Abstract
Application-aware networking (AAN) is a framework in which applications can discover services offered by a network and explicitly signal their flow characteristics and requirements to the network. Such framework provides network nodes with knowledge of the application flow characteristics, which enables them to apply the correct flow treatment (e.g., bind the flow to a network slice, bind the flow to a service function chaining, set appropriate quality of service marking, invoke policing and shaping rules) and provide feedback to applications accordingly. This chapter describes how an application enabled collaborative networking framework contributes to solve the encountered problems. The chapter also describes recent proposals such as the PAN (path-aware networking) framework discussed within the IRTF and the APN (application-aware networking) framework that is meant to convey application identification and its network performance in-band.
TopIntroduction
Todays’ networks, whether public or private, are challenged to support and thus deliver rapidly increasing amounts of traffic having distinct requirement on underlying networks. Also, new channels for originating and consuming rich media are deployed at a rapid pace. Pervasive video and on-demand access are becoming second nature to consumers. Applications make extensive use of rich media, placing unprecedented quality of experience (QoE) demands on the underlying networks. These trends present challenges for network planning (including traffic forecast).
In order to deliver services as expected by users and set by applications themselves, now more so than ever before, identification and differential treatment of flows are critical for the successful deployment and operation of applications, especially in the post-covid era whore more and more sensitive services have to be carried over the Internet. These applications use a wide range of signaling protocols and are deployed by a diverse set of application providers that are not necessarily affiliated with the network providers across which the applications are used (i.e., application flows are forwarded). Network Operators often rely upon identification capabilities to deploy and therefore support a wide range of applications with the adequate quality. Such applications generate flows that may have specific characteristics and requirements such as bandwidth or latency constraints that can be met if made known to the network.
Historically, the identification of application flows has been accomplished using heuristics that infer flow characteristics based on transport port number ranges (e.g., TCP/25), network separation, or inspection of the flow itself. These inspection techniques include, but not limited to:
- •
Deep packet inspection (DPI), which matches against characteristic signatures (e.g., key string, binary sequence).
- •
Deep flow inspection (DFI), which analyzes statistical characteristics (e.g., packet length statistics like ratio of small packets, ratio of large packets, small payload standard deviation) and connection behavior of flows.
Each of these techniques suffers from limitations, particularly in the face of the challenges outlined previously.
Heuristic-based approaches may not be efficient and require continuous updates of application signatures. Port-based solutions suffer from port overloading and inconsistent port usage. Network separation techniques like IP sub-netting are error prone and increase network management complexity. DPI and DFI are computationally expensive, prone to error, and become more challenging with greater adoption of encrypted signaling and secured media. An additional drawback of DPI and DFI is that any insights developed at one network node are not available, or need to be recomputed, at nodes further down the application flow path.
The goal of the Application-Aware Networking (AAN) framework is to offer mechanisms that allow applications to request differential network treatment for their flows and to learn what the network can do for them while preserving flow encryption practices. The intent is for the applications to have the ability: (1) to initiate information exchanges in order to provide a more precise allocation of network resources and thus a better user experience, while ensuring security for the flow data, and for application flows to convey metadata that will be by the underlying network to provide a differentiated forwarding and process service.
The underlying logic is that applications that share information to be consumed by the networks while preserving the application-specific data privacy together with networks that are prepared in advance with applications flow treatment requirements will select and thus enable the appropriate means to offer the differentiated forwarding and traffic management behaviors matching those requirements while preserving data encryption practices end-to-end. Applications can be designed to separate the protection of the data that is intended to be consumed by involved networks and the one that is exclusively restricted to the application remote endpoint(s). Typical requirements clauses are described in Boucadair, Jacquenet & Wang (2014).
Key Terms in this Chapter
DFI: Deep flow inspection is a packet filtering technique that analyzes statistical characteristics like packet lengths, ratio of large packets and small payload standard deviation, and connection behavior of flows, to determine the actions to be applied to application flow or session packets (e.g., classify, mark, redirect, block, drop).
ALG: Application-level gateway is a security component deployed on firewall or NAT boxes to allow customized traversal filters in order to support address and/ or port translation for certain application layer protocols.
DPI: Deep packet inspection is another form of computer network packet filtering that examines the packet content to decide on the actions to be taken on the packets or for the purpose of collecting statistical information.
Pan: Path-aware networking describes an architecture where endpoints can discover the properties of paths they use and how these endpoints react to these properties that affects the transmission of their flows. As such, PAN covers both the discovery of path properties and path selection by an endpoint.
SDN: Software-defined networking is a network architecture that allows network administrators to manage network services through abstraction of lower-level functionality. This is achieved through mechanisms that allow decoupling of the control and forwarding planes.
PCP: Port control protocol is a protocol that allows hosts to control how the incoming IP packets are translated and forwarded by an upstream router that performs Network Address Translation (NAT) or packet filtering (firewall, typically).