Distributed software defined networking

US 9,843,624 B1
Filed: 06/04/2014
Issued: 12/12/2017
Est. Priority Date: 06/13/2013
Status: Active Grant

First Claim

Patent Images

1. A system for processing data packets in a mobile data wireless network, the system comprising:

a programmable network device hosting a plurality of first network applications and located at a wireless edge of the mobile data wireless network;

a programmable cloud device hosting a plurality of second network applications and located in a core of the mobile data wireless network;

wherein at least one of the plurality of first network applications in the programmable network device and at least one of the plurality of second network applications in the programmable cloud device are in secure communication with each other to form a distributed application;

the programmable network device is powered by a sandboxing operating system which facilitates deployment of the plurality of first network applications independent of hardware vendor associated with the programmable network device, and facilitates hot upgrade of the plurality of first network applications with substantially no interruption to operation of the programmable network device;

wherein the programmable network device verifies authenticity and integrity of upgrades to the plurality of first network applications and the programmable cloud device verifies the authenticity and integrity of upgrades to the plurality of second network applications and wherein the verification is based on unique security keys associated with each of the plurality of first and second network applications;

wherein the programmable network device and the programmable cloud device form unified capabilities using a plurality of application programming interfaces (APIs) wherein the APIs accessible to each of the plurality of the first network applications and the plurality of second network applications are determined based on a respective access level associated with each of the plurality of first and second network applications;

an application repository storing distributed applications which have been tested and certified for installation in the programmable network device and programmable cloud device; and

an application management portal coupled to the programmable network device, the programmable cloud device and the application repository, wherein the application management portal presents a user interface to manage provisioning, usage and de-provisioning of the distributed applications on the programmable network device and the programmable cloud device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The Distributed Software Defined Network (dSDN) disclosed herein is an end-to-end architecture that enables secure and flexible programmability across a network with full lifecycle management of services and infrastructure applications (fxDeviceApp). The dSDN also harmonizes application deployment across the network independent of the hardware vendor. As a result, the dSDN simplifies the network deployment lifecycle from concept to design to implementation to decommissioning.

132 Citations

21 Claims

1. A system for processing data packets in a mobile data wireless network, the system comprising:
- a programmable network device hosting a plurality of first network applications and located at a wireless edge of the mobile data wireless network;
  
  a programmable cloud device hosting a plurality of second network applications and located in a core of the mobile data wireless network;
  
  wherein at least one of the plurality of first network applications in the programmable network device and at least one of the plurality of second network applications in the programmable cloud device are in secure communication with each other to form a distributed application;
  
  the programmable network device is powered by a sandboxing operating system which facilitates deployment of the plurality of first network applications independent of hardware vendor associated with the programmable network device, and facilitates hot upgrade of the plurality of first network applications with substantially no interruption to operation of the programmable network device;
  
  wherein the programmable network device verifies authenticity and integrity of upgrades to the plurality of first network applications and the programmable cloud device verifies the authenticity and integrity of upgrades to the plurality of second network applications and wherein the verification is based on unique security keys associated with each of the plurality of first and second network applications;
  
  wherein the programmable network device and the programmable cloud device form unified capabilities using a plurality of application programming interfaces (APIs) wherein the APIs accessible to each of the plurality of the first network applications and the plurality of second network applications are determined based on a respective access level associated with each of the plurality of first and second network applications;
  
  an application repository storing distributed applications which have been tested and certified for installation in the programmable network device and programmable cloud device; and
  
  an application management portal coupled to the programmable network device, the programmable cloud device and the application repository, wherein the application management portal presents a user interface to manage provisioning, usage and de-provisioning of the distributed applications on the programmable network device and the programmable cloud device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein each of the programmable network device and programmable cloud device include an access network interface unit to send and receive communications and a processor with a memory associated with the network interface unit.
  - 3. The system of claim 1, wherein the at least one of the first network applications is responsible for a plurality of functional capabilities of the programmable network device and is capable of at least one of the group consisting of:
    - updating the firmware of the programmable network device;
      
