[go: up one dir, main page]

US20210083960A1 - Systems and methods for providing traffic generation on network devices - Google Patents

Systems and methods for providing traffic generation on network devices Download PDF

Info

Publication number
US20210083960A1
US20210083960A1 US16/575,015 US201916575015A US2021083960A1 US 20210083960 A1 US20210083960 A1 US 20210083960A1 US 201916575015 A US201916575015 A US 201916575015A US 2021083960 A1 US2021083960 A1 US 2021083960A1
Authority
US
United States
Prior art keywords
network
application
traffic generator
network device
identified application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US16/575,015
Other versions
US10938706B1 (en
Inventor
David John Zacks
Thomas Szigeti
Hanoch Haim
Anoop Vetteth
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Technology Inc filed Critical Cisco Technology Inc
Priority to US16/575,015 priority Critical patent/US10938706B1/en
Assigned to CISCO TECHNOLOGY, INC. reassignment CISCO TECHNOLOGY, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: VETTETH, ANOOP, ZACKS, David John, HAIM, HANOCH, SZIGETI, THOMAS
Priority to CN202080059826.9A priority patent/CN114365461B/en
Priority to PCT/US2020/050893 priority patent/WO2021055361A1/en
Priority to EP20781228.0A priority patent/EP4032234A1/en
Priority to US17/164,600 priority patent/US11456942B2/en
Application granted granted Critical
Publication of US10938706B1 publication Critical patent/US10938706B1/en
Publication of US20210083960A1 publication Critical patent/US20210083960A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/14Arrangements for monitoring or testing data switching networks using software, i.e. software packages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/20Arrangements for monitoring or testing data switching networks the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/302Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3409Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3409Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
    • G06F11/3414Workload generation, e.g. scripts, playback
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/865Monitoring of software

Definitions

  • the subject matter of this disclosure relates to providing arbitrary and custom application traffic generation on network devices leveraging a containerized version of a traffic generation code base.
  • FIG. 1 illustrates a topology of a network in which the innovation disclosed herein can apply
  • FIG. 2 illustrates another network topology
  • FIG. 3 illustrates a method embodiment from the standpoint of a central controller
  • FIG. 4 illustrates a method embodiment from the standpoint of a network device
  • FIG. 5 illustrates a method embodiment from the standpoint of a network switch
  • FIG. 6 illustrates an example network device in accordance with various examples.
  • FIG. 7 illustrates an example computing device architecture, in accordance with some examples.
  • the present disclosure provides solutions to the issues raised above with respect to application performance both in terms of modeling and testing applications to be deployed as well as providing data for applications that are deployed.
  • the modeling and monitoring typically relates to how data flows through a network to and from a particular application.
  • a network manager needs a flexible, extensible and scalable method to proactively test, monitor and report application performance across a network infrastructure.
  • the present disclosure encompasses the ability to provide arbitrary and custom traffic generation and analysis from a network device using a containerized infrastructure and on device performance optimized interfaces.
  • An example network device is an edge node on a network, a switch or a router. These network devices typically just receive and transmit packets of data as a node on the network. This disclosure provides an approach of positioning a containerized traffic generator right on a network device.
  • An example method includes identifying, via a network controller, an application associated with a network to yield an identified application, spinning up, by the network controller, a traffic generator in a container on a network device, wherein the traffic generator is configured to emulate traffic associated with the network device and the identified application and monitoring performance of at least one of the identified application in the network and the traffic generator on the network device.
  • the traffic generator in the container on the network device can include a full-function traffic generator and replay engine.
  • the network device can be one of a network switch, an access-layer switch, an edge device or can be some other network device hardware or a virtual device.
  • the traffic generator can include a stateful and stateless traffic generator.
  • the identified application associated with the network can be one of (1) a future application to be deployed and (2) an existing application on the network.
  • the monitoring of the performance can include monitoring the performance of the identified application prior to deployment to test one or more of a quality of service associated with the identified application and performance routing associated with the identified application.
  • Spinning up the traffic generator in a container further can include interfacing the traffic generator in the container to an underlying network device ASIC (application-specific integrated circuit) infrastructure by utilizing a KR port and dedicated on-network-device resources for one or more of a CPU (central processing unit), a memory and a storage.
  • ASIC application-specific integrated circuit
  • the traffic generator can be spun-up and deployed based on a chosen application template from a plurality of predetermined known application templates,
  • the chosen application template can have characteristics associated with the identified application.
  • the method can include defining a new application signature associated with the identified application, deploying the traffic generator with the new application signature and testing traffic flow associated with the identified application by running the traffic generator.
  • An example traffic generator is disclosed herein can be a containerized version of what is called the TRex code base, which is a lightweight and highly scalable stateful and stateless traffic generator that generates Layer 4-7 traffic based on preprocessing and smart replay of real traffic samples and templates.
  • the TRex stateless functionality includes support for multiple streams, the ability to change any packet field and provides per stream statistics for network latency and jitter.
  • the code base can be used to test the efficiency of various network technologies set such as the Cisco Network Based Application Recognition (NBAR2) technologies. These technologies can recognize currently over 1400 applications all of which can be accurately simulated by the traffic generator.
  • NBAR2 Cisco Network Based Application Recognition
  • the method can include defining a new application signature associated with the identified application, deploying the traffic generator with the new application signature and testing traffic flow associated with the identified application by running the traffic generator.
  • Any traffic generation technology can apply to the concepts disclosed herein for containerizing and deploying a traffic generator on a network component.
  • the traffic generator can be capable of operating on various network devices such as, by way of example, the Catalyst 9300 and 9400 platforms running IOS-XE, which is able to host one or more emulated wired clients operating as sensors
  • IOX-XE is an example operating system that is a combination of a linux kernel and a (monolithic) application that runs on top of the kernel.
  • One example is the Cisco IOS XE Open Service Containers.
  • a service container is an application it can be hosted directly on a Cisco IOX XE routing platform.
  • the application can use the linux aspect of the IOS XE operating system to host both linux virtual containers and kernel virtual machines on various routers.
  • An open service container can carry a digital signature that verifies it as an authentic application from a certain provider.
  • a container is an isolated execution environment on a linux host that behaves much like a full featured linux installation with its own users, file system, processes and network stack.
  • Running an application inside of the container isolates it from the host and other containers which means that even when the application inside of them are running, they cannot access or modify the files, processes, users or other resources of the host or other containers.
  • the concepts herein leverage a containerized version of a traffic generator.
  • a traffic generator can be deployed on a network device such as an access layer switch within a container and can thereby be used to emulate packet flow and report on the impact of the packet flow back to a network controller.
  • emulated wired client will virtually emulate in all respects and actual physical wired client that is physically attached to a front panel port of the switch of the network device.
  • the emulation of wired client behavior can include client authentications (802.1x), DHCP (dynamic host configuration protocol) and DNS (domain name system) operations, and the performance of various tests for connectivity and performance.
  • the emulated client can be used for a variety of tests that are valuable to a network administrator such as testing onboarding, operation, and throughput without having to go through the expense or hassle and overhead of attaching a physical client to the switch.
  • the configurations and capability provided by the traffic generator or wired sensor will emulate actual client endpoints and ensure that the configuration behavior of the emulated client agents mirror that of endpoints attached to a physical port.
  • each emulated agent running inside the on-switch IOX-based container will have its own IP address and MAC address and the emulated port within the switch to which the wired client sensor is attached will have the exact same configuration, behavior, client base and capabilities as a physical front panel port on the hosting switch.
  • the traffic generator running inside of a container can be provided with its own dedicated memory and CPU resources on which to run.
  • the traffic generator can be upgraded to provide new functionality or to fix bugs independent of the operating system version on which they run thus minimizing or illuminating the need for a code upgrade for new features or functionality.
  • sensor probes can emulate a complete wired client and can exercise functionality within the host platform and with other network devices in exactly the same way as a physical client would. This can provide an excellent simulation of actual client experience while eliminating the cost and complexity that would otherwise be associated with hardware-based client deployments.
  • the present disclosure focuses on the use of a network controller such as, by way of example, a Cisco Digital Network Architecture Center (DNAC) to manage, deploy and spin up the containerized traffic generators wherever they may be deployed in the network to achieve the traffic generation and analysis goals.
  • DNAC Cisco Digital Network Architecture Center
  • FIG. 1 illustrates one aspect of this disclosure within a network environment 100 .
  • the focus of this disclosure relates to the hosting of a containerized application for traffic generation within a network device and thus this focus relates to the traffic generator placement and thereby its use within the network device.
  • the capability of hosting a traffic generator on the network device can be orchestrated by a network controller for system-wide deployment and analysis. Orchestrating the deployment and analysis of traffic generators on network devices can drive outcomes that are directly consumable by a network manager and enable a new level of functionality not previously available generally within the field of traffic generation.
  • the approach that will be described herein can include aspects related to on-premises enterprise networks, deployed applications, as well as cloud-based systems and evaluation of potential network impact of applications to be deployed.
  • a process of embedding a full function traffic generator and replay engine within a hosted application such as a container on a switch (or other network device) as well as providing for the centralized orchestration and control via a network controller 118 for both enterprise ( FIG. 1 ) and cloud network ( FIG. 2 ) deployments.
  • the approach described herein can also provide system-wide testing, network analysis and troubleshooting both an enterprise and in a cloud based system deployment.
  • FIG. 1 illustrates various components in a network 100 .
  • a data center 102 includes various shared services 104 , a switch 109 , a firewall 106 , WAN router 108 , another switch 110 , a firewall 112 , a wireless local area network controller 114 , a switch 115 , an example campus network 113 , a local wireless area network controller 116 and application server 104 is seen as communicating data through the switch 110 , the firewall 112 , and the switch 115 to a local wireless area network controller 116 .
  • a network controller 118 is illustrated which communicates with the data center 102 .
  • the network controller 118 may also communicate with any other component shown within FIG. 1 or FIG. 2 to deploy traffic generators or to transmit/receive data.
  • the application on the application server 104 can communicate with various other components.
  • the application can communicate via network 120 and the router 122 to a network 124 that has switches 126 , 128 and an end point 130 .
  • the application on application server 104 can communicate through a router 134 also to a second network 140 through a network provider 136 , another router 138 , through switch is 142 , 144 to end point 146 .
  • the application on application server 104 can also communicate via another provider 148 through a network router 152 , networks switches 154 , 156 , 158 , a network router 152 and to end point 160 .
  • the network controller 118 can be used to enable an operator to identify a critical application, such as an application running an application server 104 , and tag the application is a favorite or with some kind of label as part of an analysis or an application policy workflow study.
  • the network operator can utilize the network controller 118 to spin up one or more traffic generators to be deployed as a containerized application which hosts the traffic generation capability on a network device such as a network switch.
  • a traffic generator might be deployed in an IOS XE container on a network edge device such as a switch for a router.
  • the network controller 118 can also deploy a corresponding containerized application located within a data center 102 or at the Internet edge to serve as a target component for traffic generation.
  • each of the network devices disclosed in FIG. 1 could receive a spun up traffic generation component that is containerized and configured on the respective device and/or a corresponding containerized application which can serve as a target for the traffic generation.
  • These various containerized applications can then simulate traffic flow as described herein according to an application template or signature for a particular application such that the system can proactively monitor the performance of either a data center application server 104 or the performance at the Internet edge such as at a router 108 .
  • the results can be reported, aggregated and visualized within the network controller 118 .
  • Traffic can be generated to flow between the traffic generator and a target component configured at particular positions within the network.
  • network controller 118 is shown as communicating only with the data center 102 , this disclosure also contemplates the ability of the network controller 118 being able to deploy containerized traffic generators or corresponding containerized applications in other network environments (i.e., networks 113 , 124 , 140 , 150 ) besides just the enterprise data center 102 associated with the network controller 118 .
  • the network controller can also deploy target components in a containerized manner on any network device in the various networks.
  • FIG. 2 illustrates a cloud-based applications approach.
  • the ability to combine these capabilities with the measured metrics of cloud-based applications allows the network operator to gain greater insight into how their applications or performing both in on-premises data centers 102 as well as in the virtual applications hosted within the cloud (vPC or Saas) as illustrated in the network 200 of FIG. 2 .
  • communication 204 between the data center 102 and cloud-based apps 202 is shown.
  • the network controller 118 can proactively monitor the performance of either the data center app servers 104 to a container in the data center or the Internet edge and combine these results with cloud monitoring performance metrics which can be received at the network controller 118 .
  • this disclosure provides an important extension to the on-switch hosted-app wired client sensor capability as outlined above and provides a flexible method of emulating additional and custom applications, using and leveraging the basic infrastructure to be able to host an emulated client on the switch.
  • This disclosure provides the ability to host a traffic generator application within a containerized environment and on a switch.
  • the traffic generator can act as a powerful and flexible traffic generation, analysis, and replay tool.
  • the traffic generation application can leverage the infrastructure and build upon the capabilities of an emulated wired client sensor.
  • This disclosure provides novel capabilities to test a wide variety of functions and significantly enhances both the capability as well as the speed and responsiveness available for an enterprise customer for a variety of tasks, including troubleshooting, as well as network and application analysis.
  • this traffic generation, analysis and replay capability is hosted as an application on a switch, separate from the base operating system code, it can both be deployed rapidly and on demand, and even to geographically remote locations.
  • the traffic generator can also be upgraded separately from the operating system of the switch or network device which hosts the embedded application and provides for deployment flexibility and the elimination of the need for operating system code upgrades to obtain new traffic generation, analysis, and replay functionality. Accordingly, part of this disclosure relates to updating a containerized traffic generator operating on the network device independent of an operating system of the network device.
  • the data path used between the traffic generation application and the switch data plane can also be optimized inasmuch as it is being developed and deployed for the first time and the hosted application is provided with its own CPU and memory resources, such that deploying a traffic generator in a containerized manner as disclosed herein will not unduly impact the control plane performance of the switch. This can be an important consideration for any customer wishing to deploy such an application.
  • the network treatment of the brand-new application can be proactively tested to ensure that all of the requisite policies for quality of service and/or performance routing are in place in an end-to-end manner across the network.
  • business-critical applications can be actively monitored on an ongoing basis from any and all edges of the network to the application servers.
  • on-demand traffic generators can be spun up on any network device to emulate the flow. Target components can also be spun up and deployed across the network.
  • the system may use prebuilt signatures of known existing applications which can be leveraged to simulate traffic generation or the system might be able to define and test unknown or custom applications, whether cloud-based or not, on an on-demand basis.
  • FIG. 3 illustrates a method example of this disclosure from the standpoint of a network controller 118 .
  • An example method includes identifying, via the network controller, an application associated with a network to yield an identified application ( 302 ), spinning up, by the network controller, a traffic generator in a container on a network device, wherein the traffic generator is configured to emulate traffic associated with the network device and the identified application ( 304 ) and monitoring performance of at least one of the identified application in the network and the traffic generator on the network device ( 306 ).
  • the traffic generator in the container on the network device can include a full-function traffic generator and replay engine.
  • the network device can be one of a network switch, an access-layer switch, an edge device or can be some other network device hardware or a virtual device.
  • the traffic generator can include a stateful and stateless traffic generator.
  • the identified application associated with the network can be one of (1) a future application to be deployed and (2) an existing application on the network.
  • the method may also include spinning up and deploying a target application on a network device that receives the data generated by the traffic generator.
  • the monitoring of the performance can include monitoring the performance of the identified application prior to deployment to test one or more of a quality of service associated with the identified application and performance routing associated with the identified application.
  • Spinning up the traffic generator in a container further can include interfacing the traffic generator in the container to an underlying network device ASIC (application-specific integrated circuit) infrastructure by utilizing a KR port and dedicated on-network-device resources for one or more of a CPU (central processing unit), a memory and a storage.
  • ASIC application-specific integrated circuit
  • the traffic generator can be spun-up and deployed based on a chosen application template from a plurality of predetermined known application templates.
  • the chosen application template can have characteristics associated with the identified application.
  • the method can include defining a new application signature associated with the identified application, deploying the traffic generator with the new application signature and testing traffic flow associated with the identified application by running the traffic generator.
  • FIG. 4 illustrates an example method from the standpoint of any network device that receives a deployed traffic generator.
  • An example method includes based on an identification, via a network controller, of an application associated with a network to yield an identified application, receiving, at a network device, a spun-up traffic generator in a container on the network device, wherein the traffic generator is configured to emulate traffic associated with the network device and the identified application ( 402 ), monitoring performance of at least one of the identified application in the network and the traffic generator on the network device ( 404 ) and reporting data related to monitoring the performance to the network controller ( 406 ).
  • the traffic generator in the container on the network device can include a full-function traffic generator and replay engine.
  • the network device can be one of a network switch, an access-layer switch, an edge device or can be some other network device hardware or a virtual device.
  • the traffic generator can include a stateful and stateless traffic generator.
  • the identified application associated with the network can be one of (1) a future application to be deployed and (2) an existing application on the network.
  • FIG. 5 illustrates an example method related to updating a traffic generator that is containerized on a network device.
  • the method includes receiving a deployment of a traffic generator in a containerized environment on a network device ( 502 ), operating the traffic generator to monitor and report traffic flow to a network controller ( 504 ), and receiving an upgrade to the traffic generator and the containerized environment, wherein the upgrade to the traffic generator updates the traffic generator separately from an operating system of the network controller upon which the traffic generator operates ( 506 ).
  • FIG. 6 illustrates an example network device 600 suitable for implementing aspects of this disclosure.
  • the control plane 310 and/or the component 318 may be implemented according to the configuration of the network device 600 .
  • the network device 600 includes a central processing unit (CPU) 604 , interfaces 602 , and a connection 610 (e.g., a PCI bus).
  • the CPU 604 is responsible for executing packet management, error detection, and/or routing functions.
  • the CPU 604 preferably accomplishes all these functions under the control of software including an operating system and any appropriate applications software.
  • the CPU 604 may include one or more processors 608 , such as a processor from the INTEL X86 family of microprocessors.
  • processor 608 can he specially designed hardware for controlling the operations of the network device 600 .
  • a memory 606 e.g., non-volatile RAM, ROM, etc.
  • memory 606 also forms part of the CPU 604 .
  • memory could be coupled to the system.
  • the interfaces 602 are typically provided as modular interface cards (sometimes referred to as “line cards”). Generally, they control the sending and receiving of data packets over the network and sometimes support other peripherals used with the network device 600 .
  • the interfaces that may be provided are Ethernet interfaces, frame relay interfaces, cable interfaces, DSL interfaces, token ring interfaces, and the like.
  • various very high-speed interfaces may be provided such as fast token ring interfaces, wireless interfaces, Ethernet interfaces, Gigabit Ethernet interfaces, ATM interfaces, HSSI interfaces, POS interfaces, FDDI interfaces, WiFi interfaces, 3G/4G/5G cellular interfaces, CAN BUS, LoRA, and the like.
  • these interfaces may include ports appropriate for communication with the appropriate media. In some cases, they may also include an independent processor and, in some instances, volatile RAM.
  • the independent processors may control such communications intensive tasks as packet switching, media control, signal processing, crypto processing, and management. By providing separate processors for the communications intensive tasks, these interfaces allow the CPU 604 to efficiently perform routing computations, network diagnostics, security functions, etc.
  • FIG. 6 is one specific network device of the present technologies, it is by no means the only network device architecture on which the present technologies can be implemented. For example, an architecture having a single processor that handles communications as well as routing computations, etc., is often used. Further, other types of interfaces and media could also be used with the network device 600 .
  • the network device may employ one or more memories or memory modules (including memory 606 ) configured to store program instructions for the general-purpose network operations and mechanisms for roaming, route optimization and routing functions described herein.
  • the program instructions may control the operation of an operating system and/or one or more applications, or example.
  • the memory or memories may also be configured to store tables such as mobility binding, registration, and association tables, etc.
  • the memory 606 could also hold various software containers and virtualized execution environments and data.
  • the network device 600 can also include an application-specific integrated circuit (ASIC), which can be configured to perform routing and/or switching operations.
  • ASIC application-specific integrated circuit
  • the ASIC can communicate with other components in the network device 600 via the connection 610 , to exchange data and signals and coordinate various types of operations by the network device 600 , such as routing, switching, and/or data storage operations, for example.
  • FIG. 7 illustrates an example computing device architecture 700 of an example computing device which can implement the various techniques described herein.
  • the components of the computing device architecture 700 are shown in electrical communication with each other using a connection 705 , such as a bus.
  • the example computing device architecture 700 includes a processing unit (CPU or processor) 710 and a computing device connection 705 that couples various computing device components including the computing device memory 715 , such as read only memory (ROM) 720 and random access memory (RAM) 725 , to the processor 710 .
  • ROM read only memory
  • RAM random access memory
  • the computing device architecture 700 can include a cache of high-speed memory connected directly with, in close proximity to, or integrated as part of the processor 710 .
  • the computing device architecture 700 can copy data from the memory 715 and/or the storage device 730 to the cache 712 for quick access by the processor 710 . In this way, the cache can provide a performance boost that avoids processor 710 delays while waiting for data.
  • These and other modules can control or be configured to control the processor 710 to perform various actions.
  • Other computing device memory 715 may be available for use as well.
  • the memory 715 can include multiple different types of memory with different performance characteristics.
  • the processor 710 can include any general purpose processor and a hardware or software service, such as service 1 732 , service 2 734 , and service 3 736 stored in storage device 730 , configured to control the processor 710 as well as a special-purpose processor where software instructions are incorporated into the processor design.
  • the processor 710 may be a self-contained system, containing multiple cores or processors, a bus, memory controller, cache, etc.
  • a multi-core processor may be symmetric or asymmetric.
  • an input device 745 can represent any number of input mechanisms, such as a microphone for speech, a touch-sensitive screen for gesture or graphical input, keyboard, mouse, motion input, speech and so forth.
  • An output device 735 can also be one or more of a number of output mechanisms known to those of skill in the art, such as a display, projector, television, speaker device, etc.
  • multimodal computing devices can enable a user to provide multiple types of input to communicate with the computing device architecture 700 .
  • the communications interface 740 can generally govern and manage the user input and computing device output. There is no restriction on operating on any particular hardware arrangement and therefore the basic features here may easily be substituted for improved hardware or firmware arrangements as they are developed.
  • Storage device 730 is a non-volatile memory and can be a hard disk or other types of computer readable media which can store data that are accessible by a computer, such as magnetic cassettes, flash memory cards, solid state memory devices, digital versatile disks, cartridges, random access memories (RAMs) 725 , read only memory (ROM) 720 , and hybrids thereof.
  • the storage device 730 can include services 732 , 734 , 736 for controlling the processor 710 . Other hardware or software modules are contemplated.
  • the storage device 730 can be connected to the computing device connection 705 .
  • a hardware module that performs a particular function can include the software component stored in a computer-readable medium in connection with the necessary hardware components, such as the processor 710 , connection 705 , output device 735 , and so forth, to carry out the function.
  • the present technology may be presented as including individual functional blocks including functional blocks including devices, device components, steps or routines in a method embodied in software, or combinations of hardware and software.
  • the computer-readable storage devices, mediums, and memories can include a cable or wireless signal containing a bit stream and the like.
  • non-transitory computer-readable storage media expressly exclude media such as energy, carrier signals, electromagnetic waves, and signals per se.
  • Such instructions can include, for example, instructions and data which cause or otherwise configure a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Portions of computer resources used can be accessible over a network.
  • the computer executable instructions may be, for example, binaries, intermediate format instructions such as assembly language, firmware, or source code. Examples of computer-readable media that may be used to store instructions, information used, and/or information created during methods according to described examples include magnetic or optical disks, flash memory, USB devices provided with non-volatile memory, networked storage devices, and so on.
  • Devices implementing methods according to these disclosures can include hardware, firmware and/or software, and can take any of a variety of form factors. Some examples of such form factors include general purpose computing devices such as servers, rack mount devices, desktop computers, laptop computers, and so on, or general purpose mobile computing devices, such as tablet computers, smart phones, personal digital assistants, wearable devices, and so on. Functionality described herein also can be embodied in peripherals or add-in cards. Such functionality can also be implemented on a circuit board among different chips or different processes executing in a single device, by way of further example.
  • the instructions, media for conveying such instructions, computing resources for executing them, and other structures for supporting such computing resources are means for providing the functions described in these disclosures.
  • Claim language reciting “at least one of” a set indicates that one member of the set or multiple members of the set satisfy the claim. For example, claim language reciting “at least one of A and B” means A, B or A and B.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Environmental & Geological Engineering (AREA)

Abstract

A method relates to providing arbitrary and custom application traffic generation on network devices. The method includes identifying, via a network controller, an application associated with a network to yield an identified application, spinning up, by the network controller, a traffic generator in a container on a network device, wherein the traffic generator is configured to emulate traffic associated with the network device and the identified application and monitoring performance of at least one of the identified application in the network and the traffic generator on the network device.

Description

    TECHNICAL FIELD
  • The subject matter of this disclosure relates to providing arbitrary and custom application traffic generation on network devices leveraging a containerized version of a traffic generation code base.
    • BACKGROUND
  • Today's enterprise networks have thousands of applications running across them and the performance of these applications is a primary concern for chief information officers. Often the network itself is merely a means to an end for most of the CIOs.
  • It can be difficult to determine or evaluate how a particular application is going to perform once it is deployed. It is also difficult in these complicated environments to model or test application performance once the application is deployed and running.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • In order to describe the manner in which the above-recited and other advantages and features of the disclosure can be obtained, a more particular description of the principles briefly described above will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. Understanding that these drawings depict only exemplary embodiments of the disclosure and are not therefore to be considered to be limiting of its scope, the principles herein are described and explained with additional specificity and detail through the use of the accompanying drawings in which:
  • FIG. 1 illustrates a topology of a network in which the innovation disclosed herein can apply;
  • FIG. 2 illustrates another network topology;
  • FIG. 3 illustrates a method embodiment from the standpoint of a central controller;
  • FIG. 4 illustrates a method embodiment from the standpoint of a network device;
  • FIG. 5 illustrates a method embodiment from the standpoint of a network switch;
  • FIG. 6 illustrates an example network device in accordance with various examples; and
  • FIG. 7 illustrates an example computing device architecture, in accordance with some examples.
    •  DETAILED DESCRIPTION
  • Various embodiments of the disclosure are discussed in detail below. While specific implementations are discussed, it should be understood that this is done for illustration purposes only. A person skilled in the relevant art will recognize that other components and configurations may be used without parting from the spirit and scope of the disclosure.
    • Overview
  • Additional features and advantages of the disclosure will be set forth in the description which follows, and in part will be obvious from the description, or can be learned by practice of the herein disclosed principles. The features and advantages of the disclosure can be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. These and other features of the disclosure will become more fully apparent from the following description and appended claims, or can be learned by the practice of the principles set forth herein.
  • The present disclosure provides solutions to the issues raised above with respect to application performance both in terms of modeling and testing applications to be deployed as well as providing data for applications that are deployed. The modeling and monitoring typically relates to how data flows through a network to and from a particular application. A network manager needs a flexible, extensible and scalable method to proactively test, monitor and report application performance across a network infrastructure. The present disclosure encompasses the ability to provide arbitrary and custom traffic generation and analysis from a network device using a containerized infrastructure and on device performance optimized interfaces. An example network device is an edge node on a network, a switch or a router. These network devices typically just receive and transmit packets of data as a node on the network. This disclosure provides an approach of positioning a containerized traffic generator right on a network device.
  • An example method includes identifying, via a network controller, an application associated with a network to yield an identified application, spinning up, by the network controller, a traffic generator in a container on a network device, wherein the traffic generator is configured to emulate traffic associated with the network device and the identified application and monitoring performance of at least one of the identified application in the network and the traffic generator on the network device. The traffic generator in the container on the network device can include a full-function traffic generator and replay engine. The network device can be one of a network switch, an access-layer switch, an edge device or can be some other network device hardware or a virtual device. In one aspect, the traffic generator can include a stateful and stateless traffic generator. The identified application associated with the network can be one of (1) a future application to be deployed and (2) an existing application on the network.
  • The monitoring of the performance can include monitoring the performance of the identified application prior to deployment to test one or more of a quality of service associated with the identified application and performance routing associated with the identified application. Spinning up the traffic generator in a container further can include interfacing the traffic generator in the container to an underlying network device ASIC (application-specific integrated circuit) infrastructure by utilizing a KR port and dedicated on-network-device resources for one or more of a CPU (central processing unit), a memory and a storage.
  • The traffic generator can be spun-up and deployed based on a chosen application template from a plurality of predetermined known application templates, The chosen application template can have characteristics associated with the identified application. When the identified application does not have a corresponding signature in a database of application signatures, the method can include defining a new application signature associated with the identified application, deploying the traffic generator with the new application signature and testing traffic flow associated with the identified application by running the traffic generator.
    • Description of Example Embodiments
  • Disclosed herein are systems, methods, and computer-readable media for innovations which focus on the ability to improve the arbitrary and custom traffic generation deployed on network devices in a containerized fashion. An example traffic generator is disclosed herein can be a containerized version of what is called the TRex code base, which is a lightweight and highly scalable stateful and stateless traffic generator that generates Layer 4-7 traffic based on preprocessing and smart replay of real traffic samples and templates. The TRex stateless functionality includes support for multiple streams, the ability to change any packet field and provides per stream statistics for network latency and jitter. The code base can be used to test the efficiency of various network technologies set such as the Cisco Network Based Application Recognition (NBAR2) technologies. These technologies can recognize currently over 1400 applications all of which can be accurately simulated by the traffic generator.
  • When the identified application does not have a corresponding signature in a database of application signatures, the method can include defining a new application signature associated with the identified application, deploying the traffic generator with the new application signature and testing traffic flow associated with the identified application by running the traffic generator.
  • Any traffic generation technology can apply to the concepts disclosed herein for containerizing and deploying a traffic generator on a network component.
  • The traffic generator, as a container-based application, can be capable of operating on various network devices such as, by way of example, the Catalyst 9300 and 9400 platforms running IOS-XE, which is able to host one or more emulated wired clients operating as sensors, IOX-XE is an example operating system that is a combination of a linux kernel and a (monolithic) application that runs on top of the kernel. One example is the Cisco IOS XE Open Service Containers. A service container is an application it can be hosted directly on a Cisco IOX XE routing platform. The application can use the linux aspect of the IOS XE operating system to host both linux virtual containers and kernel virtual machines on various routers. An open service container can carry a digital signature that verifies it as an authentic application from a certain provider.
  • Generally speaking, a container is an isolated execution environment on a linux host that behaves much like a full featured linux installation with its own users, file system, processes and network stack. Running an application inside of the container isolates it from the host and other containers which means that even when the application inside of them are running, they cannot access or modify the files, processes, users or other resources of the host or other containers. In one aspect of the present disclosure, the concepts herein leverage a containerized version of a traffic generator. In other words, a traffic generator can be deployed on a network device such as an access layer switch within a container and can thereby be used to emulate packet flow and report on the impact of the packet flow back to a network controller.
  • In emulated wired client will virtually emulate in all respects and actual physical wired client that is physically attached to a front panel port of the switch of the network device. The emulation of wired client behavior can include client authentications (802.1x), DHCP (dynamic host configuration protocol) and DNS (domain name system) operations, and the performance of various tests for connectivity and performance. The emulated client can be used for a variety of tests that are valuable to a network administrator such as testing onboarding, operation, and throughput without having to go through the expense or hassle and overhead of attaching a physical client to the switch.
  • The configurations and capability provided by the traffic generator or wired sensor will emulate actual client endpoints and ensure that the configuration behavior of the emulated client agents mirror that of endpoints attached to a physical port. For example, each emulated agent running inside the on-switch IOX-based container will have its own IP address and MAC address and the emulated port within the switch to which the wired client sensor is attached will have the exact same configuration, behavior, client base and capabilities as a physical front panel port on the hosting switch.
  • The traffic generator running inside of a container can be provided with its own dedicated memory and CPU resources on which to run. The traffic generator can be upgraded to provide new functionality or to fix bugs independent of the operating system version on which they run thus minimizing or illuminating the need for a code upgrade for new features or functionality. By operating in a container, sensor probes can emulate a complete wired client and can exercise functionality within the host platform and with other network devices in exactly the same way as a physical client would. This can provide an excellent simulation of actual client experience while eliminating the cost and complexity that would otherwise be associated with hardware-based client deployments. The present disclosure focuses on the use of a network controller such as, by way of example, a Cisco Digital Network Architecture Center (DNAC) to manage, deploy and spin up the containerized traffic generators wherever they may be deployed in the network to achieve the traffic generation and analysis goals.
  • FIG. 1 illustrates one aspect of this disclosure within a network environment 100. The focus of this disclosure relates to the hosting of a containerized application for traffic generation within a network device and thus this focus relates to the traffic generator placement and thereby its use within the network device. The capability of hosting a traffic generator on the network device can be orchestrated by a network controller for system-wide deployment and analysis. Orchestrating the deployment and analysis of traffic generators on network devices can drive outcomes that are directly consumable by a network manager and enable a new level of functionality not previously available generally within the field of traffic generation.
  • The approach that will be described herein can include aspects related to on-premises enterprise networks, deployed applications, as well as cloud-based systems and evaluation of potential network impact of applications to be deployed. Thus, what shall be the describes a process of embedding a full function traffic generator and replay engine within a hosted application such as a container on a switch (or other network device) as well as providing for the centralized orchestration and control via a network controller 118 for both enterprise (FIG. 1) and cloud network (FIG. 2) deployments. The approach described herein can also provide system-wide testing, network analysis and troubleshooting both an enterprise and in a cloud based system deployment.
  • FIG. 1 illustrates various components in a network 100. For example, a data center 102 includes various shared services 104, a switch 109, a firewall 106, WAN router 108, another switch 110, a firewall 112, a wireless local area network controller 114, a switch 115, an example campus network 113, a local wireless area network controller 116 and application server 104 is seen as communicating data through the switch 110, the firewall 112, and the switch 115 to a local wireless area network controller 116. A network controller 118 is illustrated which communicates with the data center 102. The network controller 118 may also communicate with any other component shown within FIG. 1 or FIG. 2 to deploy traffic generators or to transmit/receive data.
  • The application on the application server 104 can communicate with various other components. For example, the application can communicate via network 120 and the router 122 to a network 124 that has switches 126, 128 and an end point 130. The application on application server 104 can communicate through a router 134 also to a second network 140 through a network provider 136, another router 138, through switch is 142, 144 to end point 146. The application on application server 104 can also communicate via another provider 148 through a network router 152, networks switches 154, 156, 158, a network router 152 and to end point 160.
  • These various routes illustrate examples of how an application may communicate with other applications or devices through various network components. In one aspect, the network controller 118 can be used to enable an operator to identify a critical application, such as an application running an application server 104, and tag the application is a favorite or with some kind of label as part of an analysis or an application policy workflow study.
  • The network operator can utilize the network controller 118 to spin up one or more traffic generators to be deployed as a containerized application which hosts the traffic generation capability on a network device such as a network switch. For example, a traffic generator might be deployed in an IOS XE container on a network edge device such as a switch for a router. The network controller 118 can also deploy a corresponding containerized application located within a data center 102 or at the Internet edge to serve as a target component for traffic generation. In other words, each of the network devices disclosed in FIG. 1 could receive a spun up traffic generation component that is containerized and configured on the respective device and/or a corresponding containerized application which can serve as a target for the traffic generation. These various containerized applications can then simulate traffic flow as described herein according to an application template or signature for a particular application such that the system can proactively monitor the performance of either a data center application server 104 or the performance at the Internet edge such as at a router 108. The results can be reported, aggregated and visualized within the network controller 118. Traffic can be generated to flow between the traffic generator and a target component configured at particular positions within the network.
  • While the network controller 118 is shown as communicating only with the data center 102, this disclosure also contemplates the ability of the network controller 118 being able to deploy containerized traffic generators or corresponding containerized applications in other network environments (i.e., networks 113, 124, 140, 150) besides just the enterprise data center 102 associated with the network controller 118. The network controller can also deploy target components in a containerized manner on any network device in the various networks.
  • In this scenario, there is flexibility that is made available by the containerized traffic generator which allows for the stimulation and use of customized applications, which can be applications are unique to a given customer environment or deployment. The traffic generation tool set provides a great deal flexibility in terms of traffic generation and handling. FIG. 2 illustrates a cloud-based applications approach. The ability to combine these capabilities with the measured metrics of cloud-based applications allows the network operator to gain greater insight into how their applications or performing both in on-premises data centers 102 as well as in the virtual applications hosted within the cloud (vPC or Saas) as illustrated in the network 200 of FIG. 2.
  • In FIG. 2, communication 204 between the data center 102 and cloud-based apps 202, is shown. In this case, the network controller 118 can proactively monitor the performance of either the data center app servers 104 to a container in the data center or the Internet edge and combine these results with cloud monitoring performance metrics which can be received at the network controller 118. In general, this disclosure provides an important extension to the on-switch hosted-app wired client sensor capability as outlined above and provides a flexible method of emulating additional and custom applications, using and leveraging the basic infrastructure to be able to host an emulated client on the switch.
  • This disclosure provides the ability to host a traffic generator application within a containerized environment and on a switch. The traffic generator can act as a powerful and flexible traffic generation, analysis, and replay tool. The traffic generation application can leverage the infrastructure and build upon the capabilities of an emulated wired client sensor. This disclosure provides novel capabilities to test a wide variety of functions and significantly enhances both the capability as well as the speed and responsiveness available for an enterprise customer for a variety of tasks, including troubleshooting, as well as network and application analysis.
  • Since this traffic generation, analysis and replay capability is hosted as an application on a switch, separate from the base operating system code, it can both be deployed rapidly and on demand, and even to geographically remote locations. The traffic generator can also be upgraded separately from the operating system of the switch or network device which hosts the embedded application and provides for deployment flexibility and the elimination of the need for operating system code upgrades to obtain new traffic generation, analysis, and replay functionality. Accordingly, part of this disclosure relates to updating a containerized traffic generator operating on the network device independent of an operating system of the network device. The data path used between the traffic generation application and the switch data plane can also be optimized inasmuch as it is being developed and deployed for the first time and the hosted application is provided with its own CPU and memory resources, such that deploying a traffic generator in a containerized manner as disclosed herein will not unduly impact the control plane performance of the switch. This can be an important consideration for any customer wishing to deploy such an application.
  • Using the principles disclosed herein, prior to rolling out a new application, the network treatment of the brand-new application can be proactively tested to ensure that all of the requisite policies for quality of service and/or performance routing are in place in an end-to-end manner across the network. Additionally, business-critical applications can be actively monitored on an ongoing basis from any and all edges of the network to the application servers. Finally, when troubleshooting an application issue, on-demand traffic generators can be spun up on any network device to emulate the flow. Target components can also be spun up and deployed across the network. The system may use prebuilt signatures of known existing applications which can be leveraged to simulate traffic generation or the system might be able to define and test unknown or custom applications, whether cloud-based or not, on an on-demand basis.
  • FIG. 3 illustrates a method example of this disclosure from the standpoint of a network controller 118. An example method includes identifying, via the network controller, an application associated with a network to yield an identified application (302), spinning up, by the network controller, a traffic generator in a container on a network device, wherein the traffic generator is configured to emulate traffic associated with the network device and the identified application (304) and monitoring performance of at least one of the identified application in the network and the traffic generator on the network device (306). The traffic generator in the container on the network device can include a full-function traffic generator and replay engine. The network device can be one of a network switch, an access-layer switch, an edge device or can be some other network device hardware or a virtual device. In one aspect, the traffic generator can include a stateful and stateless traffic generator. The identified application associated with the network can be one of (1) a future application to be deployed and (2) an existing application on the network. The method may also include spinning up and deploying a target application on a network device that receives the data generated by the traffic generator.
  • The monitoring of the performance can include monitoring the performance of the identified application prior to deployment to test one or more of a quality of service associated with the identified application and performance routing associated with the identified application. Spinning up the traffic generator in a container further can include interfacing the traffic generator in the container to an underlying network device ASIC (application-specific integrated circuit) infrastructure by utilizing a KR port and dedicated on-network-device resources for one or more of a CPU (central processing unit), a memory and a storage.
  • The traffic generator can be spun-up and deployed based on a chosen application template from a plurality of predetermined known application templates. The chosen application template can have characteristics associated with the identified application. When the identified application does not have a corresponding signature in a database of application signatures, the method can include defining a new application signature associated with the identified application, deploying the traffic generator with the new application signature and testing traffic flow associated with the identified application by running the traffic generator.
