BACKGROUND

[1] Users of computing devices (e.g., smart phones, laptops, notebooks, tablets, PCs, etc.) have begun to expect increased functionality from their computing devices. By connecting a user's computing device from the device's mobile data network to remote resources such as applications, data, processing resources, storage resources, etc., via a network such as the Internet, the capabilities of the user's computing device is expanded. Many cloud computing infrastructures exist, enabling users to perform a variety of tasks, such as view videos, access documents, stream music, upload user content, and the like by connecting to the cloud computing infrastructures via a network. Moreover, many business and enterprise customers use business applications such as sales force automation, supply chain management, customer relationship management, etc.

BRIEF DESCRIPTION OF THE DRAWINGS

[2] The following detailed description references the drawings, in which:

[3] FIG. 1 illustrates a block diagram of a network architecture for end-to- end cloud policy rules resource control according to examples of the present disclosure;

[4] FIG. 2 illustrates a block diagram of a computing system for end-to-end cloud policy rules resource control according to examples of the present disclosure;

[5] FIG. 3 illustrates a block diagram of a computing system for end-to-end cloud policy rules resource control according to examples of the present disclosure;

[6] FIG. 4 illustrates a block diagram of a network architecture for end-to- end cloud policy rules resource control according to examples of the present disclosure; and

[7] FIG. 5 illustrates a flow diagram of a method for end-to-end cloud policy rules resource control according to examples of the present disclosure. DETAILED DESCRIPTION

[8] As the implementation of cloud computing has become more prevalent, and as the number and variety of cloud-based application service providers has grown, the demands for resources within cloud computing networks have also increased. Cloud network infrastructure providers and network operators search for ways to automate and coordinate the allocation of end-to-end resources encompassing both the telecommunications operator network (sometimes called the access network, the provider access network, and/or the mobile network operator network) and the cloud service provider network (sometimes called the cloud network and/or the data center network). Similarly, access networks currently struggle to provide predictable user experiences using current policy access network policy control techniques.

[9] Implementing common management and orchestration layers that span both the cloud (i.e., data center) network and the access (i.e., provider)network are useful for coordinatingcontrol of network resources and service-related traffic. Previously, the common layer has not been abstracted to a policy and enforcement layer. Moreover, the interconnecting control and signaling functions were not fully service-aware, and the operator's access network has not been considered as part of a holistic, end-to-end policy control solution.

[10] Cloud infrastructure and application providers, faced with the challenges associated with the rush to provide cloud-based services, are concerned with automating and coordinating the allocation and control of cloud- based resources encompassing both the telecom operator and the cloud service provider in an end-to-end way. These cloud infrastructure and application providers are further concerned with coordinating the allocation and optimization of cloud infrastructure and telecom access network resources to provide better cloud service experience to application users.

[11] Presently, cloud services and related topics such as network virtualization struggle with providing dynamic, service-aware policy control that is coordinated across both the telecom operator and cloud service provider. The existing reference point that lies between the different policy and charging rules function (PCRF) within the home and visited public land mobile networks (PLMN) may be unsuitable as an interface for the coordination of 3GPP PCC rules and cloud policies as it is not geared toward the information technology-centric nature of cloud computing architecture.

[12] Various embodiments will be described below by referring to several examples of network policy rules for providing end-to-end cloud network policy control of network resources. The present disclosure provides automated and coordinated control of resources within the cloud network from cloud network side computing resources, through a bearing network, and to the telecommunication operator's access network. In one example, a system for providing end-to-end cloud network policy control of network resources using policy rules includes a processing resource, a policy rules function module, and a policy enforcement function module. The policy rules function module is executable by the processing resource to provide policy rules that define functions for controlling resources within a cloud network, and the resources areaccessed by a client device via a provider network communicatively coupled to the cloud network. The policy enforcement function module is executable by the processing resource to cause the enforcement of the policy rules on the client device within the provider network. This and other examples are described herein.

