1. Technical Field
The present invention relates to communication networks and, in particular, providing an enhanced quality of service (QoS) to selected traffic flows within a network.
2. Description of the Related Art
For network service providers, a key consideration in network design and management is the appropriate allocation of access capacity and network resources between traffic originating from network service customers and traffic originating from outside the service provider's network (e.g., from the Internet). This consideration is particularly significant with respect to the traffic of network customers whose subscription includes a Service Level Agreement (SLA) requiring the network service provider to provide a minimum communication bandwidth or to guarantee a particular Quality of Service (QoS) for certain flows. Such service offerings require the network service provider to implement a network architecture and protocol that achieve a specified QoS and that enforce admission control to ensure sufficient access capacity and network resources are available for customers.
In Internet Protocol (IP) networks, a straightforward approach to achieving QoS and implementing admission control comparable to that of connection-oriented network services, such as voice or Asynchronous Transfer Mode (ATM), is to emulate the same hop-by-hop switching paradigm of signaling resource reservations for the flow of IP packets requiring QoS. In fact, the IP signaling standard developed by the Internet Engineering Task Force (IETF) for Integrated Services (Intserv or IS) adopts precisely this approach. As described in IETF RFC 1633, Intserv is a per-flow IP QoS architecture that enables applications to choose among multiple, controlled levels of delivery service for their data packets. To support this capability, Intserv permits an application at a transmitter of a packet flow to use the well-known Resource ReSerVation Protocol (RSVP) defined by IETF RFC 2205 to initiate a flow that receives enhanced QoS from network elements along the path to a receiver of the packet flow.
RSVP is a QoS signaling protocol on the control plane of network devices that is utilized to request resources for a simplex flows (i.e., RSVP requests resources for a unidirectional flow). RSVP does not have routing functions, but is instead designed to operate with unicast and multicast routing protocols to ensure QoS for those packets that are forwarded in accordance with routing (i.e., RSVP consults the forwarding table (as populated by routing) in order to decide the downstream interface on which policy and admission control for QoS are applied).
FIG. 1 is a block diagram of an Intserv nodal processing model that utilizes RSVP to achieve QoS in accordance with RFC 2205. As illustrated, a transmitting host 100 executes an application 104, which transmits data (e.g., video distribution or voice-over-IP (VoIP)) that requires a higher QoS than the “best effort” QoS generally accorded Internet traffic. Between transmitting host 100 and a receiving host 118 are coupled one or more additional nodes, such as router 102, which implements a routing process 116.
In the control plane, each network node includes an RSVP process 106 that supports inter-node communication of RSVP messages, a policy control block 108 that determines if a user has administrative permission to make a resource reservation for an enhanced QoS flow, and an admission control block 110 that determines whether or not the node has sufficient outgoing bandwidth to supply the requested QoS. In the data plane, each node further includes a packet classifier 112, which identifies packets of a flow and determines the QoS class for each packet, and a packet scheduler 114, which actually achieves the QoS required for each flow in accordance with the packet classification performed by packet classifier 112.
To initiate an RSVP session, application 104 transmits a PATH message, which is sequentially passed to the RSVP process 106 at each node between transmitting host 100 and receiving host 118. Although transmitting host 100 initiates the RSVP session, receiving host 118 is responsible for requesting a specified QoS for the session by sending a RESV message containing a QoS request to each network node along the reverse path between receiving host 118 and transmitting host 100. In response to the receipt of the RESV message, each RSVP process 106 passes the reservation request to its local policy control module 108 and admission control block 110. As noted above, policy control block 108 determines whether the user has administrative permission to make the reservation, and admission control block 110 determines whether the node has sufficient available resources (i.e., downstream link bandwidth) to supply the requested QoS. If both checks succeed at all nodes between transmitting host 100 and receiving host 118, each RSVP process 106 sets parameters in the local packet classifier 112 and packet scheduler 114 to obtain the desired QoS, and RSVP process 106 at transmitting host 100 notifies application 104 that the requested QoS has been granted. If, on the other hand, either check fails at any node in the path, RSVP process 106 at transmitting host 100 returns an error notification to the application 104.
Although conceptually very simple, Intserv QoS provisioning has limited scalability because of the computationally intensive RSVP processing that is required at each network node. In particular, RSVP requires per-flow RSVP signaling, per-flow classification, per-flow policing/shaping, per-flow resource management, and the periodic refreshing of the soft state information per flow. Consequently, the processing required by Intserv RSVP signaling is comparable to that of telephone or ATM signaling and requires a high performance (i.e., expensive) processor component within each IP router to handle the extensive processing required by such signaling.
In recognition of the scalability and other problems associated with implementing IP QoS utilizing conventional Intserv RSVP signaling, the IETF promulgated the Differentiated Services (Diffserv or DS) protocol defined in RFC 2475. Diffserv is an IP QoS architecture that achieves scalability by conveying an aggregate traffic classification within a DS field (e.g., the IPv4 Type of Service (TOS) byte or IPv6 traffic class byte) of each IP-layer packet header. The first six bits of the DS field encode a Diffserv Code Point (DSCP) that requests a specific class of service or Per Hop Behavior (PHB) for the packet at each node along its path within a Diffserv domain.
