This application relates generally to overlay network routing over the publicly-routed Internet.
Distributed computer systems are well-known in the prior art. One such distributed computer system is a “content delivery network” (CDN) or “overlay network” that is operated and managed by a service provider. The service provider typically provides the content delivery service on behalf of third parties (customers) who use the service provider's shared infrastructure. A distributed system of this type typically refers to a collection of autonomous computers linked by a network or networks, together with the software, systems, protocols and techniques designed to facilitate various services, such as content delivery, web application acceleration, or other support of outsourced origin site infrastructure. A CDN service provider typically provides service delivery through digital properties (such as a website), which are provisioned in a customer portal and then deployed to the network. A digital property typically is bound to one or more edge configurations that allow the service provider to account for traffic and bill its customer.
A wide area network (WAN) is a telecommunications network e.g., with links across metropolitan, regional, national or international boundaries, that covers a broad geographical area, typically using leased telecommunication lines. Enterprises and government entities utilize WANs to relay data among employees, clients, buyers, and suppliers from various geographical locations. For example, a WAN commonly is used to connect local area networks (LANs) and other types of networks together, so that users and computers in one location can communicate with users and computers in other locations. Many WANs are built for one particular organization and are private. Other types of WANs include those built by Internet service providers, and these can be used to provide connections from an organization's LAN to the Internet. When a WAN is built using leased lines, a router positioned at each end of the leased line connects the LANs on each side to each other.
One common WAN approach using leased lines implements Multi-Protocol Label Switching (MPLS). MPLS is a standard-based technology for speeding up network traffic flow. In MPLS, a specific path (identified by a label) is set up for a given packet sequence, thereby obviating router look-up of a next address to which to forward the packet. MPLS works with various types of network protocols, such as IP, ATM and frame relay. While delivery over MPLS is efficient and secure, it also is expensive, primarily due to the cost of the leased line. As an alternative, WANs also can be built using less costly packet switching methods such as those that can take full advantage of the Internet's packet-switched network.
MPLS providers often must provide support for customers with branch offices that are not within reach of the provider's MPLS cloud. One common solution is for the MPLS provider to place VPN (IPsec) concentrators at the edge of their MPLS cloud. The provider may then provide the customer with a Customer Premises Equipment (CPE) device (e.g., a router) that will connect to a standard broadband Internet connection to connect to their MPLS services via the VPN concentrator. The number and location of the VPN concentrators, however, is often limited, resulting in varying performance depending on a branch office customer's location.
More generally, enterprises now desire to effectively utilize Internet links as an optimized wide area network (WAN), connecting branches, data centers, teleworkers and mobile users to applications over the Internet. Driven also by the impact of cloud computing and mobility, enterprises need a network service that can deliver an optimal and predictable cloud experience to users, preferably a network that is low-cost, easy-on, and global with security and optimization built-in.
The techniques herein provide for enhanced overlay network-based transport of traffic, such as IPsec traffic, e.g., to and from customer branch office locations, facilitated through the use of the Internet-based overlay routing infrastructure. This disclosure in particular describes a method of managing and enforcing quality-of-service (QoS) in an Internet-based overlay network shared by a set of content provider customer entities. For each entity having a customer branch, the customer branch is coupled to the Internet-based overlay routing network. A quality-of-service (QoS) policy is configured for the customer. According to the method, utilization of the Internet-based overlay network against the configured QoS policy is then monitored. The QoS is then enforced for the customer and at least one other customer, based in part on the QoS policies. Capacity preferably is enforced for a customer entity according to the QoS policy at one of: a global level, a geographical region level, and at the customer branch level.
The foregoing has outlined some of the more pertinent features of the subject matter. These features should be construed to be merely illustrative. Many other beneficial results can be attained by applying the disclosed subject matter in a different manner or by modifying the subject matter as will be described.
