A modern communication and data network may comprise network edge nodes, such as routers and other devices that interface with one or more other networks. Each network edge node may provide one or more network interfaces (e.g. ingress and egress ports) that transport data from one network to another network. The network interfaces may be configured to provide a variety of network features that may include, Access Control List (ACL), Quality of Service (QoS), Internet Protocol Security (IPsec), accounting, deep packet inspection (DPI) and tunneling. Network edge nodes may also be externally coupled to a variety of network appliances that provide different network services (e.g. Firewall) that enhance network performance and security. However, connecting and managing the multiplitude of network edge nodes and the assortment of external network appliances associated with each network edge node has seriously complicated Information Technology (IT) operations within a network.
One design option to reduce network complexity is to minimize the number and network appliances externally coupled to network edge nodes by integrating the network edge nodes and network appliances into an integrated edge node. Integrated edge nodes no longer need to rely on externally coupled network appliance to implement a service. For instance, an network appliance module may be attached to a network edge node to form an integrated edge node that may not only perform the routing functions found in a network edge node, but may also provide a network appliance service, such as Wide Area Application Services (WAAS). As a result, operators no longer need to externally couple and configure a network appliance to an integrated edge node already configured to provide the network service.
Although current integrated edge nodes may reduce network complexity, both integrated edge nodes and coupling external network appliances lack the ability to dynamically create data paths between network appliances and network edge nodes. When network appliances and network edge nodes are externally coupled, physical links fix the data paths between the two different types of nodes. For example, a network appliance may be externally coupled between a core network node and a network edge node. Data traffic traveling from the core network node must initially travel on a fixed path through the network appliance before reaching the network edge node. In this scenario, the data traffic may not be rerouted such that the network edge node receives the data traffic before the network appliance. Fixed data paths also exists for integrated edge nodes because the internal network appliances and internal network edge nodes are physically connected to each other.
Additionally, current configurations of integrated edge nodes and externally coupled network appliances lack the flexibility of dynamically applying network features (e.g. ACL) at the edge of a network. At the edge of a network, network edge nodes are configured to apply network features at the physical interfaces of network edge nodes, and thus the location of the network edge node fixes where a network may apply a network feature. Unfortunately, a network appliance service may require some network features (e.g. DPI, ACL, and accounting) to be implemented before applying the network appliance service, while other network features need to be implemented afterwards (e.g. QoS and IPsec). Thus, new technology is necessary to improve traffic routing and network feature flexibility at the edge of a network.