The present invention relates generally to computer networks, and more specifically, to a method and apparatus for identifying network data traffic flows and for to applying quality of service or policy treatments thereto.
A computer network typically comprises a plurality of interconnected entities that transmit (i.e., xe2x80x9csourcexe2x80x9d) or receive (i.e., xe2x80x9csinkxe2x80x9d) data frames. A common type of computer network is a local area network (xe2x80x9cLANxe2x80x9d) which typically refers to a privately owned network within a single building or campus. LANs employ a data communication protocol (LAN standard), such as Ethernet, FDDI or Token Ring, that defines the functions performed by the data link and physical layers of a communications architecture (i.e., a protocol stack), such as the Open Systems Interconnection (OSI) Reference Model. In many instances, multiple LANs may be interconnected by point-to-point links, microwave transceivers, satellite hook-ups, etc. to form a wide area network (xe2x80x9cWANxe2x80x9d), metropolitan area network (xe2x80x9cMANxe2x80x9d) or intranet. These LANs and/or WANs, moreover, may be coupled through one or more gateways to the Internet.
Each network entity preferably includes network communication software, which may operate in accordance with the well-known Transport Control Protocol/Internet Protocol (TCP/IP). TCP/IP basically consists of a set of rules defining how entities interact with each other: In particular, TCP/IP defines a series of communication layers, including a transport layer and a network layer. At the transport layer, TCP/IP includes both the User Data Protocol (UDP), which is a connectionless transport protocol, and TCP which is a reliable, connection-oriented transport protocol. When a process at one network entity wishes to communicate with another entity, it formulates one or more messages and passes them to the upper layer of the TCP/IP communication stack. These messages are passed down through each layer of the stack where they are encapsulated into packets and frames. Each layer also adds information in the form of a header to the messages. The frames are then transmitted over the network links as bits. At the destination entity, the bits are re-assembled and passed up the layers of the destination entity""s communication stack. At each layer, the corresponding message headers are also stripped off, thereby recovering the original message which is handed to the receiving process.
One or more intermediate network devices are often used to couple LANs together and allow the corresponding entities to exchange information. For example, a bridge may be used to provide a xe2x80x9cbridgingxe2x80x9d function between two or more LANs. Alternatively, a switch may be utilized to provide a xe2x80x9cswitchingxe2x80x9d function for transferring information, such as data frames or packets, among entities of a computer network. Typically, the switch is a computer having a plurality of ports that couple the switch to several LANs and to other switches. The switching function includes receiving data frames at a source port and transferring them to at least one destination port for receipt by another entity. Switches may operate at various levels of the communication stack. For example, a switch may operate at layer 2 which, in the OSI Reference Model, is called the data link layer and includes the Logical Link Control (LLC) and Media Access Control (MAC) sub-layers.
Other intermediate devices, commonly referred to as routers, may operate at higher communication layers, such as layer 3, which in TCP/IP networks corresponds to the Internet Protocol (IP) layer. IP data packets include a corresponding header which contains an IP source address and an IP destination address. Routers or layer 3 switches may re-assemble or convert received data frames from one LAN standard (e.g., Ethernet) to another (e.g. Token Ring). Thus, layer 3 devices are often used to interconnect dissimilar subnetworks. Some layer 3 intermediate network devices may also examine the transport layer headers of received messages to identify the corresponding TCP or UDP port numbers being utilized by the corresponding network entities. Many applications are assigned specific, fixed TCP and/or UDP port numbers in accordance with Request for Comments (RFC) 1700. For example, TCP/UDP port number 80 corresponds to the hyper text transport protocol (HTTP), while port number 21 corresponds to file transfer protocol (ftp) service.
Computer networks include numerous services and resources for use in moving traffic throughout the network. For example, different network links, such as Fast Ethernet, Asynchronous Transfer Mode (ATM) channels, network tunnels, satellite links, etc., offer unique speed and bandwidth capabilities. Particular intermediate devices also include specific resources or services, such as number of priority queues, filter settings, availability of different queue selection strategies, congestion control algorithms, etc.
