The present disclosure relates generally to telecommunication network and customer edge interfaces, and more particularly to methods, non-transitory computer-readable media, and devices for instantiating a service provider application on a customer premises-based device.
A demarcation point (also known as “demarc”) for a telecommunication network is based on physical assets. The demarc has traditionally been the point at which the service provider network connects to customer premises wiring for telephony and/or other telecommunication services. For example, a demarc may comprise a physical device, e.g., a junction box and/or network interface device (NID) installed on the outside or just inside a dwelling or other structures. Demarc extensions may also be provided where the telecommunication network service provider may install service provider-owned wiring to another point in the structure, such as a media room. However, hardware-based demarcation may be inflexible in an edge computing environment in which software overlays and various software tools reside.
In one example, the present disclosure describes a device, computer-readable medium and method for instantiating a service provider application on a customer premises-based device. For instance, in one example, a processing system of a telecommunication service provider network having at least one processor may establish a first tunnel between the processing system and a virtual machine monitor of a customer premises-based device and send a first instruction to the virtual machine monitor via the first tunnel to instantiate a first service provider application on the customer premises-based device. The processing system may further establish a second tunnel between the processing system and the first service provider application and send a second instruction to the first service provider application via the second tunnel to configure the first service provider application to operate in a service function chain.
The teachings of the present disclosure can be readily understood by considering the following detailed description in conjunction with the accompanying drawings, in which:
To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures.
Examples of the present disclosure provide a software demarcation that is independent of hardware demarcation. In a private cloud, for example, a telecommunication network service provider may not own the hardware that serves as the physical demarc in current deployments. In accordance with the present disclosure, a software demarc is established at the point where a customer chooses to run overlay software in a private cloud or other virtual networks. In one example, the point where the customer chooses to run telecommunication network service provider software, such as flow logic tools or other software tools, can be the demarc/starting point for overlay networks, applications, etc. Such a starting point or demarc can be downstream from the hardware (which may not be owned by the telecommunication network service provider) and closer to the customer's data, decision-making logic, and so forth. The software demarc may also represent the new edge in a virtual network. In this way, the edge becomes optimizable based on software irrespective of the demarc of the physical infrastructure.
Examples of the present disclosure also provide operations interfaces for the applications that would be managed and maintained by the telecommunication network service provider on the customer hardware. Reaching the service provider applications on the customer hardware via a tunnel or other secure encapsulations creates an environment where server processes run on the customer premises-based device, but are supported remotely by the telecommunication network service provider and can be moved to other devices, mirrored to other devices, and upgraded with new capabilities independently or as the device hardware is upgraded. These and other aspects of the present disclosure are described in greater detail below in connection with the examples of
To better understand the present disclosure,
In one example, wireless access network 150 comprises a radio access network implementing such technologies as: global system for mobile communication (GSM), e.g., a base station subsystem (BSS), or IS-95, a universal mobile telecommunications system (UMTS) network employing wideband code division multiple access (WCDMA), or a CDMA3000 network, among others. In other words, wireless access network 150 may comprise an access network in accordance with any “second generation” (2G), “third generation” (3G), “fourth generation” (4G), Long Term Evolution (LTE), “fifth generation” (5G) or any other yet to be developed future wireless/cellular network technology. While the present disclosure is not limited to any particular type of wireless access network, in the illustrative embodiment, wireless access network 150 is shown as a UMTS terrestrial radio access network (UTRAN) subsystem. Thus, elements 152 and 153 may each comprise a Node B or evolved Node B (eNodeB).
In one example, each of the mobile devices 157A, 157B, 167A, and 167B may comprise any subscriber/customer endpoint device configured for wireless communication such as a laptop computer, a Wi-Fi device, a Personal Digital Assistant (PDA), a mobile phone, a smartphone, an email device, a computing tablet, a messaging device, and the like. In one embodiment, any one or more of mobile devices 157A, 157B, 167A, and 167B may have both cellular and non-cellular access capabilities and may further have wired communication and networking capabilities.
As illustrated in
As illustrated in
With respect to television service provider functions, application servers 114 may comprise television servers for the delivery of television content, e.g., a broadcast server, a cable head-end, interactive TV/video-on-demand (VOD) server(s), advertising/television commercial servers, and so forth. For example, telecommunication network 110 may comprise a video super hub office, a video hub office and/or a service office/central office.
In one example, one or more of application servers 114 receive, store, and/or provide service provider applications (e.g., executable code and/or other data to support a service provider application in accordance with the present disclosure), information relating to service function chains (SFCs) for various subscribers, for various network service provider purposes, and so forth. For instance, application servers 114 may store SFC labels, label assignments to particular SFCs, the component applications/services within various SFCs, the quality of service (QoS)/priority assigned to various SFCs, and so forth. In one example, each of application servers 114 may comprise a computing system or server, such as computing system 400 depicted in
In one example, any one or more of the components of telecommunication network 110 may comprise a network function virtualization infrastructure (NFVI), e.g., software-defined networking (SDN) host devices (i.e., physical devices) configured to operate as various virtual network functions (VNFs), such as a virtual MME (vMME), a virtual HHS (vHSS), a virtual serving gateway (vSGW), a virtual packet data network gateway (vPGW), and so forth. For instance, any one or more of application servers 114 may also represent a NFVI. In addition, when comprised of various NFVIs, the telecommunication network 110 may be expanded (or contracted) to include more or less components than the state of telecommunication network 110 that is illustrated in
In one example, telecommunication network 110 may further include operations support systems (OSS) 117. An OSS refers to systems that provide operations support, such as provisioning and maintenance functions, inventory functions, and so forth for telecommunications network infrastructure. For instance, OSS 117 may include a subscriber database, a subscriber provisioning system, a network equipment inventory system, etc. In accordance with the present disclosure, OSS 117 may store various information as described above in connection with application servers 114, such as SFC labels and assignments to particular SFCs, the component applications/services within various SFCs, the quality of service (QoS)/priority assigned to various SFCs, and so forth. Due to the relatively large number of connections available between OSS 117 and other network elements, various links to the OSS 117 are omitted from illustration in
In one example, the access network 120 may comprise a Digital Subscriber Line (DSL) network, a broadband cable access network, a Local Area Network (LAN), a cellular or wireless access network, a 3rd party network, and the like. For example, the operator of telecommunication network 110 may provide a cable television service, an IPTV service, or any other types of television service to subscribers via access network 120. In this regard, access network 120 may include a node, e.g., a mini-fiber node (MFN), a video-ready access device (VRAD), or the like. However, in another example, such a node may be omitted, e.g., for fiber-to-the-premises (FTTP) installations. Access network 120 may also transmit and receive communications between local network 160 and telecommunication network 110 relating to voice telephone calls, communications with servers 149 via the Internet 145 and/or other networks 140, and so forth.
Alternatively, or in addition, the network 100 may provide television services to local network 160 via a satellite broadcast. For instance, ground station 130 may receive television content from television servers 114 for uplink transmission to satellite 135. Accordingly, satellite 135 may receive television content from ground station 130 and may broadcast the television content to satellite receiver 139, e.g., a satellite link terrestrial antenna (including satellite dishes and antennas for downlink communications, or for both downlink and uplink communications), as well as to satellite receivers of other subscribers within a coverage area of satellite 135. In one example, satellite 135 may be controlled and/or operated by a same network service provider as the telecommunication network 110. In another example, satellite 135 may be controlled and/or operated by a different entity and may carry television broadcast signals (or other downlink and/or uplink communications) on behalf of the telecommunication network 110 and/or the local network 160.
In one example, local network 160 may include a gateway 161, which receives data/communications associated with different types of media, e.g., television, phone, and Internet, and separates these communications for the appropriate devices. The data/communications may be received via access network 120 and/or via satellite receiver 139, for instance. In one example, the gateway 161 may comprise an optical network terminal (ONT), e.g., where the access network 120 comprises a fiber optic access network with a fiber to the home (FTTH)/fiber to the premises (FTTP) deployment to local network 160. In one example, all communications into and out of the local network 160 may pass through a physical demarcation point (demarc) 169, also referred to as a network interface device (NID). However, with respect to satellite-based communications, in one example, the physical demarc may comprise the satellite receiver 139. In other words, the satellite receiver 139 is owned and operated, and is the responsibility of the subscriber to maintain.
In one example, television data is forwarded to set-top boxes (STB)/digital video recorders (DVR) 162 to be decoded, recorded, and/or forwarded to television (TV) 163 for presentation. Similarly, telephone data is sent to and received from phone 164; Internet communications are sent to and received from router 165, which may be capable of both wired and/or wireless communication. In turn, router 165 receives data from and sends data to the appropriate devices, e.g., personal computer (PC) 166, mobile devices 167A, and 167B, and so forth. In one example, router 165 may further communicate with TV (broadly a display) 163, e.g., where the television is a smart TV. In one example, router 165 may comprise a wired Ethernet router and/or an Institute for Electrical and Electronics Engineers (IEEE) 802.11 (Wi-Fi) router, and may communicate with respective devices in local network 160 via wired and/or wireless connections.
