Chaining implementation method and apparatus for container and virtual machine-based service functions

Abstract

This invention provides a method and apparatus for implementing service function (SF) chaining for container and virtual machine-based SFs, enabling efficient SF chaining. [Solution] In a chaining implementation device 200 for container and virtual machine-based service functions, the SF generation unit 204 constitutes at least one SF, the system configuration unit 208 constitutes a Service Function Chaining (SFC) unit 212 in which a traffic path to at least one SF is configured based on a virtual switch, and the SFC generation unit 206 generates a traffic path to at least one SF in the SFC unit based on the open flow of the virtual switch.

Description

【Technical Field】 【0001】 The present invention relates to a method and apparatus for chaining container and virtual machine-based service functions. 【Background Art】 【0002】 In order to provide various service functions (SF: Service Function) for traffic between a client and a server in a cloud-native environment, a service function chaining (SFC: Service Function Chaining) technology for switching or forwarding the traffic to respective service functions is necessary. 【0003】 There are various methods for implementing SFC. For container-based SF, Kubernetes provides a method for configuring an eBPF (extended Berkeley Packet Filter)-based SFC using a CNI (Container Network Interface) plugin, but requires the use of complex orchestration. 【0004】 For virtual machine-based SF, the IETF (Internet Engineering Task Force) presents a standard for implementing SFC, and there are commercial products implementing this. However, the SF itself requires an SFC decapsulation function, and if this function is not provided, management complexity such as using an SFC proxy is required, resulting in performance degradation. Also, in an environment where containers and virtual machines coexist, the management complexity of SF further increases. 【0005】 Therefore, there is a need for a service function chaining technology that does not require complex configuration and orchestration, does not require adding another function to the SF itself, and does not require complex management even in an environment where container-based SF and virtual machine-based SF coexist. [Prior art documents] [Patent Documents] 【0006】 [Patent Document 1] Korean Patent Registration No. 10-1911913 [Overview of the project] [Problems that the invention aims to solve] 【0007】 The problem that the present invention aims to solve is to provide a chaining implementation method and apparatus for container and virtual machine-based service functions that does not require complex configuration and orchestration, does not require adding other functions to the SF itself, and can efficiently provide SF chaining without complex management even in environments where container-based SF and virtual machine-based SF coexist. 【0008】 Furthermore, the problem that the present invention aims to solve is to provide a new method and apparatus for realizing service function chaining (SFC) between service functions (SF) composed of virtual machines and containers, based on virtual switch bridging and open flow within the same physical or virtual server. [Means for solving the problem] 【0009】 A chaining implementation method for container and virtual machine-based service functions according to one embodiment of the present invention for solving the above problems may include the steps of: a service function generation unit configuring at least one service function (SF); a system configuration unit configuring a service function chaining (SFC) unit that configures a traffic path to the at least one SF based on a virtual switch; and a service function chaining generation unit generating a traffic path to the at least one SF in the service function chaining unit based on the open flow of the virtual switch. 【0010】 In a method for implementing chaining for container and virtual machine-based service functions according to one embodiment of the present invention, the service function chaining unit may include: a service function chaining (SFC) bridge that forms a traffic path for transmitting traffic to the SF; an inbound bridge that receives external network traffic and transmits it to the service function chaining (SFC) bridge and transmits the traffic received from the service function chaining (SFC) bridge to the external network; and an outbound bridge that receives internal network traffic and transmits it to the service function chaining (SFC) bridge and transmits the traffic received from the service function chaining (SFC) bridge to the internal network. 【0011】 Furthermore, in a chaining implementation method for container and virtual machine-based service functions according to one embodiment of the present invention, the at least one service function may include at least one of a container-based service function and a virtual machine-based service function. 【0012】 Furthermore, in a chaining implementation method for container and virtual machine-based service functions according to one embodiment of the present invention, the system component can bind an external network interface in relation to the inbound bridge, bind a patch interface for connection with the SFC bridge, bind an internal network interface in relation to the outbound bridge, bind a patch interface for connection with the SFC bridge, bind a patch interface peer for connection with the inbound bridge in relation to the SFC bridge, bind a patch interface peer for connection with the outbound bridge, and generate a bidirectional open flow for communication between the inbound bridge patch interface and the outbound patch interface. 