By Vishwas Manral, Distinguished Technologist, HP Networking, Advanced Technology Group
I have always tried to explore new topics in my blog and this time is no different. I recently saw the new draft posted by the Internet Engineering Task Force (IETF) that caught my attention. It is called Stateless Transport Tunneling (STT). But before I go any deeper on what it is, let’s take a few steps back.
Last year was the year of VxLAN and NVGRE grabbing the cloud-world headlines! These solutions solved the multi-tenancy requirements in a virtualized data center by adding overlay tunnels (UDP in case of VxLAN and GRE in case of NVGRE). These complement solutions like TRILL and PBB that have existed for some time and are supported by various vendors. Stateless Transport Tunneling (STT) is the latest shiny new entrant trying to solve a similar problem in the already crowded field.
What is STT?
STT as defined in the draft is used for end-point-to-end-point tunneling and uses the TCP Segmentation Offload Capabilities (TSO) provided on Network Interface Card’s (NIC’s) resident on servers. The document is supported by Nicira, Broadcom, eBay, Rackspace, Intel and Yahoo. It uses the STT header and segments are sent encapsulated in the TCP header.
The fact that STT uses the NIC TSO capabilities is a great advantage. One of the big questions raised about software-based forwarding paradigms has been the performance, and that is what the STT solution is out to solve. Think of the case where a firewall/NAT where the NIC reassembles packets into huge 64k chunks and the number of packets that the middle box needs to look at is reduced considerably, maybe up to 50 times. I think this is a huge boost as we move into software-based paradigms.
Most current solutions have come up for support of up to 16 M tenants (24 bits). The STT solutions uses (64 bits) for the same, which multiplies the number of tenants by a considerable order of magnitude – no matter if that is required or not (it could help with flexibility in using the tenant space). The STT header also carries the VLAN tag besides the 64 bits mentioned above.
STT uses TCP segmentation to send out packets. This helps with the fact that there is no STT header overhead per packet for the segment header (though we still have the TCP header overhead). It also helps to make best use the link MTU.
If all communication were between servers in the same domain, the solution would be good in a lot of cases. However as we know, there is still north-south traffic coming into a data center (even though east-west traffic is now the bigger chunk). Since not every servers in the Internet will support this (or we may not virtualize every server), it means that the STT tunnels will have to be terminated somewhere in the data center. The problem however is that now such devices will need to be stateful and meticulously reassemble packets before they can be sent out for thee Stateless Transport Protocol to work (sounds like an anomaly).
Such traffic has to traverse firewalls/IDS/IPS and a lot of the other middle boxes if it has to be used end-to-end which looks deeper into the packet. If this were to happen with the STT solution, packets would need to be reassembled before they are sent out. This could lead to large overhead. For VxLAN or NVGRE as each native packet contains an outer packet, we can simply strip the outer header and we are god to go. We would not need to first reassemble the entire upper layer packet statefully.
There are probably other misgivings like TCP overhead, no ASIC support or mistaken middle boxes but the above concern seems to be so big that this could push the solution to be a niche solution – one to only be applied in particular markets only.
A final word on STT with a view to cloud computing
The efficacy of the new encapsulation technology will depend on the use cases and scenarios you may have. I hope the pros and cons defined will help you decide whether the technology is just another wannabe or the shiny new thing in the cloud-filled firmament. Let me know what you think on this topic!
You may also want to read: