Centralized TCP termination with multi-service chaining

US 7,913,529 B2
Filed: 04/11/2008
Issued: 03/29/2011
Est. Priority Date: 08/28/2007
Status: Active Grant

First Claim

Patent Images

1. A network device comprising:

a switch fabric;

a first service module coupled to the switch fabric;

a second service module coupled to the first service module over the switch fabric; and

a third service module coupled to the first service module and the second service module over the switch fabric,wherein in response to packets of a network transaction received from a client device over a first network to access a server of a data center having a plurality of servers over a second network, the first service module is configured to terminate a transport control protocol (TCP) connection of the packets, wherein the TCP terminated packets are transmitted to the second and third service modules over the switch fabric, wherein the second service module is configured to perform first application network services on the TCP terminated packets without having to perform a TCP process on the packets, and wherein the third service module is configured to perform second application network services different from the first application network services on the TCP terminated packets without having to perform a TCP process on the packets.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network element having centralized TCP termination with multi-service chaining is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second and a third service modules coupled to the first service module over the switch fabric. In response to packets of a network transaction received from a client over a first network for access a server of a data center having multiple servers over a second network, the first service module is configured to terminate a TCP connection of the packets. The TCP terminated packets are transmitted to the second and third service modules over the switch fabric. The second and third service modules are configured to perform different application network services on the TCP terminated packets without having to perform a TCP process again. Other methods and apparatuses are also described.

119 Citations

24 Claims

1. A network device comprising:
- a switch fabric;
  
  a first service module coupled to the switch fabric;
  
  a second service module coupled to the first service module over the switch fabric; and
  
  a third service module coupled to the first service module and the second service module over the switch fabric,wherein in response to packets of a network transaction received from a client device over a first network to access a server of a data center having a plurality of servers over a second network, the first service module is configured to terminate a transport control protocol (TCP) connection of the packets, wherein the TCP terminated packets are transmitted to the second and third service modules over the switch fabric, wherein the second service module is configured to perform first application network services on the TCP terminated packets without having to perform a TCP process on the packets, and wherein the third service module is configured to perform second application network services different from the first application network services on the TCP terminated packets without having to perform a TCP process on the packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The network device of claim 1, wherein the switch fabric is a lossless switch fabric is implemented as one of a remote direct memory access (RDMA) compatible fabric, an InfiniBand compatible fabric, and an Internet Wide Area RDMA Protocol (iWARP) compatible fabric.
  - 3. The network device of claim 1, wherein the network device is configured operate as an application services gateway to the data center between the client device and a server of the data center.
  - 4. The network device of claim 1, wherein the application network services performed by the second and third service modules comprise at least layer-5 to layer-7 (layer 5-7) processes on the packets of the network transaction.
  - 5. The network device of claim 4, wherein the second and third service modules are configured to perform the layer 5-7 processes on the packets in a pipeline manner.
  - 6. The network device of claim 1, wherein the first service module is configured to generate a data stream based on the packets after terminating the TCP connection, and to transmit the data stream to the second and third service modules over the switch fabric without the second and third service modules having to perform TCP processes.
  - 7. The network device of claim 6, wherein the first service module is configured to transmit the data stream to the second service module to perform the first application network services and thereafter, the second service module is configured to transmit at least a portion of the data stream to the third service module to enable the third service module to perform the second application network services without performing further TCP processes, and wherein the third service module is configured to transmit the data stream back to the second service module that is configured to transmit the data stream to the first service module after performing further first application services on the data stream.
  - 8. The network element of claim 7, wherein the first application network services performed by the second service module and the second application network services performed by the third service module are different types of application network services that are associated with the network transaction.
  - 9. The network device of claim 1, wherein the first service module is implemented in a first plane, and wherein the second service module and the third service module are implemented in a plane other than the first plane and coupled to the first plane via a backplane.
  - 10. The network device of claim 9, wherein the second and third service modules are implemented either on a same plane or on different planes.

