Entities, such as colleges and universities, are growing increasingly dependent on computer network infrastructures to provide services and accomplish tasks. Indeed, a wide variety of administrative and educational tasks are now allocated to servers operably connected to a campus network. Moreover, Internet or other wide area computer network access is a standard and expected aspect of the services provided to students by colleges and universities. As the number of users, applications and external traffic increases, however, network congestion forms, impairing computer network performance. For example, peer-to-peer file sharing technologies, such as Napster, Morpheus, and the like, have unleashed a relative explosion of network utilization among college students creating myriad problems for network administrators and degrading the quality of service provided to other uses of the network. Network administrators, therefore, are constantly challenged with determining the volume, origin and nature of network traffic to align network resources with educational and administrative priorities and applications.
The widely-used TCP/IP protocol suite, which implements the world-wide data communications network environment called the Internet and is employed in many local area networks, intentionally omits any explicit supervisory function over the rate of data transport over the various devices that comprise the network. While there are certain perceived advantages, this characteristic has the consequence of juxtaposing very high-speed packets and very low-speed packets in potential conflict and produces certain inefficiencies. Certain loading conditions degrade performance of networked applications and can even cause instabilities which could lead to overloads that could stop data transfer temporarily.
In order to understand the context of certain embodiments of the invention, the following provides an explanation of certain technical aspects of a packet based telecommunications network environment. Internet/Intranet technology is based largely on the TCP/IP protocol suite, where IP (Internet Protocol) is the Open Systems Interconnection (OSI) model network layer protocol and TCP (Transmission Control Protocol) is the OSI transport layer protocol. At the network level, IP provides a “datagram” delivery service—that is, IP is a protocol allowing for delivery of a datagram or packet between two hosts. By contrast, TCP provides a transport level service on top of the datagram service allowing for guaranteed delivery of a byte stream between two IP hosts. In other words, TCP is responsible for ensuring at the transmitting host that message data is divided into packets to be sent, and for reassembling, at the receiving host, the packets back into the complete message.
TCP has “flow control” mechanisms operative at the end stations only to limit the rate at which a TCP endpoint will emit data, but it does not employ explicit data rate control. The basic flow control mechanism is a “sliding window”, a time slot within an allowable window which by its sliding operation essentially limits the amount of unacknowledged transmit data that a transmitter can emit. Another flow control mechanism is a congestion window, which is a refinement of the sliding window scheme involving a conservative expansion to make use of the full, allowable window. A component of this mechanism is sometimes referred to as “slow start.”
The sliding window flow control mechanism works in conjunction with the Retransmit Timeout Mechanism (RTO), which is a timeout to prompt a retransmission of unacknowledged data. The timeout length is based on a running average of the Round Trip Time (RTT) for acknowledgment receipt, i.e. if an acknowledgment is not received within (typically) the smoothed RTT+4*mean deviation, then packet loss is inferred and the data pending acknowledgment is re-transmitted. Data rate flow control mechanisms which are operative end-to-end without explicit data rate control draw a strong inference of congestion from packet loss (inferred, typically, by RTO). TCP end systems, for example, will “back-off,”—i.e., inhibit transmission in increasing multiples of the base RTT average as a reaction to consecutive packet loss.
A crude form of bandwidth management in TCP/IP networks (that is, policies operable to allocate available bandwidth from a single logical link to network flows) is accomplished by a combination of TCP end systems and routers which queue packets and discard packets when some congestion threshold is exceeded. The discarded and therefore unacknowledged packet serves as a feedback mechanism to the TCP transmitter. Routers support various queuing options to provide for some level of bandwidth management. These options generally provide a rough ability to partition and prioritize separate classes of traffic. However, configuring these queuing options with any precision or without side effects is in fact very difficult, and in some cases, not possible. Seemingly simple things, such as the length of the queue, have a profound effect on traffic characteristics. Discarding packets as a feedback mechanism to TCP end systems may cause large, uneven delays perceptible to interactive users. Moreover, routers can only control outbound traffic. A 5% load or less on outbound traffic can correspond to a 100% load on inbound traffic, due to the typical imbalance between an outbound stream of acknowledgments and an inbound stream of data.
In response, certain data flow rate control mechanisms have been developed to provide a means to control and optimize efficiency of data transfer as well as allocate available bandwidth among a plurality of users. For example, U.S. Pat. No. 6,038,216 discloses a method for explicit data rate control in a packet-based network environment without data rate supervision. Bandwidth management devices allow for explicit data rate control for flows associated with a particular traffic classification. Bandwidth management devices allow network administrators to specify policies operative to control and/or prioritize the bandwidth allocated to individual data flows according to traffic classifications. In addition, certain bandwidth management devices allow network administrators to divide available bandwidth into partitions to ensure a minimum bandwidth and/or cap bandwidth as to a particular class of traffic or individual user.
To avoid the costs and degradation in network performance caused by a disproportionate number of data flows generated by a small number of users, network administrators are essentially tasked with policing the network; that is, network administrators must manually identify users with unacceptably large network utilizations and configure network policies to limit the network traffic generated by them or cut them off completely. Recognizing the importance of network access to students, however, network administrators are hesitant to deny network access and often restore access after a period of time. Even with data flow rate control mechanisms, however, computer networks have no effective mechanism to limit the volume of traffic generated by users on an individual basis. Unlike the large telecommunications networks that have substantial infrastructure dedicated to tracking utilization on an individual basis, packet-based computer network environments do not typically include such functionality, let alone functionality to limit the volume of network traffic generated by individual users. In addition, while some web hosting enterprises include technologies that track and limit monthly data transfer associated with a hosted site, such technologies are not adapted to meet the needs of controlling or enforcing volume-based network policy to limit network utilization among a plurality of users. Accordingly, a need in the art exists for methods, apparatuses and systems allowing for deployment of volume-based network policy across a computer network. The present invention substantially fulfills this need.