12.5 Software Solutions

Of the many software tools available, the one from Orchestream Ltd. stands out as one of the most comprehensive. The company’s namesake product, Orchestream Service Activator, is a bandwidth management system that includes several modules, one of which is a policy server that communicates with proxy agents that are distributed throughout the network. The proxy agents place the QoS policies into routers and other edge devices via appropriate drivers. These device drivers act as translators that interpret the abstract policies into actual commands that can be acted upon by equipment throughout the network, such as routers, access points, and packet switches. An Oracle database is used to store the policy information.

Orchestream addresses the problem of sluggish performance on IP networks by partitioning them into multiple performance classes tailored to the needs of specific applications. For example, the network administrator might want to guarantee a minimum bandwidth service class for mission-critical applications such as Citrix WinFrame, SAP R/3, or Oracle, while designating a low-latency performance class for delay-sensitive applications such as VoIP and videoconferencing. At the same time, the network administrator can set a standard class for applications that can tolerate some delay, such as e-mail and intranet access. With this classification scheme, the key traffic in the minimum bandwidth class will get network service even in times of congestion.

The software automatically discovers and classifies network devices and lays out a network’s topology. Network managers can point and click to check the settings on different devices in the network. Orchestream uses this data to construct rules that assign QoS priorities to specific applications. The software then translates those rules into the actual configuration commands that network devices can interpret to appropriately support the applications. The rule-based interface allows network administrators to set up dedicated classes on an IP WAN for different applications and to configure devices individually or as a group in one operation.

Devices are classified as edge, gateway, or core and then grouped by geographicallocation or other parameters. These capabilities allow network administrators to create generic rules that apply to all members who perform the same function but need to drill down for specific site requirements. For example, access routers at the edge of the network are responsible for classifying traffic, controlling access, and enforcing queuing mechanisms. Gateway and core routers can then be relieved of having to set the priority bits themselves and need only to enforce the queuing policies.

One of the QoS standards for IP networks is the Diff-Serv framework standardized by the IETF. Orchestream supports Diff-Serv by differentiating between the different types of traffic, classifying and marking each data packet accordingly so that each can get to its destination in a timely manner. By aggregating flows into a small number of classes, the software provides each application flow the most appropriate level of bandwidth, while giving the network administrator complete control over the allocation process.

The product also supports many of the QoS mechanisms found on Cisco router platforms, including WFQ, which provides consistent response time to heavy and light network users alike without having to add bandwidth. It is a flow-based queuing algorithm that classifies incoming traffic and then schedules interactive traffic to the top of the queue for priority admission to the network (see Figure 12.2). This improves the response time of interactive applications. Low-volume traffic streams, which comprise the majority of traffic, receive preferential service, allowing the entire offered load to be transmitted in a timely fashion. High-volume traffic streams share the remaining capacity proportionally between them. The remaining bandwidth is fairly shared between other high-bandwidth flows.

Figure 12.2: With WFQ, a router’s incoming traffic is classified and arranged in a queue structure according to its type before being released to the network. In this way, WFQ provides consistent response time to heavy and light network users alike without the addition of more bandwidth.

The Orchestream software also automates security configuration, eliminating the tedious, manual process of creating and deploying access control lists for every router on the network. It accomplishes this through an interface that uses an inheritance-tree model to apply policy to the entire network, a group of network devices, or just one device. For example, selected routers can be easily configured for packet filtering in one step to protect e-commerce and other vulnerable sites from malicious “denial of service” attacks. Rules can be set to activate at specified times of the day, week, or month, or even on demand. In being able to push the relevant QoS configuration information to selected routers, groups of routers, or all the routers in the network, Orchestream is scalable enough for both small enterprise networks and global IP infrastructures.

With the ability to configure security as well as assure service levels for applications, network administrators do not need separate tools to control the same network devices, which can have uncertain results. By integrating security and service-level management capabilities into one product, Orchestream eliminates the risk of conflicting configurations and gives the network administrator centralized control over these important functions.

Network administrators can use policy rules to extend or restrict network access. This is of increasing importance for companies that want to set up a shared extranet to make parts of their network open to suppliers, customers, trading partners, and other external constituents. Orchestream provides this functionality within the same interface as its QoS control features.

Orchestream is fairly easy to deploy on a company’s existing IP network, without-forcing a major upgrade to network hardware or software. The product ships with device drivers for Cisco, Lucent, and Nortel devices. A software development kit (SDK) is also available so customers and third parties can write device drivers for other network products.

Manual configuration of IP services can take several hours and incorporate human error. With Orchestream, implementations can be checked for faults and services changed dynamically from a single point in a matter of minutes. This intelligent activation reduces errors and saves time spent in configuring IP services.

Orchestream also supports the common open policy system (COPS), a protocol standard issued by the IETF for communicating QoS policy information to network devices. Essentially, COPS is a simple query-and-response protocol that can be used to exchange policy information between a policy server and its clients. Among other things, this allows routers and switches to signal their bandwidth requirements to a policy server or bandwidth broker. The advantage of COPS support comes from the ability, from a single point on the network, to define end-to-end policies and services that apply across a broad base of routers and switches. Thus, COPS allows for the creation of true multi-service networks by providing the tools to look at the network as a single policy system.

A potential hidden cost of implementing Orchestream comes from its support of Diff-Serv, which the product relies on for assigning a class of service to different types of network traffic. However, since Diff-Serv enforces most policies at the edge of the network, where older routers are most likely to reside, these routers may not be equipped to take on the increased processing burden and still handle peak traffic loads. This means network administrators will have to take stock of their edge equipment to ascertain the need for upgrades before implementing Orchestream or any competitive product that relies on Diff-Serv.

Most policy-based NMSs do not include all the functionality an enterprise really needs. To overcome this limitation, Orchestream supports links with other network management products through an integration module. Among the thirdparty functions that can be integrated with Orchestream are fault monitoring, performance monitoring, and usage billing. The integration module has been written so Orchestream can link with other management software as customer needs change.

Orchestream Service Activator is sold to enterprises with the QoS module switched on, allowing them to manage the classes and levels of bandwidth within their own networks. Other modules of the product are aimed at service providers who sell managed Internet services such as VPNs and VoIP to enterprise customers. This allows the service provider to meet the differing needs of multiple customers that share its network.