The invention relates generally to the control of packet flows through a network device, such as a multiport switch. More particularly, the invention relates to controlling packet flows with multiple bandwidth policing rules.
Packet-based networks are now being utilized to deliver a combination of voice, video, and/or data. Because voice, video, and data have different quality of service (QoS) requirements, and because of the inherent bandwidth limitations in most packet-based networks, it is often necessary to break network traffic down into individual flows, so that the bandwidth consumed by each individual flow can be individually regulated.
An individual xe2x80x9cflowxe2x80x9d is defined as a sequence of packets that have the same characteristics. Characteristics of a flow being transmitted according to the Internet Protocol (IP) are typically identified from the packet headers. For example, in an IP packet, the packet header contains information that may include the source IP address, the destination IP address, the source port number, the destination port number, the type of service, and the IP sub-protocol. Additional flow characteristics may include the port of entry of the packet into the network device. The flow characteristic information is typically utilized to classify incoming traffic into individual flows.
Once incoming traffic has been classified into individual flows, the bandwidth consumed by each flow can be individually regulated by applying a specific traffic control rule to each flow. A traffic control rule typically has a one-to-one relationship to a flow and sets a rate limit, identified as a number of bits, or bytes, per second, that can be passed on, or forwarded, within the network device. FIG. 1 is a depiction of packet traffic within a network device, such as a switch and/or router, that has been broken down into four individual flows, flow A, flow B, flow C, and flow D. Each flow is regulated by a traffic control rule that is specific to the respective flow. For example, flow A is regulated by traffic control rule 1 (TCR 1) 102, flow B is regulated by traffic control rule 2 (TCR 2) 104, flow C is regulated by traffic control rule 3 (TCR 3) 106, and flow D is regulated by traffic control rule 4 (TCR 4) 108. As shown in FIG. 1, there is a one-to-one correspondence between the identified flows and the traffic control rules. Network traffic that does not exceed its allocated bandwidth is passed on within the network device.
In order to provide more control over a particular flow, it may be advantageous to apply more than one traffic control rule to the flow. FIG. 2 is a depiction of four flows that are each regulated by more than one traffic control rule. For example, flow A is regulated by traffic control rule 1 (TCR 1) 202, traffic control rule 5 (TCR 5) 204, and traffic control rule 9 (TCR 9) 206, where each of the traffic control rules are implemented independently of each other. Similar to FIG. 1, there is a one-to-one correspondence from applied traffic control rules to the identified flows. That is, each traffic control rule is applied to one and only one flow. Although the application of more than one traffic control rule to a flow allows for precise control of a flow, it does not allow multiple flows to be regulated as a group. While it is desirable to have the ability to precisely regulate an individual flow, it is also desirable to be able to regulate the aggregate flow of a group of flows.
In prior art network devices, the regulation of a group of flows can only be achieved by designating more generic flows. For example, referring back to FIG. 1, if it is necessary to regulate flows A and B as a group, then the incoming traffic stream must be classified into a more generic flow that includes the flow characteristics of both flow A and flow B. A single traffic control rule can then regulate the more generic flow. While creating a more generic flow classification allows a more generic flow to be regulated by a single traffic control rule, creating a single flow classification eliminates the ability to individually regulate more narrowly defined flows (e.g., flow A, flow B, flow C, and flow D).
In view of the need to regulate the bandwidth consumption of a flow on an individual basis, and in view of the need to regulate the aggregate bandwidth consumption of a group of flows, what is needed is a method and a system that allow the same flow to be regulated on a one-to-one basis and on a group basis.
A method and a system for controlling data flow through a network device involve regulating a first flow of network traffic with a first traffic control rule, regulating a second flow of network traffic with a second traffic control rule, and then regulating the passed portion of the two flows with a third traffic control rule that is generic to both the first flow and the second flow. The third traffic control rule regulates the passed portions of the first flow and the second flow on an aggregate basis, such that the total amount of traffic passed by the third traffic control rule does not exceed a predefined bandwidth limit. By regulating the bandwidth consumption of a group of flows with at least two levels of traffic control rules, bandwidth consumption can be simultaneously controlled for narrowly defined flows and more broadly defined flows.
In an embodiment, two flows of network traffic are regulated by three traffic control rules, with at least one of the three traffic control rules applying to both of the flows. Initially, the two flows are individually regulated by traffic control rules that apply to the two flows on a one-to-one basis. The two flows are also regulated, on an aggregate basis, by a third traffic control rule that applies to both of the flows. The third traffic control rule is referred to as a xe2x80x9cgeneric,xe2x80x9d or xe2x80x9ccoarse,xe2x80x9d rule because it applies to a broader category of flows.
In an example, a first traffic control rule may apply to a flow from source A of type X, a second traffic control rule may apply to a flow from source B of type X, and a third, more generic, traffic control rule may apply to a flow of type X that is from any source. The third, more generic, traffic control rule is applied to relevant flows on an aggregate basis, such that the combined bandwidth consumed by all flows within the generic category does not exceed the limit enforced by the third traffic control rule.
In operation, if the third traffic control rule is implemented as, for example, a token bucket, then the same bucket is decremented each time a packet is passed by the third traffic control rule, regardless of which flow the packet is from. In an embodiment, the third traffic control rule is applied to the two flows on a first come first serve basis, such that the available bandwidth is allocated to the first arriving packets. As a result of applying the same traffic control rule to the aggregate of two flows, the two flows are regulated as a group. The regulation of a group of flows is in addition to the regulation of individual flows that is provided by the lower level traffic control rules.
It should be appreciated that more than two flows can be regulated by a generic traffic control rule. In addition, more than two levels of traffic control rules can be implemented. Moreover, it is not necessary to regulate each flow with the same number of traffic control rules.
The application of traffic control rules to multiple flows on an aggregate basis is preferably implemented in hardware. In an embodiment, an application specific integrated circuit (ASIC), that is capable of applying traffic control rules to more than one flow on an aggregate basis, includes a flow classifier, a rule selector, and various traffic control units. The flow classifier is a hardware based unit that takes an incoming stream of packets and classifies the packets by flow. The flow classifier utilizes header information and the port of entry from incoming packets to classify flows.
The rule selector is a functional unit that matches flows to traffic control units. The traffic control units are the dedicated circuits that implement the different traffic control rules.
In operation, packets entering the ASIC are classified into flows by the flow classifier. The rule selector then identifies the traffic control units that are to be applied to the classified flows. The traffic control units then regulate the flows according to the bandwidth limits of the respective traffic control rule. If more than one flow is mapped to the same traffic control unit, then the traffic control unit regulates all applicable flows on an aggregate basis. Packets from flows that meet all applicable traffic control rules are forwarded from the ASIC to a next location. In a preferred embodiment, the system and method are utilized to regulate network traffic before the traffic is passed through a switch fabric of a switch or router.