The appended claims set forth the features of the invention with particularity. The invention, together with its advantages, may be best understood from the following detailed description taken in conjunction with the accompanying drawings of which:
Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for policing traffic using one or more multilevel coupled policers.
Note, embodiments described herein include various elements and limitations, with no one element or limitation contemplated as being a critical element or limitation. Each of the claims individually recites an aspect of the invention in its entirety. Moreover, some embodiments described may include, but are not limited to, inter alia, systems, networks, integrated circuit chips, embedded processors, ASICs, methods, and computer-readable media containing instructions. One or multiple systems, devices, components, etc. may comprise one or more embodiments, which may include some elements or limitations of a claim being performed by the same or different systems, devices, components, etc. The embodiments described hereinafter embody various aspects and configurations within the scope and spirit of the invention, with the figures illustrating exemplary and non-limiting configurations. Note, computer-readable media and means for performing methods and processing block operations are disclosed and are in keeping with the extensible scope and spirit of the invention.
As used herein, the term “packet” refers to packets of all types or any other units of information or data, including, but not limited to, frames, fixed length cells and variable length packets, each of which may or may not be divisible into smaller packets or cells. The term “packet” as used herein also refers to both the packet itself or a packet indication, such as, but not limited to all or part of a packet or packet header, a data structure value, pointer or index, or any other part or direct or indirect identification of a packet or information associated therewith. For example, often times a router operates on one or more fields or data of a packet, especially the header, so the body of the packet is often stored in a separate memory while the packet header is manipulated, and based on the results of the processing of the packet (i.e., the packet header in this example), the entire packet is forwarded or dropped, etc. Additionally, these packets may contain one or more types of information, including, but not limited to, voice, data, video, and audio information. The term “item” is used generically herein to refer to a packet or any other unit or piece of information or data, a device, component, element, or any other entity. The phrases “processing a packet” and “packet processing” typically refer to performing some steps or actions based on the packet contents (e.g., packet header or other fields), and such steps or action may or may not include modifying, storing, dropping, and/or forwarding the packet and/or associated data. The term or reference to “dropping” a packet or a variant thereof (e.g., drop the packet, the packet is dropped, etc.) is used herein to identify the physical dropping of the packet, causing the packet to be dropped, and/or marking or distinguishing the packet for subsequent dropping or potentially different processing (e.g., a higher probability of being dropped by subsequent processing, Early Congestion Notification marking, etc.) than that of an “admitted” packet. The term “interface” of a networked device broadly refers to a physical interface, a logical interface (e.g., a portion of a physical interface or sometimes referred to in industry as a sub-interface—for example, such as, but not limited to a particular VLAN associated with a network interface), and/or a virtual interface (e.g., traffic grouped together based on some characteristic—for example, such as, but not limited to, a tunnel interface), or even a “port” as commonly used in bridging terminology.
The term “system” is used generically herein to describe any number of components, elements, sub-systems, devices, packet switch elements, packet switches, routers, networks, computer and/or communication devices or mechanisms, or combinations of components thereof. The term “computer” is used generically herein to describe any number of computers, including, but not limited to personal computers, embedded processing elements and systems, control logic, ASICs, chips, workstations, mainframes, etc. The term “processing element” is used generically herein to describe any type of processing mechanism or device, such as a processor, ASIC, field programmable gate array, computer, etc. The term “device” is used generically herein to describe any type of mechanism, including a computer or system or component thereof. The terms “task” and “process” are used generically herein to describe any type of running program, including, but not limited to a computer process, task, thread, executing application, operating system, user process, device driver, native code, machine or other language, etc., and can be interactive and/or non-interactive, executing locally and/or remotely, executing in foreground and/or background, executing in the user and/or operating system address spaces, a routine of a library and/or standalone application, and is not limited to any particular memory partitioning technique. The steps, connections, and processing of signals and information illustrated in the figures, including, but not limited to any block and flow diagrams and message sequence charts, may typically be performed in the same or in a different serial or parallel ordering and/or by different components and/or processes, threads, etc., and/or over different connections and be combined with other functions in other embodiments, unless this disables the embodiment or a sequence is explicitly or implicitly required (e.g., for a sequence of read the value, process the value—the value must be obtained prior to processing it, although some of the associated processing may be performed prior to, concurrently with, and/or after the read operation). Furthermore, the term “identify” is used generically to describe any manner or mechanism for directly or indirectly ascertaining something, which may include, but is not limited to receiving, retrieving from memory, determining, defining, calculating, generating, etc.