[13] In some implementations, the end-to-end cloud infrastructure provides better experiences to cloud service consumers and providers. In other examples, the end-to-end cloud infrastructure is cloud computing resource aware, service/application aware, access network aware, bearing network aware, data center network aware, telecom subscriber aware, and/or service/application subscriber aware. Moreover, the end-to-end cloudinfrastructure allocates and controls infrastructure resources in the cloud data center and the operator's network in a coordinated and dynamic way according to real-time conditions (e.g., congestion status, application demand, hardware or storage capacity, etc.). These and other advantages will be apparent from the description that follows.

[14] FIG. 1 illustrates a block diagram of a network architecture 100 for end- to-end cloud policy rules resource control according to examples of the present disclosure. FIG. 1 includes particular components, modules, etc. according to various examples. However, in different embodiments, more, fewer, and/or other components, modules, arrangements of components/modules, etc. may be used according to the teachings described herein. In addition, various components, modules, etc. described herein may be implemented as one or more software modules, hardware modules, special-purpose hardware (e.g., application specific hardware, application specific integrated circuits (ASICs), embedded controllers, hardwired circuitry, etc.), or some combination of these.

[15] The example of FIG. 1 shows three separate networks that are all communicatively coupled such that signals and data may flow from one network to the other networks. Specifically, the example illustrates an access network 110, a bearing network 130 and a data center network 150 (also referred to as a cloud network). The network architecture 100 shown, including the access network 1 10, the bearing network 130, and the data center network 150, represents generally hardware components and computers interconnected by communications channels that allow sharing of resources and information. The network architecture 100 and the access network 1 10, the bearing network 130, and the data center network 150 may include one or more of a cable, wireless, fiber optic, or remote connection via a telecommunication link, an infrared link, a radio frequency link, or any other connectors or systems that provide electronic communication, or any suitable combinations of the above. The networks may include, at least in part, an Intranet, the internet, or a combination of both. The networks may also include intermediate proxies, routers, switches, load balancers, and the like. The paths followed by the networks between the access network 1 10, the bearing network 130, and the data center network 150, as depicted in FIG. 1 , represent the logical communication paths between these devices, not necessarily the physical paths between the devices.

[16] The access network 1 10 represents a telecommunication operator network or other similar network to which clients' devices 1 13 connect directly. For example, the access network 1 10 may include a wireless or mobile phone provider's network to which clients' devices1 13 connect via various types of connections. It should be understood that the clients' devices1 13 may include any appropriate type of computing device or system, including for example smartphones, tablets, desktops, laptops, workstations, servers, smart monitors, smart televisions, digital signage, scientific instruments, retail point of sale devices, video walls, imaging devices, peripherals, or the like. In one example, a client's device1 13 may run an application natively on the device, virtually or remotely though the network architecture 100 shown in FIG. 1 , or in any other suitable way.

[17] The access network 1 10 may include a cloud policy rules broker to receive policy rules from a cloud policy rule function module 152 in a data center network 150. The policy rules defines cloud application policy for the clients' devices 1 13 within the access network 110 for connecting to and utilizing resources within the data center network 150 such as cloud resource 170. In one example, the policy rules defines how applications running on the clients' devices1 13 (or running on the data center network 150 and accessible by the clients' devices113 via the network architecture 100) behave. For example, the policy rules may dictate certain network traffic requirements for applications using large amounts of data, such a streaming music and video applications. In such an example, a cloud-based application may rely on a high quality of service provided to deliver a desired experience to the user of the client device 1 13. The policy rules may dictate that the application receive priority over other network traffic in order to provide such service by, for example, sending the data to and from the cloud-based application needed the high quality of service via a high quality routing path through the network infrastructure 100.

[18] The cloud policy rules broker 1 12 may exist on a dedicated computing system, on part of a multi-purpose computing system, on a distributed computing system, or on any other suitable computing system or specialized circuitry within the access network 1 10. Similarly, the cloud policy rule function module 152 may exist on a dedicated computing system, on part of a multi-purpose computing system, on a distributed computing system, or on any other suitable computing system or specialized circuitry within the data center (e.g., cloud) network 150.

