Computer networks have become a key part of the corporate infrastructure. Organizations have become increasingly depending on intranets and the Internet and are demanding much greater levels of performance from their network infrastructure. The network infrastructure is being viewed: (1) as a competitive advantage; (2) as mission critical; (3) as a cost center. The infrastructure itself is transitioning from 10 Mb/s (megabits per second) capability to 100 Mb/s capability. Soon, infrastructure capable of 1 Gb/s (gigabits per second) will start appearing on server connections, trunks and backbones. As more and more computing equipment gets deployed, the number of nodes within an organization has also grown. There has been a doubling of users, and a ten-fold increase in the amount of traffic every year.
Network infrastructure applications monitor, manage and manipulate network traffic in the fabric of computer networks. The high demand for network bandwidth and connectivity has led to tremendous complexity and performance requirements for this class of application. Traditional methods of dealing with the se problems are no longer adequate.
Several sophisticated software applications that provide solutions to the problems encountered by the network manager have emerged. The main areas for such applications are Security, Quality of Service (QoS)/Class of Service (CoS) and Network Management Examples are: Firewalls; Instrusion Detection; Encryption; Virtual Private Networks (VPN); enabling services for ISPs (load balancing and such); Accounting; Web billing; Bandwidth Optimization; Service Level Management; Commerce; Application Level Management; Active Network Management
There are three conventional ways in which these applications are deployed:
(1) On general purpose computers. PA1 (2) Using single function boxes. PA1 (3) On switches and routers. PA1 Dividing the steps of packet processing into a multiplicity of pipeline stages and providing different functional units for different stages, thus allowing more processing time per packet and also providing concurrency in the processing of multiple packets, PA1 Providing custom, specialized Classification Engines which are micro-programmed processors optimized for the various functions common in predicate analysis and table searches for these sort of applications, and are each used as pipeline stages in different flows, PA1 Providing a general-purpose microprocessor for executing the arbitrary actions desired by these applications, PA1 Providing a tightly-coupled encryption coprocessor to accelerate common network encryption functions, PA1 Reducing or eliminating the need for the applications to examine the actual contents of the packet, thus minimizing the movement of packet data and the effects of that data movement on the processors's cache/bus/memory subsystem, and PA1 Either eliminating or providing special hardware to accelerate system overheads common to embedded network applications run on general purpose platforms, this includes special support for managing buffer pools, for communication among units and the passing of buffers between them, and for managing the network interface MACs (media access controllers) without the need for heavyweight device driver programs. PA1 Recognizing a common policy enforcement module for network infrastructure applications PA1 a policy enforcement module consisting of Classification and associated Action PA1 both stateless classification and stateful classification which uses sets PA1 Provision of a high level interface to packet level Classification and Action (Action and Classification Engine--ACE) PA1 Provision of the high level interface within common operating environments PA1 Policy can be changed dynamically PA1 Application partitioned into an AP module running on the AP (Application Processor) and a PE (Policy Engine) module running on the PE. PA1 AP can run operating systems will full services to facilitate application development PA1 PE functionality embodied as software running on AP as well as hardware and software running on the hardware PE PA1 A language interface to describe Classification and to associate Actions with the results of the Classification PA1 Language (NetBoost Classification Language-NCL) for Classification/Action PA1 Action code PA1 System components include PA1 ACE PA1 Operating environment for action code PA1 Resolver PA1 Compiler for NCL PA1 Plumber
It is instructive to examine the issues related to each of these deployment techniques.