The present invention generally relates to packet classification in the data path of network nodes, for instance access nodes like a Digital Subscriber Line Access Multiplexer (DSLAM), a Cable Modem Termination System (CMTS), a Digital Loop Carrier (DLC), or an Optical Fibre Aggregator, routing nodes like an edge IP router, a core IP router, a switch/router, etc. The basic function of such network nodes is to process and forward inbound data packets that arrive on an inbound port to an outbound port that takes the data packet closer to its destination. Packet or data packet in the context of this patent application means any set of bits/bytes transmitted as a group, typically having an overhead and payload section. It includes fixed length and variable length packets. The process and forwarding decision is based on packet classification results. In the packet forwarding model, packet classification is likely the most complex and intensive task of the packet processor(s) in the data path. Packet classification involves identifying the packet by inspecting several fields in the data packet overhead and payload sections, and consulting look-up databases to classify the packet. Sophisticated packet classification, as is required in current high-speed networks, include complex packet content processing operations like multi-field header lookups, significant packet content analysis and parsing operations, access control list filtering, flow identification and other related tasks on top of the conventional MAC address table and IP destination address table lookups.
The complexity of and need for efficient packet classification solutions for next generation network equipment were already identified in 2001 in a White Paper from PMC-Sierra entitled “Toward Content-Based Classification”. This White Paper is published on the Internet at URL:
Section 4.3 lists examples of typical classification functions, illustrating that packet classification goes beyond simple identification of the packet through the header information. Section 5 describes the data path requirements for complex packet classification.
An overview of packet classification functionalities required in today's Internet switches and routers, as well as a comparison between various algorithms that implement the different packet classification tasks is given in the article “Data Path Processing in Fast Programmable Routers” from the author Pradipta De. This article of 18 Nov. 2004 can be downloaded from the Internet via the URL:
The article suggests using single stage packet classification in the data path (e.g. a general purpose processor or ASIC serves as network processor implementing all packet processing functions). Section IV of the article mentions the possibility of pipelining which is a break-up of the packet processing tasks like parsing, classification, queuing, and management/modification of the data packets in several stages inside the network processor. The network processor might rely on different co-processors for each stage of the pipeline.
To ensure that packet classification operates at line speeds, M. Kounavis et al. suggest in their article “Directions in Packet Classification for Network Processors” a two stage classification architecture: a fast software algorithm executing a 2-dimensional match based on source and destination IP addresses contained in the packet constitutes the first stage which only involves prefix matching, and a specialized hardware acceleration unit performing an n-2 dimensional match through more general range lookup operations on other fields contained in the packet constitutes the second stage. The entire article can be read at URL:
Similar to M. Kounavis et al., the Universität Paderborn hints in its publication entitled “A Packet Classification Environment: C-MENT” to a packet classification device that kicks-in multiple times on the forwarding data path. This publication is accessible through the following URL:
An example of a commercially available packet classification solution for the data path which performs a full inspection of the IP header, followed by a deep inspection of the packet payload if required, is the Astra Service Controller 2100 from Tut Systems, advertised at:
A single data path network processor, even when assisted by co-processors as suggested by Pradipta De or by dedicated SW/HW as suggested by Kounavis et al. still constitutes a single physical stage in the data path implementing all packet processing tasks. Such solutions suffer from various problems. Firstly, all processing power is available in the main data path, remains limited, and therefore restricts the packet classification tasks in complexity. For more complex classification tasks, the processing power in the main data path could in theory be increased, but this requires identification of the needs of new services in advance, and at least temporarily interrupting the service to perform an upgrade. Existing packet classification solutions in other words do not allow a smooth and easy introduction of new services.
Another article, “Programmable Network Processor Platform” from the authors J. Jessen and A. Dhir, suggest offloading computational intensive tasks like packet classification from the network processor in the data path to a dedicated microprocessor, the SearchVLIW microprocessor that forms part of the SPEEDAnalyzer lookup engine in
The object of the invention is to disclose a network node with packet classification architecture that enables smooth upgrade of the network node in case new services require the introduction of more complex, in-depth packet classification. The invention must smoothen the transition between existing network nodes and next generation network nodes, and enable faster introduction of new services with minimum capex investment.