For a more complete understanding of the subject matter and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
In a known system, such as shown in
As illustrated in
A CDN edge server is configured to provide one or more extended content delivery features, preferably on a domain-specific, customer-specific basis, preferably using configuration files that are distributed to the edge servers using a configuration system. A given configuration file preferably is XML-based and includes a set of content handling rules and directives that facilitate one or more advanced content handling features. The configuration file may be delivered to the CDN edge server via the data transport mechanism. U.S. Pat. No. 7,111,057 illustrates a useful infrastructure for delivering and managing edge server content control information, and this and other edge server control information can be provisioned by the CDN service provider itself, or (via an extranet or the like) the content provider customer who operates the origin server.
The CDN may include a storage subsystem, such as described in U.S. Pat. No. 7,472,178, the disclosure of which is incorporated herein by reference.
The CDN may operate a server cache hierarchy to provide intermediate caching of customer content; one such cache hierarchy subsystem is described in U.S. Pat. No. 7,376,716, the disclosure of which is incorporated herein by reference.
The CDN may provide secure content delivery among a client browser, edge server and customer origin server in the manner described in U.S. Publication No. 20040093419. Secure content delivery as described therein enforces SSL-based links between the client and the edge server process, on the one hand, and between the edge server process and an origin server process, on the other hand. This enables an SSL-protected web page and/or components thereof to be delivered via the edge server.
In a typical operation, a content provider identifies a content provider domain or sub-domain that it desires to have served by the CDN. The CDN service provider associates (e.g., via a canonical name, or CNAME) the content provider domain with an edge network (CDN) hostname, and the CDN provider then provides that edge network hostname to the content provider. When a DNS query to the content provider domain or sub-domain is received at the content provider's domain name servers, those servers respond by returning the edge network hostname. The edge network hostname points to the CDN, and that edge network hostname is then resolved through the CDN name service. To that end, the CDN name service returns one or more IP addresses. The requesting client browser then makes a content request (e.g., via HTTP or HTTPS) to an edge server associated with the IP address. The request includes a host header that includes the original content provider domain or sub-domain. Upon receipt of the request with the host header, the edge server checks its configuration file to determine whether the content domain or sub-domain requested is actually being handled by the CDN. If so, the edge server applies its content handling rules and directives for that domain or sub-domain as specified in the configuration. These content handling rules and directives may be located within an XML-based “metadata” configuration file.
By way of further background, CDN customers may subscribe to a “behind the firewall” managed service product to accelerate Intranet web applications that are hosted behind the customer's enterprise firewall, as well as to accelerate web applications that bridge between their users behind the firewall to an application hosted in the internet cloud. To accomplish these two use cases, CDN software may execute on virtual machines hosted in one or more customer data centers, and on virtual machines hosted in remote “branch offices.” The CDN software executing in the customer data center typically provides service configuration, service management, service reporting, remote management access, customer SSL certificate management, as well as other functions for configured web applications. The software executing in the branch offices provides last mile web acceleration for users located there. The CDN itself typically provides CDN hardware hosted in CDN data centers to provide a gateway between the nodes running behind the customer firewall and the service provider's other infrastructure (e.g., network and operations facilities. This type of managed solution provides an enterprise with the opportunity to take advantage of CDN technologies with respect to their Company's intranet.
As an overlay, the CDN resources such as described above also may be used to facilitate wide area network (WAN) acceleration services between enterprise data centers (which may be privately-managed) and third party software-as-a-service (SaaS) providers. The following provides additional details regarding this type of solution.
In particular,
Many of the machines in the overlay are servers located near the edge of the Internet, i.e., at or adjacent end user access networks. As has been described above, e.g.,
A known OIP (Overlay Internet Protocol) routing mechanism comprises a representative set of components, as illustrated in
In one known use scenario of the overlay network, one or more clients desire to send packets to a single IP address. This is illustrated in
The various connections used in the overlay network and as described typically are secured via SSL or other transport layer security (TLS) techniques.
A virtual private network (VPN)-as-a-service (or more generally, “network-as-a-service”) can be facilitated using an overlay IP (OIP) routing mechanism such as shown in
A description of this network-as-a-service approach is provided in U.S. Publication No. 2015/0188943.