[19] The policy rules may be received by the cloud policy rules broker 1 12 via the bearing network 130, which may include an internet 132 and a control plane transmission (CPx) network 134. More specifically, the policy rules may be received via the CPx network 134. In this way, signals and data specific to the control policy rules broker 1 12 and the control policy rules function 152 (e.g., the policy rules and related signals and data) may be transmitted and received separately and apart from other signals and data (e.g., application data, standard network traffic, etc.).

[20] In one example, the CPx network 134 may exist within the bearing network 130 as a separate physical network. However, in another example, the CPx network 134 may exist as a virtual network within the bearing network 130 such that control signals and data may be transmitted and received via the CPx network 134 through the Internet 132. It should be understood that the Internet 132 may include the Internet, an internet, an intranet, an extranet, or any other suitable network for connecting the access network 1 10 and the data center network 150.

[21] FIG. 2 illustrates a block diagram of a computing system 260 for end- to-end cloud policy rules resource control according to examples of the present disclosure. FIG. 2 includes particular components, modules, etc. according to various examples. However, in different embodiments, more, fewer, and/or other components, modules, arrangements of components/modules, etc. may be used according to the teachings described herein. In addition, various components, modules, etc. described herein may be implemented as one or more software modules, hardware modules, special-purpose hardware (e.g., application specific hardware, application specific integrated circuits (ASICs), embedded controllers, hardwired circuitry, etc.), or some combination of these.

[22] It should be understood that the computing system 260 may include any appropriate type of computing device or system, including for example smartphones, tablets, desktops, laptops, workstations, servers, smart monitors, smart televisions, digital signage, scientific instruments, retail point of sale devices, video walls, imaging devices, peripherals, or the like.

[23] The computing system 260 may include a processing resource 262 that may be configured to process instructions. The instructions may be stored on a non-transitory tangible computer-readable storage medium, such as a memory resource (not shown), or on a separate device, or on any other type of volatile or non-volatile memory that stores instructions to cause a programmable processor to perform the techniques described herein. Alternatively or additionally, the computing system 260 may include dedicated hardware, such as one or more integrated circuits, Application Specific Integrated Circuits (ASICs), Application Specific Special Processors (ASSPs), Field Programmable Gate Arrays (FPGAs), or any combination of the foregoing examples of dedicated hardware, for performing the techniques described herein. In some implementations, multiple processors may be used, as appropriate, along with multiple memories and/or types of memory.

[24] Additionally, the computing system 260 includesa cloud policy rules function module 264 and a cloud policy enforcement function module 266. In one example, the modules described herein may be a combination of hardware and programming. The programming may be processor executable instructions stored on a tangible memory resource, for example, and the hardware may include processing resource 262 for executing those instructions. Thusthe memory resource can be said to store program instructions that when executed by the processing resource 262 implement the modules described herein. Other modules may also be utilized as will be discussed further below in other examples.

[25] The cloud policy rules function module 264 is executable by the processing resource 262 to provide policy rules that define functions for controlling resources within a cloud network. The policy rules regulate access to resources within a cloud network (such as the data center network 150 of FIG. 1 ). These resources may include cloud service applications hosted in the cloud network by cloud application providers. The resources are accessed by an application running on a client device via a provider network communicatively coupled to the cloud network.

[26] In one example, a cloud resource may include a hosted video streaming service that may utilize high bandwidth through the network. In this example, the policy rules may dictate that the video streaming service receive a higher priority that other applications not utilizing the higher bandwidth. In another example, a cloud resource may include a virtual hosted "desktop" environment that a user may access remotely. This type of resource may utilize time-sensitive communications that are prioritized over other types of network traffic by the policy rules defined by the cloud policy rules function module 264. In this case, the policy rules may define high quality routing paths within the network. Many other types of appropriate policy rules may be defined as suitable to the various resources within the cloud network.

