System and method for dynamic simultaneous connection to multiple service providers
First Claim
1. A router for enabling simultaneous connection to two or more service providers during a packet session between a host connected to said router and a home one of said two or more service providers associated with said router, comprising:
- means for receiving a network address translation rule to be applied to packets transmitted to or from said host while said host is running a particular application during said packet session with said home service provider;
a memory for storing said network address translation rule;
means for receiving a packet associated with said particular application for transmission to or from said host; and
means for translating an address of said packet between a first address identifying said host and associated with said home service provider and a second address identifying said host and associated with an additional one of said two or more service providers providing said particular application, using said network address translation rule.
1 Assignment
0 Petitions
Accused Products
Abstract
A policy enables a subscriber to connect to multiple service providers simultaneously using a network address translation technique that translates an address identifying the subscriber and associated with a first service provider into an address identifying the subscriber and associated with a second service provider for a particular application. The subscriber registers with a single home service provider and connects to that single home service provider for a packet session. To connect to additional service providers that provide additional applications during the packet session, the NAT rule is downloaded from the home service provider to a router at the border between the subscriber and the access network of the home service provider. Each IP packet received at the router to or from the subscriber is filtered to determine the subscriber'"'"'s address and an application identifier. Based on the combination of both the subscriber'"'"'s address and the application identifier, the router translates the subscriber'"'"'s address into a new address, using the NAT rule. The new address is used to connect the subscriber to an additional service provider for a particular application during the packet session with the home service provider.
152 Citations
65 Claims
-
1. A router for enabling simultaneous connection to two or more service providers during a packet session between a host connected to said router and a home one of said two or more service providers associated with said router, comprising:
-
means for receiving a network address translation rule to be applied to packets transmitted to or from said host while said host is running a particular application during said packet session with said home service provider;
a memory for storing said network address translation rule;
means for receiving a packet associated with said particular application for transmission to or from said host; and
means for translating an address of said packet between a first address identifying said host and associated with said home service provider and a second address identifying said host and associated with an additional one of said two or more service providers providing said particular application, using said network address translation rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
a policy table within said memory for storing said network address translation rule.
-
-
3. The router of claim 2, wherein said policy table is a source policy table and said network address translation rule applies to packets transmitted from said host for said particular application provided by said additional service provider.
-
4. The router of claim 3, wherein said network address translation rule within said source policy table contains a first source address identifying said host and associated with said home service provider and a second source address identifying said host and associated with said additional service provider.
-
5. The router of claim 4, wherein said network address translation rule within said source policy table further contains an application identifier identifying said particular application, said network address translation rule being used to translate said address of said packet from said first source address to said second source address when said packet further includes said application identifier therein.
-
6. The router of claim 5, further comprising:
-
means for comparing said address of said packet with said first source address and an application identifier within said packet with said application identifier within said network address translation rule, and means for applying said network address translation rule to said packet when said address of said packet matches said first source address and said application identifier within said packet matches said application identifier within said network address translation rule.
-
-
7. The router of claim 4, wherein said network address translation rule within said source policy table further contains a destination address identifying said additional service provider providing said particular application, said network address translation rule being used to translate said address of said packet from said first source address to said second source address when said packet further includes said destination address therein.
-
8. The router of claim 7, further comprising:
-
means for comparing said address of said packet with said first source address and a destination address within said packet with said destination address within said network address translation rule; and
means for applying said network address translation rule to said packet when said address of said packet matches said first source address and said destination address within said packet matches said destination address within said network address translation rule.
-
-
9. The router of claim 4, wherein said network address translation rule within said source policy table further contains routing information identifying a next-hop node within a packet network to receive said packet.
-
10. The router of claim 2, wherein said policy table is a destination policy table and said network address translation rule applies to packets transmitted to said host for said particular application from said additional service provider.
-
11. The router of claim 10, wherein said network address translation rule within said destination policy table contains a first destination address identifying said host and associated with said additional service provider and a second destination address identifying said host and associated with said home service provider.
