Search

US-12627583-B2 - Promotion mode for uninterrupted upgrades of a dataplane

US12627583B2US 12627583 B2US12627583 B2US 12627583B2US-12627583-B2

Abstract

A system and method are provided for implementing a network component, such as a software-defined wide area network, a firewall, a router, or a load balancer. The network component can be an embedded network edge device that is implemented, e.g., in software, in circuitry, or using hardware acceleration (e.g., a data processing unit (DPU), a smart network interface card (SmartNIC), etc.). The system can a primary (first) dataplane and a shadow (second) dataplane. During verification testing, the network function (e.g., routing) is performed by transmitting the egress packets from the primary (first) dataplane, but using the egress packets from the shadow (second) dataplane only for verification testing. After verification testing, the shadow (second) dataplane is promoted to be a new primary dataplane by gradually increasing the ratio of the output packets that originate from the new primary (second) dataplane until all output packets originate from the second dataplane.

Inventors

  • Stephen Craig Connors, JR.
  • Mili Anand Taggarsi

Assignees

  • CISCO TECHNOLOGY, INC.

Dates

Publication Date
20260512
Application Date
20240422

Claims (20)

  1. 1 . A method comprising: receiving ingress packets at a network component that performs a network function to generate output packets, the network component comprising a first dataplane and a second dataplane, wherein the first dataplane executes first instructions on first ingress packets to provide packets egressing from the first dataplane, the second dataplane executes second instructions on second ingress packets to provide packets egressing from the second dataplane, and, when in a verification mode, the first dataplane is a primary dataplane and the second dataplane is a shadow dataplane; selecting the output packets from the packets egressing from the first dataplane and the packets egressing from the second dataplane, wherein, when in a verification mode, the output packets egressing from the primary dataplane; transmitting the output packets; and transitioning from a verification mode to a non-verification mode by gradually increasing, over a transition period, a portion of the output packets that egress from the second dataplane.
  2. 2 . The method of claim 1 , wherein transitioning from the verification mode to the non-verification mode comprises: using a shared memory between the first dataplane and the second dataplane to coordinate which of the packets egressing from the first dataplane and the second dataplane are included in the output packets; and dropping the packets egressing from the first dataplane and the second dataplane that are not included as the output packets.
  3. 3 . The method of claim 1 , wherein transitioning from the verification mode to the non-verification mode further comprises: providing, by a packet dispatcher, the first ingress packets to the first dataplane that are identical to the second ingress packets provided to the second dataplane.
  4. 4 . The method of claim 1 , wherein after transitioning from the verification mode to the non-verification mode, when in the non-verification mode, all of the output packets have been processed by the network function being performed using second instructions, and before transitioning from the verification mode to the non-verification mode, when in the verification mode, all of the output packets have been processed by the network function being performed using the first instructions.
  5. 5 . The method of claim 1 , wherein after transitioning from the verification mode to the non-verification mode, the second dataplane operates as the primary dataplane.
  6. 6 . The method of claim 5 , wherein after transitioning from the verification mode to the non-verification mode, the network component operates in a normal mode by ceasing to process data packets through the first dataplane.
  7. 7 . The method of claim 1 , wherein after transitioning from the verification mode to the non-verification mode, the network component operates in a scale-out mode by: reconfiguring the first dataplane to perform the network function using the second instructions; providing, by a packet dispatcher, the first ingress packets to the first dataplane and the second ingress packets to the second dataplane, wherein the first ingress packets are different from the second ingress packets; and selecting as the output packets both the packets egressing from the first dataplane and the packets egressing from the second dataplane.
  8. 8 . The method of claim 1 , wherein transitioning from the verification mode to the non-verification mode is performed without interrupting a data-traffic flow being transmitted from the network component to another network component, the data-traffic flow comprising the output packets transmitted from the network component.
  9. 9 . The method of claim 8 , further comprising: monitoring, during the transition period, the output packets for a deviation from a predefined specification; and rolling back to the output packets egressing from the first dataplane, when the deviation from the predefined specification is detected.
  10. 10 . The method of claim 1 , wherein the network component is either implemented on one or more data processing units (DPUs) or implemented as software executed on one or more central processing units (CPUs), and the network function comprises data-packet filtering, load balancing, security screening, malware detection, firewall protection, data-packet routing, data-packet switching, data-packet forwarding, computing header checksums, or implementing network policies.
  11. 11 . The method of claim 1 , wherein the network component is configured in an embedded device of a network edge, and the network component comprises instructions executed in a data processing unit (DPU) or an extended Berkley packet filter (eBPF).
  12. 12 . The method of claim 1 , wherein the first instructions comprise a first network policy, and the second instructions comprise an update to the first network policy, or the first instructions comprise software for executing the network function, and the second instructions comprise an upgrade to the software for executing the network function.
  13. 13 . A network component comprising: a first dataplane executing first instructions on first ingress packets to provide packets egressing from the first dataplane; a second dataplane executing second instructions on second ingress packets received at the second dataplane to provide packets egressing from the second dataplane; a processor; a memory communicably coupled to the first dataplane, the second dataplane and the processor, wherein the memory is configured to store instructions that, when executed by the processor, configure the network component to: receive ingress packets at a network component that performs a network function to generate output packets; select the output packets from the packets egressing from the first dataplane and the packets egressing from the second dataplane; transmit the output packets; and transitioning from a verification mode to a non-verification mode by gradually increasing, over a transition period, a portion of the output packets that egress from the second dataplane, wherein when in a verification mode, the first dataplane is a primary dataplane and the second dataplane is a shadow dataplane, and the output packets egressing from the primary dataplane.
  14. 14 . The network component of claim 13 , wherein the instructions further configure the network component to: use the memory, which is communicable coupled to both the first dataplane and the second dataplane, to coordinate which of the packets egressing from the first dataplane and the second dataplane are selected as the output packets and dropping the packets egressing from the first dataplane and the second dataplane that are not selected as the output packets.
