Highly scalable application layer service appliances

US 8,161,167 B2
Filed: 04/11/2008
Issued: 04/17/2012
Est. Priority Date: 08/28/2007
Status: Active Grant

First Claim

Patent Images

1. A network apparatus, comprising:

a plurality of application service modules (ASMs) comprising an application service processor, wherein each of the plurality of ASMs is capable of providing one or more application services to network traffic, including an ISO layer 7 service;

a remote direct memory access (RDMA) lossless data transport fabric (LDTF) configured to transmit a data stream; and

a plurality of network service modules (NSMs) comprising a network service processor coupled to the ASMs over the LDTF, wherein the NSMs are configured to;

perform all of ISO layer 2 to layer 5 (layer 2-5) processes on one of a plurality of packets of a network transaction received from a client over a first network for accessing a server of a data center over a second network;

terminate transport protocol processing of the packets;

generate a data stream of the packets; and

route the data stream to the ASMs over the LDTF to allow the ASMs to perform all of ISO layer 5 to layer 7 (layer 5-7) processes on the packets;

wherein the NSMs are further configured to terminate a transport control protocol (TCP) connection associated with the network transaction and to route the data stream to the plurality of ASMs and to transform the data stream of the layer 5-7 processed packets received from the ASMs into protocol data units (PDUs); and

wherein the ASMs are further configured to route the data stream of layer 5-7 processed packets to the NSMs after the ASMs perform the layer 5-7 processes on the packets without having to terminate the TCP connection again.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A highly scalable application layer service appliance is described herein. According to one embodiment, a network element includes a plurality of application service modules (ASMs), each providing one or more application services to network traffic, including layer 5-7 services, a lossless data transport fabric (LDTF), a network service module (NSM) coupled to each of the ASMs over the LDTF. In response to a packet of a network transaction received from a client over for accessing a server of a datacenter, the NSM is configured to perform layer 2-5 processes on the packet, generating a data stream. The NSM is configured to route the data stream to at least two ASMs over the LDTF to allow the ASMs to perform layer 5-7 services on the packet. Other methods and apparatuses are also described.

146 Citations

25 Claims

1. A network apparatus, comprising:
- a plurality of application service modules (ASMs) comprising an application service processor, wherein each of the plurality of ASMs is capable of providing one or more application services to network traffic, including an ISO layer 7 service;
  
  a remote direct memory access (RDMA) lossless data transport fabric (LDTF) configured to transmit a data stream; and
  
  a plurality of network service modules (NSMs) comprising a network service processor coupled to the ASMs over the LDTF, wherein the NSMs are configured to;
  
  perform all of ISO layer 2 to layer 5 (layer 2-5) processes on one of a plurality of packets of a network transaction received from a client over a first network for accessing a server of a data center over a second network;
  
  terminate transport protocol processing of the packets;
  
  generate a data stream of the packets; and
  
  route the data stream to the ASMs over the LDTF to allow the ASMs to perform all of ISO layer 5 to layer 7 (layer 5-7) processes on the packets;
  
  wherein the NSMs are further configured to terminate a transport control protocol (TCP) connection associated with the network transaction and to route the data stream to the plurality of ASMs and to transform the data stream of the layer 5-7 processed packets received from the ASMs into protocol data units (PDUs); and
  
  wherein the ASMs are further configured to route the data stream of layer 5-7 processed packets to the NSMs after the ASMs perform the layer 5-7 processes on the packets without having to terminate the TCP connection again.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The network apparatus of claim 1, wherein the ASMs include a first ASM and a second ASM, and wherein the first ASM performs a first portion of the layer 5-7 processes and the second ASM performs a second portion of the layer 5-7 processes.
  - 3. The network apparatus of claim 2, wherein the first and second ASMs are configured to perform the layer 5-7 processes in parallel.
  - 4. The network apparatus of claim 2, wherein the first ASM includes a first memory to store a first set of layer 5-7 states associated with the first portion of the layer 5-7 processes performed by the first ASM, wherein the second ASM includes a second memory to store a second set of layer 5-7 states associated with the second portion of the layer 5-7 processes performed by the second ASM, and wherein the first set and second set of layer 5-7 states are synchronized periodically or constantly.
  - 5. The network apparatus of claim 4, wherein the first set and second set of layer 5-7 states are synchronized via the RDMA link over the LDTF.
  - 6. The network apparatus of claim 2, wherein the NSMs are configured to determine a load status of each of the plurality of ASMs and to dispatch the data stream to the first and second ASMs based on at least one load status of the first and second ASMs and packet information including ISO layer-3 header information.
  - 7. The network apparatus of claim 6, wherein the NSMs are configured to monitor the load status of each ASM by polling a memory location of each ASM which stores the load status of one or more processors or processing cores of the ASM.
  - 8. The network apparatus of claim 7, wherein load balancers of the NSMs perform a one-way read from the memory location of each ASM via the (RDMA) channel over the LDTF without using significant processing power of the ASM.
  - 9. The network apparatus of claim 8, wherein the LDTF is an InfiniBand compatible fabric.
  - 10. The network apparatus of claim 1, wherein the network apparatus is configured to operate as an application services gateway to the data center with respect to a plurality of clients when at least one client accesses at least one of a plurality of servers of the data center.
  - 11. The network apparatus of claim 1, wherein the plurality of ASMs are configured to perform the layer 5-7 processes in a pipelined manner.
  - 12. The network apparatus of claim 11 wherein the plurality of ASMs are configured to perform layer 5-7 processes in an out-of-order pipelined manner.
  - 13. The network apparatus of claim 1, wherein the plurality of ASMs are configured to perform the layer 5-7 processes in a hybrid combination of a parallel and a pipelined manner.

14. A method comprising:
- receiving at a network element one or more packets of a network transaction from a client over a first network for accessing a plurality of servers of a data center over a second network;
  
  operating the network element as an application services gateway of the data center with respect to a plurality of clients accessing at least one of the servers;
  
  at one of a plurality of network service modules (NSMs) comprising a network service processor;
  
  performing all of ISO layer 2 to layer 5 (layer 2-5) processes on the packets;
  
  terminating a transport control protocol (TCP) connection processing of the packets incoming from the client;
  
  generating a data stream of the packets;
  
  routing the data stream over a lossless data transport fabric (LDTF) from the NSMs to first and second application service modules (ASMs) comprising an application service processor coupled to the NSMs by the LDTF to perform ISO layer 5 to layer 7 (layer 5-7) processes without having to terminate the TCP connection again;
  
  routing the data stream of layer 5-7 processed packets over the LDTF from the ASMs back to the NSMs; and
  
  at the NSMs, transforming the data stream of layer 5-7 processed packets received from the ASMs into protocol data units (PDUs).
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, wherein performing further comprises performing layer 5-7 processes by a first ASM performing a first portion of the layer 5-7 processes and a second ASM performing a second portion of the layer 5-7 processes.
  - 16. The method of claim 15, further comprising storing in a first memory a first set of layer 5-7 states associated with the first portion of the layer 5-7 processes performed by the first ASM, storing in a second memory a second set of layer 5-7 states associated with the second portion of the layer 5-7 processes performed by the second ASM, and synchronizing the layer 5-7 states of the first and second memories periodically or constantly via a remote direct memory access (RDMA) link over the LDTF.
  - 17. The method of claim 15, further comprising:
    - at the NSMs, determining a load status of each of the plurality of ASMs; and
      
      at the NSMs, dispatching the data stream to the first and second ASMs based on at least one load status of the first and second ASMs and packet information including layer-3 header information.
  - 18. The method of claim 17, further comprising at the NSMs, monitoring the load status of each ASM by polling a memory location of each ASM which stores the load status of one or more processors or processing cores of the ASM.
  - 19. The method of claim 18, further comprising at the NSMs, performing a one-way read from the memory location of each ASM via a remote direct memory access (RDMA) channel over the LDTF without having to invoke significant processing power of each ASM.

20. A machine-readable storage device storing instructions that, when executed by a processor, cause the processor to:
- receive at a network element one or more packets of a network transaction from a client over a first network for accessing a plurality of servers of a data center over a second network;
  
  operate the network element as an application services gateway of the data center with respect to a plurality of clients accessing at least one of the servers;
  
  at one of a plurality of network service modules (NSMs);
  
  perform all of ISO layer 2 to layer 5 (layer 2-5) processes on the packets;
  
  terminate transport protocol processing of the packet incoming from the client;
  
  generate a data stream of the packets;
  
  routing the data stream over a lossless data transport fabric (LDTF) from the NSMs to first and second application service modules (ASMs) coupled to the NSMs by the LDTF to perform ISO layer 5 to layer 7 (layer 5-7) processes without having to terminate the TCP connection again;
  
  route the data streams of layer 5-7 processed packets over the LDTF from the ASMs back to the NSMs; and
  
  transform the data stream of layer 5-7 processed packets received from the ASMs into protocol data units (PDUs) at the NSMs.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The machine-readable storage device of claim 20 further comprising instructions that cause the processor to perform a first portion of the layer 5-7 processes at a first ASM and a second portion of the layer 5-7 processes at a second ASM.
  - 22. The machine-readable storage device of claim 21, further comprising instructions that cause the processor to store in a first memory a first set of layer 5-7 states associated with the first portion of the layer 5-7 processes performed by the first ASM, to store in a second memory a second set of layer 5-7 states associated with the second portion of the layer 5-7 processes performed by the second ASM, and to synchronize the layer 5-7 states of the first and second memories periodically or constantly via a remote direct memory access (RDMA) link over the LDTF.
  - 23. The machine-readable storage device of claim 21, further comprising instructions that cause the processor to determine a load status of each of the plurality of ASMs;
    - anddispatch the data stream to the first and second ASMs based on at least one load status of the first and second ASMs and packet information including layer-3 header information.
  - 24. The machine-readable storage device of claim 23, further comprising instructions that cause the processor to monitor the load status of each ASM by polling a memory location of each ASM which stores the load status of one or more processors or processing cores of the ASM.
  - 25. The machine-readable storage device of claim 24, further comprising instructions that cause the processor to perform a one-way read from the memory location of each ASM via an RDMA channel over the LDTF without having to invoke significant processing power of the ASM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bagepalli, Nagaraj, Gandhi, Prashant, Patra, Abhijit, Prabhu, Kirti, Thakar, Anant
Primary Examiner(s)
Chan, Wing
Assistant Examiner(s)
Baturay, Alicia

Application Number

US12/101,868
Publication Number

US 20090063625A1
Time in Patent Office

1,467 Days
Field of Search

709201-203, 709213-216, 709227-229
US Class Current

709/227
CPC Class Codes

H04L 47/20   Traffic policing

H04L 63/02   for separating internal fro...

H04L 63/0428   wherein the data content is...

H04L 63/166   at the transport layer

H04L 63/205   involving negotiation or de...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/321   Interlayer communication pr...

H04L 9/3242   involving keyed hash functi...

Y10T 70/5827   Axially movable clutch

Highly scalable application layer service appliances

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

146 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Highly scalable application layer service appliances

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

146 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links