-
12. The router of claim 10, wherein said network address translation rule within said destination policy table further contains an application identifier identifying said particular application, said network address translation rule being used to translate said address of said packet from said first destination address to said second destination address when said packet further includes said application identifier therein.
-
13. The router of claim 12, further comprising:
-
means for comparing said address of said packet with said first destination address and an application identifier within said packet with said application identifier within said network address translation rule; and
means for applying said network address translation rule to said packet when said address of said packet matches said first destination address and said application identifier within said packet matches said application identifier within said network address translation rule.
-
-
14. The router of claim 12, wherein said network address translation rule within said destination policy table further contains a source address identifying said additional service provider providing said particular application, said network address translation rule being used to translate said address of said packet from said first destination address to said second destination address when said packet further includes said source address therein.
-
15. The router of claim 14, further comprising:
-
means for comparing said address of said packet with said first destination address and a source address within said packet with said source address within said network address translation rule; and
means for applying said network address translation rule to said packet when said address of said packet matches said first destination address and said source address within said packet matches said source address within said network address translation rule.
-
-
16. The router of claim 1, further comprising:
means for disabling said network address translation rule upon termination of said particular application by said host.
-
17. The router of claim 1, wherein said router is located in an access network of said home service provider at the border between said host and said access network.
-
18. The router of claim 1, wherein said means for receiving said network address translation rule further comprises:
means for receiving a subscriber profile containing one or more policies associated with said host, said network address translation rule being included within said one or more policies.
-
19. The router of claim 1, wherein said memory is further configured to store a plurality of network address translation rules, said network address translation rule applied to said packet being one of said plurality of network address translation rules associated with said host and said particular application.
-
20. An access network of a home service provider for enabling a subscriber of said home service provider to connect to one or more additional service providers during a packet session with said home service provider in order to execute one or more applications provided by said one or more additional service providers, said access network comprising:
-
means for receiving an identity of a selected one of said one or more applications from said subscriber;
means for configuring a network address translation rule for said selected application to be applied to packets transmitted to or from a host of said subscriber while said host is running said selected application during said packet session with said home service provider; and
means for downloading said network address translation rule to a router connected between said host and said access network to enable said router to translate an address of each of said packets between a first address identifying said host and associated with said home service provider and a second address identifying said host and associated with a select one of said one or more additional service providers providing said select application. - View Dependent Claims (21, 22, 23, 24, 25, 26)
a policy server connected to receive said identity of said selected application, determine said network address translation rule for said selected application and download said network address translation rule to said router.
-
-
22. The access network of claim 21, further comprising:
a subscriber profile within said policy server for storing one or more policies associated with said subscriber, said network address translation rule being included within said one or more policies.
-
23. The access network of claim 22, further comprising:
a security server connected to authenticate said host to said access network, said subscriber profile being downloaded to said router from said policy server upon authentication of said host.
-
24. The access network of claim 23, further comprising:
a web server for providing a web page to said host requesting authentication information from said subscriber, said subscriber entering authentication information into said host for transmission to said security server to initiate said packet session with said home service provider.
-
25. The access network of claim 20, further comprising:
means for providing a list of said one or more applications to said subscriber for said subscriber to select from.
-
26. The access network of claim 25, wherein said means for providing comprises:
a web server for providing a web page to said host of said subscriber, said web page including said list, said identity of said select application being transmitted from said host to said web server upon selection of said select application by said subscriber at said host.
-
27. An access network of a first service provider for allowing a subscriber of a second service provider to access an application provided by said first service provider during a packet session with said second service provider, comprising:
-
means for allocating a portion of a pool of addresses assigned to said first service provider to said second service provider; and
means for receiving a sent packet associated with said application from a host of said subscriber during said packet session between said host and said second service provider, said packet having a source address from said portion of said pool of addresses allocated to said second service provider, said source address having been translated from an original address identifying said host and associated with said second service provider using a network address translation rule applied to each packet transmitted to or from said host while said host is running said application. - View Dependent Claims (28, 29)
means for transmitting a reply packet associated with said application to said host, said reply packet having a destination address, said destination address being said source address of said sent packet, said destination address being translated to said original address for transmission to said host.