      updating default communication protocols of the programmable network device;
      
      initializing programmable network device settings;
      
      boot loading the programmable network device;
      
      providing security digital certificates;
      
      providing operating system (OS) and kernel upgrades; and
      
      upgrading and commissioning agents for upgrades of the at least one of the first network applications.
  - 4. The system of claim 1, wherein at least one of the second network applications is responsible for a plurality of functional capabilities of the programmable cloud device and is capable of at least one of the group consisting of:
    - upgrading and commissioning agents for upgrades of the at least one of the second network applications and related procedures;
      
      hypervisor upgrades;
      
      virtual machine and isolated execution environment lifecycle management;
      
      security digital certificate management;
      
      operating system (OS) and kernel upgrades; and
      
      default communication protocols.
  - 5. The system of claim 1, wherein the programmable network device is a Long Term Evolution (LTE) evolved NodeB (eNB) and the programmable cloud device hosts LTE core network functions in separate virtual machines, the network functions consisting of:
    - Mobility Management Entity (MME), Serving Gateway (S-GW), and Packet Gateway (P-GW).
  - 6. The system of claim 1, wherein the programmable network device and programmable cloud device further comprise:
    - a virtual fabric which provides a secure communication layer for the at least one of the plurality of first network applications and the at least one of the plurality of second network applications.
  - 7. The system of claim 1, further comprising:
    - a second programmable network device which includes the at least one of the plurality of first network applications which is in the first programmable network device.
  - 8. The system of claim 1, wherein the programmable network device and programmable cloud device further comprise:
    - a distributed resource service (DRS) which controls access to a plurality of resources by the plurality of first network applications and the plurality of the second network applications upon receiving instructions from the application management portal.
  - 9. The system of claim 8, wherein the plurality of resources include at least one of a group consisting of:
    - a firewall;
      
      data and statistics;
      
      storage;
      
      compute;
      
      load evaluator;
      
      general settings;
      
      routing engine;
      
      virtual machine master controller;
      
      power controller; and
      
      wireless engine.
  - 10. The system of claim 8, wherein the DRS further includes a load controller;
    - and wherein the load controller is adapted to monitor loads on at least one of the plurality of first network applications and at least one of the plurality of second network applications and effect change in accordance with thresholds received from the application management portal.
  - 11. The system of claim 8, wherein the programmable network device and programmable cloud device further comprise:
    - a distributed resource service which is capable of providing at least one service from a group consisting of;
      
      exposing application programming interfaces (APIs) to other applications;
      
      configuring and managing platform resources;
      
      policy enforcement and authorization of applications access to platform resource and other application'"'"'s APIs; and
      
      policy conflict resolution.
  - 12. The system of claim 1, wherein the programmable network device and programmable cloud device further comprise:
    - a distributed content service wherein contents generated by the at least one of the plurality of first network applications may be shared with the at least one of a plurality of second network applications.
  - 13. The system of claim 1, wherein the programmable network device and programmable cloud device further comprise:
    - a distributed notification service wherein notice of a particular event is sent from at least one of the plurality of first network applications to at least one of the plurality of second network applications.
  - 14. The system of claim 1, wherein the programmable network device, at least one of the plurality of first network applications, the programmable cloud device, and at least one of the plurality of second network applications each have unique identities.
  - 15. The system of claim 1 wherein the at least one of the plurality of first network applications and the at least one of the plurality of second network applications communicate using communication protocols implemented in both the at least one of the plurality of first network applications and the at least one of the plurality of second network applications.
  - 16. The system of claim 1, wherein the programmable cloud device is a packet data network gateway.
  - 17. The system of claim 1, wherein the programmable network device is capable of securely processing a plurality of distinct functions in coordination with other programmable network devices and other programmable cloud devices.

