ChainGuard: Controller-independent Verification of Service Function Chaining in Cloud Computing
Author: M. Flittner, J. Scheuermann, R. Bauer links:
Source: IEEE Conference on Network Function Virtualization and Software Defined Networks, Berlin, Germany, November 2017
Due to the abstraction of physical resources and heavy use of virtualization in the context of Service Func- tion Chaining (SFC), verification of the processing and that forwarding of traffic is handled correctly is very challenging. Such verification requires explicit support from the physical cloud infrastructure and – more important – relies on correct configuration and operation of the Cloud Management Platform. Therefore, we present ChainGuard, a tool that allows static verification of SFCs within a dynamic cloud environment in- dependently from the Cloud Management Platform. As a result, a target-actual comparison between the SFC configuration and the actual SFC deployment can be run continuously and faulty SFC realizations can be unveiled. In comparison to existing work, ChainGuard independently identifies SFC relevant parts of flow tables, allows the verification of the sequence of an SFC and is evaluated for migrations of service functions (cloud-awareness).