(1) Field of the Invention
The present invention relates generally to network devices, and more particularly to improved devices and methods for delivering services and applications to network users.
(2) Description of the Prior Art
Increasing numbers of businesses, services, and other providers are expanding their offerings on the internet. The basic structure for providing network services, however, is constrained with data transport dependencies. Unfortunately, a given service is often provided from a single network location that is deemed the central location for the service. This location may be identified by a destination internet protocol (IP) address that corresponds to a server that is capable of receiving and processing the request. Prior art systems attempt to ease the demand for a given service by providing a multiplicity of servers at the destination IP address, wherein the servers are managed by a content-aware flow switch. The content-aware flow switch intercepts requests for the application or service and preferably initiates a flow with a server that maintains a comparatively low processing load. Although the prior art systems may attempt to increase the computational power at the particular destination IP address by distributing the requests at the IP address, data transport dependencies remain inherent in the network structure. The content-aware flow switch is therefore limited by the rate at which requests arrive.
There is currently not a scalable system or method to alleviate the data transport dependencies characteristic of large computer networks such as the internet.
What is needed is a system and method for delivering applications and services to computer network users that is scalable to increased network demands for applications and services, and thereby mitigates data transport dependencies typical of the present internet architecture.
The methods and systems of this invention provide a scalable architecture and method to facilitate the allocation of network services and applications by distributing the services and applications throughout a network such as the internet. In an embodiment, the methods and systems can be implemented using a switch architecture that can include applications processors that can execute applications and services according to subscriber profiles. In one embodiment, the applications processors utilize the LINUX operating system to provide an open architecture for downloading, modifying, and otherwise managing applications. The switch architecture can also include a front-end processor that interfaces to the network and the application processors, recognizes data flows from subscribers, and distributes the data flows from the network to the applications processors for applications processing according to subscriber profiles. In an embodiment, the front-end processors can recognize data flows from non-subscribers, and switch such data flows to an appropriate destination in accordance with standard network switches. In one embodiment, the front-end processors include flow schedules for distributing subscriber flows amongst and between several applications processors based on existing flow processing requirements, including for example, policy.
In an embodiment, the applications processors and front-end processors can be connected to a control processor that can further access local and remote storage devices that include subscriber profile information and applications data that can be transferred to the front-end or applications processors. The control processor can further aggregate health and maintenance information from the applications and front-end processors, and provide a communications path for distributing health, maintenance, and/or control information between a management processor and the front-end and applications processors.
In an embodiment, the methods and systems disclosed herein can include the functionality of a switch that can be located at the front-end of a network of servers, while in another embodiment, the network apparatus may be between routers that connect networks.
In one embodiment, the front-end processors can be Network Processor Modules (NPMs), while the at least one applications processor can be Flow Processor Modules (FPMs). The control processor can include a Control Processor Module (CPM). In this embodiment, the NPMs can interface to a communications system network such as the internet, receive and classify flows, and distribute flows to the FPMs according to a flow schedule that can be based upon FPM utilization. The at least one FPM can host applications and network services that process data from individual flows using one or more processors resident on the FPMs. The CPM can coordinate the different components of the switch, including the NPMs and FPMs, allow management access to the switch, and support access to local storage devices. Local storage devices can store images, configuration files, and databases that may be utilized when applications execute on the FPMs.
In an embodiment, the methods and systems of the invention can also allow the CPM to access a remote storage device that can store applications and databases. An interface to at least one management server (MS) module can receive and aggregate health and status information from the switch modules (e.g., NPMs, FPMs, CPMs) through the CPMs. In one embodiment, the MS module can reside on a separate host machine. In another embodiment, the management server module functionality can be incorporated in a processor resident on a CPM.
In one embodiment, an internal switched Ethernet control bus connects the internal components of the switch and facilitates management and control operations. The internal switched Ethernet control bus can be separate from a switched data path that can be used for internal packet forwarding.