Moreover, the terms “network” and “communications mechanism” are used generically herein to describe one or more networks, communications media or communications systems, including, but not limited to the Internet, private or public telephone, cellular, wireless, satellite, cable, local area, metropolitan area and/or wide area networks, a cable, electrical connection, bus, etc., and internal communications mechanisms such as message passing, interprocess communications, shared memory, etc. The term “message” is used generically herein to describe a piece of information which may or may not be, but is typically communicated via one or more communication mechanisms of any type.
The term “storage mechanism” includes any type of memory, storage device or other mechanism for maintaining instructions or data in any format. “Computer-readable medium” is an extensible term including any memory, storage device, and/or other storage mechanism tangibly embodying instructions and/or data. The term “memory” includes any random access memory (RAM), read only memory (ROM), flash memory, integrated circuits, and/or other memory components or elements. The term “storage device” includes any solid state storage media, disk drives, diskettes, networked services, tape drives, and other storage devices. Memories and storage devices may store computer-executable instructions to be executed by a processing element and/or control logic, and data which is manipulated by a processing element and/or control logic. The term “data structure” is an extensible term referring to any data element, variable, data structure, database, and/or one or more organizational schemes that can be applied to data to facilitate interpreting the data or performing operations on it, such as, but not limited to memory locations or devices, sets, queues, trees, heaps, lists, linked lists, arrays, tables, pointers, etc. A data structure is typically maintained in a storage mechanism. The terms “pointer” and “link” are used generically herein to identify some mechanism for referencing or identifying another element, component, or other entity, and these may include, but are not limited to a reference to a memory or other storage mechanism or location therein, an index in a data structure, a value, etc.
The term “one embodiment” is used herein to reference a particular embodiment, wherein each reference to “one embodiment” may refer to a different embodiment, and the use of the term repeatedly herein in describing associated features, elements and/or limitations does not establish a cumulative set of associated features, elements and/or limitations that each and every embodiment must include, although an embodiment typically may include all these features, elements and/or limitations. In addition, the phrase “means for xxx” typically includes computer-readable medium containing computer-executable instructions for performing xxx.
In addition, the terms “first,” “second,” etc. are typically used herein to denote different units (e.g., a first element, a second element). The use of these terms herein does not necessarily connote an ordering such as one unit or event occurring or coming before another, but rather provides a mechanism to distinguish between particular units. Additionally, the use of a singular tense of a noun is non-limiting, with its use typically including one or more of the particular thing rather than just one (e.g., the use of the word “memory” typically refers to one or more memories without having to specify “memory or memories,” or “one or more memories” or “at least one memory”, etc.). Moreover, the phrases “based on x” and “in response to x” are used to indicate a minimum set of items “x” from which something is derived or caused, wherein “x” is extensible and does not necessarily describe a complete list of items on which the operation is performed, etc. Additionally, the phrase “coupled to” is used to indicate some level of direct or indirect connection between two elements or devices, with the coupling device or devices modifying or not modifying the coupled signal or communicated information. The term “subset” is used to indicate a group of all or less than all of the elements of a set. The term “subtree” is used to indicate all or less than all of a tree. Moreover, the term “or” is used herein to identify a selection of one or more, including all, of the conjunctive items. Additionally, the transitional term “comprising,” which is synonymous with “including,” “containing,” or “characterized by,” is inclusive or open-ended and does not exclude additional, unrecited elements or method steps.
Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for policing traffic using one or more multilevel coupled policers.
One embodiment of an apparatus configured to police packets includes: a first-level plurality of class policers configured to identify a tentative policing action for each packet of a plurality of packets; and a second-level aggregate policer configured to determine final policing actions for said packets based on their respective tentative policing action and bandwidth allocated to the aggregate policer to share among said class policers; wherein said determination of the final policing action includes reclassifying one or more packets identified as being non-conforming from said first-level plurality of class policers into a different policing classification, wherein the apparatus is configured to process said one or more reclassified packets according to a conforming action.
In one embodiment, the conforming action includes not dropping said one or more reclassified packets, and allowing said one or more reclassified packets to proceed or be further processed. In one embodiment, said different policing classification is conforming. In one embodiment, one or more of said first-level class policers is associated with a token bucket filled at a rate corresponding to a minimum bandwidth guarantee; and wherein the apparatus is configured to use said token bucket in determining said tentative policing actions. In one embodiment, the aggregate policer is associated with an aggregate token bucket filled at a rate not exceeding the sum of said minimum bandwidth guaranteed rates of said class policers; and wherein the apparatus is configured to use said aggregate token bucket in determining said reclassification of said packets. In one embodiment, said one or more of said first-level class policers are associated with a respective token bucket filled at a rate corresponding to an absolute bandwidth rate; and wherein said apparatus is configured to use said token bucket in determining said tentative policing actions. In one embodiment, said determination of the final policing action includes identifying that certain packets should not be reclassified based on their associated first-level class policer of the plurality of class policers.
One embodiment of a multilevel coupled policer configured to police packets includes: at least two policing levels including a first-level plurality of class policers and a second-level aggregate policer, with the multilevel coupled policer being configured to share bandwidth of the aggregate policer among packet traffic corresponding to the class policers based on said packet traffic; wherein the multilevel coupled policer is configured to apply a particular class policer of the plurality of class policers corresponding to a particular packet to identify a tentative policing action; wherein the multilevel coupled policer is configured to apply the second-level aggregate policer to the particular packet based on said identified tentative policing action and based on a number of tokens in a token bucket associated with the second-level aggregate policer in order to determine a final policing action for marking or applying to the particular packet; wherein the second-level aggregate policer is configured to classify the final policing action as conforming when the tentative policing action was said identified as not being conforming for the particular class policer and the number of tokens in the token bucket corresponded to the particular packet as being conforming with the aggregate policer; and wherein the multilevel coupled policer is configured to mark or apply said identified final policing action to the particular packet.
In one embodiment, the multilevel coupled policer is configured to mark the particular packet for possible dropping or is configured to drop the particular packet in response to the final policing action not being conforming. In one embodiment, the multilevel coupled policer is configured to allow the number of tokens in the token bucket associated with the second-level aggregate policer to be negative.
One embodiment of a multilevel coupled policer configured to police packets, includes: at least two policing levels including a first-level plurality of class policers and a second-level aggregate policer, the multilevel coupled policer configured to share bandwidth of the aggregate policer among packet traffic corresponding to the class policers based on said packet traffic; wherein the multilevel coupled policer is configured to apply a particular class policer of the plurality of class policers corresponding to a particular packet to identify a tentative policing action, the tentative policing action including conforming, violating, and exceeding; wherein the multilevel coupled policer is configured to apply the second-level aggregate policer to the particular packet based on said identified tentative policing action as well as a number of tokens in a committed information rate (CIR) aggregate token bucket or a peak information rate (PIR) aggregate token bucket associated with the second-level aggregate policer in order to determine a final policing action for marking or applying to the particular packet; wherein the second-level aggregate policer is configured to classify the final policing action as conforming when the tentative policing action was said identified as violating or exceeding for the particular class policer and said one or more results of said one or more comparison operations identified the particular packet as being conforming with the second-level aggregate policer; and wherein the multilevel coupled policer is configured to mark or apply said identified final policing action to the particular packet
In one embodiment, the multilevel coupled policer is configured to allow the number of tokens in the committed information rate (CIR) aggregate token bucket and the peak information rate (PIR) aggregate token bucket to be negative to account for bandwidth of conforming packets. In one embodiment, said identification of the particular packet as being conforming with the second-level aggregate policer is based on the number of tokens in the committed information rate (CIR) aggregate token bucket being in conformance with the length of the particular packet and the tentative policing action was said identified as exceeding. In one embodiment, said identification of the particular packet as being conforming with the second-level aggregate policer is based on the number of tokens in the peak information rate (PIR) aggregate token bucket being in conformance with the length of the particular packet, the number of tokens in the committed information rate (CIR) aggregate token bucket being in conformance with the length of the particular packet, and the tentative policing action was said identified as violating.
