Some networks (e.g., telecommunications networks, the Internet, etc.) provide packet and/or content forwarding services and/or features. Examples of such packet/content forwarding services/features include content-related services (e.g., voice, audio, and/or video transcoding; bridging; replication; etc.); security-related services (e.g., network-based firewalls and/or application layer gateways; intrusion detection, prevention, and/or mitigation; denial of service detection, prevention, and/or mitigation; etc.); flow, rate, and quality of service (QoS)-related services (e.g., metering; policing; shaping; scheduling; coordination with higher-level signaling, policy, and configuration; etc.); accounting-related services (e.g., usage cap metering, notification, and/or enforcement; billing; etc.); administrative-related services (e.g., selective packet set capture, replication, redirection, and/or blocking; packet inspection; etc.); etc.
Such packet/content forwarding services/features may be managed via a “star” or “flower” network centered on a router (or feature switch). In the star/flower arrangement, traffic to/from a user (e.g., of a service or feature) is directed into a set of feature peers by the router/feature switch. Such an arrangement may require configuration of the router, use of tunnels, and load balancing, and may result in sub-optimal performance.
In one exemplary star/flower arrangement, a network management system (NMS) provisions an access control list (ACL) (e.g., of an access router) to map customer packets to routing logic, and provisions a routing table (e.g., of the access router) to determine mapping of a feature chain to a sequence of tunnels associated with a server for each (set of) features. The NMS also provisions feature servers with tunnel and subscriber information consistent with the provisioning of the access router. The access router determines data network information (e.g., Internet protocol (IP) interior gateway protocol (IGP)/border gateway protocol (BGP), virtual private network (VPN) multiprotocol (MP)-BGP, Ethernet address resolution protocol (ARP), etc.), and receives a packet from a customer (e.g., from a device associated with the customer). The access router uses the ACL to determine that the packet includes subscribed to features and directs the packet to the routing table to determine a tunnel next hop associated with a server for a first feature. The first feature server returns the packet to the access router. The access router then uses the routing table to sequence the packet through a chain of tunnels configured to reach each feature server in the chain, which then return the packets to the same access router, as configured by the NMS. Finally, the access router also uses the routing table to determine when the packet has exited from the last feature server in the chain, to decapsulate the packet from the tunnel, and to direct the packet to an original destination address. The access router then forwards the packet, via the data network, towards the destination address. A similar process occurs in the reverse direction for a packet received from the network (e.g., the Internet) that is destined for a particular subscriber.
However, the star/flower arrangement is expensive because, although it requires no changes to the software and/or hardware of the access router, the routers and switches are traversed twice between each feature server and the access router that connects to a user. In the star/flower arrangement, there needs to be a tunnel for each feature server per feature chain since a tunnel identification (ID) determines a next feature server or exit to the data network. Furthermore, the star/flower arrangement can increase latency if the feature servers are not near the access router that connects to the user. The star/flower arrangement requires a static configuration, in the router, of tunnel IDs and next hops; is not resilient (e.g., load balancing across the feature servers requires reconfiguration); and makes it difficult to represent more complex feature topologies than a chain topology.
Packet/content forwarding services/features may also be managed via a service header-based routing arrangement. In one exemplary service header-based routing arrangement, an access router registers with a service broker, and the service broker provisions an ACL (e.g., of the access router) to map customer packets to a service routing function (e.g., associated with the access router). The service broker provisions service nodes with service header, tunnel, network, and subscriber information consistent with provisioning of the service routing function for the access router in the network. The access router determines data network information (e.g., IP IGP/BGP, VPN MP-BGP, Ethernet ARP, etc.), and receives a packet from a customer (e.g., from a device associated with the customer). The access router uses the ACL to determine that the packet includes subscribed to services and directs the packet to the service routing function. The service routing function uses local configuration and packet information to determine a service header to be inserted, encapsulates this within a tunnel header, and forwards the packet to a first service node over the tunnel. The service node decapsulates the packet from the tunnel, reviews the service header and configured information from the service broker to determine an outgoing tunnel, and forwards the packet to the next service node. Eventually, the packet returns to the access router that originally received the packet (e.g., in the case where a service topology is a chain). The service routing function (e.g., of the access router) decapsulates the packet from the tunnel, examines the service header, and determines that the next step is forwarding. The access router then forwards the packet, via the data network, toward a destination address. A similar process occurs in the reverse direction for a packet received from the network (e.g., the Internet) that is destined for a particular subscriber.
The star/flower arrangement and the service header-based routing arrangement require expensive changes to the software and/or hardware of the access router in order to implement the service header insertion and processing. The service header-based routing arrangement relies on a centralized service broker to determine, download, and monitor state, and to optimize and load balance service node level routing across what could grow to be a very large set of service nodes. Centralization may limit a convergence time and responsiveness to change associated with the arrangement. Furthermore, the service header-based routing arrangement requires fault detection and restoration performance to be determined by the centralized service broker, and may not be implemented across more than one service provider. Finally, the service header-based routing arrangement requires use of long headers in packets, which may exceed maximum transmission unit (MTU) limitations on the size of headers in packets.