【0013】 Furthermore, in a chaining implementation method for container and virtual machine-based service functions according to one embodiment of the present invention, the service function generation unit can configure an interface for processing ingress traffic and egress traffic for at least one service function (SF). 【0014】 Furthermore, in a chaining implementation method for container and virtual machine-based service functions according to one embodiment of the present invention, the service function chaining generation unit can determine a path that passes through at least one SF based on the destination network and service, and generate an open flow path in the SFC unit based on the determined path. 【0015】 Furthermore, in a chaining implementation method for container and virtual machine-based service functions according to one embodiment of the present invention, the destination network includes IP or bandwidth, and the service may include protocols and port numbers. 【0016】 Furthermore, a chaining implementation method for container and virtual machine-based service functions according to one embodiment of the present invention may further include a step in which, prior to the step in which the service function chaining generation unit generates traffic paths between SFs based on the open flow of the virtual switch, the MAC learning unit learns the MACs of network devices connected to the inbound bridge and the outbound bridge and the MACs of SF interfaces connected to the SFC bridge. 【0017】 Furthermore, in a chaining implementation method for container and virtual machine-based service functions according to one embodiment of the present invention, the service function chaining generation unit can receive a MAC that matches the destination interface from the MAC learning unit and modulate the destination MAC. 【0018】 Furthermore, in a chaining implementation method for container and virtual machine-based service functions according to one embodiment of the present invention, the service function generation unit can configure at least one service function (SF) based on the SF image file and attributes stored in the SF image management unit. 【0019】 A chaining implementation device for container and virtual machine-based service functions according to one embodiment of the present invention for solving the above problems may include: a service function generation unit that constitutes at least one service function (SF); a system configuration unit that constitutes a service function chaining (SFC) unit that configures a traffic path to the at least one SF based on a virtual switch; and a service function chaining generation unit that generates a traffic path to the at least one SF in the service function chaining unit based on the open flow of the virtual switch. 【0020】 In a chaining implementation device for container and virtual machine-based service functions according to one embodiment of the present invention, the service function chaining unit may include: a service function chaining (SFC) bridge that forms a traffic path for transmitting traffic to the SF; an inbound bridge that receives external network traffic and transmits it to the service function chaining (SFC) bridge and transmits the traffic received from the service function chaining (SFC) bridge to the external network; and an outbound bridge that receives internal network traffic and transmits it to the service function chaining (SFC) bridge and transmits the traffic received from the service function chaining (SFC) bridge to the internal network. 【0021】 Furthermore, in a chaining implementation device for container and virtual machine-based service functions according to one embodiment of the present invention, the at least one service function may include at least one of a container-based service function and a virtual machine-based service function. 【0022】 Also, in the chaining implementation device for a container and a virtual machine-based service function according to an embodiment of the present invention, the system configuration unit binds an external network interface in relation to the inbound bridge, binds a patch interface for connection with the SFC bridge, binds an internal network interface in relation to the outbound bridge, binds a patch interface for connection with the SFC bridge, binds a patch interface peer for connection with the inbound bridge in relation to the SFC bridge, binds a patch interface peer for connection with the outbound bridge, and can generate a two-way open flow for communication between the inbound bridge patch interface and the outbound patch interface. 【0023】 Also, in the chaining implementation device for a container and a virtual machine-based service function according to an embodiment of the present invention, the service function generation unit can configure an interface for processing ingress traffic and egress traffic for the at least one service function (SF). 【0024】 Also, in the chaining implementation device for a container and a virtual machine-based service function according to an embodiment of the present invention, the service function chaining generation unit determines a path passing through the at least one SF based on the destination network and the service, and can generate an open flow path in the SFC unit based on the determined path. 【0025】 Also, in the chaining implementation device for a container and a virtual machine-based service function according to an embodiment of the present invention, the destination network can include an IP or a bandwidth, and the service can include a protocol and a port number. 【0026】 In addition, the chaining implementation device for a container and a virtual machine-based service function according to an embodiment of the present invention may further include a MAC learning unit that learns the MAC of a network device connected to the inbound bridge and the outbound bridge and the MAC for an SF interface connected to the SFC bridge. 