Application-aware Networking (APN) Implementation and Deployment Status

Agricultural Bank of China (ABC) has deployed APN at the load balancers of the product data center in Beijing, and has enabled APN at the PE nodes of the IP Backbone network. It decouples the IP address and the application on the network, that enables rapid network service provisioning for massive software upgrade and delivery services, and makes network rules stable to adapt to the changes in the IP addresses of thousands of applications. The APN option is carried by IPv6 packets of applications and traverses the network from the load balancer to the user terminals, e.g., PC and laptop. The APN ID in the APN option is first planned in the APN domain, and then configured to the network controller and the management plane of the applications. The network controller delivers the configurations of the APN ID to the network devices. To use the APN ID on the data plane, the management plane forms and maintains an APN ID policy after an APN ID is allocated to a specific application. The policy specifies the mapping from the current 5 tuples of the application to the APN ID, and is similar to the APN-marking policy . The APN-capable load balancer obtains APN ID policies and get updates from the management plane. After that, the load balancers initiate packets with APN option towards application clients in the user terminals. The packets enter the IP Backbone network from its PE nodes. The SRv6 TE tunnels have been deployed in the IP Backbone network, which provide different SLA levels and forwarding paths. The APN-capable PE nodes steer traffic in application granularity among the tunnels according to the APN ID carried in the APN option of IPv6 extension header. Then the packets enter the Access network. The Access network has not enabled APN yet. According to the highest two bits of the option type field of APN option, the APN option is skipped over when the packets are processed. The packets are forwarded to the user terminals normally, and the APN option is transparently transmitted. By offloading APN from the application to the load balancer, thousands of applications can benefit from APN while they are not required to be upgraded, i.e., they can keep APN-uncapable or APN-unaware. The deployment case is shown in Figure 1.

<-- to SRv6 TE tunnel -> (transparency) <------ Packets with APN6 option, for the end-to-end connection ------> Figure 1: Agricultural Bank of China deployment case]]> The following APN features have been deployed: An APN Header based data plane . APN-capable Application Server (AAS): initiation of the packet with APN option . APN-Controller: planning and execution of how the APN attribute are allocated and maintained . APN-Controller: processing the request from the AAS and allocating the APN resources of the controlled APN domain to the AAS . APN-Head: APN ID based traffic steering for SRv6 TE . APN-Endpoint: remove the outer tunnel header and keep the APN attribute in packets . END (PSP), END.X (PSP), and END.DT6 functions as per . BGP EVPN SRv6 extensions . IS-IS SRv6 extensions .

Government Services and Data Management Bureau of Shenzhen Municipality has deployed APN to enable quality assurance for video conference service. The Bureau has deployed APN-capable terminals and servers of a video conference system in an office campus and a data center respectively, and has enabled APN at the PE nodes of the e-Government extranet in Shenzhen. The extranet is a wide area network, which is divided into three levels of global, province and city. Each level consists of two networks of access and backbone. For the video conference scenario, the APN option is initiated by the terminals and servers, and carried by IPv6 packets. It traverses the network from the terminals to the servers, and vice versa. The terminals and servers acquire the APN ID to be added from the controller of the video conference application on demand. The network controller delivers the configurations of the APN ID to the network devices in advance and on demand. The SRv6 TE tunnels and the network slices have been deployed in the e-Government extranet, which provide different forwarding paths, and enable resource isolation. The APN-capable PE nodes distinguish the traffic of common and important conferences according to the APN ID carried in the APN option, then steer the traffic to different tunnels and network slices. When the network quality is downgraded, the quality of important conferences can be assured. The deployment case is shown in Figure 2.

Packets with APN6 option, <-- for surveillance scenario -> <------ Packets with APN6 option, for conference scenario -----> Figure 2: Government Services and Data Management Bureau of Shenzhen Municipality deployment case]]> The following APN features have been deployed: An APN Header based data plane . APN-capable Application Server (AAS): initiation of the packet with APN option . APN-capable Application Client (AAC): initiation of the packet with APN option, and acquire APN attribute from AAS . APN-Controller: planning and execution of how the APN attribute are allocated and maintained . APN-Controller: processing the request from the AAS and allocating the APN resources of the controlled APN domain to the AAS . APN-Head: APN ID based traffic steering for SRv6 TE . APN-Endpoint: remove the outer tunnel header and keep the APN attribute in packets . END.X (PSP), END.DT6 functions as per . BGP EVPN SRv6 extensions . BGP-LS SRv6 extensions . IS-IS SRv6 extensions . NRP extensions for network slice services .

China Unicom has tested APN to enable acceleration for online courses services, which provides SLA assurance. The APN-capable PE nodes are deployed in the metro network in Beijing. The traffic from the customer terminals comes to the BRAS devices first, and is steered to the APN-capable PE nodes. The PE nodes identify the packets of the online course services, which are destined for the universities abroad, by some means (e.g., five tuples). The PE nodes add the specific APN ID in the packets, and forward them back to the BRAS devices. The APN ID is carried by APN option. The BRAS devices steer the traffic to two different backbone networks according to the APN ID in the packets. The Backbone-1 network is for common use to access internet, while the Backbone-2 network is treated as an acceleration path to access internet and networks abroad. The SRv6 TE tunnels is also deployed in the metro network. The BRAS devices forward the traffic of the online course services to the corresponding border nodes (CR nodes) of the Backbone-2 network in the SRv6 TE tunnel, after removing the APN ID. The CR nodes remove the SRv6 TE tunnel and forward the traffic ahead. Then the traffic goes through the Backbone-2 network and reach the destination server, that reduces the RTT latency and packet loss rate significantly. The deployment case is shown in Figure 3.

The following APN features have been deployed: An APN Header based data plane . APN-Edge: add/remove the APN attributes to/from the packet . APN-Head: APN ID based traffic steering for SRv6 TE . END (PSP), END.X (PSP), END.DT6 functions as per . BGP EVPN SRv6 extensions . IS-IS SRv6 extensions .