-
-
29. The access network of claim 27, wherein said means for transmitting comprises:
a router associated with said first service provider and connected to said host via a packet network, said router being capable of recognizing said destination address as belonging to said second service provider and forwarding said reply packet to an access network of said second service provider, using said destination address.
-
30. A system for enabling a subscriber to simultaneously connect to two or more service providers to execute two or more applications, comprising:
-
a first access network associated with a first one of said two or more service providers and connected to a host of said subscriber for a packet session, said first access network being configured to determine a network address translation rule to be applied to packets transmitted to or from said host while said host is running a particular application during said packet session with said first service provider;
a second access network associated with a second one of said two or more service providers for providing said particular application; and
a router connected between said host and said first access network for receiving said network address translation rule from said first access network, receiving a packet associated with said particular application transmitted to or from said host and translating an address of said packet between a first address identifying said host and associated with said first service provider and a second address identifying said host and associated with said second service provider, using said network address translation rule. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
a policy server connected to receive said identity of said particular application, determine said network address translation rule for said selected application and download said network address translation rule to said router.
-
-
41. The system of claim 40, wherein said first access network further comprises:
a security server connected to authenticate said host to said first access network, said network address translation rule being downloaded to said router from said policy server upon authentication of said host.
-
42. The system of claim 41, wherein said first access network further comprises:
a web server for providing a web page to said host requesting authentication information from said subscriber, said subscriber entering authentication information into said host for transmission to said security server to initiate said packet session with said first service provider.
-
43. The system of claim 30, wherein a pool of addresses is assigned to said second service provider, said second access network being further configured to allocate a portion of said pool of addresses to said first service provider.
-
44. The system of claim 43, wherein said packet is a sent packet from said host to said second access network, said second address being a source address from said portion of said pool of addresses allocated to said second service provider.
-
45. The system of claim 44, wherein said packet is a reply packet to said host, said first address being a destination address, said destination address being said source address of said sent packet.
-
46. The system of claim 45, further comprising:
an additional router connected with said second access network, said additional router being capable of recognizing said destination address as belonging to said first service provider and forwarding said reply packet to said first access network of said first service provider, using said destination address.
-
47. A method for a router to enable simultaneous connection to two or more service providers during a packet session between a host connected to said router and a home one of said two or more service providers associated with said router, comprising the steps of:
-
receiving a network address translation rule to be applied to packets transmitted to or from said host while said host is running a particular application during said packet session with said home service provider;
receiving a packet associated with said particular application for transmission to or from said host;
translating an address of said packet between a first address identifying said host and associated with said home service provider and a second address identifying said host and associated with an additional one of said two or more service providers providing said particular application, using said network address translation rule; and
forwarding said packet to said additional service provider, using said second address. - View Dependent Claims (48, 49, 50, 51, 52, 53)
storing said network address translation rule within a source policy table in said router, said network address translation rule containing a first source address identifying said host and associated with said home service provider, a second source address identifying said host and associated with said additional service provider and an application identifier identifying said particular application, said step of translating said address of said packet from said first source address to said second source address being performed when said packet further includes said application identifier therein.
-
-
49. The method of claim 48, wherein said step of translating further comprises the steps of:
-
comparing said address of said packet with said first source address and an application identifier within said packet with said application identifier within said network address translation rule; and
applying said network address translation rule to said packet when said address of said packet matches said first source address and said application identifier within said packet matches said application identifier within said network address translation rule.
-
-
50. The method of claim 49, wherein said step of forwarding further comprises the step of:
forwarding said packet using routing information within said network address translation rule in source policy table identifying a next-hop node within a packet network to receive said packet.
-
51. The method of claim 47, further comprising the step of:
storing said network address translation rule within a destination policy table in said router, said destination policy table containing a first destination address identifying said host and associated with said additional service provider, a second destination address identifying said host and associated with said home service provider and an application identifier identifying said particular application, said step of translating said address of said packet from said first destination address to said second destination address being performed when said packet further includes said application identifier therein.
