Flow-based routing boosts MPLS service

The packet vs. circuit dichotomy has long divided the networking industry. TDM and Internet Protocol have represented the opposite extremes of the circuit vs. packet spectrum, and each still has its pros and cons. Technologies like ATM, frame relay and multiprotocol label switching (MPLS) were created in an attempt to bridge the packet/circuit divide and infuse packet networks with desirable characteristics of circuit technology. Each has been successful at solving specific problems but has also posed drawbacks that have led to the development of complementary optimization and evolution technologies.

This article introduces an original flow-based routing approach that represents a marriage of the best of both circuit and packet technologies, applicable to both IP and MPLS networks and optimized to become the platform of choice for network convergence over IP/MPLS networks.

"Soft stateful" switching technologies incorporate the best of both circuit and packet approaches. The technology is based on many of the ideas from ATM and MPLS, as well as earlier IP switching techniques. But it remains IP-centric, is free of signaling overhead and is fully compatible with today's networks.

The technology is based on the principle of recognizing flows, routing the first packet of the flow, dynamically associating temporary state with it and then switching remaining packets in the flow using the state information. The fact that decisions are made on a flow-by-flow basis for all the flows traversing the router, as opposed to decisions being made on a packet-by-packet basis, represents the key difference between this architecture and existing router architectures. The notion of flow is network-dependent and its definition flexible in the context of this article; 5-tuple IP information (including the IP source and destination addresses, TCP/UDP source and destination ports and protocol type) is considered a flow. It can span IP microflows, aggregate MPLS flows or any level of granularity in between. Sophisticated hashing functions can identify flows using not only the Layer 3 and layer 4 information but possibly L2 information as well.

The flow state technology recognizes flows based on predetermined hash functions, performs extensive processing on the first packet of a flow, associates that flow with a state and applies the result of this processing on subsequent packets in the flow. The state information is dynamically created and deleted without any explicit signaling and as such is of a soft-state nature. It is managed by monitoring the dynamics of TCP and UDP flows. The first packet of a flow is routed according to overall packet routing rules, in keeping with the flexibility and robustness inherent in IP networks. Remaining packets in the flow, however, are switched based on the stored flow state information, providing the predictability and traceability of connection-oriented technologies. This scheme is a form of flow-based switching, leveraging an optimized hardware-only processing architecture that allows it to scale to several millions of flows active at any given time, and more than a million new flow setups/second per ASIC with extensive state information kept for every flow. The state information the routing decision of the flow, its QoS requirements and the results of the classification engine, and the security requirements of the specific flow.

Flow-based routing technology offers benefits from three major perspectives. First, it provides significant switch-level benefits, allowing the emergence of new high-speed packet processing with extensive parallelism and highly scalable switching fabric architectures with innovative switch-level resource management schemes. Second, it has a number of network-level benefits in terms of routing efficiency, load balancing and, more importantly, network-level QoS. Third, it enables new service models in the Internet that permit the convergence of multiple services over the Internet and the emergence of new IP-based services applications with stringent QoS requirements. This article focuses on the QoS benefits of flow-based routing.

Flow state technology can be considered a superset of the Internet's existing QoS mechanisms. Maintaining flow state allows one to mimic, if desired, the expected behavior of differentiated services by instantiating a generic per-hop behavior as well as Integrated Services. Additional benefits include the ability to guarantee bounds on loss, delay and jitter for selected flows, as well as provide strict isolation between separate flows. In fact, once the first packet of a flow traverses the network, it becomes possible to emulate ATM-like or even PSTN-like behavior in an IP/MPLS network.

Congestion control schemes in the Internet were all designed with the assumption that no state was available. A number of schemes have been developed, most centered on the concept of random early discard (RED)-based active-queue management. These schemes have limitations when one is faced with Internet traffic that is not TCP-friendly or is unresponsive, potentially causing problems at the network and end-user levels.

Leveraging flow state information allows the design of novel congestion control schemes that are more efficient at improving network-level behavior and end-user perceptions while enforcing some fairness models specific to the service providers. Examples include the development of flow-based congestion control schemes that efficiently target misbehaving and unresponsive flows as well as connection admission control (CAC) schemes for IP flows. In the context of controlling misbehaving flows, state information allows the computation of instantaneous and average rates for the various flows and has knowledge about how much traffic is carried over those flows. The information can be used to protect some flows when congestion occurs. In the CAC context, it can apply either to TCP or UDP. For TCP traffic, that leads to a significant improvement in the throughput of good traffic and the end user's perception of it; for CAC schemes for UDP traffic, it leads to a significant improvement in network-based services running over a UDP transport by enabling services to be strictly on or off but ensuring no degradation of performance if the service is on.

One important feature of TDM, ATM and frame relay has been the ability to offer bandwidth guarantees for individual or group flows across the network. IP/MPLS packet routers have no inherent ability to offer individual flow guarantees, since they do not track flows. They can only guarantee the maximum rate of a whole class that has a separate queue.

Recent evolution toward network convergence requires carrying multiservices over IP/MPLS as well as loss and jitter or delay-sensitive traffic and highly sensitive communication traffic requiring strict rate guarantees in normal and disaster-recovery conditions. A flow router achieves a guarantee by leveraging the stored state information to schedule packets according to their QoS requirements. State information can enforce CAC control for flows with guaranteed characteristics and, once admitted, will ensure that packets are policed, shaped and scheduled based on their traffic class characteristics.

These various guarantees can also be applied to group of flows, with the group representing an entity such as a broadband subscriber. Once a flow is determined to be within its own rate limit, a flow router can check an aggregate group of flows and discard the flow (UDP) or the packet (TCP) to maintain a guarantee on the group of flows. That benefits emerging broadband applications over an IP-only infrastructure.

Riad Hartani is principal engineer for system and network architecture at Caspian Networks Inc. (San Jose, Calif.).