With the above as background, the techniques herein provide for enhanced overlay network-based transport of traffic, such as IPsec traffic, e.g., to and from customer branch office locations, facilitated through the use of the Internet-based overlay routing infrastructure (OIN) described above.
As used herein, the following definitions apply:
Allocated Capacity
Capacity share (bps) which is calculated dynamically for entities contending for customer purchased capacity. This is calculated based on traffic load information from region machines.
Capacity Groups
Arbitrary groups/grouping for capacity entitlement
Configured Capacity
Capacity limit (bps) for a CPE configured from a service provider cloud-based management portal. This is also referred as “enforcementThreshold.” This is defined as a threshold over purchased capacity.
Control Messages
Messages which carry traffic load report and allocated capacity information CCI
Common Communication Infrastructure (a message delivery infrastructure)
CPE
Customer Premise Equipment. See also endpoint. These terms refer to the same entity
CoGS
Cost of Goods Sold
Cycle Time
Time interval after which load is reported and capacity allocation is performed
Demand
Rate of traffic in bps received from/to CPE or set of CPEs. This is tracked separately based on direction of data transfer. Traffic received on edge from CPE is referred as “Inbound Demand” and traffic received on gateway destined to a CPE is referred as “Outbound Demand.”
DQoS
Distributed Quality of Service
enforcementThreshold
Threshold configured as a percentage of “purchased capacity.” This is configurable for each CPE, and is used as a limit to enforce traffic rate from/to the corresponding CPE
Edge
Overlay network edge region according.
Endpoint
CPE device connecting into Edge. This is identified either based on configuration or fields carried on the packets
First Mile
Network segment(s) from Edge to customer Origin
Global Update Timeout
Cycle time (in seconds) for traffic load reporting to centralized QoS component.
GQM
Global QoS Manager
Inbound
This is with respect to a particular endpoint and edge and refers to traffic coming from endpoints into an Edge region
Last Mile
Network segment(s) from Edge to Client (Branch)
monitoringThreshold
Threshold configured as a percentage of “purchased capacity.” This is configurable for each CPE, and is used to raise notifications about overutilization
Middle Mile
Network segment(s) from Edge to overlay network Edge/Gateway
NEdge
OIN edge region that implements the disclosed subject matter. As used herein, the NEdge includes a set of enterprise-focused functionality to facilitate DQoS, to enable termination first-mile IPsec tunnels, to provide specialized mapping for TCP connections, to enable SSL terminations, to provide for support of a secure web gateway (SWG), and to enable application layer optimizations.
NEdge SLA Time
Time window for reporting SLA metrics
Outbound
This is with respect to a particular CPE and NEdge and is referred to traffic delivered to CPE from Edge
Packet Queues
Queues used in QoS Engine to hold packets. A packet queue is associated for each endpoint.
Partner
Service providers or other vendors of service who purchase NEdge services on behalf of their customers
Purchased Capacity
Capacity entitlement per CPE purchased by service providers or direct customers
QoS
Quality of Service
QoS Engine
Quality of Service Datapath Engine
Region Update Timeout
Cycle time (seconds) for traffic load reporting and aggregation in a region.
RQM
Region QoS Manager
SLA
Service Level Agreement
SMN
Software Managed Network
SP
Service Provider
Traffic Attributes Digest
Reported demand and bandwidth utilization for previous interval. This is also referred as Load report
Underutilization
Used to represent conditions when usage is restricted to below a given capacity due to certain reasons.
Utilization
Bandwidth utilization
As noted above, NEdge and related systems provide for a range of traffic optimization capabilities, including QoS, route optimization, TCP optimization, object caching at the edge, among others.
This first section covers an automatic capacity enforcement use case, and it provides the design for a Distributed QoS.