【0027】 In addition, in the chaining implementation device for a container and a virtual machine-based service function according to an embodiment of the present invention, the service function chaining generation unit can receive a MAC suitable for a destination interface from the MAC learning unit and modulate the destination MAC. 【0028】 In addition, in the chaining implementation device for a container and a virtual machine-based service function according to an embodiment of the present invention, the service function generation unit can configure the at least one service function (SF: Service Function) based on the SF image file and attributes stored in the SF image management unit. 【Advantages of the Invention】 【0029】 According to the chaining implementation method and device for a container and a virtual machine-based service function according to an embodiment of the present invention, a complex configuration and orchestration are not required, there is no need to add another function to the SF itself, and efficient SF chaining can be provided without complicated management even in an environment where container-based SFs and virtual machine-based SFs coexist. 【Brief Description of the Drawings】 【0030】 [Figure 1] It is a conceptual diagram for explaining a chaining implementation method for a container and a virtual machine-based service function according to an embodiment of the present invention. [Figure 2] It is a configuration diagram showing a chaining implementation device for a container and a virtual machine-based service function according to an embodiment of the present invention. [Figure 3]This diagram illustrates how to add an interface for service chaining to a container-based service function (SF). [Figure 4] This diagram illustrates the addition of an interface for service chaining to a virtual machine-based service function (SF). [Figure 5] This is a flowchart illustrating a method for implementing chaining for container and virtual machine-based service functions according to one embodiment of the present invention. [Modes for carrying out the invention] 【0031】 The embodiments disclosed herein will be described in detail below with reference to the accompanying drawings. The object, features, and novel features of the present invention will become clearer from the following detailed description and preferred embodiments associated with the accompanying drawings. 【0032】 Therefore, the terms and words used in this specification and the claims are appropriately defined by the inventors to best describe their invention and should be interpreted in a sense and concept consistent with the technical idea of ​​the present invention. They merely describe the embodiments and should not be interpreted as limiting the invention. 【0033】 When assigning reference numerals to components, identical or similar components in the figures shall be given the same reference numeral, and redundant descriptions shall be omitted. The suffixes "module" and "part" used for components in the following description are added for the sake of ease of specification preparation or for interchangeable use, and do not have a distinct meaning or role in themselves, and can refer to components of software or hardware. 【0034】 When describing the components of the present invention, if a component is expressed in a single form, it should be understood that the component also includes multiple forms unless otherwise specified. Furthermore, terms such as "first," "second," etc., are used to distinguish one component from another, and the components are not limited by these terms. Also, if one component is linked to another component, it means that other components may be linked between that component and the other component. 【0035】 Furthermore, when describing the embodiments disclosed herein, detailed descriptions of relevant prior art will be omitted if it is determined that such descriptions may obscure the essence of the embodiments disclosed herein. In addition, the accompanying drawings are merely for the purpose of facilitating the understanding of the embodiments disclosed herein, and the accompanying drawings are not intended to limit the technical idea disclosed herein, but should be understood to include any modifications, equivalents, or substitutions that fall within the concept and technical scope of the present invention. 【0036】 Hereinafter, with reference to the attached drawings, a chaining implementation method and apparatus for container and virtual machine-based service functions according to one embodiment of the present invention will be described. 【0037】 A method and apparatus for implementing chaining for container and virtual machine-based service functions according to one embodiment of the present invention relates to a method and apparatus for implementing service function chaining (SFC) between service functions (SF) composed of virtual machines or containers, based on a bridge of a virtual switch such as openswitch and openflow, within the same physical or virtual server. The method and apparatus implement SFC using only openflow without common components for implementing SFC for virtual machine-based SFs, such as SFP (Service Function Path), SFF (Service Function Forwarder), SFC proxy, and SFC encapsulation. It also implements SFC functionality for container-based SFs without orchestration such as Kubernetes and CNI plugins. The SFC functionality can be implemented using the same configuration method regardless of the type of SF (container, virtual machine). 【0038】 Figure 1 is a conceptual diagram illustrating a method for implementing chaining for container and virtual machine-based service functions according to one embodiment of the present invention. 