[27] The cloud policy enforcement function module 266 is executable by the processing resource 262 to cause the enforcement of the policy rules on the client device within the provider network. In one example, enforcing the policy rules includes monitoring, allocating, and provisioning the resources within the cloud network to the client device within the provider access network. This may occur, for example, by enforcing policy rules to prioritize network traffic or to cause certain network traffic to be sent via higher priority routing paths while other network traffic is sent via lower priority routing paths within the cloud network and/or between the cloud network and the provider access network.

[28] In another example, the cloud policy enforcement function module 266 monitors, allocates, and provisions computing devices and/or virtual computing devices running in the cloud network environment. This may include monitoring, allocating, and provisioning hardware resources such as processing resources, memory resources, storage resources, etc.

[29] In other examples, additional modules may be implemented. For example, a cloud resource management function module may be included in computing system 260 to enable management of the resources within the cloud network. The cloud resource management function module also enables at least one of a reservation, an allocation, and a release of the resources within the cloud network. Additionally, the computing system 260 may include a cloud network software defined network application module is enabled toreceive the policy rules from the policy rules function module. The cloud network software defined network application module may further translate the policy rules into software defined networking functions to facilitate communication with the provider network. In one example, software defined networking functions operate through the OpenFlow® protocol, which is a communications protocol that gives access to the forwarding plane of a network switch or router over the network that enables network communication via software defined networking.

[30] FIG. 3 illustrates a block diagram of a computing system 320 for end- to-end cloud policy rules resource control according to examples of the present disclosure. FIG. 3 includes particular components, modules, etc. according to various examples. However, in different embodiments, more, fewer, and/or other components, modules, arrangements of components/modules, etc. may be used according to the teachings described herein. In addition, various components, modules, etc. described herein may be implemented as one or more software modules, hardware modules, special-purpose hardware (e.g., application specific hardware, application specific integrated circuits (ASICs), embedded controllers, hardwired circuitry, etc.), or some combination of these.

[31] It should be understood that the computing system 320 may include any appropriate type of computing device or system, including for example smartphones, tablets, desktops, laptops, workstations, servers, smart monitors, smart televisions, digital signage, scientific instruments, retail point of sale devices, video walls, imaging devices, peripherals, or the like.

[32] The computing system 320 may include a processing resource 322 that may be configured to process instructions. The instructions may be stored on a non-transitory tangible computer-readable storage medium, such as a memory resource (not shown), or on a separate device, or on any other type of volatile or non-volatile memory that stores instructions to cause a programmable processor to perform the techniques described herein. Alternatively or additionally, the computing system 320 may include dedicated hardware, such as one or more integrated circuits, Application Specific Integrated Circuits (ASICs), Application Specific Special Processors (ASSPs), Field Programmable Gate Arrays (FPGAs), or any combination of the foregoing examples of dedicated hardware, for performing the techniques described herein. In some implementations, multiple processors may be used, as appropriate, along with multiple memories and/or types of memory.

[33] Additionally, the computing system 320 includes a cloud policy rules broker module 324 and an access network software defined network application module 326. In one example, the modules described herein may be a combination of hardware and programming. The programming may be processor executable instructions stored on a tangible memory resource, for example, and the hardware may include processing resource 262 for executing those instructions. Thus the memory resource can be said to store program instructions that when executed by the processing resource 262 implement the modules described herein. Other modules may also be utilized as will be discussed further below in other examples.

[34] The cloud policy rules broker module 324 is executable by the processing resource 322 to receive policy rules from a cloud policy rules function module (such as the cloud policy rules function module 264 of FIG. 2) in a cloud network. In one example, the cloud policy rules broker module 324 interfaces with multiple cloud policy rules function modules. The policy rules define cloud application policy for resources within the cloud network that are accessible by a client device within a provider access network. The cloud policy rules broker module 324 further provisions the policy rules to the access network software defined network application module 326.

[35] In one example, the cloud policy rules broker module 326 acts a 3GPP application function, consolidating and translating cloud application policy requests into 3GPP policy and charging rules function via the standard reference point. It may also provision policy rules to the access network software defined network application module 326 that are coordinated with the cloud network.

