In virtualized environments virtual switches or bridges are used for forwarding traffic between virtual machines (VMs) and VM to physical networks through network interface cards (NICs). Virtual switch and virtual bridge implementations vary (e.g., software hypervisor implementations, hardware as a virtual embedded switch in a NIC as well as virtual switch acceleration in a NIC to assist the software switch or bridge). VMs are connected to virtual switches using a virtual NIC (vNIC) implemented in either hypervisor software or provided by hardware in physical NICs.
Network Interface controllers that provide hardware virtualization of network interfaces mostly use single root I/O (Input/Output) virtualization (SR-IOV) technology to provide multiple logical network interfaces to share one physical network interface (NIC) card. A physical function (PF) driver running in the host OS is used to configure the NIC hardware.
One or more PCIe (Peripheral Component Interconnect Express) Virtual Functions (VFs) are associated with the NIC which are attached to the NIC's PF. Each VF shares one or more physical resources of the NIC (e.g., memory and a network port) with the PF and other VFs supported on the device. Network traffic is kept separate using an I/O memory management unit (IOMMU) to direct different data streams to and from VFs that are ultimately tied to different VMs. SR-IOV therefore enables traffic to bypass switches implemented by software (i.e., vSwitch). This allows network traffic to flow directly from the NIC VF to a particular VM without the extra burden imposed by software switching.
Service Function Chaining (SFC) provides the ability to define an ordered list of network services (e.g., data compression, security, inspection, firewalls, load balancers). These services are typically implemented as Service Functions (SF) deployed in separate VMs because different services require different applications sometimes running on different operating systems. A SFC is “stitched” together in the network to create a chain of operations that perform processing on a data stream or individual packet. Multiple Service functions in a service path collocated on the same platform can use this invention to forward traffic between the SFs in the chain.
Current software or hardware approaches for VM-to-VM forwarding are sufficient for traditional enterprise or cloud computing environments where direct NIC-to-VM hardware access is a common usage. However for emerging software defined network (SDN) virtualization usage models in enterprise, cloud and Telco networks, VM-to-VM (or, VNF-to-VNF, or VM-to-VNF) access is also significant because certain virtual network functions (VNFs) (e.g., proxy, firewall, router) require multi-stage packet processing typically handled by different applications sometimes on different operating systems handled by different VMs.