  • FIG. 4 illustrates an example method from the standpoint of any network device that receives a deployed traffic generator. An example method includes based on an identification, via a network controller, of an application associated with a network to yield an identified application, receiving, at a network device, a spun-up traffic generator in a container on the network device, wherein the traffic generator is configured to emulate traffic associated with the network device and the identified application (402), monitoring performance of at least one of the identified application in the network and the traffic generator on the network device (404) and reporting data related to monitoring the performance to the network controller (406). The traffic generator in the container on the network device can include a full-function traffic generator and replay engine. The network device can be one of a network switch, an access-layer switch, an edge device or can be some other network device hardware or a virtual device. In one aspect, the traffic generator can include a stateful and stateless traffic generator. The identified application associated with the network can be one of (1) a future application to be deployed and (2) an existing application on the network.
  • FIG. 5 illustrates an example method related to updating a traffic generator that is containerized on a network device. The method includes receiving a deployment of a traffic generator in a containerized environment on a network device (502), operating the traffic generator to monitor and report traffic flow to a network controller (504), and receiving an upgrade to the traffic generator and the containerized environment, wherein the upgrade to the traffic generator updates the traffic generator separately from an operating system of the network controller upon which the traffic generator operates (506).
  • FIG. 6 illustrates an example network device 600 suitable for implementing aspects of this disclosure. In some examples, the control plane 310 and/or the component 318 may be implemented according to the configuration of the network device 600. The network device 600 includes a central processing unit (CPU) 604, interfaces 602, and a connection 610 (e.g., a PCI bus). When acting under the control of appropriate software or firmware, the CPU 604 is responsible for executing packet management, error detection, and/or routing functions. The CPU 604 preferably accomplishes all these functions under the control of software including an operating system and any appropriate applications software. The CPU 604 may include one or more processors 608, such as a processor from the INTEL X86 family of microprocessors. In some cases, processor 608 can he specially designed hardware for controlling the operations of the network device 600. In some cases, a memory 606 (e.g., non-volatile RAM, ROM, etc.) also forms part of the CPU 604. However, there are many different ways in which memory could be coupled to the system.
  • The interfaces 602 are typically provided as modular interface cards (sometimes referred to as “line cards”). Generally, they control the sending and receiving of data packets over the network and sometimes support other peripherals used with the network device 600. Among the interfaces that may be provided are Ethernet interfaces, frame relay interfaces, cable interfaces, DSL interfaces, token ring interfaces, and the like. In addition, various very high-speed interfaces may be provided such as fast token ring interfaces, wireless interfaces, Ethernet interfaces, Gigabit Ethernet interfaces, ATM interfaces, HSSI interfaces, POS interfaces, FDDI interfaces, WiFi interfaces, 3G/4G/5G cellular interfaces, CAN BUS, LoRA, and the like. Generally, these interfaces may include ports appropriate for communication with the appropriate media. In some cases, they may also include an independent processor and, in some instances, volatile RAM. The independent processors may control such communications intensive tasks as packet switching, media control, signal processing, crypto processing, and management. By providing separate processors for the communications intensive tasks, these interfaces allow the CPU 604 to efficiently perform routing computations, network diagnostics, security functions, etc.
  • Although the system shown in FIG. 6 is one specific network device of the present technologies, it is by no means the only network device architecture on which the present technologies can be implemented. For example, an architecture having a single processor that handles communications as well as routing computations, etc., is often used. Further, other types of interfaces and media could also be used with the network device 600.
  • Regardless of the network device's configuration, it may employ one or more memories or memory modules (including memory 606) configured to store program instructions for the general-purpose network operations and mechanisms for roaming, route optimization and routing functions described herein. The program instructions may control the operation of an operating system and/or one or more applications, or example. The memory or memories may also be configured to store tables such as mobility binding, registration, and association tables, etc. The memory 606 could also hold various software containers and virtualized execution environments and data.
  • The network device 600 can also include an application-specific integrated circuit (ASIC), which can be configured to perform routing and/or switching operations. The ASIC can communicate with other components in the network device 600 via the connection 610, to exchange data and signals and coordinate various types of operations by the network device 600, such as routing, switching, and/or data storage operations, for example.
  • FIG. 7 illustrates an example computing device architecture 700 of an example computing device which can implement the various techniques described herein. The components of the computing device architecture 700 are shown in electrical communication with each other using a connection 705, such as a bus. The example computing device architecture 700 includes a processing unit (CPU or processor) 710 and a computing device connection 705 that couples various computing device components including the computing device memory 715, such as read only memory (ROM) 720 and random access memory (RAM) 725, to the processor 710.
  • The computing device architecture 700 can include a cache of high-speed memory connected directly with, in close proximity to, or integrated as part of the processor 710. The computing device architecture 700 can copy data from the memory 715 and/or the storage device 730 to the cache 712 for quick access by the processor 710. In this way, the cache can provide a performance boost that avoids processor 710 delays while waiting for data. These and other modules can control or be configured to control the processor 710 to perform various actions. Other computing device memory 715 may be available for use as well. The memory 715 can include multiple different types of memory with different performance characteristics. The processor 710 can include any general purpose processor and a hardware or software service, such as service 1 732, service 2 734, and service 3 736 stored in storage device 730, configured to control the processor 710 as well as a special-purpose processor where software instructions are incorporated into the processor design. The processor 710 may be a self-contained system, containing multiple cores or processors, a bus, memory controller, cache, etc. A multi-core processor may be symmetric or asymmetric.
  • To enable user interaction with the computing device architecture 700, an input device 745 can represent any number of input mechanisms, such as a microphone for speech, a touch-sensitive screen for gesture or graphical input, keyboard, mouse, motion input, speech and so forth. An output device 735 can also be one or more of a number of output mechanisms known to those of skill in the art, such as a display, projector, television, speaker device, etc. In some instances, multimodal computing devices can enable a user to provide multiple types of input to communicate with the computing device architecture 700. The communications interface 740 can generally govern and manage the user input and computing device output. There is no restriction on operating on any particular hardware arrangement and therefore the basic features here may easily be substituted for improved hardware or firmware arrangements as they are developed.
  • Storage device 730 is a non-volatile memory and can be a hard disk or other types of computer readable media which can store data that are accessible by a computer, such as magnetic cassettes, flash memory cards, solid state memory devices, digital versatile disks, cartridges, random access memories (RAMs) 725, read only memory (ROM) 720, and hybrids thereof. The storage device 730 can include services 732, 734, 736 for controlling the processor 710. Other hardware or software modules are contemplated. The storage device 730 can be connected to the computing device connection 705. In one aspect, a hardware module that performs a particular function can include the software component stored in a computer-readable medium in connection with the necessary hardware components, such as the processor 710, connection 705, output device 735, and so forth, to carry out the function.
  • For clarity of explanation, in some instances the present technology may be presented as including individual functional blocks including functional blocks including devices, device components, steps or routines in a method embodied in software, or combinations of hardware and software.
  • In some embodiments the computer-readable storage devices, mediums, and memories can include a cable or wireless signal containing a bit stream and the like. However, when mentioned, non-transitory computer-readable storage media expressly exclude media such as energy, carrier signals, electromagnetic waves, and signals per se.
  • Methods according to the above-described examples can be implemented using computer-executable instructions that are stored or otherwise available from computer readable media. Such instructions can include, for example, instructions and data which cause or otherwise configure a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Portions of computer resources used can be accessible over a network. The computer executable instructions may be, for example, binaries, intermediate format instructions such as assembly language, firmware, or source code. Examples of computer-readable media that may be used to store instructions, information used, and/or information created during methods according to described examples include magnetic or optical disks, flash memory, USB devices provided with non-volatile memory, networked storage devices, and so on.
  • Devices implementing methods according to these disclosures can include hardware, firmware and/or software, and can take any of a variety of form factors. Some examples of such form factors include general purpose computing devices such as servers, rack mount devices, desktop computers, laptop computers, and so on, or general purpose mobile computing devices, such as tablet computers, smart phones, personal digital assistants, wearable devices, and so on. Functionality described herein also can be embodied in peripherals or add-in cards. Such functionality can also be implemented on a circuit board among different chips or different processes executing in a single device, by way of further example.
  • The instructions, media for conveying such instructions, computing resources for executing them, and other structures for supporting such computing resources are means for providing the functions described in these disclosures.
  • Although a variety of examples and other information was used to explain aspects within the scope of the appended claims, no limitation of the claims should be implied based on particular features or arrangements in such examples, as one of ordinary skill would be able to use these examples to derive a wide variety of implementations. Further and although some subject matter may have been described in language specific to examples of structural features and/or method steps, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to these described features or acts. For example, such functionality can be distributed differently or performed in components other than those identified herein. Rather, the described features and steps are disclosed as examples of components of systems and methods within the scope of the appended claims.
  • Claim language reciting “at least one of” a set indicates that one member of the set or multiple members of the set satisfy the claim. For example, claim language reciting “at least one of A and B” means A, B or A and B.