[36] The access network software defined network application module 326 is a software defined network existing within the access network. It may expose a reference point between the cloud policy rules broker module 324 so that it receives policy rules from the cloud policy rules function module and translate the policy rules into OpenFlow® functions, for example, for network components within the provider access network. In this way, the cloud policy rules broker module 324 may provision rules to the access network software defined network application module 326 that are coordinated with the cloud policy rules function module to control the application function side network. [37] In other examples, the computing system 320 may include a 3GPP policy and charging rules function to receive application and see control messages from the cloud policy rules broker via a 3GPP reference point. The computing system 320 may further include a 3GPP access network discovery and selection function to provide a framework for specifying and delivering access network selection policy to mobile handsets within the access network.

[38] In this way, proper allocation of bearer network resources in an end-to- end manner ensures high quality of service for the end user. Moreover, the computing system 320 provides a coordinated method for dynamically according real-time conditions such as congestion status, application demand, hardware or storage capacity, etc.

[39] FIG. 4 illustrates a block diagram of a network architecture 400 for end- to-end cloud policy rules resource control according to examples of the present disclosure. FIG. 4 includes particular components, modules, etc. according to various examples. However, in different embodiments, more, fewer, and/or other components, modules, arrangements of components/modules, etc. may be used according to the teachings described herein. In addition, various components, modules, etc. described herein may be implemented as one or more software modules, hardware modules, special-purpose hardware (e.g., application specific hardware, application specific integrated circuits (ASICs), embedded controllers, hardwired circuitry, etc.), or some combination of these.

[40] The example of FIG. 4 shows three separate networks that are all communicatively coupled such that signals and data may flow from one network to the other networks. Specifically, the example illustrates an access network 410, a bearing network 430 and a data center network 450 (also referred to as a cloud network). The network architecture 400 shown, including the access network 410, the bearing network 430, and the data center network 450, represents generally hardware components and computers interconnected by communications channels that allow sharing of resources and information. The network architecture 400 and the access network 410, the bearing network 430, and the data center network 450 may include one or more of a cable, wireless, fiber optic, or remote connection via a telecommunication link, an infrared link, a radio frequency link, or any other connectors or systems that provide electronic communication, or any suitable combinations of the above. The networks may include, at least in part, an Intranet, the internet, or a combination of both. The networks may also include intermediate proxies, routers, switches, load balancers, and the like. The paths followed by the networks between the access network 410, the bearing network 430, and the data center network 450, as depicted in FIG. 4, represent the logical communication paths between these devices, not necessarily the physical paths between the devices.

[41] The access network 410 represents a telecommunication operator network or other similar network to which clients' devices 413 connect directly. For example, the access network 410 may include a wireless or mobile phone provider's network to which clients' devices 413 connect via various types of connections. It should be understood that the clients' devices 413 may include any appropriate type of computing device or system, including for example smartphones, tablets, desktops, laptops, workstations, servers, smart monitors, smart televisions, digital signage, scientific instruments, retail point of sale devices, video walls, imaging devices, peripherals, or the like. In one example, a client's device 413 may run an application natively on the device, virtually or remotely though the network architecture 400 shown in FIG. 4, or in any other suitable way.

[42] The access network 410 may include a cloud policy rules broker 412 to receive a policy rules from a cloud policy rule function module 452 in a data center network 450. The policy rules defines cloud application policy for the clients' devices 413 within the access network 410 for connecting to and utilizing resources within the data center network 450 such as cloud resource 470. The cloud policy rules function module 452 acts as a centralized policy decision engine to govern hardware and application resources within the data center network 450.

[43] In one example, the policy rules defines how applications running on the clients' devices 413 (or running on the data center network 450 and accessible by the clients' devices 413 via the network architecture 400) behave. For example, the policy rules may dictate certain network traffic requirements for applications using large amounts of data, such a streaming music and video applications. In such an example, a cloud-based application may rely on a high quality of service provided to deliver a desired experience to the user of the client device 413. The policy rules may dictate that the application receive priority over other network traffic in order to provide such service by, for example, sending the data to and from the cloud-based application needed the high quality of service via a high quality routing path through the network infrastructure 400.