In an embodiment of the invention, the NPMs, the CPMs, the FPMs, and the interconnections between the NPMs, CPMs, and FPMs, can be implemented with selected redundancy to enhance the fault tolerant operations and hence system reliability. For example, in one embodiment wherein two NPMs, ten FPMs, and two CPMs can be implemented, the two NPMs can operate in redundant or complementary configurations. Additionally, the two CPMs can operate in a redundant configuration with the first CPM operational and the second CPM serving as a backup. The NPMs and CPMs can be controlled via the Management Server module that can determine whether a particular NPM or CPM may be malfunctioning, etc. In this same example, up to two FPMs can be identified as reserve FPMs to assist in ensuring that, in case of an FPM failure, eight FPMs can function at a given time, although those with ordinary skill in the art will recognize that such an example is provided for illustration, and the number of reserve or functioning FPMs can vary depending upon system requirements, etc. The illustrated FPMs can be configured to host one or more applications, and some applications can be resident on multiple FPMs to allow efficient servicing for more heavily demanded applications. Data flows entering the switch in this configuration can be received from an originator, processed by a NPM and returned to the originator, processed by a NPM and forwarded to a destination, forwarded by a NPM to a flow processor and returned via the NPM to the originator, or forwarded by a NPM to a flow processor and forwarded by the NPM to a destination. In an embodiment wherein two or more NPMs are configured for complementary operation, a flow received by a first NPM may be processed, forwarded to a second NPM, and forwarded by the second NPM to a destination. In another embodiment, the first NPM can receive a flow and immediately forward the flow to the second NPM for processing and forwarding to a destination. In complementary NPM embodiments, FPM processing can also be included within the described data paths.
In an embodiment, the well-known Linux operating system can be installed on the FPM and CPM processors, thereby providing an open architecture that allows installation and modification of, for example, applications residing on the FPMs. In an embodiment, the NPMs can execute the well-known Vxworks operating system on a MIPS processor and a small executable on a network processor.
Other objects and advantages of the invention will become obvious hereinafter in the specification and drawings.
A more complete understanding of the invention and many of the attendant advantages thereto will be readily appreciated as the same becomes better understood by reference to the following detailed description when considered in conjunction with the accompanying drawings, wherein like reference numerals refer to like parts and wherein:
To provide an overall understanding of the invention, certain illustrative embodiments will now be described; however, it will be understood by one of ordinary skill in the art that the systems and methods described herein can be adapted and modified to provide systems and methods for other suitable applications and that other additions and modifications can be made to the invention without departing from the scope hereof.
For the purposes of the disclosure herein, an application can be understood to be a data processing element that can be implemented in hardware, software, or a combination thereof, wherein the data processing element can include a number of states that can be zero or any positive integer.
For the purposes of the methods and systems described herein, a processor can be understood to be any element or component that is capable of executing instructions, including but not limited to a Central Processing Unit (CPU).
The invention disclosed herein includes systems and methods related to a network apparatus that can be connected in and throughout a network, such as the internet, to make available applications and services throughout the network, to data flows from subscriber users. Although the apparatus can perform the functions normally attributed to a switch as understood by one of ordinary skill in the art, and similarly, the apparatus can be connected in and throughout the network as a switch as understood by one of ordinary skill in the art, the apparatus additionally allows the distribution of applications throughout the network by providing technical intelligence to recognize data flows received at the switch, recall a profile based on the data flow, apply a policy to the data flow, and cause the data flow to be processed by applications or services according to the profile and/or policy, before forwarding the data flow to a next destination in accordance with switch operations as presently understood by one of ordinary skill in the art. In an embodiment, the next destination may be a network address or a another device otherwise connected to the network apparatus. By increasing the availability of services by distributing the services throughout the network, scalability issues related to alternate solutions to satisfy increased demand for applications and services, are addressed.
