Feature_10980_Service_Function_Chaining

    constituent-cpd-id: vnf-cp0-ext

    ip-address: 192.168.1.20

```

## Service Function Chaining

SFC has the ability to cause network packet flows to route through a network via a path other than the one that would be chosen by routing table lookups on the packet’s destination IP address.

### How to deploy Service Function Chaining

To illustrate how SFC works in OSM, it will be discussed in the below example.

#### Resources

This example of SFC requires a set of resources (VNFs, NSs) that are available in the following [Gitlab osm-packages repository](https://osm.etsi.org/gitlab/vnf-onboarding/osm-packages):

- **NF:**

  - [src_vnfd](https://osm.etsi.org/gitlab/vnf-onboarding/osm-packages/-/tree/master/src_vnfd)

  - [dest_vnfd](https://osm.etsi.org/gitlab/vnf-onboarding/osm-packages/-/tree/master/dest_vnfd)

  - [mid_vnfd](https://osm.etsi.org/gitlab/vnf-onboarding/osm-packages/-/tree/master/mid_vnfd)

- **NS:**

  - [sfc_nsd](https://osm.etsi.org/gitlab/vnf-onboarding/osm-packages/-/tree/master/sfc_nsd)

#### Virtual Network Functions

Three VNFs are used for this example. All the VNFs has single interface (`eth0-ext`), specifications vCPU (1), RAM (1GB), disk (10GB), and image-name (`bionic`).

![src_vnfd](assets/700px_src_vnfd.png)

![mid_vnfd](assets/700px_mid_vnfd.png)

![dest_vnfd](assets/700px_dest_vnfd.png)

#### Network Service

This Network service has three VNFs.The VNF forwarding graph parameters like match attributes (`source ip address`, `destination ip address`, `protocol`, `source port`, `destination port`), ingress connection point interface (`packet in`) and egress connection point interface (`packet out`) are configured in NSD descriptor.

The diagram below shows the `sfc_nsd` and service chaining of VNFs.

![sfc_nsd](assets/sfc_nsd.png)

#### SFC Network service Descriptor

VNFFGD configuration are specified as below in NS descriptor:

```yaml

    vnffgd:

    - id: vnffg1

      vnf-profile-id:

      - vnf2

      nfp-position-element:

      - id: test

      nfpd:

      - id: forwardingpath1

        position-desc-id:

        - id: position1

          nfp-position-element-id:

          - test

          match-attributes:

          -  id: rule1_80

             ip-proto: 6

             source-ip-address:  20.20.20.10

             destination-ip-address: 20.20.20.30

             source-port: 0

             destination-port: 80

             constituent-base-element-id: vnf1

             constituent-cpd-id: eth0-ext

          cp-profile-id:

          -  id: cpprofile2

             constituent-profile-elements:

             - id: cp1

               order: 0

               constituent-base-element-id: vnf2

               ingress-constituent-cpd-id: eth0-ext

               egress-constituent-cpd-id: eth0-ext

```

- The list of VNFs in the forwarding graph (`vnffgd:vnf-profile-id`)

- Source IP address in CIDR notation (`match-attributes:source-ip-address`)

- Source IP address in CIDR notation (`match-attributes:destination-ip-address`)

- Source protocol port (allowed range [1,65535])(`match-attributes:source-port`)

- Destination protocol port (allowed range [1,65535(`match-attributes:destination-port`)

- IP protocol name. Protocol name should be as per IANA standard (`match-attributes:ip-proto`)

#### Example

Get the descriptors:

```bash

git clone --recursive https://osm.etsi.org/gitlab/vnf-onboarding/osm-packages.git

```

Onboard them:

```bash

cd osm-packages

osm vnfpkg-create src_vnfd

osm vnfpkg-create mid_vnfd

osm vnfpkg-create dest_vnfd

osm nspkg-create sfc_nsd

```

Launch the NS:

```bash

osm ns-create --ns_name sfc --nsd_name sfc_nsd --vim_account <VIM_ACCOUNT_NAME>|<VIM_ACCOUNT_ID>

osm ns-list

#### Testing

```bash

# In src_vnf and dest_vnf install the netcat

sudo apt install netcat -y

# In mid_vnf install tcpdump and run the tcpdump command to start the packet capture

sudo apt install tcpdump -y

sudo tcpdump -i <interface name>

# In dest_vnf, open a listener on port 90, waiting for a client to connect

sudo nc -l -p 90

# In src_vnf, run the below command. This command will connect to the server at <dest_vnf> ip-address on port 90

sudo nc <dest_vnf_ip_address> 90

# All the packets from src vnf to dest vnf should route only through the mid vnf.