[44] The cloud policy rules broker 412 may exist on a dedicated computing system such as computing system 420 (or similarly on computing system 320 of FIG. 3), on part of a multi-purpose computing system, on a distributed computing system, or on any other suitable computing system or specialized circuitry within the access network 410. Similarly, the cloud policy rule function module 452 may exist on a dedicated computing system such as computing system 460 (or similarly on computing system 260 of FIG. 2), on part of a multi-purpose computing system, on a distributed computing system, or on any other suitable computing system or specialized circuitry within the data center (e.g., cloud) network 450.

[45] The policy rules may be received by the cloud policy rules broker 412 via the bearing network 430, which may include an internet 432 and a control plane transmission (CPx) network 434. More specifically, the policy rules may be received via the CPx network 434. In this way, signals and data specific to the control policy rules broker 412 and the control policy rules function 452 (e.g., the policy rules and related signals and data) may be transmitted and received separately and apart from other signals and data (e.g., application data, standard network traffic, etc.).

[46] In one example, the CPx network 434 may exist within the bearing network 430 as a separate physical network. However, in another example, the CPx network 434 may exist as a virtual network within the bearing network 430 such that control signals and data may be transmitted and received via the CPx network 434 through the Internet 432. It should be understood that the Internet 42 may include the Internet, an internet, an intranet, an extranet, or any other suitable network for connecting the access network 410 and the data center network 450.

[47] In the example shown in FIG. 4, the access network 410 includes an access network software defined networking (ANSDN) module, which may operate as part of computing system 420 or it may operate on another computing system in another example. The ANSDN exposes a reference point towards the cloud policy rules broker 412 for interfacing and communicating with the cloud policy rules broker 412. The ANSDN receives policy rules from the cloud policy rules function module 452 and translates the policy rules into software defined networking functions, which may include OpenFlow® functions, for example, for network components within the access network 410.

[48] In other examples, the access network 410 may include a 3GPP policy and charging rules function (PCRF) that encompasses policy control decisions and flow based charging control functionalities. The access network 410 may also include a 3GPP access network discovery and selection function that provides a framework for specifying and delivering access network selection policies to client devices. This may enable dynamic provisioning of information to the client device for access discovery and selection procedures relating to 3GPP and non-3GPP accesses.

[49] Additional functionality within the access network 410 may include enabling a PCRF to dynamically control application detection and control behavior as a traffic detection function or using deep packet inspection. The access network 410 may also provide functionality to enable a PCRF to dynamically control the policy and charging control behavior, which is governed by signaling of the policy and charging control decision.

[50] Referring again to FIG. 4, the data center network 450 may include a data center software defined network 454, which may expose a reference point towards the cloud policy rules function module 452. The data center software defined network 454 receives policy rules provisioned from the cloud policy rules function module 452 and translates the rules into software defined networking functions, such as OpenFlow® functions, for example, for the network components within the data center network 450. [51] The data center network 450 may also include a cloud policy enforcement function module 466 and a cloud resource management function 468. The cloud policy enforcement function module 466 causes the enforcement of the policy rules on the client device within the provider network. In one example, enforcing the policy rules includes monitoring, allocating, and provisioning the resources within the cloud network to the client device within the provider access network. This may occur, for example, by enforcing policy rules to prioritize network traffic or to cause certain network traffic to be sent via higher priority routing paths while other network traffic is sent via lower priority routing paths within the cloud network and/or between the cloud network and the provider access network. In another example, the cloud policy enforcement function module 468 prioritizes network resources based on an application priority. The application priority may be determined by an application identifier sent by the application on the client device 413 or may be predetermined within the policy rules.

[52] In another example, the cloud policy enforcement function module 466 monitors, allocates, and provisions computing devices and/or virtual computing devices running in the cloud network environment. This may include monitoring, allocating, and provisioning hardware resources such as processing resources, memory resources, storage resources, etc.

[53] In other examples, additional modules may be implemented. For example, a cloud resource management function module 466 may be included within the data center network 450 to enable management of the resources within the cloud network. The cloud resource management function module also enables at least one of a reservation, an allocation, and a release of the resources within the cloud network.