Four exemplary modes and corresponding illustrative examples of operation for the network apparatus or device are presented herein, wherein such modes are provided for illustration and not limitation. A first mode can be utilized for, as an example, a firewall application, wherein data flows can be received by the network apparatus and processed in what can otherwise be known as a “pass or drop” scenario. In such applications, the network apparatus can accept data flows from one interface and either pass the flow to a destination using a second interface according to permissions provided by the firewall, or the data flow may be dropped (i.e., not forwarded to the destination). In a second scenario, labeled “modify, source, and send,” a data flow received by the network apparatus can be received by a first interface, modified, and forwarded via a second interface to a destination. An example embodiment of the second scenario includes content insertion. In a third scenario, the network apparatus can function as a proxy wherein data flows can be received, processed, and returned at a first data interface, and similarly, data flows received from a second data interface can be processed and returned via the second interface, wherein the respective data flows can be dependent or otherwise related. Sample embodiments of the third scenario include transaction services and protocol translation. In a fourth sample embodiment, the network apparatus can be utilized for applications including, for example, VoIP conferencing, content insertion, and application caching, wherein data flows can be received at a first interface, processed, and returned via the first interface.
The network apparatus 12 can also recognize data as not otherwise belonging to a subscriber and therefore not eligible for applications processing, wherein such data can be switched to a destination in accordance with a switch presently known to one of ordinary skill in the art. Those with ordinary skill in the art will also recognize that although this disclosure presents the apparatus connected within the network known as the internet, the internet application is presented for illustration and not limitation. In an embodiment wherein the apparatus is used with a communications system such as the internet, the apparatus can be connected at the front-end of a server network, or alternately, between routers that connect networks, although the apparatus disclosed herein is not limited to such embodiments.
As indicated, using an architecture according to the principles illustrated, the apparatus 12 may be placed within the normal scheme of a network such as the internet, wherein the apparatus 12 may be located, for example, at the front-end of a server network, or alternately and additionally, between routers that connect networks. Using firmware and/or software configured for the apparatus modules, the apparatus 12 can be configured to provide applications to subscribers, wherein the applications can include virus detection, intrusion detection, firewalls, content filtering, privacy protection, and policy-based browsing, although these applications are merely an illustration and are not intended as a limitation of the invention herein. In one embodiment, the NPMs 14 can receive data packets or flows and process such packets entirely before forwarding the packets to the appropriate destination. In the same embodiment, the NPMs 14 can receive and forward the packets to an appropriate destination. Also in the same embodiment, the NPMs 14 can recognize data packets that require processing that can be performed by applications residing on the FPMs 22; and in these instances, the NPMs 14 can perform flow scheduling to determine which FPM 22 can appropriately and most efficiently process the data, wherein the data packets or flow can then be forwarded to the selected FPM 22 for processing. In an embodiment, not all FPMs 22 can process all types of processing requests or data packets. Additionally, to process a data request, in some instances, a FPM 22 can require information from the local memory device 30 or the remote memory device 32, wherein the NPM 14 can direct the retrieval of storage data through the CPM 24 and thereafter forward the storage data to the FPM 22. An FPM 22 can thereafter transfer processed data to the NPM 14 for forwarding to an appropriate destination. With the apparatus 12 architecture such as that provided by
In an embodiment wherein two NPMs are configured for complementary operation, data received at a first NPM can be processed by the first NPM, transmitted to a second NPM, and forwarded by the second NPM to a destination. Alternately, data received at the first NPM can be forwarded to the second NPM, processed, and forwarded to a destination accordingly. In yet other scenarios, data received at either of the two NPMs can be forwarded to any of the FPMs 22, processed, and returned to either of the NPMs for forwarding to a destination. Those with ordinary skill in the art will recognize that the examples of data movement and processing entering, within, and exiting the apparatus 10 are merely for illustration and not limitation, and references to the first NPM and second NPM in the complementary embodiment can be exchanged, for example, without departing from the scope of the invention.
