The present invention relates to service appliances in virtual networks, and more particularly, this invention relates to service chaining in virtual networks and software-defined networks (SDNs).
Network virtualization is implemented by many vendors using overlay technologies, such as Virtual Extensible Local Area Network (VXLAN), Network Virtualization using Generic Routing Encapsulation (NVGRE), etc., to form tunnels, where an identifier is used to indicate a virtual network for each tunneled packet. These technologies enable multiple virtual networks to be utilized over the same physical network. Usually, a virtual switch component in a host or a virtualization layer (e.g., a hypervisor) provides the virtual ports which may be used to associate virtual machines (VMs) to the various virtual networks.
Even though communication within a virtual network is a given, it is possible to allow or control communication across virtual networks. In physical networks, it is possible to use service appliances, such as those which implement firewalls, transcoding, load balancing, etc. Normally, the service appliances are inserted as a “bump in the wire” between the networks and/or services. These kind of service appliances (e.g., “waypoints”) are not currently supported in virtual networks. However, since network virtualization abstracts physical Layer-2/Layer-3 networks, the use of physical appliances in a virtual network becomes a serious challenge. A bump in the wire insertion of one or more service appliances is not possible in virtual networks, as multiple virtual networks may share the same physical infrastructure and service appliances may not be able to distinguish between packets belonging to one specific virtual network from all the others.
There are some mechanisms available to allow for the insertion of service appliances in overlay networks defined by a SDN. Once the service appliances are inserted into the overlay network, the management and control plane configure the data forwarding layers so that data frames in the overlay network follow the path defined by the overlay network administrator, e.g., the SDN controller. However, there is currently no solution which allows for a service appliance to be inserted into an overlay network without requiring the service appliance to engage in some control plane activity with other components. This control plane activity is a potential drawback, and should be avoided when possible.