[54] FIG. 5 illustrates a flow diagram of a method 500 for end-to-end cloud policy rules resource control according to examples of the present disclosure. The method 500 may be executed by a computing system or a computing device such as computing device 260 of FIG. 2. In one example, the method 500 may include: receiving a cloud application initiation request (block 502); coordinating a communication with a cloud policy resource broker including transmitting policy rules (block 504); and allocating a resource to the user application (block 506).

[55] At block 502, the method 500 may include receiving a cloud application initiation request. In one example, this includes receiving, by a computing system (e.g. , computing system 260 of FIG. 2, and computing system 460 of FIG. 4) in a cloud network (e.g. , data center network 150 of FIG. 1 and data center network 450 of FIG. 4), a cloud application initiation request from a user application on a user device (e.g. client device 1 13 of FIG. 1 and client device 413 of FIG. 4) within an access network (e.g. , access network 1 10 of FIG. 1 and access network 410 of FIG. 4), the request including a cloud application identity and resource reservation data. The cloud application identity and resource reservation data may be used to determine a priority or other indicator relating to the request for access to cloud resources.

[56] At block 504, the method 500 may include coordinating a communication with a cloud policy resource brokerincluding transmitting policy rules. In an example, this includes coordinating, by the computing system (e.g. , computing system 260 of FIG. 2, and computing system 460 of FIG. 4), a communication with a cloud policy resource broker (e.g. , cloud policy resource broker 1 12 of FIG. 1 , cloud policy resource broker 324 of FIG. 2, and cloud policy resource broker 412 of FIG. 4) within the access network, the communication including transmitting policy rules to the cloud policy rules broker to be applied to the user application on the user device.

[57] In one example, coordinating the communication with the cloud policy rules broker also includes coordinating communication via a software defined network. The computing system may coordinate the communication with the cloud policy rules broker via the access network software defined network and/or via the cloud/data center software defined network. Communication may occur using standard software defined network functions, such as OpenFlow® functions or the like.

[58] At block 506, the method 500 may include allocating a resource to the user application. In one example, this may include allocating, by the computing system (e.g. , computing system 260 of FIG. 2, and computing system 460 of FIG. 4), a resource (e.g., cloud resource 170 of FIG. 1 and cloud resource 470 of FIG. 4) within the cloud network to the user application on the user device within the access network via the cloud policy resource broker based on the policy rules. In this way, the application on the user device may access the network resources as desired.

[59] In one example, allocating the resource within the cloud network to the user application on the user device within the access network via the cloud policy resource broker based on the policy rules includes allocating the resource based on an application priority determined from the application identity. Other allocation criteria may also be utilized, such as the type of resource requested, the load on the resource from other users, and the like.

[60] Additional processes also may be included, and it should be understood that the processes depicted in FIG. 5 represent illustrations, and that other processes may be added or existing processes may be removed, modified, or rearranged without departing from the scope and spirit of the present disclosure.

[61] The techniques described herein may be utilized in a variety of scenarios. For example, end-to-end cloud policy rules resource control coordinates access network congestion with cloud applications and resources and vice versa. The end-to-end cloud policy rules resource control provides on- demand virtualization of computing resources within the cloud network (e.g., processing resources, memory resources, storage resources, etc.). Moreover, the end-to-end cloud policy rules resource control differentiates end-to-end service for access network subscribers, for application policy subscribers, and/or for specified application by the access network.

[62] It should be emphasized that the above-described examples are merely possible examples of implementations and set forth for a clear understanding of the present disclosure. Many variations and modifications may be made to the above-described examples without departing substantially from the spirit and principles of the present disclosure. Further, the scope of the present disclosure is intended to cover any and all appropriate combinations and sub-combinations of all elements, features, and aspects discussed above. All such appropriate modifications and variations are intended to be included within the scope of the present disclosure, and all possible claims to individual aspects or combinations of elements or steps are intended to be supported by the present disclosure.