1. Field of the Invention
The present disclosure generally relates to computer networks. More specifically, the present disclosure relates to a service insertion architecture for computer networks.
2. Description of the Related Art
A computer network is comprised of a plurality of hardware elements that provides services for computer network users. Such services include domain name services, firewalls, network packet filtering, network packet capture, network packet caching, network packet routing and the like. Current methods of deploying and provisioning services require substantial planning and engineering as well as a “human touch” to enable each service. This makes network administrators very cautious and potentially reticent to deploy new services, as the expenses and risks associated with these activities, are often greater than the perceived benefit of the additional service to their network.
For example, adding a new service “X” into an already deployed network may entail the following process. The administrator is required to understand the performance and scalability attributes of the service in relation to their network capacity in order to procure the correct hardware platform (also referred to herein as a network device) for supporting this service.
In order to deploy service “X”, the customer must engineer and qualify a redirection mechanism (e.g., WCCP, PBR, and the like) and/or modify the network forwarding topology for that platform to enable traffic to flow to the platform from the network in order for the device to perform its service.
In order to allow for redundancy, increased capacity or scalability, the administrator must deploy another (“N” numbers of) platform. This requires administrators to either provision an active or standby platform, which may or may not operate anywhere near its optimal capacity. Alternatively, the service platforms may be deployed as distinct entities, which increases further the operational complexities of deployment, troubleshooting, and management of the network.
If an administrator wants to have a spare of the platform, they need to purchase the exact platform they want to spare. For example, this effectively means that they need to buy and store a firewall, IPS (Intrusion Prevention Service), Server Load Balancer (SLB), and the like and store the platform for eventual deployment in the event of a primary device failure. This also requires that, in the event of platform failure, a “truck roll” needs to be completed so the platform can be delivered, cabled and provisioned. This also implies that the amount of hardware the customer has to have on hand to cover all of their specific needs for any resiliency is very high. The cost and complexity of supplying each service also precludes administrators from deploying any service that is not deemed absolutely critical to business operations.
If an administrator determines that additional service capacity is needed, the foregoing procedure for deploying service “x” must be reproduced for each new service instance added to the network.
Therefore there is a need in the art for a method and apparatus that provides a service insertion architecture that supports dynamic adaptability.