In accordance with the present disclosure the network 160 may further include a host 168 attached, coupled to, or integrated with gateway 161. In one example, the host 168 may comprise a computing system or server, such as computing system 400 depicted in
In one example, local network 160 may represent an enterprise network, e.g., of a business, an educational or medical institution, or the like. Accordingly, in one example, local network 160 may further include devices 166 which may comprise servers deployed in local network 160 hosting various customer applications and related data, such as an inventory system, a contact management system, a call routing system, an interactive voice response (IVR) system, a firewall, a content filter, an intrusion detection system, and so forth.
In accordance with the present disclosure, the service provider applications instantiated on host 168 may be configured into service function chains (SFCs) involving other service provider applications, e.g., on host 168, in telecommunication network 110, e.g., at application severs 114, and/or at servers 149. In addition, the service provider applications instantiated on host 168 may also be configured into SFCs with customer applications on host 168, devices 166, other devices in local network 160, servers 149 in one or more other (remote) networks 140, and so forth. In one example, the SDN controller 115 and the NFVI controllable by the SDN controller 115 (e.g., host 168 in local network 160, application servers 114 in telecommunication network 110, and any NFVI controllable by SDN controller 115 in other networks 140, such as servers 149), may be referred to as a software defined wide area network (SD-WAN). In one example, SFCs may be controlled (e.g., established, maintained, reconfigured, torn down, and so forth) by SDN controller 115 in conjunction with one or more customer-controlled devices, such as one of the devices 166, or the like.
Further details regarding the functions that may be implemented by SDN controller 115, OSS 117, application servers 114, gateway 161, host 168, devices 166, and so on are discussed in greater detail below in connection with the examples of
As also shown in
As illustrated in
In accordance with the present disclosure, various network tunnels may be utilized for management traffic, signaling traffic, and bearer traffic associated with the service provider applications 290. To illustrate, SDN controller 215 may establish a first tunnel 281 for first management traffic between the SDN controller 215 and the virtualization API 272. The first management traffic may include commands and responses relating to establishing/instantiating service provider applications 290 on host 268 and tearing down the service provider applications 290 as described above. SDN controller 215 may also establish a second tunnel 282 for second management traffic between the SDN controller 215 and one of the service provider applications 290. In one example, the second tunnel 282 for the second management traffic may be between the SDN controller 215 and the vNIC 292 associated with the one of the service provider applications 290. The second management traffic may provide commands, operational data, and/or other information from the SDN controller 215 to configure the one of service provider applications 290 to function in a particular way.
In one example, signaling traffic for the one of the service provider applications 290 may share the second tunnel for the second management traffic 283. However, in another example, a third tunnel 283 may be established for the signaling traffic. As illustrated in
Similarly, a fourth tunnel 284 for bearer traffic may be established for the one of the service provider applications 290 via the vNIC 292. In the example of
As further illustrated in
In accordance with the present disclosure, one or more of the service provider applications 290 may be configured to operate in one or more service function chains (SFCs) involving others of the service provider applications 290, services (e.g., applications) deployed on servers 249, customer applications 295, and so forth. In one example, SFCs may be controlled (e.g., established, maintained, reconfigured, torn down, and so forth) by SDN controller 215 and/or by SDN controller 215 in conjunction with host 268 (e.g., the virtualization layer 270 component of host 268), servers 249, and so on. In the example of
The fifth tunnel 285 and sixth tunnel 286 may be the same as or similar to the tunnels 281-284. Although the one of service provider applications 290 and the one of customer applications 295 both reside on host 268, the fifth tunnel 285 indicates that the respective applications logically may comprise separate devices which address one another as peers using various network communication protocols. For instance, the one of customer applications 295 may also include a vNIC (not shown) for interfacing with the one of service provider applications 290 via vNIC 292. The sixth tunnel 286 may represent a tunnel between one of customer applications 295 and an additional customer application deployed on another device within local network 260, or an application/service in an external network. In one example, a plurality of tunnels in the SFC may share encryption keys and/or other parameters, such as quality of service (QoS)/priority flags, Multi-Protocol Label Switching (MPLS) labels, SFC identifiers, and so forth.
