Use Case: Configuring Fat Flows from Contrail Command

This topic provides step-by-step instructions to create an in-network service chain and configure fat flows.

A service chain is a set of services that are connected across networks. A service chain consists of service instances, left and right virtual networks, and a service policy attached to the networks. In an in-network service chain, packets are routed between service instance interfaces. When a packet is routed through the service chain, the source address of the packet entering the left interface of the service chain and source address of the packet exiting the right interface is the same. For more information, see Service Chaining. You can also configure fat flows while you create an in-network-NAT or transparent service chain.

Overview

Service Providers provide services to several subscribers and as a result, large volume of flows are processed at the Contrail vRouter-level and Contrail Agent-level. Processing large volume of flows affects the flow setup rate and increases latency. Fat flow helps reduce the number of flows that are handled by Contrail.

Contrail Networking enables you to configure the Ignore Address field that reduces the number of flows. You can also create fat flows by configuring prefix length. Service provider subscribers in a common IP address pool can access any IP address in the pool. Contrail Networking also supports prefix-based fat flows. Prefix-based fat flow supports mask processing, where you can create flows based on a group of subscribers. This ensures that continuous flows in the same subnet are grouped into a common fat flow that is configured with the same protocol and port numbers. You can apply prefix length-based fat flow on source IP address while the Ignore Address option is configured on the destination IP address, resulting in a reduction of flow processing.

Topology Information

These topologies provide information on how you can configure the Ignore Address field to reduce the number of flows.

Ignore Address - Source, Destination

Figure 81 depicts a scenario where you have selected the following options from the Ignore Address list.

Figure 81: Ignore Source, Destination

Ignore Source, Destination

Understanding Source and Destination

By choosing Destination in the subscribers network, the Prefix Aggregation Source fields are enabled in the network. And by choosing Source in the service providers network, the Prefix Aggregation Destination fields are enabled in the network. When you configure Ignore Address, Contrail Networking helps you to aggregate multiple flows into a single flow by ignoring source and/or destination ports.

To create fat flows in subscribers network with 192.0.2.0/24 as the subnet, enter 192.0.2.0/24 in the Source Subnet field and 24 in the Prefix field. The prefix length, 24, is used to aggregate flows matching the source subnet. The flows matching the source subnet is aggregated to 192.0.2.X/24 flows.

Similarly to create fat flows in service provider network with 192.0.2.0/24 as the subnet, enter 192.0.2.0/24 in the Destination Subnet field and 24 in the Prefix field. The prefix length, 24, is used to aggregate flows matching the destination subnet. The flows matching the destination subnet is aggregated to 192.0.2.X/24 flows.

Ignore Address - None

Figure 82 depicts a scenario where you have selected None from the Ignore Address list.

Figure 82: Ignore None

Ignore None

By choosing None in the subscribers network and service providers network, the Prefix Aggregation Destination fields and Prefix Aggregation Source fields are enabled in both networks.

In this scenario, the subnet that you enter in the Source Subnet field of the subscribers network matches the subnet that you enter in Destination Subnet field of the service providers network. Similarly, the subnet that you enter in the Destination Subnet field of the subscribers network matches the subnet that you enter in the Source Subnet field of the service providers network.

Prerequisites

Before you begin, ensure that the following prerequisites are met.

Getting Started

The instructions provided in the topics given below will help you to

  1. Create the following virtual networks:

    For steps to create virtual networks, see Create Virtual Network.

  2. Create three virtual machines.

    Each virtual machine must be created with left, right, and management interfaces.

    For steps to create virtual machines by using OpenStack, see Create Virtual Machines by using OpenStack.

    For steps to create virtual machines by using Contrail Command, see Create Virtual Machines by using Contrail Command.

  3. Create a service template.

    For steps to create a service template, see Create Service Template.

  4. Add a service instance.

    For steps to add a service instance, see Add Service Instance.

  5. Configure fat flows for these virtual networks.

    For steps to configure fat flows, see Configure Fat Flow.

  6. Create a service policy for the left virtual network and right virtual network.

    For steps to create a service policy, see Create Service Policy.

  7. Attach the service policy to the left virtual network and right virtual network.

    For steps to attach a service policy to a virtual network, see Attach Service Policy.

  8. Ping right virtual machine from left virtual machine.

    For steps to ping the right virtual machine by using OpenStack, see Launch a Virtual Machine from OpenStack.

    For steps to ping the right virtual machine by using Contrail Command, see Launch a Virtual Machine from Contrail Command.

Configuration

These topics provide instructions to configure fat flows by creating an in-network service chain.