Claims (20)

1. A method comprising:
identifying, via a network controller, an application associated with a network to yield an identified application;
spinning up, by the network controller, a new traffic generator in a virtual container on a network device, wherein the virtual container cannot access or modify resources of the network device or other containers on the network device, wherein the new traffic generator is configured to simulate traffic generated by the identified application and associated with the network device; and
monitoring performance of at least one of the identified application in the network and the new traffic generator on the network device.
2. The method of claim 1, wherein the new traffic generator in the virtual container on the network device comprises a full-function traffic generator and replay engine.
3. The method of claim 1, wherein the network device comprises one of a network switch and an edge device.
4. The method of claim 1, wherein the new traffic generator comprises a stateful and stateless traffic generator.
5. The method of claim 1, wherein the identified application associated with the network is one of (1) a future application to be deployed and (2) an existing application on the network.
6. The method of claim 1, wherein the monitoring of the performance comprises monitoring the performance of the identified application prior to deployment to test one or more of a quality of service associated with the identified application and performance routing associated with the identified application.
7. The method of claim 3, wherein the network device comprises an access-layer switch.
8. The method of claim 1, wherein spinning up the new traffic generator in the virtual container further comprises interfacing the new traffic generator in the virtual container to an underlying network device ASIC infrastructure by utilizing a KR port and dedicated on-network-device resources for one or more of a CPU, a memory and a storage.
9. The method of claim 1, wherein the new traffic generator is spun-up and deployed based on a chosen application template from a plurality of predetermined known application templates, wherein the chosen application template has characteristics associated with the identified application.
10. The method of claim 1, wherein when the identified application does not have a corresponding signature in a database of application signatures, the method further comprises:
defining a new application signature associated with the identified application;
deploying the new traffic generator with the new application signature; and
testing traffic flow associated with the identified application by running the new traffic generator.
11. A network controller, the network controller comprising:
a processor; and
a computer-readable storage device storing instructions which, when executed by the processor, causes the processor to perform operations comprising:
identifying an application associated with a network to yield an identified application;
spinning up a new traffic generator in a virtual container on a network device, wherein the new traffic generator is configured to simulate traffic associated with the network device and generated by the identified application; and
monitoring performance of at least one of the identified application in the network and the new traffic generator on the network device.
12. The network controller of claim 11, wherein the new traffic generator in the virtual container on the network device comprises a full-function traffic generator and replay engine.
13. The network controller of claim 11, wherein the network device comprises one of a network switch and an edge device.
14. The network controller of claim 11, wherein the new traffic generator comprises a stateful and stateless traffic generator.
15. The network controller of claim 11, wherein the identified application associated with the network is one of (1) a future application to be deployed and (2) an existing application on the network.
16. The network controller of claim 11, wherein the monitoring of the performance comprises monitoring the performance of the identified application prior to deployment to test one or more of a quality of service associated with the identified application and performance routing associated with the identified application.
17. The network controller of claim 13, wherein the network device comprises an access-layer switch.
18. The network controller of claim 11, wherein spinning up the new traffic generator in the virtual container further comprises interfacing the new traffic generator in the virtual container to an underlying network device ASIC infrastructure by utilizing a KR port and dedicated on-network-device resources for one or more of a CPU, a memory and a storage.
19. The network controller of claim 11, wherein the new traffic generator is spun-up and deployed based on a chosen application template from a plurality of predetermined known application templates, wherein the chosen application template has characteristics associated with the identified application.
20. The network controller of claim 11, wherein the computer-readable storage device stores additional instructions which, when executed by the processor, causes the processor to perform operations further comprising:
when the identified application does not have a corresponding signature in a database of application signatures:
defining a new application signature associated with the identified application;
deploying the new traffic generator with the new application signature; and
testing traffic flow associated with the identified application by running the new traffic generator.
US16/575,015 2019-09-18 2019-09-18 Systems and methods for providing traffic generation on network devices Active US10938706B1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US16/575,015 US10938706B1 (en) 2019-09-18 2019-09-18 Systems and methods for providing traffic generation on network devices
CN202080059826.9A CN114365461B (en) 2019-09-18 2020-09-15 Systems and methods for providing traffic generation on network devices
PCT/US2020/050893 WO2021055361A1 (en) 2019-09-18 2020-09-15 Systems and methods for providing traffic generation on network devices
EP20781228.0A EP4032234A1 (en) 2019-09-18 2020-09-15 Systems and methods for providing traffic generation on network devices
US17/164,600 US11456942B2 (en) 2019-09-18 2021-02-01 Systems and methods for providing traffic generation on network devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US16/575,015 US10938706B1 (en) 2019-09-18 2019-09-18 Systems and methods for providing traffic generation on network devices

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/164,600 Continuation US11456942B2 (en) 2019-09-18 2021-02-01 Systems and methods for providing traffic generation on network devices

Publications (2)

Publication Number Publication Date
US10938706B1 US10938706B1 (en) 2021-03-02
US20210083960A1 true US20210083960A1 (en) 2021-03-18

Family

ID=72659952

Family Applications (2)

Application Number Title Priority Date Filing Date
US16/575,015 Active US10938706B1 (en) 2019-09-18 2019-09-18 Systems and methods for providing traffic generation on network devices
US17/164,600 Active US11456942B2 (en) 2019-09-18 2021-02-01 Systems and methods for providing traffic generation on network devices

Family Applications After (1)

Application Number Title Priority Date Filing Date
US17/164,600 Active US11456942B2 (en) 2019-09-18 2021-02-01 Systems and methods for providing traffic generation on network devices

Country Status (4)

Country Link
US (2) US10938706B1 (en)
EP (1) EP4032234A1 (en)
CN (1) CN114365461B (en)
WO (1) WO2021055361A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10938706B1 (en) * 2019-09-18 2021-03-02 Cisco Technology, Inc. Systems and methods for providing traffic generation on network devices
US11936548B2 (en) * 2020-11-16 2024-03-19 Juniper Networks, Inc. Active assurance for virtualized services
US12261860B2 (en) 2021-05-27 2025-03-25 Arctic Wolf Networks, Inc. Cybersecurity state change buffer service
CN115412458B (en) * 2022-08-29 2023-11-03 山石网科通信技术股份有限公司 Network equipment testing method and device and electronic equipment
CN119996311A (en) * 2025-02-20 2025-05-13 华中科技大学 Industrial control network traffic generation system based on zero copy mechanism

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030088664A1 (en) * 2001-10-01 2003-05-08 Hannel Clifford L. Methods and systems for testing stateful network communications devices
US20040127212A1 (en) * 2002-12-27 2004-07-01 Wang Jian Chung Apparatus, system and method for network testing
US7421734B2 (en) * 2003-10-03 2008-09-02 Verizon Services Corp. Network firewall test methods and apparatus
US7633942B2 (en) * 2001-10-15 2009-12-15 Avaya Inc. Network traffic generation and monitoring systems and methods for their use in testing frameworks for determining suitability of a network for target applications
US7751421B2 (en) * 2004-12-29 2010-07-06 Alcatel Lucent Traffic generator and monitor
US7908130B2 (en) * 2002-12-12 2011-03-15 Ixia Modelling aggregate transport layer network traffic behaviour with feedback containing packet loss information
US8116224B2 (en) * 2008-09-09 2012-02-14 Embarq Holdings Company, LP System and method for generating alarms based on bursting traffic
US8687483B2 (en) * 2011-09-22 2014-04-01 Ixia Parallel traffic generator with priority flow control

