,

Thanks for re-wording. I will incorporate some of the suggested changes in the final charter. Specifically, the below sentence means that a VNF appears to outside entity such as service control entity a normal, single VNF (instance), although internally there is a pool for high reliability.
“A VNF Pool-enabled VNF still appears as a normal VNF when orchestrated by a service control entity.”

We do have a dedicated paragraph about relation between VNFPool and SFC – it is the last paragraph of the main text, just above the milestone part. In that paragraph, we don’t emphasize much on how VNFPool and SFC are different (as they are different in nature), but describe how they relate and work with each other.

-Ning

发件人: Linda Dunbar
发送时闎: 2014幎6月5日 4:13
收件人: Zongning; ***@ietf.org<mailto:***@ietf.org>
䞻题: RE: new VNFPool draft charter

Ning,

I made some wording changes to the proposed charter. The attached Word document has the changes mark, making it easier to see. In case the mailing list doesn’t allow attachment, here is the proposed changes.

Should we also add a paragraph to show why/how VNFpool is different from SFC?

Linda


Network functions such as firewalls, load balancers, and WAN optimizers are conventionally deployed as specialized hardware servers in both network operators' networks and data center networks as the building blocks of the network services. There is a trend to implement such network functions as software instances running on general purpose servers, via a virtualization layer (i.e., hypervisors). These virtualized functions are called Virtualized Network Functions (VNFs), which can be instantiated to build network services.

The use of VNFs introduces additional challenges to the reliability of the provided network services. A single VNF instance would typically not have built-in reliability mechanisms on its host (i.e., a general purpose server). Instead, there are more factors of risk such as software failure at various levels including hypervisors and virtual machines, hardware failure, and instance migration that can make a VNF instance unreliable.

In order to achieve higher reliability, a pool of VNFs that perform the same function can be grouped together for the network services. Conceptionally, multiple instances of a same function are grouped together and managed by its Pool Manager. Different functions have different pool manager. A Pool Manager is responsible for monitoring the status of the instances in the pool, selecting active/standby instances for specific services, and potentially interacts with other entities, e.g. service control entity or service orchestration system. The major benefit of using VNF Pool is that reliability mechanisms such as redundancy & protection are achieved by the VNF Pool and thus not visible to the service control entity. A VNF Pool-enabled VNF still appears as a normal VNF when orchestrated by a service control entity.[L1]

Questions that are raised by the addition of a pooling mechanism to VNF include:

· How to manage the redundancy model, e.g., select active/standby VNF instances in a VNF Pool?

· What pool states need to be maintained to support the pooling mechanism itself, and how are such states maintained?

· What information is exchanged between a VNF and a service control entity? For example, how can a VNF Pool be addressed by the service control entity?

· When a live VNF instance goes out of service, how does the service control entity learn which instance in a VNF Pool will replace it, and learn the characteristics of the new instance?
The WG initially focuses on several reliability mechanisms that are mainly associated with a redundancy model based on a VNF Pool in a VNF. Additional mechanisms might include state maintenance of instances in a VNF Pool only for pooling purpose (service state synchronization is out of scope). The WG assumes that a VNF Pool contains identical VNF instances of same functional type. Different types of VNFs are envisoned to be held in separate VNF Pools. The WG will address the reliability of an individual VNF, but not the reliability related to the control or the routing between adjacent VNFs that can form a network service.





From: vnfpool [mailto:vnfpool-***@ietf.org] On Behalf Of Zongning
Sent: Tuesday, June 03, 2014 4:36 AM
To: ***@ietf.org<mailto:***@ietf.org>
Subject: [vnfpool] new VNFPool draft charter

Hi, folks,

Please see the below new draft charter of VNFPool. We believe that we have updated the charter to address most of the comments from London BoF. Main changes are:

1) We narrow down our scope to only focus on the redundancy model and the related interfaces associated with the VNF Pool in a single VNF.

2) Service state synchronization between VNF instances is out-of-scope. We may consider how to maintain the pool states in a VNF Pool only for pooling purpose.

