Manual Chapter : Sample Service Function Chaining Network Topologies

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP PEM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Manual Chapter

Sample Service Function Chaining Network Topologies

Sample Service Function Chaining Network Topologies

In a general service function chaining (SFC) topology, two service functions (SFs) of different types are attached to a service function forwarder (SFF).
There are two types of topologies for these types of SFs:
  • Network service header (NSH)-unaware SFs of type
    IP
    and
    Pool
    on an external network.
  • NSH-aware SFs of type
    IP
    and
    Pool
    on an external network, and an NSH-aware SF of type
    Virtual
    on an internal network.

Network service header-unaware service functions

With network service header (NSH)-unaware service functions (SFs), data forwarded to the SF does not contain NSH encapsulation.
Before configuring NSH-unaware SFs, you must create an ingress and an egress VLAN.

NSH-unaware service function of type IP

One type of network service header (NSH)-unaware service function (SF) that you can configure is an SF of type
IP
.
In this topology, the SF is on the external network.
Use this sytax to create this topology:
tmsh create net sfc sf <SF NAME> {nsh-aware disabled ip-address <IP ADDRESS> ingress-interface <INGRESS VLAN> egress-interface <EGRESS VLAN>}
For example:
tmsh create net sfc sf sf1_non_nsh_ip {nsh-aware disabled ip-address <ip1> ingress- interface <VLAN 452> egress-interface <VLAN 451>}

NSH-unaware service function of type Pool

One type of network service header (NSH)-unaware service function (SF) that you can configure is an SF of type
Pool
.
In this topology, the SF is on the external network.
Use this sytax to create this topology:
tmsh create net sfc sf <SF NAME>_non_nsh_pool {nsh-aware disabled pool-name <POOL NAME> ingress-interface <INGRESS VLAN> egress-interface <EGRESS VLAN>}
For example:
tmsh create net sfc sf sf1_non_nsh_pool {nsh-aware disabled pool-name <pool1> ingress-interface <vlan 460> egress-interface <vlan 459>}

NSH-aware service functions

With network service header (NSH)-aware service functions (SFs), the SF receives and acts on data in the NSH encapsulation.
Before configuring NSH-aware SFs, you must create VXLAN-GPE tunnels.

NSH-aware service function of type IP

One type of network service header (NSH)-aware service function (SF) that you can configure is an SF of type
IP
.
In this topology, the SF is on the external network.
Use this sytax to create this topology:
tmsh create net sfc sf <SF NAME> {nsh-aware enabled ip-address <IP ADDRESS > ingress-interface <INGRESS TUNNEL > egress-interface <EGRESS TUNNEL>}
For example:
tmsh create net sfc sf sf1_nsh_ip {nsh-aware enabled ip-address <ip1> ingress-interface <VXLAN GPE TUNNEL 1452> egress-interface <VXLAN GPE TUNNEL 1451>}

NSH-aware service function of type Pool

One type of network service header (NSH)-aware service function (SF) that you can configure is an SF of type
Pool
.
In this topology, the SF is on the external network.
Use this sytax to create this topology:
tmsh create net sfc sf <SF NAME> {nsh-aware enabled pool-name <POOL NAME> ingress- interface <INGRESS TUNNEL> egress-interface <EGRESS TUNNEL>}
For example:
tmsh create net sfc sf sf1_nsh_pool {nsh-aware enabled pool-name <pool1 > ingress- interface <vxlan gpe tunnel 1460> egress-interface <vxlan gpe tunnel 1459>}

NSH-aware service function of type Virtual

One type of network service header (NSH)-aware service function (SF) that you can configure is an SF of type
Virtual
.
Before configuring NSH-aware SFs, you must create a separate virtual server to use as the SF. F5 recommends that you create dedicated/dummy VLANs for this virtual server that are separate from the other VLANs. Because this SF resides inside the service function forwarder (SFF), the SF is encapsulation-aware.
In this topology, the SF is a virtual server on the internal network.
Use this sytax to create this topology:
tmsh create ltm virtual <VS NAME > destination any:any ip-forward vlans-enabled vlans add { VLAN NAME }
tmsh create net sfc sf <SF NAME > virtual-name <VS NAME>
For example:
tmsh create ltm virtual virtual1_v4 destination any:any ip-forward vlans-enabled vlans add { virtual1 }
tmsh create net sfc sf sf_nsh_virtual virtual-name virtual1_v4