【0039】 Referring to Figure 1, the device 100 to which a chaining implementation method for container and virtual machine-based service functions according to one embodiment of the present invention can transmit traffic received from network interface cards (NICs) 102a and 102b to at least one of the first to nth service functions 106_1 to 106_n, which contain a mixture of container-based service functions and virtual machine-based service functions, via the open flow-based service function chaining unit 104, and can transmit traffic output from service functions 106_1 to 106_n to network interface cards (NICs) 102a and 102b. Furthermore, when it is not necessary to transmit traffic to service functions, traffic can be transmitted directly between network interface cards (NICs) 102a and 102b without going through the first to nth service functions 106_1 to 106_n. Here, n may be an integer of 1 or more. 【0040】 The container and virtual machine-based service function chaining implementation device 200 according to one embodiment of the present invention shown in Figure 2 may include a service function generation unit 204 that constitutes at least one service function (SF) 214_1 to 214_n, a system configuration unit 208 that constitutes a service function chaining (SFC) unit 212 that configures traffic paths to SF 214_1 to 214_n based on a virtual switch, a service function chaining generation unit 206 that generates traffic paths to SF 214_1 to 214_n in the service function chaining unit 212 based on the open flow of the virtual switch, an SF image management unit 202, and a MAC learning unit 210. 【0041】 The system configuration unit 208 can configure or initialize the system. The system may consist of three bridges: bridges 220 and 224 that handle traffic input / output, and bridge 222 that handles service chaining. 【0042】 The Service Function Chaining (SFC) bridge 222 can transmit traffic to SF 214_1~214_n and configure traffic paths, the inbound bridge 220 can send and receive external network traffic, and the outbound bridge 224 can send and receive internal network traffic. 【0043】 The MAC learning unit 210 reads the ARP cache information of the kernel 216 and can learn the MACs (Media Access Control) of network devices connected to the inbound bridge 220 and outbound bridge 224, as well as the MACs for SF interfaces connected to the Service Function Chaining (SFC) bridge 222. In the example configuration, it can learn the default gateway MACs and subnet gateway MACs for the external and internal networks, as well as the MACs of devices connected to the same network. It can also collect MACs for interfaces assigned to each SF 214_1 to 214_n. 【0044】 The SF image management unit 202 can manage container images or virtual machine images used during SF generation. The SF image management unit 202 can manage the image files, image templates, and interface classification (ingress / egress integrated, ingress / egress separated) information that are subject to management. 【0045】 SF 214_1~214_n may be service functions composed of virtual machines or containers. The SF generation unit 204 generates SF 214_1~214_n using the image information from the SF image management unit 202, adds virtual interfaces to SF 214_1~214_n using interface classification information, and can link the added virtual interfaces to the service function chaining bridge 222. 【0046】 The SFC generation unit 206 can generate traffic paths between service providers that provide services according to their traffic characteristics. The SFC generation unit 206 may be implemented by open flows of virtual switches. The service path may consist of a request flow chain and a response flow chain which is the opposite path. 【0047】 The operation of the chaining implementation device 200 for container and virtual machine-based service functions according to one embodiment of the present invention configured as described above will be explained in detail as follows. 【0048】 1. The system configuration unit 208 can configure a virtual switch-based bridge. The generated bridge may include an inbound bridge, the OVS-IN bridge 220, an outbound bridge, the OVS-OUT bridge 224, and a service function chaining (SFC) bridge, the OVS-SFC bridge 222, each of which can perform the following roles: 【0049】 1) OVS-IN bridge 220 【0050】 - It can bind to an external network interface and take over the IP and MAC addresses assigned to that interface. 【0051】 - A patch interface can be bound for connection with the OVS-SFC bridge 222. 【0052】 2) OVS-OUT bridge 224 【0053】 - It can bind to an internal network interface and take over the IP and MAC addresses assigned to that interface. 【0054】 - A patch interface can be bound for connection with the OVS-SFC bridge 222. 【0055】 3) OVS-SFC Bridge 222 【0056】 - A patch interface peer can be bound for connection with the OVS-IN bridge 220. 【0057】 - A patch interface peer can be bound for connection with the OVS-OUT bridge 224. 【0058】 - It is possible to generate a bidirectional open flow for communication between the OVS-in patch interface and the OVS-out patch interface. This can support the basic communication state in the absence of Service Function Chaining (SFC). 【0059】 2. The SF image management unit 202 can manage SF image files and attributes. Image attributes may define the image type (container, virtual machine), image file name, service chaining interface type (both: integrated ingress / egress, each: separate ingress / egress), and image template (container: docker-compose file, virtual machine: virt-install command line). 【0060】 3. The SF generation unit 204 can select a target image from the SF image management unit 202 and generate at least one service function (SF) 214_1 to 214_n. Depending on the SF image classification, a virtual machine or container-based service function can be generated. In Figure 2, reference number 214_1 is a container-based SF, reference number 214_2 is a virtual machine (VM)-based SF, and reference number 214_n may be a container-based SF. 