3) We assume that a VNF Pool contains redundant VNF instances of same functional type. Different types of VNFs are envisoned to be held in separate VNF Pools.

4) We do not address reliability related control or routing between adjacent VNFs in the service graph. This is also applied to update the relation between VNF Pool and SFC WG.

==========================================================================
Network functions such as firewalls, load balancers, and WAN optimizers are conventionally deployed as specialized hardware servers in both network operators' networks and data center networks as the building blocks of the network services. There is a trend to implement such network functions as software instances running on general purpose servers, via a virtualization layer (i.e., hypervisors). These virtualized functions are called Virtualized Network Functions (VNFs), which can be used to build network services.

The use of VNFs introduces additional challenges to the reliability of the provided network services. A single VNF instance would typically not have built-in reliability mechanisms on its host (i.e., a general purpose server). Instead, there are more factors of risk such as software failure at various levels including hypervisors and virtual machines, hardware failure, and instance migration that can make a VNF instance unreliable.

In order to provide a reliable function, a VNF may adopt a pooling mechanism by using a number of VNF instances providing the same function, which we call a “VNF Pool”. Conceptionally, a Pool Manager is used to manage the VNF Pool, e.g., selects active/standby VNF instances, and potentially interacts with a service control entity. Such a service control entity is an entity that orchestrates a set of network functions to build network services. The major benefit of using VNF Pool is that reliability mechanisms such as redundancy model are achieved by the VNF Pool inside the VNF and thus not visible to the service control entity. A VNF Pool-enabled VNF still appears as a normal VNF when orchestrated by a service control entity.

Questions that are raised by the addition of a pooling mechanism to VNF include:

· How to manage the redundancy model, e.g., select active/standby VNF instances in a VNF Pool?

· What pool states need to be maintained to support the pooling mechanism itself, and how are such states maintained?

· What information is exchanged between a VNF and a service control entity? For example, how can a VNF Pool be addressed by the service control entity?

· When a live VNF instance goes out of service, how does the service control entity learn which instance in a VNF Pool will replace it, and learn the characteristics of the new instance?
The WG initially focuses on several reliability mechanisms that are mainly associated with a redundancy model based on a VNF Pool in a VNF. Additional mechanisms that may be needed include state maintenance in a VNF Pool only for pooling purpose (service state synchronization is out of scope). The WG assumes that a VNF Pool contains redundant VNF instances of same functional type. Different types of VNFs are envisoned to be held in separate VNF Pools. The WG will address the reliability of an individual VNF, but not the reliability related to the control or the routing between adjacent VNFs that can form a network service.
Specifically, the WG will work on the following technical aspects:

· Redundancy management within a VNF Pool, such as the signaling between the Pool Manager and the instances in the pool for instance registration, backup instances selection, and switching between active and standby instances.

· The protocol between the Pool Manager and the underlying network to collect the network information required for appropriate placement/selection of backup instances.

· The protocol between a VNF and the service control entity to exchange operational information between a VNF Pool and the service control entity.

· Identify and analyze reliable transport protocols, such as MPTCP and SCTP for reliable delivery of the messages associated with the redundancy management within a VNF Pool.

· Analysis of pooling security characteristics and requirements to identify and mitigate threats against the pooling mechanism. Identification of an appropriate trust model between pool members, and between pool members and Pool Manager.
The WG plans to deliver a problem statement, a set of use cases, VNF Pool requirements and an architecture covering the aforementioned technical aspects, and applicability and gap analysis of existing technologies such as RSerPool. It is our expectation that we will be able to rely heavily on existing IETF technologies, but that gaps will be found around problems like redundancy mechanisms, state maintenance solely for pooling purposes, reliable transport, and trust/security, all of which will need to be considered and addressed. The WG will include consideration of the manageability of a VNF Pool. The WG will seek re-chartering before adopting any work to develop new, or extend existing, protocols.

