A computer network generally comprises a plurality of interconnected electronic elements that transmit or receive data frames. A common type of computer network is a local area network (“LAN”) that generally comprises a privately owned network within a single building or campus. LANs employ a data communication protocol such as Ethernet, FDDI or Token Ring, which defines the functions performed by the data link and physical layers of the LAN. The Open Systems Interconnection (OSI) Reference Model is used to identify the nature of communications that occur at different logical levels of a network. In many instances, multiple LANs may be interconnected by point-to-point links, microwave transceivers, satellite hookups, etc., to form a wide area network (“WAN”), campus network or Intranet. These internetworks may be coupled through one or more gateways to the global, packet-switched internetwork knows as Internet.
Each network element operates using network communication software, e.g., in accordance with Transport Control Protocol/Internet Protocol (TCP/IP). TCP/IP generally consists of rules defining how network elements interact, and defines communication layers that include a transport layer and a network layer. At the transport layer, TCP/IP includes both the User Data Protocol (UDP), which is a connectionless transport protocol, and TCP, which is a reliable, connection-oriented transport protocol.
One or more intermediate network devices are often used to couple LANs together and allow the corresponding entities to exchange information. A bridge may be used to provide a “bridging” function between two or more LANs, or a switch may be utilized to provide a “switching” function for transferring information, such as data frames or packets, among entities of a computer network. Switches may operate at various levels of the communication stack. For example, a switch may operate at Layer 2 (the data link layer, in the OSI Reference Model), which includes the Logical Link Control (LLC) and Media Access Control (MAC) sub-layers.
Other intermediate devices, e.g., routers, may operate at higher layers, such as Layer 3, which in TCP/IP networks corresponds to the Internet Protocol (IP) layer. IP data packets each include a header that contains an IP source address and an IP destination address. Routers or Layer 3 switches may re-assemble or convert received data frames from one LAN standard (e.g., Ethernet) to another (e.g., Token Ring). Thus, Layer 3 devices are often used to interconnect dissimilar subnetworks. Some Layer 3 intermediate network devices may also examine the transport layer headers of received messages to identify the corresponding TCP or UDP port numbers being utilized by the corresponding network entities. Many applications are assigned specific, fixed TCP and/or UDP port numbers in accordance with Request For Comments (RFC) 1700. For example, TCP/UDP port 80 corresponds to the Hypertext Transport Protocol (HTTP), while port 21 corresponds to File Transfer Protocol (FTP) service.
Computer networks include numerous services and resources for use in moving traffic throughout the network. For example, different network links, such as Fast Ethernet, Asynchronous Transfer Mode (ATM) channels, network tunnels, satellite links, etc., offer unique speed and bandwidth capabilities. Particular intermediate devices also include specific resources or services, such as number of priority queues, filter settings, availability of different queue selection strategies, congestion control algorithms, etc.
Individual frames or packets can be marked so that intermediate devices may treat them in a predetermined manner. For example, the Institute of Electrical and Electronics Engineers (IEEE) describes additional information for the MAC header of Data Link Layer frames in Appendix 802.1p to the 802.1D bridge standard.
A Data Link frame includes a MAC destination address (DA) field, a MAC source address (SA) field and a data field. According to the 802.1Q standard, a user_priority field, among others, is inserted after the MAC SA field. The user_priority field 108 may be loaded with a predetermined value (e.g., 0-7) that is associated with a particular quality of service treatment for the packet, such as background, best effort, excellent effort, etc. Network devices, upon examining the user_priority field of received Data Link frames, apply the corresponding treatment to the frames. For example, an intermediate device may have a plurality of transmission priority queues per port, and may assign frames to different queues of a destination port on the basis of the frame's user priority value.