Additionally, as indicated in
A NPM 14 can include a modular and optional subsystem illustrated in
The network interface subsystem 40 can be a changeable component of the NPM architecture, wherein the different options can be different Printed Circuit Board (PCB) designs or pluggable option boards, however, those with ordinary skill in the art will recognize that such methods of implementing the network interface subsystem 40 are merely illustrative and the invention herein is not limited to such techniques.
For example,
Referring now to
Referring now to
Referring now to
Referring now to
Referring to
Referring back to
The
In the illustrated system, the ports on the sixteen bit FOCUS bus on the Focus Connect devices 132a, 132b, with the exception of local port eight, are attached to a Cypress Quad Hotlink Gigabit transceiver 134 that is a serial to deserial (SerDes) device 136 having dual redundant I/O capabilities and configured for dual channel bonded mode. The dual channel bonded mode couples two channels together in a sixteen-bit channel, wherein there can be two such sixteen-bit channels per device. Referring now
For example, with the illustrated system of
As Tables 1 and 2 indicate, using the
The fourth major subsystem of the
Referring back to
Referring now to
Referring to
Data packets moving into and out of the FPM 22 in the illustrated system use a 16-bit wide 100 Megahertz bus called the FOCUS bus, and in the illustrated embodiment, a full-duplex FOCUS bus attaches to every FPM 22 from each NPM 14, wherein in the illustrated embodiment of dual redundant NPMs 14a, 14b, every FPM 22 communicates with two NPMs 14a, 14b. As indicated previously, the FOCUS bus signal is serialized on the NPM 14a, 14b before it is placed on the backplane, to improve signal integrity and reduce the number of traces. As illustrated, deserializers 154a, 154b on the FPM 22 convert the signal from the backplane to a bus and the bus connects the deserializers 154a, 154b to a Focus Connect 156 that interfaces through a FPGA 158 and Input Output Processor 160 to the 440BX AGPset 152. The illustrated PRC is an eight-way FOCUS switch that allows the FPM 22 to properly direct packets to the correct NPM 14.
The
The illustrated FPM 22 may also support different types of mass storage devices that can include, for example, a M-Systems DiskOnChip (DOC), a 2.5 inch disk drive, NVRAM for semi-permanent storage of settings and parameters, etc.
Referring now to
As discussed earlier, in the illustrated embodiment, the control planes terminate at a CPM 24, wherein the illustrative control planes are dual redundant, private, switched 100 Megabit Ethernet. The switching elements are housed on the CPM 24, and therefore all point-to-point connections between other modules and a CPM 24 are maintained through the backplane connector.
Additionally, the CPM 24 controls the switch 12 boot process and manages the removal and insertion of modules into the switch 12 while the switch 12 is operational.
In the illustrated CPM 24 of
Three fast Ethernet controllers 174a, 174b, 174c also reside on the PCI bus of the 440 BX 172. One of these three fast Ethernet controllers 174a provides external communications and multiplexes with the fast Ethernet on the other CPM 24. The other two fast Ethernet controllers 174b, 174c provide dedicated communications paths to the NPMs 14 and FPMs 22. In the illustrated system of
Data packets move into and out of the illustrated CPM 24 using a sixteen-bit wide 100 MHz FOCUS bus. In the illustrated system, there is one full-duplex FOCUS bus coupling each CPM 24 to each NPM 14, wherein for the illustrated system of
Referring again to the systems of
The illustrated CPMs 24 can also access a remote storage device 32, wherein such remote storage can store services, database, etc., that may not be efficiently stored in the local memory device 30. The remote storage device 32 can be any compilation of memory components that can be physically or logically partitioned depending upon the application, and those with ordinary skill in the art will recognize that the invention herein is not limited by the actual memory components utilized to create the remote storage device 32.