18. A system for processing data packets in a mobile data wireless network, the system comprising:
- a programmable network device processing data flows, hosting at least one of a plurality of first network applications and located at a wireless edge of the mobile data wireless network;
  
  a programmable cloud device having a plurality of virtual machines wherein at least one of the virtual machines hosts at least one of a plurality of second network applications and wherein the programmable cloud device is located in a core of the mobile data wireless network;
  
  wherein the at least one of the plurality of first network applications and the at least one of the plurality of second network applications are in secure communication to form a distributed application;
  
  the programmable network device is powered by a sandboxing operating system which facilitates deployment of the plurality of first network applications independent of hardware vendor associated with the programmable network device, and facilitates hot upgrade of the plurality of first network applications with substantially no interruption to operation of the programmable network device;
  
  wherein the programmable network device verifies authenticity and integrity of upgrades to the plurality of first network applications and the programmable cloud device verifies the authenticity and integrity of upgrades to the plurality of second network applications and wherein the verification is based on unique security keys associated with each of the plurality of first and second network applications;
  
  wherein the programmable network device and the programmable cloud device form unified capabilities using a plurality of application programming interfaces (APIs) wherein the APIs accessible to each of the plurality of the first network applications and the plurality of second network applications are determined based on a respective access level associated with each of the plurality of first and second network applications;
  
  an application repository storing distributed applications which have been tested and certified for installation in the programmable network device and programmable cloud device; and
  
  an application management portal coupled to the programmable network device, the programmable cloud device and the application repository, wherein the application management portal presents a user interface to manage provisioning, usage and de-provisioning of the distributed applications on the programmable network device and programmable cloud device.

19. A system for processing data packets in a mobile data wireless network, the system comprising:
- a programmable network device processing data flows, hosting at least one of a plurality of first network applications and located at a wireless edge of the mobile data wireless network;
  
  a programmable cloud device partitioned into a plurality of zones, wherein at least one of the plurality of zones hosts at least one of a plurality of second network applications and wherein the programmable cloud device is located in a core of the mobile data wireless network;
  
  wherein the at least one of the plurality of first network applications and the at least one of the plurality of second network applications are in secure communication to form a distributed application;
  
  the programmable network device is powered by a sandboxing operating system which facilitates deployment of the plurality of first network applications independent of hardware vendor associated with the programmable network device, and facilitates hot upgrade of the plurality of first network applications with substantially no interruption to operation of the programmable network device;
  
  wherein the programmable network device verifies authenticity and integrity of upgrades to the plurality of first network applications and the programmable cloud device verifies the authenticity and integrity of upgrades to the plurality of second network applications and wherein the verification is based on unique security keys associated with each of the plurality of first and second network applications;
  
  wherein the programmable network device and the programmable cloud device form unified capabilities using a plurality of application programming interfaces (APIs) wherein the APIs accessible to each of the plurality of the first network applications and the plurality of second network applications are determined based on a respective access level associated with each of the plurality of first and second network applications;
  
  an application repository storing distributed applications which have been tested and certified for installation in the programmable network device and programmable cloud device; and
  
  an application management portal coupled to the programmable network device, the programmable cloud device and the application repository, wherein the application management portal presents a user interface to manage provisioning, usage and de-provisioning of the distributed applications on the programmable network device and the programmable cloud device.

20. A method of processing data packets in a mobile data wireless network, the method comprising:
- establishing secure communications between distributed applications comprising at least one of a plurality of first network applications hosted by a programmable network device located at a wireless edge of the mobile data wireless network and at least one of a plurality of second network applications hosted by a programmable cloud device located in a core of the mobile data wireless network;
  
  powering the programmable network device by a sandboxing operating system;
  
  facilitating by the sandboxing operating systems, deployment of the plurality of first network applications independent of hardware vendor associated with the programmable network device;
  
  facilitating by the sandboxing operating system, hot upgrade of the plurality of first network applications with substantially no interruption to operation of the programmable network device;
  
  verifying the authenticity and integrity of upgrades to the plurality of first network applications by the programmable network device and verifying the authenticity and integrity of the plurality of second network applications by the programmable cloud device, wherein the verifications are based on unique security keys associated with each one of the plurality of first and second network applications;
  