11. A method comprising:
- at a network device, receiving packets of a network transaction from a client device over a first network for accessing a server of a data center having a plurality of servers over a second network, the network device including a plurality of service modules coupled to each other over a switch fabric;
  
  at a first service module of the plurality of service modules of the network device, terminating a TCP (transport control protocol) connection of the packets;
  
  at the first service module, generating a data stream representing a TCP terminated packets;
  
  at the first service module, transmitting the data stream to a second service module of the plurality of service modules and to a third service module of the plurality of service modules over the switch fabric for further processes;
  
  at the second service module, performing first application network services on the TCP terminated packets without having to perform a TCP process on the packets; and
  
  at the third service module, performing second application network services different from the first application network services on the TCP terminated packets without having to perform TCP termination related processes.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein receiving comprises receiving packets over the switch fabric that is a lossless switch fabric which is implemented as one of a remote direct memory access (RDMA) compatible fabric, an InfiniBand compatible fabric, and an Internet Wide Area RDMA Protocol (iWARP) compatible fabric.
  - 13. The method of claim 11, wherein receiving comprises receiving the packets such that the network device operates as an application services gateway to the data center between the client device and a server of the data center.
  - 14. The method of claim 11, wherein performing the first application network services on the packets and performing the second application network services on the packets comprises performing at least layer-5 to layer-7 (layer 5-7) processes on the packets of the network transaction at the second and third service modules.
  - 15. The method of claim 14, wherein performing the first application network services on the packets and performing the second application network services on the packets comprises performing the layer 5-7 processes on the packets in a pipeline manner.
  - 16. The method of claim 11, further comprising:
    - executing operations of the first service module in a first plane;
      
      executing operations of the second and third service modules in a plane other than the first plane; and
      
      coupling the first plane and the plane other than the first plane via a backplane.
  - 17. The method of claim 16, wherein executing operations of the second and third service module comprises executing operations of the second and third service modules on either a same plane or on different planes.

18. A machine-readable storage medium having instructions stored therein, which when executed by a machine, cause the machine to:
- receive at a network device packets of a network transaction from a client device over a first network for accessing a server of a data center having a plurality of servers over a second network, the network device including a plurality of service modules coupled to each other over a switch fabric;
  
  terminate a TCP (transport control protocol) connection of the packets at a first service module of the plurality of service modules;
  
  generate a data stream representing a TCP terminated packets; and
  
  transmit the data stream to a second service module of the plurality of service modules and to a third service module of the plurality of service modules over the switch fabric for further processes;
  
  perform first application network services on the TCP terminated packets without having to perform a TCP process on the packets; and
  
  perform second application network services different from the first application network services on the TCP terminated packets without having to TCP termination related processes.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The machine-readable storage medium of claim 18, wherein the instructions that cause the processor to receive packets comprise instructions that cause the processor to receive packets over the switch fabric that is a lossless switch fabric which is implemented as one of a remote direct memory access (RDMA) compatible fabric, an InfiniBand compatible fabric, and an Internet Wide Area RDMA Protocol (iWARP) compatible fabric.
  - 20. The machine-readable storage medium of claim 18, wherein the instructions that cause the processor to receive the packets comprise instructions that cause the processor to receive the packets such that the network device operates as an application services gateway to the data center between the client device and a server of the data center.
  - 21. The machine-readable storage medium of claim 18, wherein the instructions that cause the processor to perform the first application network services and the second application network services comprise instructions that cause the processor to perform at least layer-5 to layer-7 (layer 5-7) processes on the packets of the network transaction at the second and third service modules.
  - 22. The machine-readable storage medium of claim 21, wherein the instructions that cause the processor to perform the first application network services on the packets and to perform the second application network services on the packets comprise instructions that cause the processor to perform the layer 5-7 processes on the packets in a pipeline manner.
  - 23. The machine-readable medium of claim 18, further comprising instructions that cause the processor to:
    - execute operations of the first service module in a first plane;
      
      execute operations of the second and third service modules in a plane other than the first plane that is coupled to the first plane via a backplane.
  - 24. The machine-readable storage medium of claim 23, wherein the instructions that cause the processor to execute operations of the second and third service module comprise instructions that cause the processor to execute operations of the second and third service modules on either a same plane or on different planes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Patra, Abhijit, Prabhu, Kirti, Thakar, Anant, Bagepalli, Nagaraj, Gandhi, Prashant
Primary Examiner(s)
Jacobs; Lashonda T

Application Number

US12/101,860
Publication Number

US 20090063688A1
Time in Patent Office

1,082 Days
Field of Search

709/223, 709/224, 709/203, 709/217, 709/219, 370/389, 370/352, 370/401
US Class Current

70/223
CPC Class Codes

H04L 47/20   Traffic policing

H04L 63/02   for separating internal fro...

H04L 63/0428   wherein the data content is...

H04L 63/166   at the transport layer

H04L 63/205   involving negotiation or de...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/321   Interlayer communication pr...

H04L 9/3242   involving keyed hash functi...

Y10T 70/5827   Axially movable clutch

Centralized TCP termination with multi-service chaining

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

119 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Centralized TCP termination with multi-service chaining

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links