The
In an embodiment, the well-known Linux operating system can be installed on the FPM 22 and CPM 24 processors, thereby providing an open architecture that allows installation and modification of, for example, applications residing on the FPMs 22. In the illustrated systems, the management and control of applications on the switch modules can be performed using the MS 28. In the illustrated embodiments, the MS 28 management can be performed using the CPM 24. Applications such as firewall applications, etc., in the illustrated embodiments can therefore be downloaded, removed, modified, transferred between FPMs 22, etc. using the MS 28.
In an embodiment, the NPMs 14 can execute the well-known Vxworks operating system on the MIPS processor and a small executable on the IQ2000 processor 42. Those with ordinary skill in the art will recognize that the methods and systems disclosed herein are not limited to the choice of operating systems on the various switch modules, and that any operating system allowing an open architecture can be substituted while remaining within the scope of the invention.
One advantage of the present invention over the prior art is that a switch architecture is disclosed with multiple processor modules having an open architecture wherein applications may be distributed to and throughout the multiple processors for efficient servicing by applications throughout a network, and wherein a distinct processor module can interface to the network and appropriately direct data from the network, to one of the multiple processor modules in part as a function of the multiple processor processing loads, and hence return the processed data to the network.
What has thus been described are an apparatus and method to distribute applications and services in and throughout a network. The apparatus includes the functionality of a switch with the ability to apply applications and services to received data according to respective subscriber profiles. Front-end processors, or Network Processor Modules (NPMs), receive and recognize data flows from subscribers, extract profile information for the respective subscribers, utilize flow scheduling techniques to forward the data to applications processors, or Flow Processor Modules (FPMs). The FPMs utilize resident applications to process data received from the NPMs. A Control Processor Module (CPM) facilitates applications processing and maintains connections to the NPMs, FPMs, local and remote storage devices, and a Management Server (MS) module that can monitor the health and maintenance of the various modules. In an embodiment, the MS can download and otherwise control applications on the FPMs that execute the Linux operating system to provide an open architecture for downloading, executing, modifying, and otherwise managing applications.
Although the present invention has been described relative to a specific embodiment thereof, it is not so limited. Obviously many modifications and variations of the present invention may become apparent in light of the above teachings. For example, although the illustrated systems divided the modules into various components, the functionality of components may be combined into a single module where appropriate, without affecting the invention. For example, the management server module may be incorporated in the control processor module. Additionally, the processors and supporting components of the different modules may be replaced with other, similarly functioning components. In some embodiments, additional supporting components may be desired, while in other embodiments, some of the illustrated supporting components can be omitted. The connections between components, although in the illustrated embodiments include Ethernet connections, may include wired or wireless Ethernet, for example, or may include any combination of communicative channel and protocol, wherein examples of wired or wireless communicative channels may be bus configurations, cabling, infrared, spread spectrum, or other communicative channels or connections, and examples of protocols may include pseudo noise modulation, Frame Relay, Asynchronous Transfer Mode (ATM), etc., wherein such combinations of communicative-channel and protocol may herein be described and defined as electrical connections. Although the illustrated systems utilized Gigabit Ethernet connections, 100Base T, etc., any other high-speed data link can be substituted therein without departing from the scope of the invention.
Many additional changes in the details, materials, steps and arrangement of parts, herein described and illustrated to explain the nature of the invention, may be made by those skilled in the art within the principle and scope of the invention. Accordingly, it will be understood that the invention is not to be limited to the embodiments disclosed herein, may be practiced otherwise than specifically described, and is to be understood from the following claims, that are to be interpreted as broadly as allowed under the law.
This application claims priority to U.S. patent application Ser. No. 09/790,434, which was filed Feb. 21, 2001, for a “Network Application Apparatus”, and which in turn claimed the benefit of U.S. Provisional Application Ser. No. 60/235,281, entitled “Optical Application Switch Architecture with Load Balancing Method”, and filed on Sep. 25, 2000, naming Mike Ackerman, Stephen Justus, Throop Wilder, Kurt Reiss, Rich Collins, Derek Keefe, Bill Terrell, Joe Kroll, Eugene Korsunky, A. J. Beaverson, Avikudy Srikanth, Luc Parisean, Vitaly Dvorkian, Hung Trinh, and Sherman Dmirty as inventors, the contents of which are herein incorporated by reference.