In this approach, preferably the NEdge is a modified type of overlay network edge region (namely, a modified version of edge region 300 in
Distributed QoS
The infrastructure herein provides for distributed mechanisms that support policies pertaining to capacity enforcement. QoS policies for application level prioritization, bandwidth, latency, jitter and packet loss control may also be implemented using the same basic design.
Capacity Usage Monitoring and Enforcement
Usage monitoring herein typically involves setting monitoring thresholds and providing views to customer support about overutilization. Customer support might use this view to notify customers about utilization patterns and the need to obtain additional capacity. In the event customers or CPEs are found to be repeated abusers, enforcement may be turned on for those CPEs. In one embodiment, enforcement would accommodate bursting over some given (e.g., purchased) capacity. The limit to which each CPE can burst may be configurable. More generally, the supported policies preferably facilitate enforcement of capacity at the level of a partner, customer of a partner, a customer-specific geographical region, and at an individual branch-office/endpoint.
Benefits Due to Capacity Enforcement
Capacity enforcement for upload or download traffic flows from CPE is applied at or below legs of the data flow to conserve NEdge Region(s) capacity, namely CPE upload traffic which is egres sing from edge region (resulting in bandwidth savings on multiple network segments such as edge-to-gateway, or edge-to-origin and gateway-to-origin), CPE download traffic which is egressing from gateway region (resulting in bandwidth savings on multiple network segments such as gateway-to-edge and edge-to-CPE), and CPE download traffic which is egressing from edge region (resulting in edge-to-CPE bandwidth savings).
Capacity Enforcement
Below are the general objectives for capacity enforcement that are provided by the described technique as described herein:
Network traffic preferably is subjected to capacity enforcement at edge/gateway regions. Wherever traffic flow information about the destination is available, early enforcement for outbound traffic preferably is done. This facilitates an optimized use of capacity assigned to NEdge regions.
Configurability
QoS policies preferably are configurable for each CPE from the overlay network provider's cloud management portal. Using the portal, it is possible to modify QoS policies any time, and changes should take effect on the next configuration update from portal to the NEdge network. For application QoS policies, preferably the configuration is applied relatively instantaneously. For capacity monitoring and enforcement, configuration of different thresholds over purchased capacity preferably is supported.
Monitoring
The service provides useful information to track usage and availability. Below are the monitoring features: availability of usage and enforcement statistics on query and logs, support portal reports and alerts for usage and availability monitoring, ability to monitor capacity usage without enabling enforcement, ability to track demand (Rx) and usage (Tx) in bps, report dropped packets and bytes count, availability of partner, customer, group and endpoint level usage information, availability of real time data updated periodically, and availability of historical data for last xx days, updated periodically (hours, minutes).
DQoS Mechanism Architecture
This section provides a brief overview of the preferred QoS components running on edge and GQM machines.
QoS Engine 600 applies policies to data traffic based on policy configuration. The engine runs on edge machines, e.g., as a static linked library. Policy configuration and packets are passed to the QoS Engine by invoking appropriate APIs defined in QoS.
QoS Manager's primary function is to collect traffic attributes from QoS Engine and send the digest to Region Leader (RQM), e.g., using in-region messaging infrastructure. On receiving a dynamic capacity message from RQM, QoS Manager updates the customer capacity and informs QoS Engine to apply the updated policy for customer traffic.
Each NEdge region has an elected leader for the QoS function called the Region QoS Manager (RQM). The RQM collects traffic load report from region machines and sends aggregate customer traffic report to central entity (GQM). On receiving allocated customer capacity for region from GQM, RQM calculates per machine allocated capacity and communicates to region machines which had reported demand. NEdge region machines run leader election to elect RQM. RQM health is monitored by tracking leader election health and other parameters maintained in QoS. On RQM failure, a new RQM is elected within couple of seconds from detection time to reduce impact of stale information on customer traffic.