It should be noted that SFCs may include non-serial or non-linear topologies. For instance, an SFC may have a tree structure with one or more branches, and irregular structure with one or more paths that may lead to a given application/service, and so forth. Thus, in one example, an SFC may split and splice traffic, or route traffic differently depending upon the parameters of the traffic, the time of day, day of the week, network congestion, or other factors. For instance, video and audio channels may be separated from a media stream at a first service/application, processed separately by different customer and/or service provider applications, and then re-mixed by yet another customer and/or service provider application. It should also be noted that in the example of
At step 310, the processing system (e.g., of a telecommunication service provider network) establishes a first tunnel between the processing system and a virtual machine monitor (VMM) of a customer premises-based device, e.g., a host device. For example, the customer-premises based device may be operated by a customer of the telecommunication service provider network and deployed in a local network of the customer that is connected to or otherwise in communication with the telecommunication service provider network (e.g., via an access network operated by a same entity as the telecommunication service provider network or a different entity (e.g., a third-party access network)). In an example where the telecommunication service provider network and the customer premises device are connected via a third-party access network, the first tunnel may be established via the third-party access network. In one example, the VMM, or hypervisor, is operated by the customer and is controllable by the telecommunication service provider network. In another example, the VMM is operated by the telecommunication service provider network.
The first tunnel may comprise, for example, an application layer tunnel and/or a session layer tunnel (e.g., a session using Transport Layer Security (TLS), Generic Routing Encapsulation (GRE), IPSec, etc.), a link layer tunnel (e.g., a session using Layer 2 Tunneling Protocol (L2TP) or the like), a Multi-Protocol Label Switching (MPLS) tunnel, and so forth. The first tunnel may comprise a secure tunnel wherein all datagrams, packets, or other traffic that pass via the secure tunnel are encrypted using one or more encryption keys and/or encryption key pairs, e.g., using Diffie-Hellman key exchange or the like, such that only the processing system and the VMM may access the traffic. In one example, the VMM may be logically treated as a separate, standalone device from the perspective of the processing system. In other words, the processing system may share encryption keys, authentication keys, etc. with the VMM, whereas the underlying hardware device hosting the VMM partitions other logical entities on the hardware device with separate memory space, storage, and so forth such that the encryption keys and other information regarding the first tunnel is only available to the VMM and not to any host operating system, any guest operating systems or other hypervisors/VMMs, and so forth.
At step 320, the processing system sends a first instruction to the VMM via the first tunnel to instantiate a first service provider application on the customer premises-based device. For instance, in one example, the first tunnel carries first management traffic between the VMM of the customer premises-based device and the processing system of the telecommunication service provider network. For example, the processing system may comprise a software defined network (SDN) controller, where the first management traffic is between the SDN controller and the VMM. In other words, the first management traffic may include the first instruction to instantiate the first service provider application.
At step 330, the processing system establishes a second tunnel between the processing system and the first service provider application. In an example where the telecommunication service provider network and the customer premises-based device are connected via a third party access network, the second tunnel may also be established via the third-party access network. In one example, the second tunnel is between the processing system and at least one virtual network interface card (vNIC) of the first service provider application. In one example, the second tunnel carries signaling traffic and second management traffic between the first service provider application and the processing system of the telecommunication service provider network. In addition, in one example, the second tunnel further carries bearer plane traffic for the first service provider application.
The second tunnel may be of the same or a similar nature as the first tunnel described above, e.g., an application layer tunnel and/or a session layer tunnel using TLS, GRE, IPSec, etc., a link layer tunnel using LT2P or the like, an MPLS tunnel, and so forth. In one example, the first tunnel and the second tunnel may share a single application layer encryption. In another example, the first tunnel and the second tunnel may have separate encryption, but may also utilize an encryption technique of a third tunnel (e.g., a dual layer encryption scheme). In one example, a single session between the processing system and the host device (e.g., a third tunnel) may be shared among the signaling, management, and bearer traffic. However, in one example, management traffic may be separately measured in the telecommunication service provider network and not charged to the customer.
At step 340, the processing system sends a second instruction to the first service provider application via the second tunnel to configure the first service provider application to operate in a service function chain (SFC). For example, the processing system may comprise a SDN controller, where the first management traffic is between the SDN controller and the VMM and where the second management traffic is between the SDN controller and the first service provider application. In other words, the second management traffic may include the second instruction to configure the first service provider application. Alternatively, or in addition, the processing system may comprise an operations support system (OSS). In such an example, the first management traffic may be between the OSS and the VMM, and the second management traffic may be between the OSS and the first service provider application. In addition, in one example the signaling traffic may be between the OSS and the first service provider application.
