This invention relates to data communication networks. The invention relates to systems to facilitate configuring networks to provide services to users. In particular, the invention relates to configuring networks to provide desired levels of Quality of Service (xe2x80x9cQoSxe2x80x9d) for data communication services on the networks. The invention is particularly useful in configuring QoS in Virtual Private Networks (xe2x80x9cVPNsxe2x80x9d) but has application in data communications networks generally.
Wide area data communication networks (xe2x80x9cWANsxe2x80x9d) are used to carry many different types of data between geographically separated nodes. For example, the same WAN may be used to transmit video images, voice conversations, e-mail messages, data to and from database servers, and so on. Different ones of these services have different data communication requirements. For example, transmitting a video signal for a video conference requires high bandwidth, and low delay (or xe2x80x9clatencyxe2x80x9d). Real time audio or video conferencing services can tolerate a small amount of data loss. Transmitting e-mail messages or other data can often be done with lower bandwidth. Further, it is not usually critical that e-mail be delivered instantly. E-mail services can usually tolerate longer latencies and lower bandwidth than other services. E-mail and other data transmission services can typically tolerate no data losses.
A typical WAN comprises a shared high speed network which is connected by access links to two or more geographically separated customer premises. Each of the customer premises may include one or more computers or other devices connected to the network. More typically each customer premise has a number of computers connected to a local area network (xe2x80x9cLANxe2x80x9d). The LAN is connected to the WAN access link at a service point. The service point is generally at a xe2x80x9cdemarcationxe2x80x9d unit which collects data packets from the LAN which are destined for transmission over the WAN and sends those packets across the access link. The demarcation unit also receives data packets coming from the WAN across the access link and forwards those data packets to destinations on the LAN.
Currently an enterprise which wishes to link its operations by a WAN obtains an unallocated pool of bandwidth for use in carrying data over the WAN. While it is possible to vary the amount of bandwidth available in the pool (by purchasing more bandwidth on an as-needed basis), there is no control over how much of the available bandwidth is taken by each application. While each application can, in theory, have an equal share of the available bandwidth, in practice the amount of bandwidth available to each application depends on things such as router configuration, the location(s) where data for each application enters the network, the speeds at which the application can generate the data that it wishes to transmit on the network and so on. The result is that bandwidth is allocated in a manner that bears no relationship to the requirements of individual applications or to the relative importance of the applications. There are similar inequities in the latencies in the delivery of data packets over the network.
Quality of Service (xe2x80x9cQoSxe2x80x9d), in general, refers to a set of parameters which describe the required traffic characteristics of a data connection. The term xe2x80x9cquality of servicexe2x80x9d has been used by different authors to mean different things. In this specification the term QoS refers to a set of one or more of the following parameters which describe the way that a data connection treats data packets generated by an application:
Minimum Bandwidthxe2x80x94a minimum rate at which a data connection is capable of forwarding data originating from the application. The data connection might be incapable of forwarding data at a rate faster than the minimum bandwidth but must always be capable of forwarding data at a rate equal to the rate specified by the minimum bandwidth;
Maximum Delayxe2x80x94a maximum time taken for data from an application to completely traverse the data connection. QoS requirements are met only if data packets traverse the data connection in a time equal to or shorter than the maximum delay;
Maximum Lossxe2x80x94the maximum fraction of data packets from the application which may not be successfully transmitted across the data connection; and,
Jitterxe2x80x94a measure of how much variation there is in the delay experienced by different packets from the application being transmitted across the data connection. In an ideal case where all packets take exactly the same amount of time to traverse the data connection the jitter is zero. Jitter may be defined, for example, as any one of various statistical measures of the width of a distribution function which expresses the probability that a packet will experience a particular delay in traversing the data connection. Different applications require different levels of QoS.
Recent developments in core switches for WANs have made it possible to construct WANs capable of quickly and efficiently transmitting vast amounts of data. Currently users pay to receive a WAN connection which provides a certain bandwidth. There is a need for a way to provide network users with control over the QoS provided to different data services which may be provided over the same network. Service providers who provide access to WANs need a way to manage and track usage of these different services. There is a particular need for relatively inexpensive apparatus and methods for facilitating the provision of such differentiated services.
Applications connected to a network generate packets of data for transmission on the network. In providing different levels of service it is necessary to be able to sort or xe2x80x9cclassifyxe2x80x9d data packets into different classes which will be accorded different levels of service. The data packets can then be transmitted in a way which maintains the required QoS for each application. Data packets generated by one or more applications may belong to the same class.
This invention provides methods and apparatus to facilitate the deployment of services on a computer network. The invention allows users to set up services by specifying endpoints for selected services but does not require users to have a detailed understanding of the technical requirements the services place on a computer network. Preferred embodiments of the invention automatically specify appropriate QoS levels for individual data connections in each deployed service.
One aspect of the invention provides a method for controlling connection quality in a data communication network connecting a plurality of sites. The method comprises providing at least one service template. The template comprises computer readable information specifying a service topology and computer readable information specifying QoS requirements for one or more data connections in the service. It is not necessary for an end user to know what are the QoS requirements for the service. The method accepts user input specifying two or more endpoints for the service. Then, in a programmed computer, the method generates a set of rule revisions for classifying and dispatching data packets in the one or more data connections at one or more packet processing devices in the network. The method then distributes the rule revisions to the one or more packet processing devices.
Preferably the packet processing devices each have one or more policy trees which embody rules for forwarding data packets, the rule revisions comprise new leaf nodes to be added to policy trees in the packet processing devices, and the method comprises adding the new leaf nodes to the policy trees in the packet processing devices.
Another aspect of the invention comprises a control system for a data communication network. The control system comprises: a plurality of service templates each comprising computer readable information specifying a topology for a service and computer readable information specifying QoS requirements for one or more data connections in the service and a display capable of displaying images representing the service templates. The system has one or more user input devices collectively capable of receiving a user selection identifying a selected one of the service templates and receiving user input specifying endpoints for an instance of a service corresponding to the selected service template and a processor adapted to generate rule revisions for one or more packet processing devices in the network in response to the user selection and the user input.
Further aspects and advantages of the invention are set out below.