Manual Chapter : Sample Service Function Chaining Network Topologies

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 15.0.0, 14.1.0
Manual Chapter

Sample Service Function Chaining Network Topologies

Sample Service Function Chaining Network Topologies

In a general service function chaining (SFC) topology, two service functions (SFs) of different types are attached to a service function forwarder (SFF).

There are two types of topologies for these types of SFs:
  • Network service header (NSH)-unaware SFs of type IP and Pool on an external network.
  • NSH-aware SFs of type IP and Pool on an external network, and an NSH-aware SF of type Virtual on an internal network.

Network service header-unaware service functions

With network service header (NSH)-unaware service functions (SFs), data forwarded to the SF does not contain NSH encapsulation.

Note: Before configuring NSH-unaware SFs, you must create an ingress and an egress VLAN.

NSH-unaware service function of type IP

One type of network service header (NSH)-unaware service function (SF) that you can configure is an SF of type IP.

In this topology, the SF is on the external network.

Use this sytax to create this topology:
tmsh create net sfc sf <SF NAME> {nsh-aware disabled ip-address <IP ADDRESS> ingress-interface <INGRESS VLAN> egress-interface <EGRESS VLAN>}
For example:
tmsh create net sfc sf sf1_non_nsh_ip {nsh-aware disabled ip-address <ip1> ingress- interface <VLAN 452> egress-interface <VLAN 451>}

NSH-unaware service function of type Pool

One type of network service header (NSH)-unaware service function (SF) that you can configure is an SF of type Pool.

In this topology, the SF is on the external network.

Use this sytax to create this topology:
tmsh create net sfc sf <SF NAME>_non_nsh_pool {nsh-aware disabled pool-name <POOL NAME> ingress-interface <INGRESS VLAN> egress-interface <EGRESS VLAN>}
For example:
tmsh create net sfc sf sf1_non_nsh_pool {nsh-aware disabled pool-name <pool1> ingress-interface <vlan 460> egress-interface <vlan 459>}

NSH-aware service functions

With network service header (NSH)-aware service functions (SFs), the SF receives and acts on data in the NSH encapsulation.

Note: Before configuring NSH-aware SFs, you must create VXLAN-GPE tunnels.

NSH-aware service function of type IP

One type of network service header (NSH)-aware service function (SF) that you can configure is an SF of type IP.

In this topology, the SF is on the external network.

Use this sytax to create this topology:
tmsh create net sfc sf <SF NAME> {nsh-aware enabled ip-address <IP ADDRESS > ingress-interface <INGRESS TUNNEL > egress-interface <EGRESS TUNNEL>}
For example:
tmsh create net sfc sf sf1_nsh_ip {nsh-aware enabled ip-address <ip1> ingress-interface <VXLAN GPE TUNNEL 1452> egress-interface <VXLAN GPE TUNNEL 1451>}

NSH-aware service function of type Pool

One type of network service header (NSH)-aware service function (SF) that you can configure is an SF of type Pool.

In this topology, the SF is on the external network.

Use this sytax to create this topology:
tmsh create net sfc sf <SF NAME> {nsh-aware enabled pool-name <POOL NAME> ingress- interface <INGRESS TUNNEL> egress-interface <EGRESS TUNNEL>}
For example:
tmsh create net sfc sf sf1_nsh_pool {nsh-aware enabled pool-name <pool1 > ingress- interface <vxlan gpe tunnel 1460> egress-interface <vxlan gpe tunnel 1459>}

NSH-aware service function of type Virtual

One type of network service header (NSH)-aware service function (SF) that you can configure is an SF of type Virtual.

Note: Before configuring NSH-aware SFs, you must create a separate virtual server to use as the SF. F5 recommends that you create dedicated/dummy VLANs for this virtual server that are separate from the other VLANs. Because this SF resides inside the service function forwarder (SFF), the SF is encapsulation-aware.

In this topology, the SF is a virtual server on the internal network.

Use this sytax to create this topology:
tmsh create ltm virtual <VS NAME > destination any:any ip-forward vlans-enabled vlans add { VLAN NAME }
tmsh create net sfc sf <SF NAME > virtual-name <VS NAME>
For example:
tmsh create ltm virtual virtual1_v4 destination any:any ip-forward vlans-enabled vlans add { virtual1 }
tmsh create net sfc sf sf_nsh_virtual virtual-name virtual1_v4