Global QoS Manager (GQM) 604 is the central entity that aggregates traffic attributes from edge regions and calculates per customer capacity allocation for each region. GQM runs the capacity allocation algorithm (referred to herein as Capacity Allocation to regions), and arrives at the capacity allocation for regions which have reported demand. GQM batches capacity allocation for different customers preferably in a single message while sending the capacity update to RQMs. It propagates the “allocated capacity” using control messages to Region Leaders (RQM). To avoid single point of failures in the GQM function, multiple GQM regions preferably are provisioned in different geographies. In one embodiment, GQM is deployed in stand-alone dedicated regions. GQM preferably runs in active-active failover mode, wherein only the GQM leader responds to RQMs. GQM non-leaders receive and process the traffic attributes digest from regions, but need not propagate the capacity updates back to regions. GQMs participate in leader election to elect the GQM leader. On failure events or reachability issues related to the GQM leader, one of the other GQMs gets elected as the leader and starts responding to RQMs with capacity updates.
End-to-end traffic flow is from the customer branch 606 to the origin 612, via the overlay as described above. The overlay edge includes the NEdge 608. A portal 610 is used for configuration.
QoS APIs preferably are invoked for following configuration workflows: customer/CPE creation with capacity configuration, enable or disable enforcement for a customer/CPE, modification of customer policy (capacity), and deletion of a customer/CPE.
QoS policy configuration typically includes the following information: Identifier, Policy Type, and Policy parameters.
Traffic load information is required for usage monitoring and demand estimation. Preferably, load information for each CPE is reported in terms of bits per second (bps).
On traffic reception, the QoS engine on each machine updates the traffic statistics for each CPE. Preferably, the load information {customerId, demand, utilization, timestamp} is reported to RQM every region_update_timeout seconds. The demand value is useful in enforcement mode.
The region leader aggregates CPE load information received from machines and reports region load to the GQM. Preferably, this is done every “global_update_timeout” seconds.
The load reports received on RQM or GQM are aggregated per CPE or on group basis. Aggregation involves linking all the load reports of a CPE from each of the demanding entities. The aggregated information preferably is processed every cycle-time. Cycle-times are configurable via static configuration. On GQM default cycle time is set to “global_update_timeout”. On RQM cycle time is referred to as “region_update_timeout”.
Machines report the load data any time after the expiry of the cycle time and preferably there is no explicit cycle start time synchronization across machines in regions, RQMs and GQM. This is done to spread the messaging load over time and to avoid producing a single burst which could stress the messaging infrastructure.
The aggregated load information for a CPE is compared against monitoring thresholds for the CPE and alert information is updated. Alert information is updated based on different configurable thresholds. Aggregate load information and alert information are populated in query tables to be used by reporting and alerting systems. Portal systems pull information from query tables for generating the usage reports.
Capacity Enforcement Algorithm
Preferably, capacity enforcement is achieved by running distributed QoS algorithms as will be described. The base premise for capacity enforcement is given by the following relationship:
Current Action{Police, Learn Demand}↔{Aggregate Demand, Calculate New Capacity}
In this approach, current capacity information is used to enforce traffic. While enforcing, demand is learned and propagated. Preferably, demand is aggregated and used for capacity allocation for a next time interval, and demand is learned on each machine and then aggregated at a region level, as well as globally. Preferably, global demand is then used to calculate capacity for each of the regions (for the next time interval). The calculated capacity is propagated back to each region and the machines the region. New capacity information is used for further enforcement. Preferably, the above-described operations are carried out for each time interval.
Preferably, the following algorithms are run in the respective components identified to provide global quality of service:
A rate limiting algorithm is executed in the QoS engine on the region machines. Its inputs are: customer capacity configuration, customer traffic, and data transfer direction, and its outputs: (a) contribute to global geo-wise capacity enforcement (by local rate limiting), and (b) comprise metadata for deciding capacity allocation.
A fairness across customer(s) algorithm is executed in the QoS engine on the region machines. Its inputs are: customer capacity and customer traffic, and its output ensures that traffic from different customers is served in a fair manner inside the QoS engine, and that CPU and memory resources budgeted for QoS are allocated fairly to customer traffic.