Number | Name | Date | Kind |
---|---|---|---|
5062037 | Shorter et al. | Oct 1991 | A |
5134691 | Elms | Jul 1992 | A |
5276899 | Neches | Jan 1994 | A |
5446680 | Sekiya et al. | Aug 1995 | A |
5522070 | Sumimoto | May 1996 | A |
5675797 | Chung et al. | Oct 1997 | A |
5771234 | Wu et al. | Jun 1998 | A |
5774668 | Choquier et al. | Jun 1998 | A |
5790176 | Craig | Aug 1998 | A |
5867716 | Morimoto et al. | Feb 1999 | A |
5872779 | Vaudreuil | Feb 1999 | A |
5975945 | Daoud | Nov 1999 | A |
5978843 | Wu et al. | Nov 1999 | A |
6006264 | Colby et al. | Dec 1999 | A |
6014700 | Bainbridge et al. | Jan 2000 | A |
6058434 | Wilt et al. | May 2000 | A |
6064723 | Cohn et al. | May 2000 | A |
6067546 | Lund | May 2000 | A |
6092218 | Liddell et al. | Jul 2000 | A |
6182123 | Filepp et al. | Jan 2001 | B1 |
6226700 | Wandler et al. | May 2001 | B1 |
6279028 | Bradshaw, Jr. et al. | Aug 2001 | B1 |
6314463 | Abbott et al. | Nov 2001 | B1 |
6317775 | Coile et al. | Nov 2001 | B1 |
6347398 | Parthasarathy et al. | Feb 2002 | B1 |
6393569 | Orenshteyn | May 2002 | B1 |
6405246 | Hutchison | Jun 2002 | B1 |
6411986 | Susai et al. | Jun 2002 | B1 |
6430570 | Judge et al. | Aug 2002 | B1 |
6442599 | DuLac et al. | Aug 2002 | B1 |
6446109 | Gupta | Sep 2002 | B2 |
6466965 | Chessell et al. | Oct 2002 | B1 |
6578066 | Logan et al. | Jun 2003 | B1 |
6728808 | Brown | Apr 2004 | B1 |
6735206 | Oki et al. | May 2004 | B1 |
6816903 | Rakoshitz et al. | Nov 2004 | B1 |
6999952 | Pham | Feb 2006 | B1 |
7013333 | Skells | Mar 2006 | B1 |
7062556 | Chen et al. | Jun 2006 | B1 |
7069293 | Cox et al. | Jun 2006 | B2 |
7577623 | Genty et al. | Aug 2009 | B2 |
20010003831 | Boland | Jun 2001 | A1 |
20060020595 | Norton et al. | Jan 2006 | A1 |
20070192863 | Kapoor et al. | Aug 2007 | A1 |
20080133517 | Kapoor | Jun 2008 | A1 |
20080133518 | Kapoor et al. | Jun 2008 | A1 |
20080134330 | Kapoor et al. | Jun 2008 | A1 |
20080162390 | Kapoor et al. | Jul 2008 | A1 |
20080262990 | Kapoor et al. | Oct 2008 | A1 |
20100042565 | Akerman | Feb 2010 | A1 |
Number | Date | Country |
---|---|---|
0648038 | Dec 1995 | EP |
0690376 | Mar 1996 | EP |
WO-2007070838 | Jun 2007 | WO |
Number | Date | Country | |
---|---|---|---|
20060010207 A1 | Jan 2006 | US |
Number | Date | Country | |
---|---|---|---|
60235281 | Sep 2000 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 09790434 | Feb 2001 | US |
Child | 11173923 | US |