In one example, at least one customer application is also instantiated on the customer premises-based device via the VMM. In addition, in such an example, the SFC may include the at least one customer application and the first service provider application. Alternatively, or in addition, the SFC may include at least a second service provider application. For example, the at least second service provider application may be instantiated (and/or hosted) on the customer premises-based device via the VMM or may be instantiated (and/or hosted) on at least one device in the telecommunication service provider network. It should also be noted that the first service provider application can be configured to operate in more than one SFC involving customer applications and/or service provider applications in the customer network, the telecommunication service provider network, other networks connected to or in communication with the customer network and/or the telecommunication service provider network (e.g., an SD-WAN), and so forth. Following step 340, the method 300 proceeds to step 395 where the method ends.
It should be noted that the method 300 may be expanded to include additional steps or may be modified to include additional operations with respect to the steps outlined above. For example, the method 300 may be expanded to include repeating the steps 320-340 through multiple iterations, e.g., to establish additional service provider applications on the customer premises-based device, to configure the additional service provider applications into service function chains, etc. In another example, the method 300 may be expanded to include decommissioning the service provider application. In still another example, the method 300 may be expanded to include reconfiguring the service provider application in terms of performance within the current service function chain or to cause the service provider application to operate in a different service function chain. Thus, these and other modifications are all contemplated within the scope of the present disclosure.
In addition, although not expressly specified above, one or more steps of the method 300 may include a storing, displaying and/or outputting step as required for a particular application. In other words, any data, records, fields, and/or intermediate results discussed in the method can be stored, displayed and/or outputted to another device as required for a particular application. Furthermore, operations, steps, or blocks in
Although only one processor element is shown, it should be noted that the computing device may employ a plurality of processor elements. Furthermore, although only one computing device is shown in the Figure, if the method(s) as discussed above is implemented in a distributed or parallel manner for a particular illustrative example, i.e., the steps of the above method(s) or the entire method(s) are implemented across multiple or parallel computing devices, e.g., a processing system, then the computing device of this Figure is intended to represent each of those multiple computing devices. For example, when the present method(s) are implemented in a distributed or parallel manner, any one or more steps of the present method(s) can be implemented by any one or more of the multiple or parallel computing devices of the processing system. Furthermore, one or more hardware processors can be utilized in supporting a virtualized or shared computing environment. The virtualized computing environment may support one or more virtual machines representing computers, servers, or other computing devices. In such virtualized virtual machines, hardware components such as hardware processors and computer-readable storage devices may be virtualized or logically represented. The hardware processor 402 can also be configured or programmed to cause other devices to perform one or more operations as discussed above. In other words, the hardware processor 402 may serve the function of a central controller directing other devices to perform the one or more operations as discussed above.
It should be noted that the present disclosure can be implemented in software and/or in a combination of software and hardware, e.g., using application specific integrated circuits (ASIC), a programmable logic array (PLA), including a field-programmable gate array (FPGA), or a state machine deployed on a hardware device, a computing device, or any other hardware equivalents, e.g., computer readable instructions pertaining to the method(s) discussed above can be used to configure a hardware processor to perform the steps, functions and/or operations of the above disclosed method(s). In one example, instructions and data for the present module or process 405 for instantiating a service provider application on a customer premises-based device (e.g., a software program comprising computer-executable instructions) can be loaded into memory 404 and executed by hardware processor element 402 to implement the steps, functions or operations as discussed above in connection with the example method 300. Furthermore, when a hardware processor executes instructions to perform “operations,” this could include the hardware processor performing the operations directly and/or facilitating, directing, or cooperating with another hardware device or component (e.g., a co-processor and the like) to perform the operations.
The processor executing the computer readable or software instructions relating to the above described method(s) can be perceived as a programmed processor or a specialized processor. As such, the present module 405 for instantiating a service provider application on a customer premises-based device (including associated data structures) of the present disclosure can be stored on a tangible or physical (broadly non-transitory) computer-readable storage device or medium, e.g., volatile memory, non-volatile memory, ROM memory, RAM memory, magnetic or optical drive, device or diskette and the like. Furthermore, a “tangible” computer-readable storage device or medium comprises a physical device, a hardware device, or a device that is discernible by the touch. More specifically, the computer-readable storage device may comprise any physical devices that provide the ability to store information such as data and/or instructions to be accessed by a processor or a computing device such as a computer or an application server.
While various embodiments have been described above, it should be understood that they have been presented by way of example only, and not limitation. Thus, the breadth and scope of a preferred embodiment should not be limited by any of the above-described example embodiments, but should be defined only in accordance with the following claims and their equivalents.
This application is a continuation of U.S. patent application Ser. No. 15/980,898, filed May 16, 2018, now U.S. Pat. No. 10,349,454, which is herein incorporated by reference in its entirety.
Number | Date | Country | |
---|---|---|---|
Parent | 15980898 | May 2018 | US |
Child | 16504560 | US |