Cisco has developed
"Network Services Headers (NSH)", a new service chaining protocol, which is
added to the network traffic in the packet header to create a dedicated
services plane that is independent of the underlying transport protocol. In
general, NSH describes a sequence of service nodes that the packet must be
routed before reaching the destination address and adds metadata information
about the packet and service chain to an IP packet. The NSH protocol addresses
the growing requirement to deploy various services functions external to the
introduces NSH protocol support for P-GW and SAEGW products and supports the
decoding of NSH format in the P-GW/SAEGW.
parameters to be included for encoding in the variable header.
for selective traffic based on configuration.
tag values for parameters present in the variable header.
configuration of policies for acting on the decode parameters received in the
intelligence of encoding the NSH information in every packet of a flow or only
once per flow.
Important: In this release, selective encryption of parameters is not
How It Works
describes the working of NSH protocol support in Cisco's P-GW/SAEGW products.
The Uplink Packet
For the uplink
packet, P-GW/SAEGW adds the NSH, if the flow matches the specified criteria.
NSH has a variable length context header also.
The Downlink Packet
For the downlink
packet, P-GW/SAEGW processes and removes the NSH and applies policies based on
the extracted NSH parameters.
destination IP address for the outer IP packet is taken from the inner IP
By default, NSH
encapsulated packets use the port number 6633.
for NSH Framework
This section covers
configuration steps used in this feature for adding support for NSH framework.
This command has
been newly added in this release to display the nsh statistics. Following is
the output when you execute this command:
Total Encap Successful : 0
Total Decap Successful : 0
Total Encap Failed : 0
Memory Allocation : 0
Config Error : 0
Encryption Failed : 0
Total Decap Failed : 0
Config Error : 0
Invalid Length : 0
Unsupported Version : 0
Unsupported Next Protocol : 0
Next Protocol Mismatch : 0
Unsupported MD-Type : 0
Unsupported MD-Class : 0
Unsupported Type : 0
Received : 0
Dropped : 0
Unknown Context Header Type : 0
A new field
NSH-Rsp-Rcvd is added to the output of this command.
This field displays the matching of trigger condition based on NSH response.
The output of the above command is modified to display the following:
Service name: ACS
Matches per trigger: