Layers 4-7 service gateway for converged datacenter fabric

US 8,180,901 B2
Filed: 04/11/2008
Issued: 05/15/2012
Est. Priority Date: 08/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

at a network element, receiving at least one of a plurality of packets of a plurality of network transactions from a plurality of clients over a first network for accessing one of a plurality of servers of a data center over a second network;

terminating at least one of a plurality of a transport control protocol (TCP) connections of data streams at a network service module (NSM) associated with each of the network transactions at a central network point;

storing meta-data for each of the terminated TCP connections in order to preserve session information, transaction information and packet information for each of the terminated TCP connections;

assembling the data streams from a plurality of protocol data units of the plurality of packets, wherein the data streams are configured to be transported within the second network;

transmitting the data streams over a switch fabric to an application service module (ASM) for layer 5 to layer 7 (layer 5-7) processing;

routing the data streams without TCP information for application layer processing to one of the plurality of servers of the data center via a converged input/output (I/O) interface over the second network if the second network is a converged fabric network;

performing the layer 5-7 processing at the ASM without having to terminate the TCP connections again; and

routing the data streams with TCP information via a TCP connection to one of the plurality of servers of the data center if the second network is an Ethernet network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Layer 4 gateway for a converged datacenter fabric is described herein. According to one embodiment, a packet of a network transaction is received from a client over a first network for accessing a server of a datacenter having a plurality of servers over a second network. One or more network services are performed on the packet including terminating a TCP (transport control protocol) connection associated with the network transaction and generating a data stream. The data stream without TCP information is routed to the server via a converged I/O interface over the second network if the second network is a converged fabric network. The data stream with TCP information is routed via a TCP connection to the server if the second network is an Ethernet. Other methods and apparatuses are also described.

127 Citations

23 Claims

1. A method comprising:
- at a network element, receiving at least one of a plurality of packets of a plurality of network transactions from a plurality of clients over a first network for accessing one of a plurality of servers of a data center over a second network;
  
  terminating at least one of a plurality of a transport control protocol (TCP) connections of data streams at a network service module (NSM) associated with each of the network transactions at a central network point;
  
  storing meta-data for each of the terminated TCP connections in order to preserve session information, transaction information and packet information for each of the terminated TCP connections;
  
  assembling the data streams from a plurality of protocol data units of the plurality of packets, wherein the data streams are configured to be transported within the second network;
  
  transmitting the data streams over a switch fabric to an application service module (ASM) for layer 5 to layer 7 (layer 5-7) processing;
  
  routing the data streams without TCP information for application layer processing to one of the plurality of servers of the data center via a converged input/output (I/O) interface over the second network if the second network is a converged fabric network;
  
  performing the layer 5-7 processing at the ASM without having to terminate the TCP connections again; and
  
  routing the data streams with TCP information via a TCP connection to one of the plurality of servers of the data center if the second network is an Ethernet network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein routing the data stream without TCP information further comprises routing the data stream via the I/O interface over the second network if the second network is a fabric network compatible to one of a remote direct memory access (RDMA), an InfiniBand switched fabric communications link, a data center Ethernet (DCE) technology, and a fibre channel over Ethernet (FCoE) technology.
  - 3. The method of claim 1, further comprising operating the network element as an application services gateway to the data center with respect to the plurality of clients when at least one client accesses the plurality of servers of the data center.
  - 4. The method of claim 3, further comprising:
    - coupling the NSM to the ASM over the switch fabric;
      
      performing a layer 2 to layer 5 (layer 2-5) processing on the data streams of the packets at the NSM;
      
      performing the layer 5-7 processing on the data streams of the packets at the ASM;
      
      transporting the data streams of the packets from the ASM to the NSM after performing the layer 5-7 processing; and
      
      transforming the data streams of the packets at the NSM into a plurality of protocol data units upon receiving the data streams from the ASM.
  - 5. The method of claim 1, further comprising routing the data stream from the ASM to one of the plurality of servers over the second network via the converged I/O interface after performing the layer 5-7 processing if the second network is a converged fabric network.
  - 6. The method of claim 1, further comprising routing the data stream from the ASM back to the NSM over the switch fabric and routing the data stream from the NSM to one of the plurality of servers over an Ethernet if the second network is an Ethernet network.
  - 7. The method of claim 6, further comprising repackaging the data stream at the NSM into a TCP packet before routing the TCP packet to one of the plurality of servers over the Ethernet network.
  - 8. The method of claim 1, wherein assembling comprises assembling the data stream configured to be processed by a dedicated processing unit that performs ISO layer-7 services.
  - 9. The method of claim 8, wherein assembling comprises assembling data streams configured to be processed by a plurality of dedicated processing units to support centralized transport protocol termination for multiple servers such that the TCP connections of the network transactions are terminated once and so that the data streams are configured to be processed between the dedicated processing units.

10. A computer-readable non-transitory memory storing instructions that, when executed by a processor, causes the processor to:
- receive at a network element at least one of a plurality of packets of a plurality of network transaction from a plurality of clients over a first network for accessing one of a plurality of servers of a data center over a second network;
  
  terminate at least one of a plurality of a transport control protocol (TCP) connections of data streams at a network service module (NSM) associated with the network transactions at a central network point;
  
  store meta-data for each of the terminated TCP connections in order to preserve session information, transaction information and packet information for each of the terminated TCP connections;
  
  assemble the data streams from a plurality of protocol data units of the plurality of packets, wherein the data streams are configured to be transported within the second network;
  
  transmit the data streams over a switch fabric to an application service module (ASM) for layer 5 to layer 7 (layer 5-7) processing;
  
  route the data streams without TCP information for application layer processing to one of the plurality of servers of the data center via a converged input/output (I/O) interface over the second network if the second network is a converged fabric network; and
  
  perform the layer 5 to layer 7 (layer 5-7) processing at the ASM without having to terminate the TCP connections again; and
  
  route the data streams with TCP information via a TCP connection to one of the plurality of servers of the data center if the second network is an Ethernet network.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer-readable non-transitory memory of claim 10, wherein the instructions that cause the processor to route the data stream without TCP information comprise instructions that cause the processor to route the data stream via the I/O interface over the second network if the second network is a fabric network compatible to one of an RDMA (remote direct memory access), an InfiniBand switched fabric communications link, a data center Ethernet (DCE) technology, and a fibre channel over Ethernet (FCoE) switched fabric communications link.
  - 12. The computer-readable non-transitory memory of claim 10, further comprising instructions that cause the processor to configure the network element to operate as a security gateway to the data center with respect to the plurality of clients when at least one client accesses the plurality of servers of the data center.
  - 13. The computer-readable non-transitory memory of claim 12, further comprising instructions that cause the processor to:
    - couple the NSM to the ASM over the switch fabric;
      
      perform a layer 2 to layer 5 (layer 2-5) processing on the data streams of the packets at the NSM; and
      
      perform the layer 5-7 processing on the data streams of the packets at the ASM, such that the ASM transports data streams of the packets to the NSM after performing layer 5-7 processing and such that the NSM transforms the data streams into a plurality of protocol data units upon receiving the data streams from the ASM.
  - 14. The computer-readable non-transitory memory of claim 10, further comprising instructions that cause the processor to configure the ASM to route the data stream to one of the plurality of servers over the second network via the converged I/O interface after performing the layer 5-7 processing if the second network is a converged fabric network.
  - 15. The computer-readable non-transitory memory of claim 10, further comprising instructions that cause the processor to configure the ASM to route the data stream back to the NSM over the switch fabric and to configure the NSM to route the data stream to one of the plurality of servers over an Ethernet network if the second network is an Ethernet network.
  - 16. The computer-readable non-transitory memory of claim 15, further comprising instructions that cause the processor to repackage the data stream at the NSM into a TCP packet before routing the TCP packet to one of the plurality of servers over the Ethernet network.
  - 17. The computer-readable non-transitory memory of claim 10 wherein the instructions that cause the processor to assemble data streams comprise instructions that cause the processor to assemble data streams that are configured to be processed by a dedicated processing unit that performs ISO layer-7 services.
  - 18. The computer-readable non-transitory memory of claim 10, wherein the instructions that cause the processor to assemble data streams comprise instructions that cause the processor to assemble data streams configured to be processed by a plurality of dedicated processing units to support centralized transport protocol termination for multiple servers such that the TCP connections of the network transactions are terminated once and so that the data streams are configured to be transported between the dedicated processing units.

19. A network apparatus, comprising:
- an Ethernet interface to be coupled to an Ethernet network;
  
  a converged input/output (I/O) interface to be coupled to a converged fabric network; and
  
  a plurality of service modules coupled to each other over an internal switch fabric, including a network service module (NSM) and an application service module (ASM);
  
  wherein the NSM is configured to receive at least one of a plurality of packets of a network transaction from at least one of a plurality of clients via the Ethernet interface, terminate a transport control protocol (TCP) connection of data streams at the NSM of the packet at a central network point, assemble a data stream for each of the plurality of packets to perform a layer 2 to layer 5 (layer 2-5) processing on the data stream of each of the packets and route the data stream to the ASM for layer 5 to layer 7 (layer 5-7) processing;
  
  wherein the ASM is configured to receive the data stream from the NSM over the internal switch fabric, perform a layer 5 to layer 7 (layer 5-7) processing on the data stream without having to terminate the TCP connection again, and route the data stream to the NSM; and
  
  wherein the NSM is further configured to transform the data stream into a plurality of protocol data units to be transmitted to an application server.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The network apparatus of claim 19, wherein the network apparatus is configured to operate as an application services gateway with respect to the plurality of clients when at least one client accesses at least one of the plurality of service modules.
  - 21. The network apparatus of claim 19, wherein the ASM is configured to perform the layer 5-7 processing on the data stream without having to perform TCP related processes.
  - 22. The network apparatus of claim 21, wherein the converged I/O interface is implemented within the ASM, and wherein after performing the layer 5-7 processing on the data stream, the ASM routes the data stream to a destination server via the converged I/O interface within the ASM, if the destination server is located in a converged fabric network.
  - 23. The network apparatus of claim 22, wherein if the destination server is located in an Ethernet network, after performing the layer 5-7 processing on the data stream, the ASM routes the data stream back to the NSM over the internal switch fabric, and wherein the NSM converts the data stream into a TCP packet and routes the TCP packet to the destination server over the Ethernet interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bagepalli, Nagaraj, Gandhi, Prashant, Patra, Abhijit, Prabhu, Kirti, Thakar, Anant
Primary Examiner(s)
Chan, Wing
Assistant Examiner(s)
Baturay, Alicia

Application Number

US12/101,867
Publication Number

US 20090063701A1
Time in Patent Office

1,495 Days
Field of Search

709227-229
US Class Current

709/227
CPC Class Codes

H04L 47/20   Traffic policing

H04L 63/02   for separating internal fro...

H04L 63/0428   wherein the data content is...

H04L 63/166   at the transport layer

H04L 63/205   involving negotiation or de...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/321   Interlayer communication pr...

H04L 9/3242   involving keyed hash functi...

Y10T 70/5827   Axially movable clutch

Layers 4-7 service gateway for converged datacenter fabric

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

127 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Layers 4-7 service gateway for converged datacenter fabric

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links