The above objectives are realized by the network node defined in claim 1, having a first stage data plane packet classifier, and an insertable second stage data plane classifier.
Indeed, by implementing the packet classification in two physically separable data path stages, i.e. a first, light classification stage installed in the main data path from initialisation of the network node onwards, and a second, later insertable classification stage for the data path to handle more service specific classification operations, gradual and modular adaptation of the packet processing to the service's needs becomes possible. The partial processing in the first stage allows using existing network nodes and exploiting the maximum processing power in the main data path thereof. Partially offloading more complex classification tasks to a second, later insertable stage, does not require advance planning and provision of expensive processing power in the main data path. The network node will be built and deployed initially as cost-effective as possible. Typically, there will be very limited free resources like memory, processing power, hardware, etc. since these will be available for implementation later through the second stage data plane classifier.
It is noted that the objectives according to the current invention are further realized through the method to deploy and operate a network defined in claim 6.
An additional, advantageous feature of the present invention is that the first stage classifier will form part of a linecard whereas the second stage classifier will form part of an insertable service blade, as defined by claim 2. Thus, in case of a DSLAM for instance, the linecards in the DSLAM will have basic, first stage packet classification intelligence, as well as connectivity to a later insertable service blade that has more advanced second stage packet classification intelligence.
Another additional advantage of the current invention is that the first stage classifier is restricted to packet classification tasks for basic services as defined by claim 3.
Such basic services are deployed initially, so the network nodes may be foreseen from the beginning with all packet classification functions required for those basic services.
As defined by claim 4, packet classification tasks for more advanced services according to the invention will be integrated in the second stage classifier.
The more advanced services are introduced later in an existing network having network nodes according to the current invention. At introduction of these services, the network nodes will be equipped with the insertable second stage data plane packet classifier. This may be done without interruption of the basic services, and with minimum capex investment for the network operator.
As indicated by claim 5, the current invention may be implemented for instance in a Digital Subscriber Line Access Multiplexer. As already indicated above, many other network nodes are suitable for taking benefit of the modular packet classification architecture according to the present invention.
Initially, the DSLAM shown in
Later on, upon installation and configuration of new, more advanced services, the service blade 102 is inserted in the DSLAM. From then onwards, most of the packets may still be processed in the main data path, i.e. they are classified in the first stage classifier 111 and processed in the first packet processor 112 on the linecard 101, whereas other packets will be sent to the second stage data plane classifier 121 on the service blade 102 via connection 132 for more advanced classification tasks required in relation to the newly supported services. Depending on the classification result in the second stage data plane classifier 121, the packets will be processed by the second packet processor(s) 122. Again, although shown as a single functional block, the second packet processor(s) 122 may perform a variety of packet processing functions, PROCESSING N-S, depending on the classification result. The second multiplexer 123 performs the reverse operation of the second stage data plane classifier 121 and sends back the multiplexed packets to the linecard 101 or main data path through connection 133.
The DSLAM drawn in
When the operator of the ADSL network configures his network to support more advanced services, all DSLAMs therein are equipped with an insertable service blade similar to 202 in
Although the present invention has been illustrated by reference to specific embodiment(s), it will be apparent to those skilled in the art that various changes and modifications may be made within the spirit and scope of the invention. It is therefore contemplated to cover any and all modifications, variations or equivalents that fall within the spirit and scope of the basic underlying principles disclosed and claimed in this patent application. For example, the modular packet classification architecture according to the present invention based on a first stage classifier in the main data path and a second stage classifier in an insertable side data path, might be used with same advantages in network nodes that are no DSLAMs and networks that are no ADSL networks. Also, the inbound and outbound ports represented by a single arrow in the drawings accompanying this patent application may represent a plurality of inbound ports or outbound ports respectively, and it will be the task of the multiplexers to group the data packets according to the outbound port they have to be forwarded on. The invention is not limited to any particular number or structure of data packet processing tasks. Examples have been given in
Number | Date | Country | Kind |
---|---|---|---|
05292573.2 | Dec 2005 | EP | regional |