In particular, we will work closely with the SFC WG, as we believe that SFC and VNF Pool are independent but complementary. SFC would essentially see a VNF Pool-enabled VNF as a normal service function and therefore be able to merge it into an SFC just like any other service functions. Information exchanged between the VNF Pool and the SFC may include some operational information from the VNF Pool including the pool address, pool instance characteristic, and so on, as requested by the SFC WG.

Goals and Milestones:
December 2014 - Submit VNFPool Problem Statement to IESG for publication as Informational
April 2015 - Submit VNFPool Use Cases to IESG for publication as Informational
August 2015 - Submit VNFPool Requirements, including the manageability of VNF Pool to IESG for publication as Informational
August 2015 - Submit VNFPool Architecture to IESG for publication as Proposed Standard
December 2015 - Submit Applicability and Gap Analysis of RSerPool to IESG for publication as Informational
==========================================================================

Your comments and suggestions to the charter text are highly appreciated!

Thanks.

-Ning
________________________________

Not clear of the intent.



Do you mean: “VNF instances in the VNF pool are still visible by the service control entity”?

________________________________

Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at:
http://www.tid.es/ES/PAGINAS/disclaimer.aspx

Hi,


- There was some discussions in the mailing list regarding the virtualized/non-virtualized case where a network application may run on a server with/without a hypervisor. In both cases (with/without a hypervisor), the application may not have any redundancy solutions. Both cases shall be covered by the solutions provided by this WG. However the charter only have virtualized functions covered. Is the non-virtualized use case out of the scope?

From my point of view this should be also in scope. Otherwise you are not able to include non virtualized functions (which is necessary due to the reasons already pointed out by Pedro) in the framework itself. It should be possible to have a pool of virtualized and non-virtualized functions which can be used based on the requirements derived from the services.

Regards

Nic


From: vnfpool [mailto:vnfpool-***@ietf.org] On Behalf Of Zongning
Sent: Tuesday, June 03, 2014 5:36 AM
To: ***@ietf.org<mailto:***@ietf.org>
Subject: [vnfpool] new VNFPool draft charter

Hi, folks,

Please see the below new draft charter of VNFPool. We believe that we have updated the charter to address most of the comments from London BoF. Main changes are:

1) We narrow down our scope to only focus on the redundancy model and the related interfaces associated with the VNF Pool in a single VNF.

2) Service state synchronization between VNF instances is out-of-scope. We may consider how to maintain the pool states in a VNF Pool only for pooling purpose.

3) We assume that a VNF Pool contains redundant VNF instances of same functional type. Different types of VNFs are envisoned to be held in separate VNF Pools.

4) We do not address reliability related control or routing between adjacent VNFs in the service graph. This is also applied to update the relation between VNF Pool and SFC WG.

==========================================================================
Network functions such as firewalls, load balancers, and WAN optimizers are conventionally deployed as specialized hardware servers in both network operators' networks and data center networks as the building blocks of the network services. There is a trend to implement such network functions as software instances running on general purpose servers, via a virtualization layer (i.e., hypervisors). These virtualized functions are called Virtualized Network Functions (VNFs), which can be used to build network services.

The use of VNFs introduces additional challenges to the reliability of the provided network services. A single VNF instance would typically not have built-in reliability mechanisms on its host (i.e., a general purpose server). Instead, there are more factors of risk such as software failure at various levels including hypervisors and virtual machines, hardware failure, and instance migration that can make a VNF instance unreliable.

In order to provide a reliable function, a VNF may adopt a pooling mechanism by using a number of VNF instances providing the same function, which we call a “VNF Pool”. Conceptionally, a Pool Manager is used to manage the VNF Pool, e.g., selects active/standby VNF instances, and potentially interacts with a service control entity. Such a service control entity is an entity that orchestrates a set of network functions to build network services. The major benefit of using VNF Pool is that reliability mechanisms such as redundancy model are achieved by the VNF Pool inside the VNF and thus not visible to the service control entity. A VNF Pool-enabled VNF still appears as a normal VNF when orchestrated by a service control entity.

Questions that are raised by the addition of a pooling mechanism to VNF include:

· How to manage the redundancy model, e.g., select active/standby VNF instances in a VNF Pool?