One embodiment polices packets using a multilevel coupled policer scheme including a first-level plurality of class policers and a second-level aggregate policer, with each of said policers associated with a token bucket, the multilevel coupled policer scheme configured to share bandwidth of the aggregate policer among packet traffic corresponding to the class policers based on said packet traffic. One embodiment performs operations including: selecting a particular class token bucket of said class token buckets based on a particular packet; updating the number of tokens in the particular class token bucket based on the elapsed time since its last update and a corresponding token fill rate; updating the number of tokens in an aggregate token bucket associated with the particular token bucket based on the elapsed time since its last update and a corresponding token fill rate; in response to determining that the length of the packet conforms with the number of tokens in the particular class token bucket or in the aggregate token bucket: updating both the particular class token bucket and the aggregate token bucket based on the length of the packet, and marking or applying conforming action to the particular packet; and in response to determining that the length of the packet does not conform with the number of tokens in the particular class token bucket: in response to determining that the length of the packet does not conform with the number of tokens in the aggregate token bucket, marking or applying an exceeding action to the particular packet.
In one embodiment, said exceeding action includes dropping the particular packet. In one embodiment, said conforming action includes forwarding the packet. In one embodiment, said operation of the determination that the length of the packet conforms with the number of tokens in the particular class token bucket or in the aggregate token bucket includes: determining that the number of tokens in the particular class token bucket is not enough for the particular packet to conform, and determining that the number of tokens in the aggregate token bucket is enough for the particular packet to conform. In one embodiment, said operation of in response to determining that the length of the packet conforms with the number of tokens in the particular class token bucket or in the aggregate token bucket: updating both the particular class token bucket and the aggregate token bucket based on the length of the packet, and marking or applying conforming action to the particular packet includes: determining that the number of tokens in the particular class token bucket is sufficient for the particular packet, and updating the aggregate token bucket to result in a negative number of tokens.
One embodiment comprises a multilevel coupled policer configured to police packets, with the multilevel coupled policer including: a first-level plurality of class policers, with each of said policers associated with a committed information rate (CIR) token bucket and a peak information rate (PIR) token bucket; a second-level aggregate policer associated with a CIR aggregate token bucket and a PIR aggregate token bucket; means for updating the number of tokens in a particular CIR class token bucket and in a particular PIR token bucket corresponding to an arrived particular packet based on the elapsed time since their respective last update and based on their respective token fill rate; means for updating the number of tokens in said CIR aggregate token bucket and said PIR aggregate token bucket based on the elapsed time since their respective last update and based on their respective token fill rate; means for updating the number of tokens in the particular PIR class token bucket, in the particular CIR class token bucket, in said CIR aggregate token bucket, and in said PIR aggregate token bucket based on the packet length and for marking or applying conforming action to the particular packet when the length of the packet conforms with the number of tokens in the particular PIR class token bucket and in the particular CIR class token bucket; and means for classifying the packet as conforming, for marking or applying conforming action to the particular packet, and for updating the number of tokens in said CIR aggregate token bucket and said PIR aggregate token bucket based on the length of the packet, when determined to not to be conforming based on the particular PIR class token bucket or the particular CIR class token bucket, but determined to be conforming based on the CIR aggregate token bucket.