Individual frames or packets, moreover, can be marked so that intermediate devices may treat them in a predetermined manner. For example, the Institute of Electrical and Electronics Engineers (IEEE), in an appendix (802.1p) to the 802.1D bridge standard, describes additional information for the MAC header of Data Link Layer frames. FIG. 1A is a partial block diagram of a Data Link frame 100 which includes a MAC destination address (DA) field 102, a MAC source address (SA) field 104 and a data field 106. In accordance with the 802.1Q standard, a user_priority field 108, among others, is inserted after the MAC SA field 104. The user_priority field 108 may be loaded with a predetermined value (e.g., 0-7) that is associated with a particular treatment, such as background, best effort, excellent effort, etc. Network devices, upon examining the user_priority field 108 of received Data Link frames 100, apply the corresponding treatment to the frames. For example, an intermediate device may have a plurality of transmission priority queues per port, and may assign frames to different queues of a destination port on the basis of the frame""s user priority value.
FIG. 1B is a partial block diagram of a Network Layer packet 120 corresponding to the Internet Protocol. Packet 120 includes a type_of_service (ToS) field 122, a protocol field 124, an IP source address (SA) field 126, an IP destination address (DA) field 128 and a data field 130. The ToS field 122 is used to specify a particular service to be applied to the packet 120, such as high reliability, fast delivery, accurate delivery, etc., and comprises a number of sub-fields (not shown). The sub-fields include a three bit IP precedence (IPP) field and three one bit flags (Delay, Throughput and Reliability). By setting the various flags, an entity may indicate which overall service it cares most about (e.g., Throughput versus Reliability). Version 6 of the Internet Protocol (IPv6) similarly defines a traffic class field, which is also intended to be used for defining the type of service to be applied to the corresponding packet.
Recently, a working group of the Internet Engineering Task Force (IETF), which is an independent standards organization, has proposed replacing the ToS field 112 of Network Layer packets 120 with a one octet differentiated services (DS) field 132 that can be loaded with a differentiated services codepoint. Layer 3 devices that are DS compliant apply a particular per-hop forwarding behavior to data packets based on the contents of their DS fields 132. Examples of per-hop forwarding behaviors include expedited forwarding and assured forwarding. The DS field 132 is typically loaded by DS compliant intermediate devices located at the border of a DS domain, which is a set of DS compliant intermediate devices under common network administration. Thereafter, interior DS compliant devices along the path simply apply the corresponding forwarding behavior to the packet 120.
FIG. 1C is a partial block diagram of a Transport Layer packet 150. The network layer packet 150 preferably includes a source port field 152, a destination port field 154 and a data field 156, among others. Fields 152 and 154 are preferably loaded with the predefined or dynamically agreed-upon TCP or UDP port numbers being utilized by the corresponding network entities.
To interconnect dispersed computer networks, many organizations rely on the infrastructure and facilities of internet service providers (ISPs). For example, an organization may lease a number of T1 lines to interconnect various LANs. These organizations and ISPs typically enter into service level agreements, which include one or more traffic specifiers. These traffic specifiers may place limits on the amount of resources that the subscribing organization will consume for a given charge. For example, a user may agree not to send traffic that exceeds a certain bandwidth (e.g., 1 Mb/s). Traffic entering the service provider""s network is monitored (i.e., xe2x80x9cpolicedxe2x80x9d) to ensure that it complies with the relevant traffic specifiers and is thus xe2x80x9cin-profilexe2x80x9d. Traffic that exceeds a traffic specifier (i.e., traffic that is xe2x80x9cout-of-profilexe2x80x9d) may be dropped or shaped or may cause an accounting change (i.e., causing the user to be charged a higher rate). Another option is to mark the traffic as exceeding the traffic specifier, but nonetheless allow it to proceed through the network. If there is congestion, an intermediate network device may drop such xe2x80x9cmarkedxe2x80x9d traffic first in an effort to relieve the congestion.