· What pool states need to be maintained to support the pooling mechanism itself, and how are such states maintained?

· What information is exchanged between a VNF and a service control entity? For example, how can a VNF Pool be addressed by the service control entity?

· When a live VNF instance goes out of service, how does the service control entity learn which instance in a VNF Pool will replace it, and learn the characteristics of the new instance?
The WG initially focuses on several reliability mechanisms that are mainly associated with a redundancy model based on a VNF Pool in a VNF. Additional mechanisms that may be needed include state maintenance in a VNF Pool only for pooling purpose (service state synchronization is out of scope). The WG assumes that a VNF Pool contains redundant VNF instances of same functional type. Different types of VNFs are envisoned to be held in separate VNF Pools. The WG will address the reliability of an individual VNF, but not the reliability related to the control or the routing between adjacent VNFs that can form a network service.
Specifically, the WG will work on the following technical aspects:

· Redundancy management within a VNF Pool, such as the signaling between the Pool Manager and the instances in the pool for instance registration, backup instances selection, and switching between active and standby instances.

· The protocol between the Pool Manager and the underlying network to collect the network information required for appropriate placement/selection of backup instances.

· The protocol between a VNF and the service control entity to exchange operational information between a VNF Pool and the service control entity.

· Identify and analyze reliable transport protocols, such as MPTCP and SCTP for reliable delivery of the messages associated with the redundancy management within a VNF Pool.

· Analysis of pooling security characteristics and requirements to identify and mitigate threats against the pooling mechanism. Identification of an appropriate trust model between pool members, and between pool members and Pool Manager.
The WG plans to deliver a problem statement, a set of use cases, VNF Pool requirements and an architecture covering the aforementioned technical aspects, and applicability and gap analysis of existing technologies such as RSerPool. It is our expectation that we will be able to rely heavily on existing IETF technologies, but that gaps will be found around problems like redundancy mechanisms, state maintenance solely for pooling purposes, reliable transport, and trust/security, all of which will need to be considered and addressed. The WG will include consideration of the manageability of a VNF Pool. The WG will seek re-chartering before adopting any work to develop new, or extend existing, protocols.

In particular, we will work closely with the SFC WG, as we believe that SFC and VNF Pool are independent but complementary. SFC would essentially see a VNF Pool-enabled VNF as a normal service function and therefore be able to merge it into an SFC just like any other service functions. Information exchanged between the VNF Pool and the SFC may include some operational information from the VNF Pool including the pool address, pool instance characteristic, and so on, as requested by the SFC WG.

Goals and Milestones:
December 2014 - Submit VNFPool Problem Statement to IESG for publication as Informational
April 2015 - Submit VNFPool Use Cases to IESG for publication as Informational
August 2015 - Submit VNFPool Requirements, including the manageability of VNF Pool to IESG for publication as Informational
August 2015 - Submit VNFPool Architecture to IESG for publication as Proposed Standard
December 2015 - Submit Applicability and Gap Analysis of RSerPool to IESG for publication as Informational
==========================================================================

Your comments and suggestions to the charter text are highly appreciated!

Thanks.

-Ning

We tried that! There's some fairly deep concern about
overlap, and about whether or not some of this might encroach
on sfc turf - that was probably the main issue raised at
the BOF at IETF 89. Because of that it's necessary to highlight
the differences between the work and clarify the relationship
between what sfc is doing and what vnfpool would do.
That's a good point.
IETF work tends to be bottom-up - specific, discrete, concrete
pieces of work are identified and scoped. We don't solve A Big
Problem and assume it's generally applicable, but rather do work
of the nature of "Here's how to use <x> to do <y>." It may in
fact turn out that there's interest in developing an availability
mechanism based on a different architectural model, and that's
okay.
I think this is the question that "service state synchronization is
out of scope" answers.

Melinda

Hi, Qiang,

Thanks for the comments. Please see inline.