One embodiment includes means for identifying the particular packet as violating and for marking or applying violating action to the particular packet when the length of the packet does not conform with the number of tokens in the particular PIR class token bucket nor with the number of tokens in the PIR aggregate token bucket. One embodiment includes means for identifying the particular packet as exceeding and for marking or applying exceeding action to the particular packet when the length of the packet does not conform with the number of tokens in the particular PIR class token bucket, the length of the packet does conform with the number of tokens in the PIR aggregate token bucket, and the length of the packet does not conform with the number of tokens in the CIR aggregate token bucket; and means for updating the number of tokens in said PIR aggregate token bucket based on the length of the packet.
In one embodiment, the multilevel coupled policer is also configured to identify the particular packet as exceeding and for marking or applying exceeding action to the particular packet when the length of the packet does conform with the number of tokens in the particular PIR class token bucket, the length of the packet does not conform with the number of tokens in the particular CIR class token bucket, and the length of the packet does not conform with the number of tokens in the CIR aggregate token bucket.
In one embodiment, the multilevel coupled policer is also configured to identify the particular packet as exceeding and for marking or applying exceeding action to the particular packet when the length of the packet does conform with the number of tokens in the particular PIR class token bucket, the length of the packet does not conform with the number of tokens in the particular CIR class token bucket, and the length of the packet does not conform with the number of tokens in the CIR aggregate token bucket; and means for updating the number of tokens in said PIR aggregate token bucket based on the length of the packet.
One embodiment includes means for identifying the particular packet as exceeding and for marking or applying exceeding action to the particular packet when the length of the packet does not conform with the number of tokens in the particular PIR class token bucket, the length of the packet does conform with the number of tokens in the PIR aggregate token bucket, and the length of the packet does not conform with the number of tokens in the CIR aggregate token bucket; and means for updating the number of tokens in said PIR aggregate token bucket based on the length of the packet.
In one embodiment, the multilevel coupled policer is also configured to identify the particular packet as exceeding and for marking or applying exceeding action to the particular packet when the length of the packet does conform with the number of tokens in the particular PIR class token bucket, the length of the packet does not conform with the number of tokens in the particular CIR class token bucket, and the length of the packet does not conform with the number of tokens in the CIR aggregate token bucket.
In one embodiment, the multilevel coupled policer is also configured to identify the particular packet as exceeding and for marking or applying exceeding action to the particular packet when the length of the packet does conform with the number of tokens in the particular PIR class token bucket, the length of the packet does not conform with the number of tokens in the particular CIR class token bucket, and the length of the packet does not conform with the number of tokens in the CIR aggregate token bucket; and wherein the multilevel coupled policer includes: means for updating the number of tokens in said PIR aggregate token bucket based on the length of the packet.
Turning to the figures,
As shown in
In one embodiment, system or component 340 includes one or more processing elements 341, memory 342, storage devices 343, mechanisms for sending and receiving packets 344, and specialized components 345 (e.g., ternary or binary content-addressable memories used for packet classification, etc.), which are typically communicatively coupled via one or more communications mechanisms 349, with the communications paths typically tailored to meet the needs of the application.
Various embodiments of component 340 may include more or less elements. The operation of component 340 is typically controlled by processing element 341 using memory 342 and storage devices 343 to perform one or more tasks or processes. Memory 342 is one type of computer-readable medium, and typically comprises random access memory (RAM), read only memory (ROM), flash memory, integrated circuits, and/or other memory components. Memory 342 typically stores computer-executable instructions to be executed by processing element 341 and/or data which is manipulated by processing element 341 for implementing functionality in accordance with an embodiment. Storage devices 343 are another type of computer-readable medium, and typically comprise solid state storage media, disk drives, diskettes, networked services, tape drives, and other storage devices. Storage devices 343 typically store computer-executable instructions to be executed by processing element 341 and/or data which is manipulated by processing element 341 for implementing functionality in accordance with an embodiment.