  15. 15 . The network component of claim 13 , further comprising: a packet dispatcher configured to provide the first ingress packets to the first dataplane and the second ingress packets provided to the second dataplane, wherein, during the transition period, the first ingress packets are identical to the second ingress packets.
  16. 16 . The network component of claim 13 , wherein after transitioning from the verification mode to the non-verification mode, when in the non-verification mode, all of the output packets have been processed by the network function being performed using second instructions, and before transitioning from the verification mode to the non-verification mode, when in the verification mode, all of the output packets have been processed by the network function being performed using the first instructions.
  17. 17 . The network component of claim 13 , wherein the instructions further configure the network component to: operate the network component in a scale-out mode by: reconfiguring the first dataplane to perform the network function using the second instructions; providing, by a packet dispatcher, the first ingress packets to the first dataplane and the second ingress packets provided to the second dataplane, wherein the first ingress packets are different from the second ingress packets; and selecting both the packets egressing from the first dataplane and the packets egressing from the second dataplane as the output packets.
  18. 18 . The network component of claim 13 , wherein the instructions further configure the network component to: transition from the verification mode to the non-verification mode without interrupting a data-traffic flow being transmitted from the network component to another network component, the data-traffic flow comprising the output packets transmitted from the network component.
  19. 19 . The network component of claim 13 , wherein the instructions further configure the network component to: monitor, during the transition period, the output packets for a deviation from a predefined specification; and roll back to the output packets egressing from the first dataplane, when the deviation from the predefined specification is detected.
  20. 20 . The network component of claim 13 , wherein the network component is either implemented on one or more data processing units (DPUs) or implemented as software executed on one or more central processing units (CPUs), and the network function comprises data-packet filtering, load balancing, security screening, malware detection, firewall protection, data-packet routing, data-packet switching, data-packet forwarding, computing header checksums, or implementing network policies.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application priority to U.S. provisional application No. 63/516,448, titled “Data Processing Units (DPUs) and extended Berkley Packet Filters (eBPFs) for Improved Security,” and filed on Jul. 28, 2023, which is expressly incorporated by reference herein in its entirety. TECHNICAL FIELD Aspects described herein generally relate to promoting a shadow dataplane executing a program or policy upgrade to a primary dataplane upon completion of verification testing of the upgrade, and, including, aspects related to upgrading the data plane of network components using a dual dataplane architecture. BACKGROUND In a computer network, many network functions can be performed by an edge device performing edge computing. For example, an edge device can provide an entry point into enterprise or service provider core networks. Examples of network devices can include routers, routing switches, integrated access devices (IADs), multiplexers, and a variety of metropolitan area network (MAN), and wide area network (WAN) access devices. Edge devices can also provide connections to carrier and service provider networks. Consider, for example, a case in which the edge device is a router. For backbone and core networks, the edge device can provide authenticated access (e.g., point-to-point protocol over an asynchronous transfer mode network (PPPoA) or point-to-point protocol over ethernet (PPPoE)). Further, edge routers can include quality of service (QoS) and multi-service functions to manage different types of traffic. Network functions performed by network components can include switching that uses routing protocols such as Open Shortest Path First (OSPF) or Multiprotocol Label Switching (MPLS) for reliability and scalability. Further, Border Gateway Protocol (BGP) routers can be used for peering exchanges. Edges devices can include a control plane and a dataplane. For example, a software-defined wide area network (SD-WAN) can include separate orchestration, management, control, and data planes. The orchestration plane can assist in the automatic onboarding of the SD-WAN routers into the SD-WAN overlay. The management plane can provide the central configuration and monitoring. The control plane can build and maintain the network topology and make decisions on where traffic flows. The data plane can forward packets based on decisions from the control plane. Network edge devices including the dataplane can be upgraded throughout time to improve functioning or address vulnerabilities. For example, the network device can be shut down while the dataplane is upgraded, but this results in an interruption of services provided by the network device, which is disruptive to users. Upgrading embedded devices at the network edge can present several challenges. Accordingly, improved methods and systems are desired for upgrading network edge devices. For example, improvements are desired that allow for seamless upgrades that are not disruptive to users of the network. BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS In order to describe the manner in which the above-recited and other advantages and features of the disclosure can be obtained, a more particular description of the principles briefly described above will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. Understanding that these drawings depict only exemplary embodiments of the disclosure and are not therefore to be considered to be limiting of its scope, the principles herein are described and explained with additional specificity and detail through the use of the accompanying drawings in which: FIG. 1A illustrates a block diagram of a first example of a network, in accordance with certain embodiments. FIG. 1B illustrates a block diagram of a second example of the network, in accordance with certain embodiments. FIG. 2 illustrates a block diagram of a network device, in accordance with certain embodiments. FIG. 3 illustrates a flow diagram for an example of a method of implementing a software development lifecycle (SDLC), in accordance with certain embodiments. FIG. 4 illustrates a state diagram for an example of a step for deploying a new software/policy version using dual dataplanes, in accordance with certain embodiments. FIG. 5 illustrates a block diagram of a first example of implementing dual dataplanes in data processing units (DPUs), in accordance with certain embodiments. FIG. 6 illustrates a block diagram of a second example of implementing dual dataplanes in data processing units (DPUs), in accordance with certain embodiments. FIG. 7A illustrates a block diagram of an example of a configuration of pairwise primary and shadow dataplanes when there are eight total dataplanes, in accordance with certain embodiments. FIG. 7B illustrates a block diagram of an example of a scale-out configuration with eight dataplanes, in accordance with certain embodiments. FIG. 8 illust