  forming unified capabilities by the programmable network device and programmable cloud device using a plurality of application programming interfaces (APIs) wherein the APIs accessible to each of the plurality of first network applications and the plurality of second network applications are determined based on a respective access level associated with each of the plurality of first and second network applications;
  
  storing the distributed applications in an application repository, wherein the distributed applications have been tested and certified for installation in the programmable network device and the programmable cloud device; and
  
  presenting a user-interface of an application management portal to manage provisioning, usage and de-provisioning of the distributed applications on the programmable network device and programmable cloud device, wherein the application management portal is coupled to the programmable network device, the programmable cloud device and the application repository.

21. A system for processing data packets in a mobile data wireless network, the system comprising:
- a plurality of programmable network devices hosting a plurality of first network applications and located at a wireless edge of the mobile data wireless network;
  
  a plurality of programmable cloud devices hosting a plurality of second network applications and located in a core of the mobile data wireless network;
  
  wherein at least one of the plurality of first network applications in at least one of the plurality of programmable network devices and at least one of the plurality of second network applications in at least one of the plurality of programmable cloud devices are in secure communication with each other to form a distributed applications;
  
  wherein the plurality of programmable network devices are each powered by a sandboxing operating system which facilitates deployment of the plurality of first network applications independent of hardware vendors associated with the plurality of programmable network devices, and facilitates hot upgrade of the plurality of first network applications with substantially no interruption to operation of the plurality of programmable network devices;
  
  wherein the plurality of programmable network devices verify authenticity and integrity of upgrades to the plurality of first network applications and the plurality of programmable cloud devices verify authenticity and integrity of upgrades to the plurality of second network applications and wherein the verification is based on unique security keys associated with each of the plurality of first and second network applications;
  
  wherein the plurality of programmable network devices and the plurality of programmable cloud devices form unified capabilities using a plurality of application programming interfaces (APIs) wherein the APIs accessible to each of the plurality of the first network applications and the plurality of second network applications are determined based on a respective access level associated with each of the plurality of first and second network applications;
  
  an application repository storing distributed applications which have been tested and certified for installation in the plurality of programmable network devices and the plurality of programmable cloud devices; and
  
  an application management portal coupled to the plurality of programmable network devices, the plurality of programmable cloud devices and the application repository, wherein the application management portal presents a user interface to manage provisioning, usage and de-provisioning of the distributed applications on the plurality of programmable network devices and the plurality of programmable cloud devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EDGE NETWORKING SYSYEMS LLC
Original Assignee
Pouya Taaghol
Inventors
Taaghol, Pouya, Ramanna, Vivek
Primary Examiner(s)
Chan, Wing F
Assistant Examiner(s)
Krishnan, Raji

Application Number

US14/295,331
Time in Patent Office

1,287 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45575   Starting, stopping, suspend...

G06F 2009/45587   Isolation or security of vi...

G06F 21/44   Program or device authentic...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 8/60   Software deployment

G06F 8/70   Software maintenance or man...

G06F 9/4406   Loading of operating system

H04L 41/042   comprising distributed mana...

H04L 41/0803   Configuration setting

H04L 41/082   the condition being updates...

H04L 41/0833   for reduction of network en...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 41/40   using virtualisation of net...

H04L 41/5019   Ensuring fulfilment of SLA

H04L 41/509   wherein the managed service...

H04L 45/563   Software download or update

H04L 45/64   using an overlay routing layer

H04L 63/0218 : Distributed architectures, ...

H04L 63/0227 : Filtering policies mail mes...

H04L 67/10 : in which an application is ...

H04L 67/1076 : Resource dissemination mech...

H04L 67/34 : involving the movement of s...

H04L 9/0822 : using key encryption key

H04W 4/00 : Services specially adapted ...

View All

Distributed software defined networking

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

132 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed software defined networking

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

132 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links