【0061】 In addition to its management interface, the Service Stream (SF) may also have one or two interfaces for service chaining, depending on the SF interface classification. If there is one interface, it can handle both ingress and egress traffic; if there are two interfaces, it can handle ingress and egress traffic separately. In this embodiment, as shown in Figures 3 and 4, interfaces can be added to the SF using Linux® Virtual Ethernet® interfaces (veth). Figure 3 shows an example of a container, and Figure 4 shows an example of a virtual machine. 【0062】 Furthermore, to enable routing communication between SF 214_1~214_n and the ovs-sfc bridge 222, a gateway IP address can be configured on the ovs-sfc bridge 222 for the ingress and egress interfaces of SF 214_1~214_n, and a NORMAL policy open flow can be added for communication to that gateway IP address. 【0063】 4. The SFC generation unit 206 can generate routes through SF214_1 to 214_n based on the destination network (IP or bandwidth) and service. The service may be configured in the form of protocol / port number (e.g., tcp / 80, udp / 53). The SFC generation unit 206 can generate open flows to the ovs-sfc bridge 222 based on the route information. In this case, the open flow configuration may differ depending on whether there is one SF, two SFs, or three or more SFs on the route. 【0064】 1) When there is one SF on the path (228) 【0065】 [Request Packet] (SFC Forward Direction) 【0066】 - The input port (in_port) of the open flow becomes the peer of the ovs-in220 patch, and the output port can be an interface within the ovs-sfc bridge 222 that peers with the ingress interface of SF 214_1. Hereafter, the interface within the ovs-sfc bridge 222 that peers with the ingress interface of the SF will be simply referred to as the ingress interface of the SF. Additional conditions include setting the destination IP to the internal network bandwidth, and mod_dl_dst (modify data link destination address) (modify destination MAC address) may be set to the learned MAC address of that interface. 【0067】 - The in-port of the open flow can be the egress interface for SF 214_1, and the output port can be the peer for the ovs-out224 patch. As an additional condition, the destination IP may be set to the internal network bandwidth. 【0068】 [Response Packet] (SFC Reverse Direction) 【0069】 - The input port (in_port) of OpenFlow can become the peer for the ovs-out224 patch, and the output port can become the egress interface for SF 214_1. Additional conditions include that the destination IP is set to the external network bandwidth, and mod_dl_dst may be set to the learned MAC address of that interface. 【0070】 - The ingress port (in_port) of the open flow can be the ingress interface for SF 214_1, and the output port can be the peer for the ovs-in228 patch. As an additional condition, the destination IP may be set to the external network bandwidth. 【0071】 The input port (in_port) and output port (output) of the open flow can be interpreted from the perspective of the service function chaining bridge (ovc-sfc) 222, that is, the input port (in_port) and output port (output) of the open flow within the service function chaining bridge (ovc-sfc) 222. 【0072】 2) When there are two SFs on the path (230) 【0073】 [Request Packet] (SFC Forward Direction) 【0074】 - The input port (in_port) of the open flow can be the peer of the ovs-in220 patch, and the output port can be the ingress interface for the first SF (214_2). Additional conditions include that the destination IP is set to the internal network bandwidth, and mod_dl_dst may be set to the learned MAC address of that interface. 【0075】 - The input port (in_port) of the open flow may become the egress interface of the first SF 214_2, and the output port may become the ingress interface of the second SF 214_n. Additional conditions include that the destination IP is set to the internal network bandwidth, and mod_dl_dst may be set to the learned MAC address of that interface. 【0076】 - The open flow input port (in_port) can become the egress interface for the second SF 214_n, and the output port can become the peer for the ovs-out224 patch. As an additional condition, the destination IP may be set to the internal network bandwidth. 【0077】 [Response Packet] (SFC Reverse Direction) 【0078】 - The in_port of the open flow can become the peer of the ovs-out224 patch, and the output can become the egress interface for the second SF 214_n. Additional conditions include that the destination IP is set to the external network bandwidth, and mod_dl_dst may be set to the learned MAC address of that interface. 【0079】 - The ingress port (in_port) of the open flow becomes the ingress interface of the second SF 214_n, and the egress interface (output) becomes the egress interface of the first SF (214_2). Additional conditions include setting the destination IP to the external network bandwidth and setting mod_dl_dst to the learned MAC address of that interface. 【0080】 - The ingress port (in_port) of the open flow will be the ingress interface for the first SF (214_2), and the output port (output) may be the peer for the ovs-in220 patch. As an additional condition, the destination IP may be set to the external network bandwidth. 【0081】 3) When there are 3 or more SFs on the path 【0082】 [Request Packet] (SFC Forward Direction) 【0083】 - The input port (in_port) of the open flow can be the peer for the ovs-in220 patch, and the output port can be the ingress interface for the first SF. Additional conditions include that the destination IP is set to the internal network bandwidth, and mod_dl_dst may be set to the learned MAC address of that interface. 【0084】 - The input port (in_port) of the open flow may become the egress interface for the first SF, and the output port may become the ingress interface for the second SF. Additional conditions include that the destination IP is set to the internal network bandwidth, and mod_dl_dst may be set to the learned MAC address of that interface. The processes other than the last SF may be identical. 