The personal computer revolution is being spearheaded by computer networks and especially the Internet. Communications began with text-only e-mail and file-transfer protocols (FTP), but browsing became commonplace with improved user interfaces and graphics. Mission-critical business transactions, corporate database queries, and even video conferencing and voice telephone calls all use the Internet.
Not surprisingly, the Internet and local networks are becoming crowded. Simply increasing bandwidth is expensive and often only shifts bottlenecks to another part of the network. While users may not notice delayed e-mail, Internet browsing can become painfully slow during times of network congestion. Video conferencing and telephony suffer poor quality and even gaps of lost speech when the network is slow.
FIG. 1 illustrates differing priorities of various kinds of network traffic. Two-way video and audio communications such as video conferencing and Internet telephony must have their packets delivered over the network in real time, or parts of the conversation are lost. Thus these services have the highest priority in most networks.
Business-critical applications such as financial transactions and accesses of corporate databases have moderately high priority. Browser traffic to the world-wide-web has a lower priority since much of this traffic is for information gathering and personal uses. However, browser traffic should not be so slow as to irritate the users. Lowest in priority are file transfers and e-mail, since these are usually not needed immediately.
Server traffic tends to have a higher priority than client traffic, since business-critical applications reside on corporate servers. Clients are usually individual desktop PC's.
Attempts have been made to improve transmission speed of higher-priority traffic. Bandwidth-shaping or traffic-shaping delays low-priority traffic so that higher-priority packets can pass through with less delay. Quality-of-Service (QOS) is thus improved. Bandwidth can be reserved for the highest-priority applications such as video conferencing. See for example , U.S. Pat. Nos. 5,644,715 and 5,694,548, by Baugher et al., assigned to IBM; also U.S. Pat. No. 5,673,322 by Pepe et al., and U.S. Pat. No. 5,136,581 by Muehrchke, assigned to Bell Labs.
Can't Determine Priority of IP Packets--FIG. 2
Ideally, a network device such as a router would read a packet's header and determine the priority of that packet from fields in the header. Unfortunately, determining the priority of packets passing through a network point is problematic. Filtering software can be used to identify packets using certain network protocols such as TCP, or certain Internet Protocol (IP) addresses.
FIG. 2 shows an Internet packet. Port fields 23, 24 identify which ports were assigned by the network software for communication with a higher-level application requesting a communications session. Destination port field 23 specifies the port on the destination machine, while source port field 24 specifies the port on the source machine. Protocol 26 is a field identifying the network protocol used, such as TCP or UDP. Destination address field 28 contains the IP address that the packet is being sent to, while source address field 29 contains the IP address of the sender of the packet.
The contents or data of the packet, perhaps with additional higher-level headers, is contained in data field 22.
While some applications may use certain ports, many applications use standard ports, such as port 80 for web browsers. Often these ports are dynamically assigned to applications, so that different ports are used by the same application at different times. Simply reading port fields 23, 24 does not uniquely identify applications, so it is difficult to determine priority based on port fields 23, 24. Most applications use the TCP protocol, so protocol field 26 likewise does not uniquely identify users or their applications.
IP address fields 28, 29 often uniquely identify a user or a server machine, and IP-address filtering has been used to restrict access by children to adult-only web sites. IP-address filtering has been less successful for blocking unwanted "junk" or "spam" e-mail, since the IP-address fields are often altered to hide the originating IP address. Larger web sites may use many IP addresses that may dynamically change as the web site is updated. Even client machines can have dynamically-assigned IP addresses rather than a static IP address. Often many users share an IP address. Thus determining packet priority using IP addresses is not effective.
Policy-Controlled Network--FIG. 3
FIG. 3 is a diagram of a network that controls traffic using policy rules. Client PCs 10, 12 send IP packets over local network 15 to corporate server 16 and Internet 20. Edge device 14 is a router, switch, gateway, modem or other network device that connects local network 15 to Internet 20. Traditionally, routers such as edge device 14 have simply passed all packets through roughly in the order received, without regard to priority.
Edge device 14 is able to block or delay packets to and from Internet 20 so that higher-priority packets experience less delay than lower-priority packets. Edge device 14 examines packets and applies policy rules to determine which packets to accelerate and which to delay.
Policy server 18 sends the policy rules to edge device 14. Bandwidth information is sent back from edge device 14 to policy server 18. This bandwidth information might indicate the current bandwidth available to Internet 20 or local network 15, or other traffic or load statistics such as the kinds of packets appearing. The bandwidth information is used by policy server 18 to re-prioritize packets passing through edge device 14 by adjusting the policy rules sent to edge device 14. For example, when edge device 14 detects video conferencing packets passing through, policy server 18 can reduce the bandwidth allocated to other kinds of packets to reserve additional network bandwidth for video-conferencing packets.
Often higher-priority packets are generated by corporate server 16 than client PCs 10, 12. Policy server 18 can send a policy query to corporate server 16 when certain kinds of packets appear in the bandwidth information from edge device 14. Corporate server 16 can respond that the new kind of packets are high or low priority. Also, corporate server 16 may indicate if an IP address is high or low priority.