Processing of
As determined in process block 408, if the packet conforms to the class token bucket (e.g., the token bucket has enough tokens for the length/size of the packet, as in one embodiment, the number of tokens is greater than the length of the packet measured in corresponding units), then in process block 410, the class token bucket is updated based on the length of the packet (e.g., the number of tokens in the token bucket is reduced by a number of tokens corresponding to the length of the packet). As determined in process block 412, if use of the bandwidth of the aggregate policer is allowed for the current packet (e.g., the classification thereof), then in process block 414, the aggregate token bucket is updated based on the elapsed time since its last update, its fill rate, and the length of the packet (e.g., the token bucket is increased by the number of token buckets that should be added since its last update, possibly to a maximum number, and is reduced by the number of tokens corresponding to the length of the packet). In process block 416, the packet is marked as conforming and/or the conforming action is applied to the packet; and processing returns to process block 402.
Otherwise, as determined in process block 420, if aggregation is not allowed, then in process block 430, the packet is marked as exceeding and/or the exceeding action is applied to the packet; and processing returns to process block 402. In other words, if aggregations is not allowed, the bandwidth of the aggregate policer (e.g., typically, this includes unused bandwidth of the first-level class policers). Otherwise, in process block 422, the aggregate token bucket is updated based on the elapsed time since its last update and its fill rate. As determined in process block 424, if the packet conforms with the aggregate token bucket (e.g., it has enough tokens for the size of the packet), then in process block 426, the aggregate token buckets is updated based on the length of the packet; and in process block 428, the packet is marked as conforming and/or the conforming action is applied to the packet; and processing returns to process block 402. Otherwise, in process block 430, the packet is marked as exceeding and/or the exceeding action is applied to the packet; and processing returns to process block 402.
As shown in
Processing of
Otherwise, as determined in process block 508, the packet does not conform to the CIR class token bucket, then in process block 532, the PIR aggregate token bucket is update based on the packet length and as determined in process block 534, if the packet conforms with the CIR aggregate token bucket, then in process block 536, the CIR aggregate token bucket is also updated based on the packet length; and in process block 514, the packet is marked as conforming and/or the conforming action is applied to the packet; and processing returns to process block 502. (Note, in one embodiment, if the packet conforms with the CIR aggregate token bucket as determined in process block 534, then the packet-size amount of tokens is re-added to the class PIR token bucket before processing proceeds to process block 536.) Otherwise, as determined in process block 534, the packet does not conform with the CIR aggregate token bucket, and in process block 538, the packet is marked as exceeding and/or the exceeding action is applied to the packet; and processing returns to process block 502.
Otherwise, as determined in process block 504, the packet does not conform to the PIR class token bucket. As determined in process block 540, if the packet does not conform with the PIR aggregate token bucket, then in process block 542, the packet is marked as violating and/or the violating action is applied to the packet; and processing returns to process block 502. Otherwise, in process block 544, the PIR aggregate token bucket is updated based on the packet length. As determined in process block 546, if the packet conforms with the CIR aggregate token bucket, then in process block 536, the CIR aggregate token bucket is also updated based on the packet length; and in process block 514, the packet is marked as conforming and/or the conforming action is applied to the packet; and processing returns to process block 502. Otherwise, in process block 538, the packet is marked as exceeding and/or the exceeding action is applied to the packet; and processing returns to process block 502.
In view of the many possible embodiments to which the principles of our invention may be applied, it will be appreciated that the embodiments and aspects thereof described herein with respect to the drawings/figures are only illustrative and should not be taken as limiting the scope of the invention. For example, and as would be apparent to one skilled in the art, many of the process block operations can be re-ordered to be performed before, after, or substantially concurrent with other operations. Also, many different forms of data structures could be used in various embodiments. The invention as described herein contemplates all such embodiments as may come within the scope of the following claims and equivalents thereof.