A Network Layer packet based on Internet Protocol includes a type_of_service (ToS) field, a protocol field, an IP source address (SA) field, an IP destination address (DA) field and a data field. The ToS field is used to specify a particular service to be applied to the packet, such as high reliability, fast delivery, accurate delivery, etc., and comprises a number of sub-fields. The sub-fields may include a 3-bit IP precedence (IPP) field and three one-bit flags that signify Delay, Throughput, and Reliability. By setting the flags, a device may indicate whether delay, throughput, or reliability is most important for the traffic associated with the packet. Version 6 of Internet Protocol (IPv6) defines a traffic class field, which is also intended to be used for defining the type of service to be applied to the associated packet.
A working group of the Internet Engineering Task Force (IETF) has proposed replacing the ToS field of Network Layer packets with a one-octet differentiated services (DS) field that can be loaded with a differentiated services codepoint value. Layer 3 devices that are DS compliant apply a particular per-hop forwarding behavior to data packets based on the contents of the DS field. Examples of per-hop forwarding behaviors include expedited forwarding and assured forwarding. The DS field is typically loaded by DS compliant intermediate devices located at the border of a DS domain, which is a set of DS compliant intermediate devices under common network administration. Thereafter, interior DS compliant devices along the path apply the corresponding forwarding behavior to the packet.
A Transport Layer packet includes a source port field, a destination port field, and a data field, among others. Such fields preferably are loaded with the TCP or UDP port numbers that are utilized by corresponding network entities.
To interconnect dispersed computer networks, many organizations rely on the infrastructure and facilities of Internet Service Providers (ISPs). Each organization enters into a service-level agreement with its ISP. The service level agreements include one or more traffic specifications. The traffic specifications may place limits on the amount of resources that the organization may consume for a given price. For example, an organization may agree not to send traffic that exceeds a certain bandwidth, e.g., 1 Mb/s. Traffic entering the service provider's network is monitored to ensure that it complies with the relevant traffic specifications and is thus “in profile.” Traffic that exceeds a traffic specification, and is therefore “out of profile,” may be dropped or shaped or may cause an accounting change. Alternatively, the service provider may mark the traffic as exceeding the traffic specification, but allow it to proceed through the network anyway. If there is congestion, an intermediate network device may drop such marked traffic first in an effort to relieve the congestion.
A process executing at a network entity may generate hundreds or thousands of traffic flows that are transmitted across a network. Generally, a traffic flow is a set of messages (frames and/or packets) that typically correspond to a particular task, transaction or operation (e.g., a print transaction) and may be identified by various network and transport parameters, such as source and destination IP addresses, source and destination TCP/UDP port numbers, and transport protocol.
The treatment that is applied to different traffic flows may vary depending on the particular traffic flow at issue. For example, an online trading application may generate stock quote messages, stock transaction messages, transaction status messages, corporate financial information messages, print messages, data backup messages, etc. A network administrator may wish to apply a different policy or service treatment (“quality of service” or “QoS”) to each traffic flow. For example, the network administrator may want a stock quote message to be given higher priority than a print transaction, or may wish to assign a higher priority to packets relating to a $1 million stock transaction message for a premium client as compared to than a $100 stock transaction message for a standard customer.
In current approaches, QoS policies may be defined in abstract form, but deployment of the policies requires conversion of the policies from the abstract format into one or more commands formatted according to the Command Line Interface (CLI) or similar command language. Some such command languages have arcane syntactical requirements and numerous parameter values. Thus, creating correct CLI commands may require extensive knowledge of routers and the CLI language, commands and parameters.
Based on the foregoing, there is a clear need in this field for a way to create quality of service policies in an intermediate representation that is more abstract than CLI commands, but more specific than a policy itself.
Another problem in this field involves deploying new policies to devices that already contain other configuration information. Each QoS policy is deployed to or deleted from a device on top of a current device configuration. It is critical to deploy the QoS policy without disrupting the pre-existing configuration, and without introducing operational changes that counteract existing operational modes.
Accordingly, there is a specific need for a way to represent QoS policies in an abstract manner,while taking into account the current configuration of a device.