A process executing at a given network entity, moreover, may generate hundreds if not thousands of traffic flows that are transmitted across the corresponding network every day. A traffic flow generally refers to a set of messages (frames and/or packets) that typically correspond to a particular task, transaction or operation (e.g., a print transaction) and may be identified by 5 network and transport layer parameters (e.g., source and destination IP addresses, source and destination TCP/UDP port numbers and transport protocol). Furthermore, the treatment that should be applied to these different traffic flows varies depending on the particular traffic flow at issue. For example, an online trading application may generate stock quote messages, stock transaction messages, transaction status messages, corporate financial information messages, print messages, data back-up messages, etc. A network administrator, moreover, may wish to have very different policies or service treatments applied to these various traffic flows. In particular, the network administrator may want a stock quote message to be given higher priority than a print transaction. Similarly, a $1 million stock transaction message for a premium client should be assigned higher priority than a $100 stock transaction message for a standard customer. Most intermediate network devices, however, lack the ability to distinguish among multiple traffic flows, especially those originating from the same host or server.
It is an object of the present invention to provide a method and apparatus for identifying one or more traffic flows from a source entity.
It is a further object of the present invention to provide a method and apparatus for obtaining traffic policies to be applied to identified traffic flows.
It is a further object of the present invention to manage traffic flows in accordance with corresponding policies.
Briefly, the invention relates to a method and apparatus for identifying specific traffic flows originating from a network entity and for applying predetermined policy or service treatments to those flows. In particular, a network entity includes a flow declaration component that is coupled to one or more application programs executing on the entity. The network entity also includes a communication facility that supports to message exchange between the application program and other network entities. The flow declaration component includes a message generator and an associated memory for storing one or more traffic flow data structures. For a given traffic flow, the application program calls the flow declaration component and provides it with one or more identifying parameters corresponding to the given flow. In particular, the application program may provide network and transport layer parameters, such as IP source and destination addresses, TCP/UDP port numbers and transport protocol associated with the given traffic flow. It also provides one or more application-level parameters, such as a transaction-type (e.g., a stock transaction), a sub-transaction-type (e.g., a $1 Million stock purchase order), etc. The flow declaration component provides this information to a local policy enforcer, which, in turn, may query a policy server to obtain one or more policy or service treatments that are to be applied to the identified traffic flow. The local policy enforcer then monitors the traffic originating from the network entity and, by examining IP source and destination addresses, among other information, applies the prescribed policy or service treatments to the given traffic flow.
In the preferred embodiment, the application program and the flow declaration component at the network entity interact through an Application Programming Interface (API) layer, which includes a plurality of system calls. In addition, the flow declaration component generates and transmits one or more application parameter declaration (APD) messages to the local policy enforcer. The APD messages contain the network and transport layer parameters (e.g., IP source and destination addresses, TCP/UDP port numbers and transport protocol) stored at the traffic flow data structure for the given flow. The messages may also contain the application-level parameters specified by the application program. The information, moreover, may be in the form of objects generated by the flow declaration component. Preferably, the flow declaration component and the local policy enforcer exchange messages in accordance with a novel protocol that defines a message scheme in addition to a message format. The local policy enforcer and the policy server may utilize the Common Open Policy Service (COPS) protocol to request and receive particular policies or service treatment rules. Preferably, the policy server maintains or otherwise has access to a store of network policies established by the network administrator.
In another aspect of the invention, the local policy enforcer may establish a traffic flow state that includes the policy or service treatments specified by the policy server. It then monitors the traffic flows originating from the network entity looking for the given traffic flow. Once the given traffic flow is identified, the local policy enforcer applies the policy or service treatments set forth in the corresponding traffic flow state. For example, the policy enforcer may mark the packets or frames with a high priority DS codepoint. When the given traffic flow is complete, the application program may notify the flow declaration component, which, in turn, signals the end of the traffic flow to the local policy enforcer. The policy enforcer may request authorization from the policy server to release or otherwise discard the respective traffic flow state.
In an alternative embodiment of the invention, policy rules may be cached at the local policy enforcer to eliminate the need to query the policy server for each new traffic flow.
In another embodiment of the invention, the APD messages are replaced with one to or more enhanced Path or Reservation messages as originally specified in the Resource ReSerVation Protocol (RSVP).