Packet data communication networks play a crucial role in today's economy. The Internet is but the most prominent example of a packet data network. In years to come, the conduct of most business will be dependent on packet data communication to some degree.
Packet data communication is used in many contexts. For example, companies are providing remote access to internally developed applications by way of connections on packet data networks. This allows corporate applications to be extended to branch offices, business partners, or other third parties. Packet data communication is also used by companies to access subscriptions to value-added applications provided by Application Service Providers (“ASPs”). ASPs set up applications in a data center and offer remote usage of the applications as a billable service. Some example services offered by ASPs include video-conferencing, computer-aided design, etc.
Whether internally or externally sourced, the use of distributed applications is increasing rapidly. The operators of packet data communication networks (“carriers”) want to take advantage of this trend by supplementing their current bandwidth-oriented service offerings with value-added services. The market for providing value-added services is a valuable business opportunity to carriers. Value-added services typically provide higher profit margins than bandwidth-oriented services. Carriers may offer their own services (i.e. they may take on the role of an ASP). They may enter into business arrangements to market services provided by third party ASPs. They may even market services based on applications that were originally developed for internal enterprise use.
Unfortunately existing networks are not by default suited to the delivery of value added services. It is difficult to control the QoS experienced by the user. Networks normally don't restrict access to paying customers. Data is not collected to verify that the necessary QoS was provided or to bill for service usage. Security is implemented manually and separately for each situation requiring valuable data to be protected.
Current packet data networks typically pass packets from a source to a destination by way of a series of nodes. At each node, packets are received and forwarded over data links to other nodes until they reach their destinations. Typically a network device, such as a router, is located at each node. Routers are used to direct packets toward their destinations. Ideally a packet from any source on a network can be forwarded to any destination on the network. Routers typically forward packets using the First In First Out (“FIFO”) model (whereby packets are forwarded in the order in which they are received). As a result, packets associated with a time sensitive important business transaction worth millions of dollars may be queued in a router behind packets associated with relatively less important applications such as distributed gaming.
In a public network there can be very large volumes of data packets of relatively low importance. Significant bandwidth within the network can be consumed by low priority web surfing or the like. There is currently no consistent way of providing guaranteed bandwidth and low delay communication for applications such as video and audio conferencing across such a network.
Some routers can be configured to support alternative QoS enhancing forwarding mechanisms in addition to FIFO. Unfortunately there are many varied mechanisms and few standards. Each type of mechanism typically has a unique conceptual basis and requires a correspondingly unique set of parameters to be configured. To configure a router to handle a single service anywhere from zero to twenty or more parameters should be configured.
Some routers can be configured to control access to selected destinations by identifying traffic (packets) from specific users or groups of users. This capability can be used to allow or deny access to specific services. Disallowed traffic is discarded.
Data collection in support of Service Level Agreement (“SLA”) measurement is starting to appear, but the collected data is very coarse-grained. The data collected usually summarizes usage by a group of users rather than providing details about the use of a service by any individual user. Using current tools it is difficult to determine whether an individual user, or an instance of an application that a user is using, received an adequate level of service from the network. When detailed data can be collected, it is typically collected for all packets passing through the router. The router usually does not allow data collection to occur selectively for different categories of traffic. The resulting torrent of collected data may even be more voluminous than the packets being measured. Data collection in support of billing for service usage is almost unheard of.
Security technology (for example, IPsec, SSL) is only now becoming widely available. Routers supporting this technology can be configured to authenticate and automatically encrypt packets as they are transported across a network. In the case of IPsec, approximately 15 to 20 parameters should be configured to handle a single service.
It can be appreciated that, while some thought has been directed to how some of the above features might be provided, the technologies available to implement these features are immature and just starting to be deployed. It is impossible to retrofit some of these features into many of the routers already deployed in current networks.
The task of configuring current networks to provide needed features is further complicated because large networks may include many different types of routers, each with its own capabilities and configuration requirements. When a network incorporates routers from multiple vendors, it requires a great degree of skill to configure the diverse mechanisms in a consistent manner to satisfy the requirements of the offered value-added service. Vendors and standards bodies have developed many conceptually diverse technologies. There is little consistency between the approaches used by various vendors.
In some cases, overall requirements may be met by coordinating the configuration of a service across multiple routers whose overlapping feature sets allow all of the requirements to be met when individually no single router in the network is capable of meeting all of the requirements. For example an upstream router may perform traffic shaping to implement QoS whereas a downstream router implements security or access control. Coordinated deployment of a service across multiple routers with incomplete feature sets requires even greater skill.
Packet data networks, such as the Internet, are continually growing. There are many routers to be configured and managed. To satisfy the access control, QoS, security, and data collection requirements of an offered service, many routers are configured separately for each service and often for each subscriber.
A moderate number of parameters are configured in each router to deploy a subscribed service. If an average human performs manual configurations with an accuracy of 95–99%, it will often be the case that there will be at least one error somewhere in the configuration of each configured service. It is extremely difficult for humans to perform this sort of manual configuration consistently and accurately.
There is a need for solutions to these problems if the market for value-added services is to expand.