Abstract:
In general, techniques are described for informing services nodes of private network address information in order to apply subscriber-aware services with the services node. In some examples, a services node includes an Authentication, Authorization, and Accounting (AAA) interface to receive a AAA message, wherein the AAA message has been extended from a AAA protocol to specify a private network address of a subscriber device authenticated to an access network by the AAA server and assigned the private network address that is not routable external to the access network. A mapping module associates the public network address of subscriber data traffic with the private network address received by the AAA message. One or more service modules select one or more of a plurality of subscriber policies using the associated private network address and apply services to the subscriber data traffic in accordance with the selected subscriber policies.
Abstract:
In general, techniques are described for informing services nodes of private network address information in order to apply subscriber-aware services with the services node. In some examples, a services node includes an Authentication, Authorization, and Accounting (AAA) interface to receive a AAA message, wherein the AAA message has been extended from a AAA protocol to specify a private network address of a subscriber device authenticated to an access network by the AAA server and assigned the private network address that is not routable external to the access network. A mapping module associates the public network address of subscriber data traffic with the private network address received by the AAA message. One or more service modules select one or more of a plurality of subscriber policies using the associated private network address and apply services to the subscriber data traffic in accordance with the selected subscriber policies.
Abstract:
In one example, an intermediate network device sends packets that advertise a transmission control protocol (TCP) window size of zero bytes to a client device and a server device. The device, after sending the packets, receives a first zero-window probe packet from the client device including data representing a first current sequence number for a client-to-server packet flow of an established network session, and a second zero-window probe packet from the server device including data representing a second current sequence number for a server-to-client packet flow of the network session. The device also initializes a TCP state based on the first and second current sequence numbers, and acts as a TCP proxy for packets following the first zero-window probe packet of the client-to-server packet flow based on the TCP state and packets following the second zero-window probe packet of the server-to-client packet flow based on the TCP state.
Abstract:
Techniques are described for performing inline NAT functions in a forwarding element of a mobile gateway router or other device in which subscriber sessions of a mobile access network are distributed across a plurality of session management cards. The session management cards pre-allocate a public network address and port range for subscribers at the time a network connection is established in response to connection request prior to receiving any data traffic associated with the subscriber. NAT profiles are programmed into hardware forwarding elements of the mobile gateway router for inline NAT when routing subscriber traffic for the mobile access network.
Abstract:
A system and method for communicating between applications using a routing process. A set of one or more signal-routes are defined on a network device, including a first signal-route. Each signal-route is associated with a state of an application to be executed on the network device, wherein the first signal-route is associated with a first application state of the application. The network device detects, within the application executing within an application layer of the network device, a change in the first application state and notifies other applications of the change in the first application state. Notifying includes modifying the first signal-route, wherein modifying includes adding the first signal-route to or removing the first signal-route from a Routing Information Base (RIB) and advertising the change in the RIB.
Abstract:
In general, techniques are described for maintaining load balancing after service application. A network device comprising ingress and egress forwarding components and a service card may implement the techniques. An ingress forwarding component receives a packet and, in response to a determination that the service is to be applied to the packet, updates the packet to include an ingress identifier that identifies the ingress forwarding component, thereafter transmitting the updated packet to the service card. The service card applies the service to the updated packet to generate a serviced packet and transmits the serviced packet to the ingress forwarding component identified by the ingress identifier so as to maintain load balancing of packet flows across the plurality of forwarding components. The ingress forwarding component determines a next hop to which to forward the serviced packet and the egress forwarding component forwards the serviced packet to the determined next hop.
Abstract:
Techniques are described for dynamically adapting virtualized network functions (VNFs) to different target environments. A controller stores device profiles that include configuration data and workflows for resolving configuration parameters for instantiating and deploying a VNF package to form a network service. To support the resolution of VNF configuration parameters, a VNF descriptor for the VNF is extended to include a device family parameter that indicates a shared architecture and configuration parameters. The controller, when instantiating the VNF, may identify a device profile usable for resolving the configuration parameters for the VNF and obtain configuration data from the device profile for creating and configuring a VNF instance for the VNF descriptor. Extending the VNF descriptor to specify a device family allows the VNF to be flexibly adapted for different target environments and may avoid the use of numerous pre-defined VNF descriptors.
Abstract:
A redundant service delivery gateway system and method. Configuration information defining roles for redundant service delivery gateways is received via a user interface defined for each of a plurality of redundant service delivery gateways. Configuration information defining one or more redundancy events, a redundancy policy associated with each redundancy event and two or more redundancy sets is also received via a user interface. Each redundancy set is associated with one or more of the redundancy events and each redundancy set includes a master redundancy state and a standby redundancy state. A first redundancy event detected in a first service delivery gateway leads to a transition, in the first service delivery gateway, from a master redundancy state to a standby redundancy state in the redundancy set associated with the first redundancy event.
Abstract:
In general, this disclosure describes techniques for applying, with a network device, subscriber-specific packet processing using an internal processing path that includes service objects that are commonly applied to multiple packet flows associated with multiple subscribers. In one example, a network device control plane creates subscriber records that include, for respective subscribers, one or more variable values that specify service objects as well as an identifier for a packet processing template. A forwarding plane of the network device receives and maps subscriber packets to an associated subscriber record and then processes the packet by executing the packet processing template specified by the subscriber record. When the forwarding plane reaches a variable while executing the specified packet processing template, the forwarding plane reads the associated variable value from the subscriber record to identify and then apply the subscriber-specific service object specified by the variable.
Abstract:
In general, techniques are described for load balancing, with a service node, packet flows using stateless load balancing that adapts to server failure to provide flow affinity to initially selected servers for the duration of respective flows. In one example, service node device applies stateless load balancing to packet flows to distribute the flows among a plurality of servers. The service node determines a failure of a failed server and then receives an initial packet of a packet flow from the packet flows and forwards the initial packet to an active server. The service node generates a mapping of the packet flow to the active server, determines a recovery of the failed server, receives a subsequent packet of the packet flow, and forwards the subsequent packet of the packet flow to the active server based at least on the mapping of the packet flow to the active server.