A machine capacity allocation algorithm executes in the region QoS manager. Its inputs are: metadata from region machines, and region capacity from GQM (described in more detail below). Its outputs are: (a) aggregate customer demand in region, (b) aggregate customer utilization in region, and (c) individual machine customer capacity.
A region capacity allocation algorithm executes in the global QoS manager. Its inputs are: customer capacity configuration, and metadata from RQM (described in more detail below), and its output is a region customer capacity allocation.
A capacity allocation to region machines algorithm (RQM) is now described. As noted above, the machine capacity algorithm takes the following inputs: (a) metadata, (b) region allocated capacity, (c) allocation trigger, and (d) allocation technique. The metadata is received from region machines, preferably on expiry of “region update timeout. RQM aggregates metadata and maintains the same for every update interval. Regarding (b), RQM updates region allocation capacity as follows: initially, region allocated capacity equals customer global capacity; on receiving allocation from GQM, region allocation capacity is then set equal to GQM allocated capacity. RQM uses the most recent “region allocation capacity” while calculating per machine allocation. Regarding (c), RQM performs allocation on the following events, whichever happens earlier: RQM has received metadata from all the machine serving a particular customer, or region capacity allocation timeout has occurred. Regarding (d), RQM preferably uses a max-min fairness algorithm while allocating machine capacity from region allocation capacity. That algorithm formally defines max-min fair allocation as follows: resources are allocated in order of increasing demand, no source gets a resource share larger than its demand, and sources with unsatisfied demands get an equal share of the resource. This technique maximizes the minimum share of a source whose demand is not fully satisfied. Based on the above algorithm, capacity allocation to machines is based on the following factors: region allocated capacity, number of machines which have reported demand for a particular customer, and demand from each machine.
A capacity allocation to regions algorithm (GQM) is now described. As noted above, GQM takes the following inputs: (a) metadata, (b) configured capacity, (c) allocation trigger, and (d) allocation technique. The metadata is received from region leaders, preferably on expiry of “global update timeout. GQM aggregates metadata and maintains the same for every update interval. Regarding (b), GQM receives customer capacity configuration from a customer portal. Regarding (c), GQM performs allocation on the following events, whichever happens earlier: GQM has received metadata from all regions serving a particular customer, or global capacity allocation timeout has occurred. Regarding (d), GQM preferably uses a max-min fairness algorithm while allocating region capacity from configured capacity. Based on the above algorithm, capacity allocation to regions is based on the following factors: global customer capacity configuration, geo-specific capacity configuration (if configured for the customer), number of regions which have reported demand for a particular customer, and demand from each region.
Capacity is enforced for each customer globally by each NEdge machine performing local rate limit of customer traffic to allocated capacity. To start with, each NEdge region and machine preferably use an allocated capacity value that is the same as the configured capacity. Going forward, and based on policy metadata exchanges, allocated capacity is received and used for rate limiting on region machines.
Once the NEdge machine receives allocated customer capacity, it updates the customer configuration and applies a rate limiting algorithm (e.g., token bucket), which also controls burstiness. Traffic beyond a specified or configured rate is dropped.
Fairness across customers may be enforced by a packet queue scheduler that runs through all backlogged ingress queues in a weighted round robin manner. Once it selects a queue from which to de-queue packets, it de-queues head packet and applies corresponding policy on that packet. Preferably, the weight for a customer is derived from configured capacity.
Additional Details and Embodiments
The following sections describe GQM functions that are executed when enforcement is turned on; preferably, GQM's role in capacity enforcement is active only when the competing entities are spread over different edge or gateway regions.
Demand tracking and estimation is done by GQM for CPEs for which enforcement is on. The aggregated demand information for a CPE is tracked by GQM for a number of previous cycle times and is used for demand estimation for next interval. The estimated demand serves as input for capacity allocation.