While such a policy-controlled network is effective, newer technologies make determining the priority of packets more difficult. Low-priority web browsing from client PC 10 can be identified by the IP address for client PC 10 and port 80 used by the browser. However, newer software installed on client PC 12 dynamically assigns ports to applications. IP addresses may also be changed using Dynamic Host Configuration Protocol (DHCP). The application may appear as port 50 one day, but port 22 on another day. The IP address assigned to client PC 12 may also be dynamically assigned or even shared by other client PCs.
Identifying web browser traffic from client PC 12 is thus quite difficult. Client PC 12 could be downloading huge graphics images from the Hubbell Space Telescope for personal use, swamping the capacity of the network, while client PC 10 waits to read text-based information from an important customer over Internet 20. Network chaos erupts when even a few users hog bandwidth for low-priority tasks.
Winsock-2 Architecture--FIG. 4
FIG. 4 is a diagram of the Winsock-2 architecture, with layered providers of network services. Winsock-2 is a second-generation network architecture for Microsoft's Windows operating systems that provide sockets for high-level applications to connect to a network.
High-level applications 32 send and receive information to a network by making calls to Winsock-2 library 34. These calls use an applications-programming interface (API) that defines the function calls and their syntax. Winsock-2 34 library is a dynamic-link library (DLL) of these function calls and other network-support routines. Earlier versions of Winsock communicated directly with the lower TCP layer 40, which provides a Transmission Control Protocol for establishing sessions with remote hosts over a network. TCP layer 40 sends data to IP layer 42, which splits the data into Internet-Protocol IP packets and adds header information such as the source and destination IP address. IP layer 42 sends and receives these IP packets to the network media using physical layers such as a media-access controller (MAC).
Winsock-2 specifies a service-provider interface (SPI) from Winsock-2 library 34 to TCP layer 40. While direct communication can occur, Winsock-2 allows third-party software modules known as layered providers 36 to use the SPI to communicate with Winsock-2 library 34 and with TCP layer 40. Layered providers 36 can provide various extra network services such as encryption, compression, security, or re-routing. These network services are transparent to high level applications 32 and can be activated for all applications using the network.
Layered providers 36 perform important functions by intercepting all network traffic at a lower level than the applications. Layered providers fit between Winsock-2 library 34 and TCP layer 40, modifying data sent from Winsock-2 library 34 to TCP layer 40 for transmission. Each layered service provider 36 is a fairly complex software module, requiring ten thousand or more lines of code. Each layered service provider 36 must perform its own filtering of packets, deciding which packets to intercept and modify and which to ignore. When more than one service provider is installed, each must perform its own filtering, possibly slowing communications from the redundant filtering.
No Ordering for Two Or More Layered Service Providers--FIG. 5
FIG. 5 highlights a problem when two or more layered service providers (LSPs) are installed. Encrypt LSP 44 intercepts transmitted packets and performs encryption on the data portion of the packets to prevent unauthorized reading. Content-filtering LSP 46 is a second layered provider that scans the data portion of packets for keywords or text strings.
When encryption LSP 44 is executed before content-filtering LSP 46 is run, the encryption LSP is the first to intercept packets from Winsock-2 library 34 of FIG. 4. Encryption LSP 44 scrambles the textual contents of the data portion and sends the encrypted packet to the next service provider, content-filtering LSP 46. When content-filtering LSP 46 receives the encrypted packet, it is unable to read the contents of the data packet since the contents have been scrambled by encryption LSP 46. Thus content-filtering LSP 46 is unable to perform its task. An error message can be generated and transmission of the packet halted, or content-filtering can be skipped, rendering content-filtering LSP 46 useless.
However, if encryption LSP 44 is executed after content-filtering LSP 46 is run, then content-filtering LSP 46 is first to intercept packets from Winsock-2 library 34. Filtering is performed normally without interference since encryption LSP 44 scrambles the textual contents of the data portion after content-filtering.
No specific ordering of the layered providers is available in the Winsock-2 architecture. While Winsock-2 is useful when only one layered provider is installed, once a second service provider is installed, the results and inter-operability of the two service providers is uncertain. The order of execution is determined by when the user installs each of the service providers, not on the functions performed.
As more vendors write more and more service providers, the interaction among the installed service providers will cause more problems unless vendors check for all other possible service providers and change the installation order for best results. Unfortunately, vendors typically install their software in the highest-priority position, and when failures occur, the other vendors are blamed.
What is desired is a layered network architecture that allows multiple third-party service providers to be installed. It is desired to expand the Winsock-2 architecture for network services provided at a low level. These network services should be able to transparently intercept network traffic. It is further desired to reduce the complexity of layered providers and eliminate redundant filtering by each layered provider. An expandable system that manages, organizes, and orders low-level network service providers is desirable. It is desired to execute layered service providers in a functionally correct order even when many layered service providers from different vendors are installed.