【0085】 - If the SF is the last one, the open flow input port (in_port) becomes the egress interface for that SF, and the output port (output) can become the peer for the ovs-out224 patch. As an additional condition, the destination IP may be set to the internal network bandwidth. 【0086】 [Response Packet] (SFC Reverse Direction) 【0087】 - The in_port of the open flow can become the peer for the ovs-out224 patch, and the output port can become the interface for the final SF egress. As an additional condition, the destination IP may be set to the external network bandwidth. 【0088】 - The input port (in_port) of an open flow can become the ingress interface for the last SF, and the output port can become the egress interface for the next SF. Additionally, the destination IP may be set to the external network bandwidth. All processes except the first SF may be identical. 【0089】 - If the SF is the first one, the open flow input port (in_port) becomes the ingress interface for that SF, and the output port (output) can become the peer for the ovs-in220 patch. As an additional condition, the destination IP may be set to the external network bandwidth. 【0090】 5. The MAC learning unit 210 can learn the MAC addresses of network devices connected to the inbound bridge 220 and outbound bridge 224, as well as the MAC addresses of SF interfaces connected to the SFC bridge 222. 【0091】 The MAC addresses of network devices connected to the inbound bridge 220 and outbound bridge 224 are collected from the kernel 216's address resolution protocol (ARP) cache information, and the MAC addresses of SFs connected to the SFC bridge 222 can be collected as follows: (1) Containers: via the container's network namespace, ifconfig information or / sys / class / net / <interface>(2) Collect / address information. (3) Virtual machine: Collect MAC address information from the virtual machine configuration file (XML). 【0092】 Figure 5 is a flowchart illustrating a method for implementing chaining for container and virtual machine-based service functions according to one embodiment of the present invention. 【0093】 Referring to Figures 2 and 5, at step S500, the system configuration unit 208 can configure the system environment. 【0094】 At this stage, the system configuration unit 208 can automatically configure a virtual switch-based inbound bridge (ovs-in) 220, outbound bridge (ovs-out) 224, and service function chaining bridge (ovs-sfc) 222 on a physical or virtual server, and generate the ovs-in⇔ovs-sfc⇔ovs-out basic route. 【0095】 In step S502, the SF generation unit 204 can construct at least one SF 214_1 to 214_n based on the SF image and attributes 520. 【0096】 The SF generation unit 204 can generate an SF using an image file and image template for the SF generated by the management information of the SF image management unit 202. At this time, an ingress / egress interface for service chaining can be generated according to the interface classification of the image, and this can be connected to the service function chaining (ovs-sfc) bridge 222 of the virtual switch. In addition, a gateway IP and a NORMAL policy open flow can be configured on the service function chaining (ovs-sfc) bridge 222 for the ingress / egress of the SF so that routing can be configured between the service function chaining (ovs-sfc) bridge 222 and the ingress / egress interfaces of SFs 214_1 to 214_n. 【0097】 At stage S504, the SFC generation unit 206 can configure a Service Function Chaining (SFC) path based on the SFC management information 522 and the MAC management information 524. 【0098】 The SFC generation unit 206's service-specific SFC route configuration allows all bidirectional open flow routes to be added to the service function chaining bridge (ovs-sfc) 222. When adding an open flow route, the MAC matching the destination interface is received from the MAC learning unit 210, and the destination MAC can be modulated. 【0099】 On the other hand, we will explain the process by which service function chaining is performed for traffic. 【0100】 At stage S506, traffic may be received. 【0101】 At stage S508, it may be determined whether the traffic will be received by the inbound bridge (ovs_in) 220 or the outbound bridge (ovs_out) 224. 【0102】 Requested traffic from the external network via NIC218a is received via the interface bound to the inbound bridge (ovs-in)220, which may be propagated to the service function chaining bridge (ovs-sfc)222. When traffic is received by the inbound bridge (ovs_in)220, at the S510 stage, the requested traffic propagated to the inbound bridge (ovs_in)220 may be propagated to the outbound bridge (ovs-out)224 via the SF in a forward open flow configuration corresponding to the protocol and destination IP / port (Port). 【0103】 At the S512 stage, traffic transmitted to the outbound bridge (ovs-out) 224 may be transmitted via NIC 218b to the internal network server, i.e., the destination address on the internal network. 【0104】 Internal network response traffic via NIC218b is received via the interface bound to outbound bridge (ovs-out)224, which may be propagated to service function chaining bridge (ovs-sfc)222. When traffic is received by outbound bridge (ovs_out)224, at stage S514, the response traffic propagated to outbound bridge (ovs_out)224 may be propagated to inbound bridge (ovs-in)220 via SF in a reverse open flow configuration corresponding to the protocol and destination IP / port (Port). 【0105】 At stage S516, the traffic transmitted to the inbound bridge (ovs-in) 220 may be transmitted via NIC 218a to a client on the external network, i.e., to a destination address on the external network. 