The following are representative characteristics of load reporting from regions
1. Traffic load report for a customer/CPE can be received from different regions
2. Edge regions can start reporting traffic load anytime
3. Edge regions can stop reporting traffic load anytime
4. Traffic load report messages may get lost or delayed in transit
Demand estimation needs to take care of the above input characteristics and output a reasonably stable estimate. Below is the summary of proposed demand tracking and estimation:
Capacity allocation involves dividing the purchased capacity to the competing entities. Depending on how customers purchase capacity and how the capacity needs to be shared, the competing entities are identified as follows:
a. Group Capacity
b. CPE download capacity
Capacity share is calculated for each competing entity. Configured capacity value and estimated demand from each competing entity are used to determine the share of the customer capacity for that entity. The following describes the allocation scheme for group and CPE capacity enforcement.
When traffic flow is initiated, all CPEs which are part of the group are allowed to burst till the configured capacity. After the traffic load report is sent to GQM and capacity updates received from GQM, the entities are limited to capacity provided by GQM. Hence the aggregate traffic is enforced to the group capacity.
Capacity allocation for a capacity group is done from GQM based on one of the below approaches:
CPE capacity enforcement is achieved as follows:
Both for Group and CPE outbound capacity enforcement there is a need to allocate the capacity fairly or proportionally or based on priorities to the competing entities. Below section provides details of proposed fair allocation and idle capacity management algorithm followed by an illustration of how the allocation works for a sample configuration and load report.
Based on the objectives of fair allocation, idle capacity management and to reduce deviations from the enforcement limit, a combination of techniques preferably is used for arriving at the capacity share which needs to be communicated to the RQMs. Below is summary of the allocation strategy,
Once capacity allocation stage is completed, the allocated capacity values needs to be sent to the RQMs. Considering the messaging overheads and infrastructure limitations, preferably the capacity updates for different CPEs are sent to a RQM in a single message. It might be desirable to communicate the fair share capacity of a CPE or Capacity group to all the regions. This is useful in cases when traffic from/to a CPE gets mapped to a new region, in which case the fair share capacity value available on RQM can be used to control the rate of CPE traffic served through that region. A messaging optimization would be to send the fair share capacity updates to a subset of regions (cached on GQM, mechanism needs to be defined) instead of sending to all the regions in the network.
The previous few sections dealt with the GQM operations. This section covers details about the RQM operations. RQM preferably performs the following:
a. Region level load report aggregation
b. Capacity allocation to region machines
RQM to region machines update cycle times are much lower than GQM to RQM cycle times. RQM would receive load information for a CPE from region machines every region_update_timeout and it keeps aggregating the load information for the duration of global_update_timeout, after which the load report for that CPE is sent to GQM. In the meantime, RQM uses the load information to make any adjustments to capacity allocation to region machines. RQM would intervene into capacity allocation for cases when group control for traffic from or to CPE is required to be done and GQM updates have not been received yet. RQM gets involved in capacity allocation in the following cases:
Steps (1)-(10) are repeated in case new configuration is done, otherwise (3) to (10) are repeated.
The following section covers details about data flow and QoS packet processing performed on edge/gateway machines. Few assumptions made about data flow are:
An upload data transfer from CPE to origin or to remote CPE through the NEdge machine is classified as inbound traffic at the edge. A download data transfer from origin or remote branch to locally connected branch is classified as outbound traffic at the edge. On the gateway region, where traffic is destined for remote connected CPE (connected to another edge region), traffic is identified as outbound for remote CPE.
Enforcement is applied separately for each direction of data transfer for a CPE. Capacity enforcement for inbound traffic from a CPE is always applied on the edge to which it is mapped and has an established tunnel. Based on the location of traffic source, enforcement for download traffic to a CPE can be applied at different places. It is straightforward when traffic source (origin) is mapped to the same edge as where CPE is mapped. But when traffic source is mapped to different edge/gateway region as opposed to where the CPE is mapped to, it becomes more difficult. Also download traffic can be mapped to combination of set of gateway regions and the edge region as well (direct from origin).
The following provides details regarding enforcement for a remote-connected Customer Premises Equipment (CPE).