-
52. The method of claim 51, wherein said step of translating further comprises the steps of:
-
comparing said address of said packet with said first destination address and an application identifier within said packet with said application identifier within said network address translation rule; and
applying said network address translation rule to said packet when said address of said packet matches said first destination address and said application identifier within said packet matches said application identifier within said network address translation rule.
-
-
53. The method of claim 47, wherein said step of receiving said network address translation rule further comprises the step of:
receiving a subscriber profile containing one or more policies associated with said host, said network address translation rule being included within said one or more policies.
-
54. A method for dynamically enabling a subscriber of a home service provider to connect to one or more additional service providers during a packet session with said home service provider in order to execute one or more applications provided by said one or more additional service providers, said method comprising the steps of:
-
receiving an identity of a selected one of said one or more applications from said subscriber during said packet session;
configuring a network address translation rule for said selected application to be applied to packets transmitted to or from a host of said subscriber while said host is running said selected application during said packet session with said home service provider; and
downloading said network address translation rule to a router connected between said host and said access network to enable said router to translate an address of each of said packets between a first address identifying said host and associated with said home service provider and a second address identifying said host and associated with a select one of said one or more additional service providers providing said select application during said packet session. - View Dependent Claims (55)
providing a list of said one or more applications to said subscriber for said subscriber to select from via a web page during said packet session.
-
-
56. A method for enabling a subscriber of a home service provider to connect to one or more additional service providers during a packet session with said home service provider in order to execute one or more applications provided by said one or more additional service providers, said method comprising the steps of:
-
receiving an identity of a selected one of said one or more applications from said subscriber;
configuring a network address translation rule for said selected application to be applied to packets transmitted to or from a host of said subscriber while said host is running said selected application during said packet session with said home service provider;
storing said network address translation rule within a subscriber profile associated with said subscriber;
initiating said packet session with said host; and
downloading said subscriber profile to a router connected between said host and said access network to enable said router to translate an address of each of said packets between a first address identifying said host and associated with said home service provider and a second address identifying said host and associated with a select one of said one or more additional service providers providing said select application during said packet session. - View Dependent Claims (57, 58)
storing one or more policies associated with said subscriber within said subscriber profile, said network address translation rule being included within said one or more policies.
-
-
58. The method of claim 56, further comprising the step of:
authenticating said host to said access network, said subscriber profile being downloaded to said router upon authentication of said host.
-
59. A method for enabling a subscriber to simultaneously connect to two or more service providers to execute two or more applications, comprising the steps of:
-
establishing a packet session between a host of said subscriber and a first access network associated with a first one of said two or more service providers;
downloading a network address translation rule to be applied to packets transmitted to or from said host while said host is running a particular application during said packet session with said first service provider to a router connected between said host and said first access network;
receiving a packet associated with said particular application transmitted to or from said host at said router; and
translating an address of said packet between a first address identifying said host and associated with said first service provider and a second address identifying said host and associated with a second one of said two or more service providers providing said particular application, using said network address translation rule. - View Dependent Claims (60, 61, 62, 63, 64, 65)
forwarding said packet using routing information identifying a next-hop node within said network address translation rule.
-
-
61. The method of claim 59, wherein said step of downloading further comprises the step of:
downloading a plurality of network address translation rules to said router, said network address translation rule applied to said packet being one of said plurality of network address translation rules associated with said host and said particular application.
-
62. The method of claim 59, further comprising the step of:
allocating a portion of a pool of addresses assigned to said second service provider to said first service provider.
-
63. The method of claim 62, wherein said packet is a sent packet from said host to said second access network, said second address being a source address from said portion of said pool of addresses allocated to said second service provider.
-
64. The method of claim 62, wherein said packet is a reply packet to said host, said first address being a destination address, said destination address being said source address of said sent packet.
-
65. The method of claim 64, further comprising the step of:
forwarding said reply packet from an additional router connected with said second access network to said first access network of said first service provider using said destination address.
Specification