Internet protocol (IP) networks in the present environment tend to be complex and often overloaded. Within this context, it is necessary to develop a framework for providing some level of quality of service (also referred herein as "service quality") in the IP network. A common architecture of an IP-based corporate internet consists of several campus networks connected by a backbone network. The campus networks are typically high-speed local area networks (e.g., Ethernets, Token Rings, etc.) and are relatively free of congestion. The backbone network employs relatively slower links, and is more susceptible to congestion and packet losses. The main cause for such performance problems is that the demand for network bandwidth often exceeds the operating capacity of the backbone network.
One approach to solving the congestion problems in congested portions of a network is to use a reservation protocol, such as RSVP. Reservation protocols offer a service-quality on a per-connection basis, but are relatively complex to implement and exhibit inefficient resource allocation. An alternative approach is to place specialized software components at the edge of the network whose performance needs to be monitored. The specialized software component, or the edge-device, continuously monitors network traffic characteristics and performance. If the network supports means for distinguishing among packets of differing priority, the edge-device transforms the packets flowing into the backbone network in different manners. The edge-device also permits the flow of packets into the network to occur at a specified regulated rate. The different edge-devices in the network communicate with a directory server in the network to obtain information, such as classification rules, policy rules, pacing rates and network state information. The directory server is typically an X.500 directory, which is accessed using Lightweight Directory Access Protocol (LDAP).
The edge-device obtains the rules that determine the level to which a packet belongs by querying the directory server. The query may be made by triggers, such as the establishment of a new connection, or at periodic intervals. The packets are modified so that the routers in the backbone can readily determine the service level of a packet. The edge-devices collect statistics about the traffic flowing through them, and report the statistics to the directory server on triggers, such as expiration timer, or termination of a connection. They also collect performance statistics about packets that are received from the network backbone, and report these statistics to the directory server. In some situations, e.g., when the network is congested, edge-devices may restrict data traffic flow across part of the network below a specific rate. The edge-device obtains the values of the regulated rate by querying the directory server.
The classification rules stored in the directory server determine what service-level will be used for packets belonging to a particular connection. The rules typically specify source/destination IP addresses, source/destination port numbers used by TCP/UDP and the service level associated with this combination. In some networking environments, the classification rules are fairly static and are configured by the network. In other cases, an application may seek to update the rules when it is initiated and/or terminated.
The use of a directory server to manage network state offers several advantages. The directory server acts as a central administration point for network control. Devices in the network can access the information from their local directory, and also store their own information in the directory. Using a protocol such as X.500, the different directory servers regulate the distribution of data into multiple locations. Since directory access protocols offer security and authentication mechanisms, secure communication channels can be readily established.
However, the use of a centrally administered directory and directory server for control of network operations has some performance problems as enumerated below:
(1) Update Lag: An edge-device needs to maintain its classification rules consistent with the classification rules in a directory server capable of storing a large number of entries (e.g., millions of entries). In some cases, the edge-device may not be able to maintain a copy of all the rules, and may need to cache only a small portion of these rules. This portion of the rules depends on the current set of active applications and is likely to be dynamic. Furthermore, the rules stored in the directory server are subject to change. They may be changed by an operator, or applications may request that an update be made to enable them to operate at a specific service-level. Since the change in the rules occurs without the knowledge of the edge-device, there may be latency between the time an edge-device queries the directory for the classification rules (e.g., upon observing the first packet of a connection) and the time when the update occurs. Thus, the edge-device may be operating for some period using out-to-date classification rules.
(2) Server Overload: In order to facilitate improved network control, the edge-device needs to update the information maintained in the directory server about its statistics. When there are hundreds of edge-devices that need to store the information in the directory, the directory server can easily become overwhelmed with the volume of updates. Since each edge-device is operating asynchronously, it is possible for many of them to attempt to update the directory at the same time, and for some to be unable to connect for extended periods of time.
(3) Encrypted Data: When the IP payload is encrypted end-to-end using a protocol such as IP-sec, an intermediate box is unable to obtain information such as port numbers necessary to mark data. However, the intermediate box is responsible for ensuring that an untrustworthy user workstation is not sending improperly marked data in the network.
There is a need to address the problems of server overload when an intermediary edge-device is used to classify packets, and a directory server is used as the site for network administration.
Accordingly, it is an object of the present invention to provide a directory server which eliminates the problems associated with server overload.
It is a further object of the present invention to provide a directory server, which employs polling techniques to remedy the problems associated with server overload.
Another object of the present invention is to provide a method for reducing server overload, which can be easily incorporated into conventional directory servers.
It is also an object of the present invention to provide a directory server, which contacts the client nodes to facilitate the exchange of data with the client nodes.
It is also an object of the present invention to provide a directory server, which reduces the workload of edge-devices in the management of network service quality.
It is a further object of the present invention to provide a directory server, which automatically updates network regulating rules, such as classification rules, of an edge-device.