Goal here is to use CPE's capacity limit and GQM allocated capacity to enforce traffic at gateway regions for remote connected CPEs. This would conserve network bandwidth and help to reduce COGS to a considerable extent. This would also give early feedback to the source about the bottleneck, thereby resulting in better throughput. Extent of improvements needs to be studied based on different configuration, deployment and load characteristics.
Remote enforcement for download traffic to a CPE is configurable and can be turned on/off at various levels (SP or customer or CPE). For certain traffic flows, both source and destination can be known CPEs and can have their own capacity limits. In such cases, this design limits to using only source CPE limit to enforce traffic. Below are proposed approaches for enforcing download traffic destined to remote connected CPE/endpoints. The enforcement mechanism for download traffic to a CPE is configurable for one of the below approach, default is set to non-centralized. Enforcement based on configured capacity thresholds (non-centralized):
Enforcement based on capacity allocation from GQM (centralized):
On traffic reception, a series of functions are performed to enforce capacity for a customer. The packets are fed into QoS engine for policy checks. QoS APIs are invoked for en-queuing packets to QoS Engine and de-queueing packets from QoS Engine. Flow and packet context references are provided as API parameters.
Each above-described process preferably is implemented in computer software as a set of program instructions executable in one or more processors, as a special-purpose machine.
Representative machines on which the subject matter herein is provided may be Intel Pentium-based computers running a Linux or Linux-variant operating system and one or more applications to carry out the described functionality. One or more of the processes described above are implemented as computer programs, namely, as a set of computer instructions, for performing the functionality described.
While the above describes a particular order of operations performed by certain embodiments of the invention, it should be understood that such order is exemplary, as alternative embodiments may perform the operations in a different order, combine certain operations, overlap certain operations, or the like. References in the specification to a given embodiment indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic.
While the disclosed subject matter has been described in the context of a method or process, the subject matter also relates to apparatus for performing the operations herein. This apparatus may be a particular machine that is specially constructed for the required purposes, or it may comprise a computer otherwise selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable storage medium, such as, but is not limited to, any type of disk including an optical disk, a CD-ROM, and a magnetic-optical disk, a read-only memory (ROM), a random access memory (RAM), a magnetic or optical card, or any type of media suitable for storing electronic instructions, and each coupled to a computer system bus. A given implementation of the present invention is software written in a given programming language that runs in conjunction with a DNS-compliant name server (e.g., BIND) on a standard Intel hardware platform running an operating system such as Linux. The functionality may be built into the name server code, or it may be executed as an adjunct to that code. A machine implementing the techniques herein comprises a processor, computer memory holding instructions that are executed by the processor to perform the above-described methods.
While given components of the system have been described separately, one of ordinary skill will appreciate that some of the functions may be combined or shared in given instructions, program sequences, code portions, and the like.
While given components of the system have been described separately, one of ordinary skill will appreciate that some of the functions may be combined or shared in given instructions, program sequences, code portions, and the like. Any application or functionality described herein may be implemented as native code, by providing hooks into another application, by facilitating use of the mechanism as a plug-in, by linking to the mechanism, and the like.
Preferably, the point of entry into the overlay network is through a VPN tunnel between a client machine and a NEdge.
The techniques herein generally provide for the above-described improvements to a technology or technical field, as well as the specific technological improvements to various fields including distributed networking, Internet-based overlays, WAN-based networking (using MPLS or otherwise), secure utilization of Internet links, and the like, all as described above.
Having described the subject matter, what we claim is set forth below:
Number | Name | Date | Kind |
---|---|---|---|
20080219268 | Dennison | Sep 2008 | A1 |
20160380909 | Antony | Dec 2016 | A1 |
20170195237 | Parasmal | Jul 2017 | A1 |
Number | Date | Country | |
---|---|---|---|
20200228444 A1 | Jul 2020 | US |
Number | Date | Country | |
---|---|---|---|
62273047 | Dec 2015 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 15393299 | Dec 2016 | US |
Child | 16827824 | US |