Traffic Steering in Large-scale Public Cloud

More and more complex services composed of a series of sequentially arranged middleboxes which are mainly used to meet the requirements of advanced services such as security services, auditing services, monitoring services, personalized enterprise services, and so forth, are increasingly deployed in cloud data centers of public cloud. SFC (Service Function Chaining) is a technique that facilitates the enforcement of complex services and differentiated traffic forwarding policies, dynamically steering the traffic through an ordered list of service functions. Flow table-based traffic steering scheme is commonly adopted in SDN-enabled scenarios, which consumes too many flow entries and is unsuitable for large-scale public clouds in steering traffic between VNFs (Virtual Network Function) inside of VPC (Virtual Private Cloud). Legacy PBR (Policy-based Routing) based schemes which are widely used in traditional physical networks cannot fulfill the requirements of fully distributed routing architectures of large-scale public clouds. In this paper, we present a PBR and unsymmetrical NAT (Network Address Translation) converged scheme to structure SFC in a fully distributed routing architecture. The scheme uses distributed PBR rules to steer traffic between an ordered list of VNFs located on different nodes while performing NAT on different nodes for ingress/egress traffic of a specific flow to avoid asymmetry of packet headers which may lead to failures of communication. The proposed scheme brings no overhead in data transmission, eliminates extra configurations on each middle box of the chain, and is scalable to support the scenarios of large-scale public cloud.