【0106】 The embodiments and drawings described herein are illustrative only and do not limit the scope of the invention in any way. Furthermore, the lines or connecting members between components shown in the drawings illustrate functional and / or physical or circuit connections and may be substituted or shown as various additional functional, physical, or circuit connections in actual devices. Also, components may not be essential for the application of the invention unless specifically mentioned, such as "essential" or "important." 【0107】 The present invention, as described above, can be embodied as computer-readable code on a medium on which a program is recorded. The computer-readable medium may continuously store computer-executable programs, or it may temporarily store them for execution or download. The medium may be various recording or storage means in the form of a combination of one or more hardware components, and is not limited to a medium directly connected to a computer system, but may be distributed on a network. Therefore, the above detailed description should not be interpreted restrictively in any way, but should be considered illustrative. The scope of the present invention should be determined by a reasonable interpretation of the appended claims, and any modifications within the equivalent scope of the present invention are included within the scope of the present invention. 【0108】 In the specification of this invention (especially in the claims), the use of the term “the foregoing” and similar descriptive terms may be singular or plural. Furthermore, where a range is described in this invention, it includes inventions applying individual values ​​belonging to that range (unless otherwise specified), and corresponds to a detailed description of the invention that lists each individual value constituting that range. Also, the steps presented in the method invention of this invention are not necessarily intended to impose any constraints on their order, and the order may be appropriately changed as needed, unless the nature of each step necessitates a particular step preceding another. In this invention, the use of all example or exemplary terms (e.g., “etc.”) is simply for the purpose of detailing the invention, and the scope of this invention is not limited by such example or exemplary terms unless limited by the claims. Furthermore, a person of ordinary skill will understand that various modifications, combinations, and changes may be added to the claims or their equivalents, resulting in a configuration of design conditions and elements. [Explanation of symbols] 【0109】 100 Apparatus to which a chaining implementation method according to one embodiment of the present invention can be applied to container and virtual machine-based service functions. 102a, 102b, 218a, 218b NIC 104 Service Function Chaining Unit 102_6~106_n 1st to nth SF 200 Chaining implementation device for container and virtual machine-based service functions according to one embodiment of the present invention 202 SF Image Management Department 204 SF generation section 206 SFC generation section 208 System Configuration Section 210 MAC Learning Department 212 Service Function Chaining Unit 214_1~214_n 1st to nth SF 216 kernels 220 Inbound Bridge 222 Service Function Chaining (SFC) Bridge 224 Outbound Bridge< / interface>

Claims

[Claim 1] The service function generation unit constitutes at least one service function (SF), The system configuration unit configures a Service Function Chaining (SFC) unit in which a traffic path to at least one SF is configured based on a virtual switch, A method for implementing chaining for container and virtual machine-based service functions, comprising the step of a service function chaining generation unit generating a traffic path to the service function chaining unit for at least one SF based on the open flow of the virtual switch. [Claim 2] The aforementioned service function chaining unit is A Service Function Chaining (SFC) bridge is configured to provide a traffic path for transmitting traffic to the aforementioned SF, An inbound bridge receives external network traffic and transmits it to the Service Function Chaining (SFC) bridge, and transmits the traffic received from the Service Function Chaining (SFC) bridge to the external network. A method for implementing chaining for container and virtual machine-based service functions according to claim 1, comprising: an outbound bridge that receives internal network traffic and transmits it to the Service Function Chaining (SFC) bridge, and transmits traffic received from the Service Function Chaining (SFC) bridge to the internal network. [Claim 3] The method for implementing chaining for container and virtual machine-based service functions according to claim 1, wherein the at least one service function includes at least one of a container-based service function and a virtual machine-based service function. [Claim 4] The aforementioned system component is: In relation to the aforementioned inbound bridge, an external network interface is bound, and a patch interface for connection with the aforementioned SFC bridge is bound. In relation to the outbound bridge, the internal network interface is bound, and the patch interface for connection with the SFC bridge is bound, A chaining implementation method for container and virtual machine-based service functions according to claim 2, comprising binding a patch interface peer for connection with the inbound bridge in relation to the SFC bridge, binding a patch interface peer for connection with the outbound bridge, and generating a bidirectional open flow for communication between the inbound bridge patch interface and the outbound patch interface. [Claim 5] The service function generation unit, A chaining implementation method for container and virtual machine-based service functions according to claim 1, comprising configuring an interface for