Family Cites Families (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6738697B2 (en) * 1995-06-07 2004-05-18 Automotive Technologies International Inc. Telematics system for vehicle diagnostics
US6157955A (en) * 1998-06-15 2000-12-05 Intel Corporation Packet processing system including a policy engine having a classification unit
US7716367B1 (en) * 2000-07-20 2010-05-11 Akamai Technologies, Inc. Network performance monitoring in a content delivery service
US6633835B1 (en) * 2002-01-10 2003-10-14 Networks Associates Technology, Inc. Prioritized data capture, classification and filtering in a network monitoring environment
US7711751B2 (en) * 2002-06-13 2010-05-04 Netscout Systems, Inc. Real-time network performance monitoring system and related methods
AU2002313444A1 (en) * 2002-07-17 2004-02-02 Wuhan Fiberhome Networks Co., Ltd. Multiple service ring with capabilities of transmitting and switching data, video and voice
US8213323B1 (en) * 2003-12-18 2012-07-03 Sprint Communications Company L.P. System and method for network performance monitoring
WO2006029399A2 (en) * 2004-09-09 2006-03-16 Avaya Technology Corp. Methods of and systems for network traffic security
US7693082B2 (en) 2005-04-12 2010-04-06 Azimuth Systems, Inc. Latency measurement apparatus and method
US8107397B1 (en) * 2006-06-05 2012-01-31 Purdue Research Foundation Protocol for secure and energy-efficient reprogramming of wireless multi-hop sensor networks
US8274905B2 (en) * 2006-08-22 2012-09-25 Embarq Holdings Company, Llc System and method for displaying a graph representative of network performance over a time period
US8407765B2 (en) * 2006-08-22 2013-03-26 Centurylink Intellectual Property Llc System and method for restricting access to network performance information tables
US8125897B2 (en) * 2006-08-22 2012-02-28 Embarq Holdings Company Lp System and method for monitoring and optimizing network performance with user datagram protocol network performance information packets
US9276774B2 (en) 2006-08-29 2016-03-01 The Boeing Company Visualizing and modifying ad-hoc network nodes
US8706914B2 (en) * 2007-04-23 2014-04-22 David D. Duchesneau Computing infrastructure
US8611233B2 (en) * 2009-02-04 2013-12-17 Verizon Patent And Licensing Inc. System and method for testing network elements using a traffic generator with integrated simple network management protocol (SNMP) capabilities
US20110007754A1 (en) * 2009-07-10 2011-01-13 Gerald Pepper Flexible Hardware Checksum Generator
US8825820B2 (en) * 2009-09-18 2014-09-02 At&T Intellectual Property I, Lp Network aware application management
US8576713B2 (en) * 2010-04-23 2013-11-05 Ixia Traffic generator with priority flow control
US20130067034A1 (en) * 2011-03-08 2013-03-14 Riverbed Technology, Inc. Accessing Network Traffic Data at Multiple Time Scales and Levels of Detail
US8849965B2 (en) * 2011-10-19 2014-09-30 Honeywell International Inc. Wireless network performance monitoring
US8750618B2 (en) * 2012-01-31 2014-06-10 Taif University Method for coding images with shape and detail information
US9001688B2 (en) * 2012-08-10 2015-04-07 Ixia Dynamic balancing of a traffic mix for data center device testing
US8818188B2 (en) 2012-10-05 2014-08-26 Telefonaktiebolaget L M Ericsson (Publ) Traffic generation and analysis for ONU emulation
WO2014063110A1 (en) * 2012-10-19 2014-04-24 ZanttZ, Inc. Network infrastructure obfuscation
CN104168162B (en) * 2014-08-20 2017-10-17 电子科技大学 A kind of software-hardware synergism realizes the traffic generator for interchanger validation test
US9455888B2 (en) * 2014-09-19 2016-09-27 International Business Machines Corporation Application topology based on network traffic
US10432497B2 (en) * 2014-09-19 2019-10-01 Splunk Inc. Injecting custom classes in application code to facilitate network traffic monitoring
US9762610B1 (en) * 2015-10-30 2017-09-12 Palo Alto Networks, Inc. Latency-based policy activation
EP3282359A1 (en) * 2016-08-09 2018-02-14 Alcatel Lucent Method for managing a virtual radio access network and method for calibrating a software component
US10277516B2 (en) 2016-11-29 2019-04-30 Nicira, Inc. Statistical approaches in NSX scale testing
US10904275B2 (en) * 2016-11-30 2021-01-26 Cisco Technology, Inc. Leveraging synthetic traffic data samples for flow classifier training
US10094138B2 (en) * 2016-12-29 2018-10-09 Shadecraft, Inc. Control of multiple intelligent umbrellas and/or robotic shading systems
US10616378B2 (en) 2017-02-21 2020-04-07 Netscout Systems, Inc. Adaptive session intelligence extender
US10445207B2 (en) 2017-07-31 2019-10-15 Oracle International Corporation System and method to execute and manage load tests using containers
CN109828912A (en) * 2018-12-26 2019-05-31 同盾控股有限公司 A kind of software method for testing pressure and device
US10938706B1 (en) * 2019-09-18 2021-03-02 Cisco Technology, Inc. Systems and methods for providing traffic generation on network devices

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030088664A1 (en) * 2001-10-01 2003-05-08 Hannel Clifford L. Methods and systems for testing stateful network communications devices
US7633942B2 (en) * 2001-10-15 2009-12-15 Avaya Inc. Network traffic generation and monitoring systems and methods for their use in testing frameworks for determining suitability of a network for target applications
US7908130B2 (en) * 2002-12-12 2011-03-15 Ixia Modelling aggregate transport layer network traffic behaviour with feedback containing packet loss information
US20040127212A1 (en) * 2002-12-27 2004-07-01 Wang Jian Chung Apparatus, system and method for network testing
US7421734B2 (en) * 2003-10-03 2008-09-02 Verizon Services Corp. Network firewall test methods and apparatus
US7751421B2 (en) * 2004-12-29 2010-07-06 Alcatel Lucent Traffic generator and monitor
US8116224B2 (en) * 2008-09-09 2012-02-14 Embarq Holdings Company, LP System and method for generating alarms based on bursting traffic
US8687483B2 (en) * 2011-09-22 2014-04-01 Ixia Parallel traffic generator with priority flow control

Also Published As

Publication number Publication date
EP4032234A1 (en) 2022-07-27
US10938706B1 (en) 2021-03-02
WO2021055361A1 (en) 2021-03-25
CN114365461B (en) 2023-12-15
US11456942B2 (en) 2022-09-27
CN114365461A (en) 2022-04-15
US20210160164A1 (en) 2021-05-27

Similar Documents

Publication Publication Date Title
US11456942B2 (en) Systems and methods for providing traffic generation on network devices
US12231308B2 (en) Unique ID generation for sensors
US10089099B2 (en) Automatic software upgrade
US11082303B2 (en) Remotely hosted management of network virtualization
US10656983B2 (en) Methods and apparatus to generate a shadow setup based on a cloud environment and upgrade the shadow setup to identify upgrade-related errors
CN110830357A (en) Multi-cloud virtual computing environment provisioning using advanced topology description
US10382597B2 (en) System and method for transport-layer level identification and isolation of container traffic
TW201737669A (en) Node management system, node management method and computer readable storage device
US12356252B2 (en) Method and system for auto-commissioning virtualized radio access networks
EP3588856B1 (en) Technologies for hot-swapping a legacy appliance with a network functions virtualization appliance
US20250088430A1 (en) Configuring and managing radio-based networks via an artificial intelligence assistant
US11785054B2 (en) Deriving system architecture from security group relationships
Goodfellow et al. The {DComp} Testbed
Al-Surmi et al. Next generation mobile core resource orchestration: comprehensive survey, challenges and perspectives
Mamushiane Towards the development of an optimal SDN controller placement framework to expedite SDN deployment in emerging markets
Raychev et al. Development and Integration of Educational Software Defined Networking Platform in Computer Networking Classes
Zhang et al. Efficient and verifiable service function chaining in NFV: Current solutions and emerging challenges
Lee et al. Deployment scenario and architecture of MANO for NFV network services
Chou et al. SDN/NFV virtualization testbed with automatic deployment and management functions
Cao Data-driven resource allocation in virtualized environments
Khongbri How cloud infrastructure can be built with low resource across multiple Cloud Platforms?

Legal Events

Date Code Title Description
AS Assignment

Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ZACKS, DAVID JOHN;SZIGETI, THOMAS;HAIM, HANOCH;AND OTHERS;SIGNING DATES FROM 20190905 TO 20190917;REEL/FRAME:050419/0856

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4