Network access system including a programmable access device having distributed service control
First Claim
1. A network access system, comprising:
- an external processor configured to invoke a policy-based service on received messages according to a policy rule and to establish a network connection between a first network and a second network; and
a programmable access device having a message interface coupled to said external processor configured to enforce the policy rule associated with the network connection, wherein said programmable access device includes a packet header filter and a forwarding table for forwarding packets between the first network and second network through, respectively, a first network interface and a second network interface, said packet header filter identifying messages received from one of the first network interface or the second network interface on which the policy-based services is to be implemented, the identified messages being passed via a message interface to the external processor for processing and other messages are forwarded correspondingly to the first network or the second network.
7 Assignments
0 Petitions
Accused Products
Abstract
A distributed network access system in accordance with the present invention includes at least an external processor and a programmable access device. The programmable access device has a message interface coupled to the external processor and first and second network interfaces through which packets are communicated with a network. The programmable access device includes a packet header filter and a forwarding table that is utilized to route packets communicated between the first and second network interfaces. In response to receipt of a series of packets, the packet header filter in the programmable access device identifies messages in the series of messages upon which policy-based services are to be implemented and passes identified messages via the message interface to the external processor for processing. In response to receipt of a message, the external processor invokes service control on the message and may also invoke policy control on the message.
-
Citations
40 Claims
-
1. A network access system, comprising:
-
an external processor configured to invoke a policy-based service on received messages according to a policy rule and to establish a network connection between a first network and a second network; and
a programmable access device having a message interface coupled to said external processor configured to enforce the policy rule associated with the network connection, wherein said programmable access device includes a packet header filter and a forwarding table for forwarding packets between the first network and second network through, respectively, a first network interface and a second network interface, said packet header filter identifying messages received from one of the first network interface or the second network interface on which the policy-based services is to be implemented, the identified messages being passed via a message interface to the external processor for processing and other messages are forwarded correspondingly to the first network or the second network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A network access system, comprising:
-
a policy decision point;
an external processor configured to invoke a policy-based service on received messages according to a policy rule by reference to the policy decision point and to establish a network connection between a first network and a second network;
a programmable access device having a message interface coupled to said external processor configured to enforce the policy rule associated with the network connection, wherein said programmable access device includes a packet header filter and a forwarding table for forwarding packets between the first network and the second network through, respectively, a first network interface and a second network interfaces, said packet header filter identifying messages received from the first network interface or the second network interface on which the policy-based services is to be implemented, the identified messages being passed via a message interface to the external processor for processing and other messages are forwarded correspondingly to the first network or the second network; and
an access router coupled between the programmable access device and a network core.
-
-
21. A network access method, comprising:
-
in response to receiving packets at a first network interface of a programmable access device, filtering the packets at the programmable access device to identify messages according to a policy rule, wherein the first network interface couples to a first network;
passing identified messages to an external processor configured to enforce the policy rule and to setup a connection with the first network;
performing service processing on identified messages at said external processor; and
for messages that are not identified, routing packets by reference to a forwarding table in the programmable access device to a second network over a second network interface of the programmable access device. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A system for providing distributed control of communication services, the system comprising:
-
an external processing module configured to provide signaling for establishment and teardown of a connection between a first network and a second network, the external processing module being further configured to apply a policy rue on traffic flow from the first network over the connection; and
an access module configured to communicate with a customer premise equipment coupled to the first network, the access module being configurable by the external processing module to support the communication services, wherein the access module selectively diverts a message within the traffic flow to the external processing module for enforcement of the policy rule, and another message within the traffic flow is forwarded to the second network.
-
Specification