The S/Gi-LAN is the network segment between the core packet gateways and the Internet—and it’s here that service providers deploy unique value-added service (VAS) capabilities to monetize, innovate, and differentiate from their competitors. Value-added services improve the quality of the customer experience by controlling traffic based on user profiles, network policies, and application characteristics.
Value-added services control traffic flows by using multiple service functions that may include firewalls, deep packet inspection, HTTP header enrichment, transparent caching, URL filtering, parental controls, load balancing, carrier-grade network address translation (CGNAT), and TCP and/or video optimizations. An ordered list of these service functions is known as a service function chain.
Network Challenges
The configuration method to link value-added services is a manual process in which the service function chains created become static. All traffic will flow through a fixed service chain, regardless of whether all packets need those service functions. There’s no option to bypass unnecessary service functions, which wastes capacity and increases the latency for traffic across the network.
Because static implementations are not flexible for traffic flow, the costs to manage and operate are higher due to the inefficient use of network resources, and the complexity of deploying services. Inflexibility limits scale, capacity, and redundancy for growing user data traffic and applications.
Improved Efficiencies Using the Network Service Header (NSH)
To improve the efficiency of static service chains, the IETF introduced an on-demand routing mechanism called the Network Service Header (NSH), aligned with software-defined networking (SDN) principles of decoupling the control and the user planes. The NSH is inserted in the packet header, and is used to create a dedicated service plane that’s independent of the underlying transport control protocol. The NSH contains path identification information and metadata information about the packet. Using the NSH together with the flexibility of API programming, the SDN can introduce policy controls to create a path to the value-added services that the packets require.
Dynamic service function chaining, also called NSH service chaining, classifies traffic flows so that only the desired flows are passed to the service functions—without the need for configuration changes.
How Dynamic Service Function Chaining Works
Service chaining links functions to form a service path. The packets that belong to a flow can travel through all the functions in the service chain. The NSH is used to create a dynamic service chain—enabling service providers to place and add services anywhere for provisioning flexibility. The service provider can define service chains to add or skip VAS endpoints by using policy-based forwarding. At the same time, depending on the policy, service providers can offer revenue-generating services by inserting or removing header information per leg of the VAS chain.
Benefits of Dynamic Service Function Chaining
Service providers can innovate and monetize new offerings through the control of service functions. For example, they can use URL filtering to control access to certain content from a list of URL sites. Because a service chain for URL filtering can be set up based on the user’s subscription profile, service providers can sell parental controls as a VAS that blocks children from viewing inappropriate content based on the access privilege of a child’s service profile.
The benefits include:
- Flexibility: A range of policies based on subscription, applications, or network condition.
- Service agility: Services deployed anywhere in the network and added when in need.
- Service deployments decoupled from network topology: Move traffic to different service functions without changing the network topology.
- Optimal use of network resources: Dynamic service function chaining need not be dimensioned for max traffic forecast requirements. Traffic types classified for desired packet flows are passed to applicable service functions. For example, if a traffic type is classified as video, then the packet flow will be directed towards a video service function, such as a video optimization server.
Summary: Virtualize to Scale on Demand
To deliver and monetize value-added services while making more efficient use of network resources, service functions can be virtualized with the support of dynamic service function chaining. This gives service providers the control to define service chains based on user subscription, application requirements, or network conditions. Combining SDN (to introduce policy controls) with the service provider’s existing architecture to dynamically chain services can enable automation. This helps lower costs through greater flexibility and simplified operations.
Service chaining optimizes the use of service functions in the S/Gi-LAN by intelligently steering traffic flow according to application needs. Certain service functions can be bypassed completely to help reduce network latency and help service providers avoid over-dimensioning their network resources.
Dynamic service function chaining gives operators the flexibility to modify traffic flow on demand, ensuring that they deliver services in a cost-efficient manner. By making efficient use of network resources, they can scale on demand to meet customers’ expectation for quality of experience. The capability to modify the chain on-demand also enables operators to provide value-added services to their customers, and allow service providers to monetize new services for additional revenue.
Resources
To learn more about F5 NFV and data traffic management solutions, visit the corresponding links below :
Network Functions Virtualization
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...