In a Diffserv domain, network resources are allocated to packet flows in accordance with service provisioning policies, which govern DSCP marking and traffic conditioning upon entry to the Diffserv domain and traffic forwarding within the Diffserv domain. The marking and conditioning operations need be implemented only at Diffserv network boundaries. Thus, rather than requiring end-to-end signaling between the transmitter and receiver to establish a flow having a specified QoS, Diffserv enables an ingress boundary router to provide the QoS to aggregated flows simply by examining and/or marking each IP packet's header.
As described in RFC 2998 and as illustrated in FIG. 2, Integrated Services can be implemented over a Differentiated Services domain. In the network model illustrated in FIG. 2, edge routers (ERs) 120, 128 connect Integrated Services-aware customer LANs (not shown) to boundary routers (BRs) 122, 126 of a Diffserv network 124. To reflect a unidirectional traffic flow from LAN-TX (transmitting) to LAN-RX (receiving), edge router 120 and boundary router 122 are labeled ER-TX and BR-TX, respectively, at the transmitter or ingress side, and edge router 128 and boundary router 126 are labeled ER-RX and BR-RX, respectively, at the receiver or egress side.
Viewed logically, each of routers 120, 122, 126 and 128 has control and data planes, which are respectively depicted in the upper and lower halves of each router. The data plane includes all of the conventional hardware components in the forwarding path of the router (e.g., interface cards and switching fabric), and the control plane includes control hardware (e.g., a control processor) and control software (e.g., routing, signaling and protocol stacks) that support and direct the operation of the data plane.
In the data plane, packets are marked by data plane 120b of ER-TX 120 with the appropriate DSCP (e.g., based upon the Intserv 5-tuple of source address, destination address, protocol id, source port and destination port) and forwarded to Diffserv network 124. The packets are then solely Diffserv forwarded across Diffserv network 124 to data plane 128b of ER-RX 128. In the control plane, each of edge routers 120, 128 and boundary routers 122, 126 has a control plane that performs Intserv (IS) processing by reference to policies implemented in policy decision points (PDPs) 130a, 130b. In ER-TX 120, control plane 120a performs Intserv per-flow classification and per-flow policing. In boundary routers 122 and 126, the Intserv interfaces facing edge routers 120, 128 manage RSVP signaling, perform Intserv policy and admission control functions, and maintain per-flow state with path state blocks and reservation state blocks. Control plane 128a of ER-RX 128 performs Intserv per-flow shaping before outgoing packets are forwarded to LAN-RX.
As discussed above, before sending a traffic flow, a transmitting host in LAN-TX initiates a RSVP PATH message. When the receiving host in LAN-RX receives the PATH message, the receiving host returns a RESV message along the reverse data path to request reservation of resources to provide the desired QoS. After receiving the RESV message, each intermediate router having an Intserv control plane performs admission control for only its downstream link. Thus, ER-RX 128 performs admission control for LAN-RX, BR-RX 126 performs admission control for the link between itself and ER-RX 128, BR-TX 122 performs admission control for the path across Diffserv network 124 to BR-RX 126, and ER-TX 120 performs admission control for the link between itself and BR-TX 122. The RSVP admission control process verifies resource availability on each link and accordingly adjusts the remaining resource count for the link.
Although Intserv per-flow admission control is performed on the control plane, the actual delivery of QoS for a traffic flow is accomplished on the data plane. ER-TX 120 performs Intserv operations (i.e., per-flow classification, per-flow policing, and per-flow DSCP marking) on data packets received at its Intserv input interface (IS IN). At the Diffserv output interface (DS OUT) of ER-TX 120, data packets are identified and class-based queued based on only their DSCP values. BR-TX 122 then performs per-class policing for each customer at its input interface (DS IN) and class-based queuing at its output interface (DS OUT). At BR-RX 126, no operation is performed at the input interface (DS IN), and class-based queuing and optionally per-class shaping are performed for each customer port at the output interface. ER-RX 128 forwards packets received at its input interface (DS IN) and may perform per-flow scheduling or shaping at its Intserv output interface (IS OUT).
Although the Diffserv standard improves upon Intserv's scalability by replacing Intserv's processing-intensive signaling in the Diffserv domain with a simple class-based processing, implementation of the Diffserv protocol introduces a different problem. In particular, because Diffserv allows host marking of the service class, a Diffserv network customer link (e.g., the outgoing link of BR-RX 126) can experience a Denial of Service (DoS) attack if a number of hosts send packets to that link with the DS field set to a high priority, as discussed in detail U.S. Pat. No. 6,778,498 cross-referenced above.
Furthermore, despite some improvements in scalability within the Diffserv domain, Intserv admission control utilizing RSVP still requires per-flow state installation, per-flow state refreshment, per-flow traffic management and resource reservation on each edge and boundary router of a service provider's networks. Because boundary routers process thousands of traffic flows as network aggregation points, many vendors' boundary routers cannot install flow state for such a large number of flows. As a result, RSVP per-flow admission control has been rarely implemented and supported by router vendors. Thus, conventional Intserv per-flow admission control using RSVP remains undesirable due to its lack of scalability.