- It is good to narrow down the scope to redundancy module only. I’m assuming that a transparent redundancy module is the preferable solution of this WG. With transparent solutions, no impacts are expected on the pool user. Therefore, I would avoid any linkage with SFC.

[Ning] Yes, the pooling mechanism will be transparent to the pool user. But a VNF including a VNF Pool (we call a VNFPool-enabled VNF) will be used as a normal VNF in a service chain to build a network service. Therefore, from the service orchestration point of view, some features (mostly operational, NOT pooling mechanism) of a VNFPool-enabled VNF such as address/location, load capability, etc., are still needed by the service control entity.


- I also don’t understand the statement “When a live VNF instance goes out of service, how does the service control entity learn which instance in a VNF Pool will replace it, and learn the characteristics of the new instance?” If transparent solutions are expected, why SCE needs to learn the failover?

[Ning] Excellent point! You are right that this sentence is somehow misleading. How about a new sentence like - “After a VNF instance failover, how does the Pool Manager notify the service control entity some characteristic changes of the VNF, but without disclosure of the pooling procedure?”.


- There was some discussions in the mailing list regarding the virtualized/non-virtualized case where a network application may run on a server with/without a hypervisor. In both cases (with/without a hypervisor), the application may not have any redundancy solutions. Both cases shall be covered by the solutions provided by this WG. However the charter only have virtualized functions covered. Is the non-virtualized use case out of the scope?

[Ning] I agree with you, Nic and Pedro that the solution should be applicable to non-virtualized function, from the pooling perspective. But, consider that we currently don’t describe any specific solution in the charter, how about add a new sentence like – “VNF Pool composed by both virtualized and non-virtualized functional instances will be included after further use case and requirements study”. With this statement, I’d solicit you all to bring use case and requirement for the pooling of non-virtualized function, to help the future solution developed by the WG to cover both. ☺


- Some statements, such as “Identify and analyze reliable transport protocols”, sounds like we do have a specific solution already. I won’t assume there is always an IP connection between the pool manager and the pool instance. The interface between the two entities can be a TCP based protocol if there is an IP connection, or it can be an API if they both locate in the same server. It is real dependence on the solutions itself. Besides, if HW redundancy is needed that there may be always a “remote” instance. The question is really how the “remote” instance is handled, by whom; what homogeneity is assumed or whether this should be part of the investigation. If it is expected that the VNF instances of a pool come from different vendors then even the state synchronization becomes an issue. If the pools are expected to be built from identical instances then one questions why should the pool manager come from a different vendor. I won’t want to see any solution limitations at this stage of the discussion. And I prefer to keep it open until the solution discussion phase.

[Ning] I think the statement “Identify and analyze reliable transport protocols” is more like a requirement for the reliable delivery of pooling messages. We give examples of existing IETF solution like MPTCP, but this doesn’t mean we have already determined the solution at this stage. You are right that we are open to solutions and solution discussion will be in next phase.


- My assumption is that the output from this proposed WG is one or more generic HA solutions. As we are in the early stage of the discussion, I don’t think we shall limit the solution to a specific one. I do have a hard time to understand why the Applicability and Gap Analysis shall be done based on a specific protocol?

[Ning] I believe you had misunderstood the Applicability and Gap Analysis I-D (to RSerPool) at this point. ☺ I think anyone (other than RSerPool folks) can bring their I-D about applicability and gap analysis to solution “x”. Currently we have an I-D based on RSerPool. But this doesn’t mean that the WG will start solution based on RSerPool. We will be looking at more reference solutions and find out which parts of them can be reused/extended/referred/etc.


- Reading the charter, it is not very clear that what the scope of the VNF is. Is it the service/function, or the entities providing this service/function? Some clarification of this use would be good.

[Ning] In our charter, a VNF includes a pool of VNF instances implementing a certain function (not a whole service), and a manager to interface with the outside service control entity to provide such function. So I assume a VNF has both roles in your question. Does it make sense? Or you have some suggested text to further clarify this issue? ☺


I hope my reply helps to address your concerns. Otherwise please let me know.

-Ning