Proxy on demand
First Claim
Patent Images
1. A method for managing network access requests to a data communications network, said method comprising:
- receiving at a point of presence (PoP) in a first domain of the data communications network a network access request from a user, said network access request specifying a second domain which is not the same as said first domain;
forwarding the network access request to a proxy service at the PoP;
determining the user'"'"'s domain;
looking up information regarding a plurality of authentication, authorization and accounting (AAA) services associated with the user'"'"'s domain;
checking the information to determine which of the plurality of AAA services associated with the user'"'"'s domain are available;
selecting an available AAA service associated with the user'"'"'s domain; and
proxying an access request to said selected AAA service.
1 Assignment
0 Petitions
Accused Products
Abstract
In a first aspect of the present invention, a Wholesaler dynamically identifies one of a plurality of AAA services at a remote domain to route an access request to. The AAA service is selected based upon a set of rules applied to information which has been received dynamically from the plurality of AAA services and is indicative of load and status of the plurality of AAA services. In a second aspect of the present invention, a Wholesaler, based upon a Service Level Agreement (SLA) between the Wholesaler and a user, routes the user to one of a plurality of sub-service providers.
-
Citations
17 Claims
-
1. A method for managing network access requests to a data communications network, said method comprising:
-
receiving at a point of presence (PoP) in a first domain of the data communications network a network access request from a user, said network access request specifying a second domain which is not the same as said first domain;
forwarding the network access request to a proxy service at the PoP;
determining the user'"'"'s domain;
looking up information regarding a plurality of authentication, authorization and accounting (AAA) services associated with the user'"'"'s domain;
checking the information to determine which of the plurality of AAA services associated with the user'"'"'s domain are available;
selecting an available AAA service associated with the user'"'"'s domain; and
proxying an access request to said selected AAA service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 13, 14, 15)
load balancing a plurality of network access requests to a user'"'"'s domain among a plurality of said available AAA services associated with the user'"'"'s domain.
-
-
3. A method according to claim 2, wherein said load balancing includes assigning access requests to said plurality of AAA services associated with the user'"'"'s domain in a round robin fashion.
-
4. A method according to claim 2, wherein said load balancing includes assigning access requests to said plurality of AAA services associated with the user'"'"'s domain in a pseudo-random fashion.
-
5. A method according to claim 2, wherein said load balancing includes checking the information to determine a recent load factor for at least one of the plurality of AAA services associated with the user'"'"'s domain, and wherein said selecting includes choosing an AAA service the load factor of which is below a threshold.
-
6. A method according to claim 5, wherein choosing includes picking an AAA service having the least load factor of the plurality of available AAA services.
-
7. A method according to claim 1, wherein said selecting includes:
determining a value related to the load and capacity of each available AAA service.
-
8. A method according to claim 7, wherein said selecting further includes:
choosing one of said available AAA services wherein said value is below a predetermined threshold.
-
9. A method according to claim 7, wherein said selecting further includes:
choosing the one of said available AAA services having the least said value.
-
13. A method according to claim 1, wherein said determining includes parsing a user'"'"'s fully qualified domain name (FQDN).
-
14. A method according to claim 1, wherein said determining includes checking a user'"'"'s calling line identification (CLID) against a stored list of telephone numbers to determine a corresponding domain identification stored therewith.
-
15. A method according to claim 1, wherein said determining includes checking an incoming digital number identification service identification (DNIS ID) against a stored list of telephone numbers to determine a corresponding domain identification stored therewith.
-
10. A method for managing sub-service network access requests to a data communications network, said method comprising:
-
receiving at a point of presence (PoP) of the data communications network a network access request to use the sub-service from a user;
authenticating the user;
looking up a service level agreement applicable to the user;
looking up available sub-service-providers and corresponding service level agreements;
determining the “
best”
sub-service provider to match with the user'"'"'s request;
requesting the sub-service provider to render the sub-service; and
having the sub-service provider render the service. - View Dependent Claims (11)
-
-
12. An authentication, authorization and accounting (AAA) service, comprising:
-
means for receiving a network access request from a user;
means for determining a domain corresponding to the user;
a memory containing a record corresponding to said domain, said record having a plurality of entries corresponding to AAA services available at said domain;
means for selecting one of the plurality of entries; and
means for proxying said network access request to the AAA service specified in the selected entry.
-
-
16. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for managing network access requests to a data communications network, said method comprising:
-
receiving at a point of presence (PoP) in a first domain of the data communications network a network access request from a user, said network access request specifying a second domain which is not the same as said first domain;
forwarding the network access request to a proxy service at the PoP;
determining the user'"'"'s domain;
looking up information regarding a plurality of authentication, authorization and accounting (AAA) services associated with the user'"'"'s domain;
checking the information to determine which of the plurality of AAA services associated with the user'"'"'s domain are available;
selecting an available AAA service associated with the user'"'"'s domain; and
proxying an access request to said selected AAA service.
-
-
17. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for managing sub-service network access requests to a data communications network, said method comprising:
-
receiving a point of presence (PoP) of the data communications network a network access request to use the sub-service from a user;
authenticating the user;
looking up a service level agreement applicable to the user;
looking up available sub-service providers and corresponding service level agreements;
determining the “
best”
sub-service provider to match with the user'"'"'s request;
requesting the sub-service provider to render the sub-service; and
having the sub-service provider render the sub-service.
-
Specification