processing ingress and egress traffic for at least one service function (SF). [Claim 6] The service function chain generation unit is, A chaining implementation method for container and virtual machine-based service functions according to claim 1, comprising determining a route through at least one SF based on the destination network and service, and generating an open flow route in the SFC based on the determined route. [Claim 7] The aforementioned destination network includes IP or bandwidth. The method for chaining to container and virtual machine-based service functions according to claim 6, wherein the service includes a protocol and a port number. [Claim 8] Before the service function chaining generation unit generates traffic paths between SFs based on the open flow of the virtual switch, The chaining implementation method for container and virtual machine-based service functions according to claim 2, further comprising the step of a MAC learning unit learning the MACs of network devices connected to the inbound bridge and the outbound bridge and the MACs of SF interfaces connected to the SFC bridge. [Claim 9] The method for implementing chaining for container and virtual machine-based service functions according to claim 8, wherein the service function chaining generation unit receives a MAC that matches the destination interface from the MAC learning unit and modulates the destination MAC. [Claim 10] The chaining implementation method for container and virtual machine-based service functions according to claim 1, wherein the service function generation unit configures at least one service function (SF: Service Function) based on the SF image file and attributes stored in the SF image management unit. [Claim 11] A service function generation unit that constitutes at least one service function (SF), A system configuration unit that constitutes a Service Function Chaining (SFC) unit in which a traffic path to at least one SF is configured based on a virtual switch, A chaining implementation device for container and virtual machine-based service functions, comprising: a service function chaining generation unit that generates a traffic path to at least one SF in the service function chaining unit based on the open flow of the virtual switch. [Claim 12] The aforementioned service function chaining unit is A Service Function Chaining (SFC) bridge is configured to provide a traffic path for transmitting traffic to the aforementioned SF, An inbound bridge receives external network traffic and transmits it to the Service Function Chaining (SFC) bridge, and transmits the traffic received from the Service Function Chaining (SFC) bridge to the external network. Chaining implementation device for container and virtual machine-based service functions according to claim 11, comprising: an outbound bridge that receives internal network traffic and transmits it to the Service Function Chaining (SFC) bridge, and transmits traffic received from the Service Function Chaining (SFC) bridge to the internal network. [Claim 13] Chaining implementation device for container and virtual machine-based service functions according to claim 11, wherein the at least one service function includes at least one of a container-based service function and a virtual machine-based service function. [Claim 14] The aforementioned system component is: In relation to the aforementioned inbound bridge, an external network interface is bound, and a patch interface for connection with the aforementioned SFC bridge is bound. In relation to the outbound bridge, the internal network interface is bound, and the patch interface for connection with the SFC bridge is bound, Chaining implementation device for container and virtual machine-based service functions according to claim 12, comprising binding a patch interface peer for connection with the inbound bridge in relation to the SFC bridge, binding a patch interface peer for connection with the outbound bridge, and generating a bidirectional open flow for communication between the inbound bridge patch interface and the outbound patch interface. [Claim 15] The service function generation unit, Chaining implementation for container and virtual machine-based service functions according to claim 11, comprising configuring an interface for processing ingress and egress traffic for at least one service function (SF). [Claim 16] The service function chain generation unit is, Chaining implementation device for container and virtual machine-based service functions according to claim 11, which determines a route via at least one SF based on the destination network and service, and generates an open flow route in the SFC based on the determined route. [Claim 17] The aforementioned destination network includes IP or bandwidth. The chaining implementation device for container and virtual machine-based service functions according to claim 16, wherein the service includes a protocol and a port number. [Claim 18] Chaining implementation device for container and virtual machine-based service functions according to claim 12, further comprising a MAC learning unit that learns the MACs of network devices connected to the inbound bridge and the outbound bridge and the MACs of SF interfaces connected to the SFC bridge. [Claim 19] The service function chaining generation unit receives a MAC that matches the destination interface from the MAC learning unit and modulates the destination MAC, as described in claim 18, for a chaining implementation device for container and virtual machine-based service functions. [Claim 20] Chaining implementation device for container and virtual machine-based service functions according to claim 11, wherein the service function generation unit configures at least one service function (SF: Service Function) based on the SF image file and attributes stored in the SF image management unit.

Images