Network access system including a programmable access device having distributed service control

US 7,046,680 B1
Filed: 11/28/2000
Issued: 05/16/2006
Est. Priority Date: 11/28/2000
Status: Expired due to Term

First Claim

Patent Images

1. A network access system, comprising:

an external processor configured to invoke a policy-based service on received messages according to a policy rule and to establish a network connection between a first network and a second network; and

a programmable access device having a message interface coupled to said external processor configured to enforce the policy rule associated with the network connection, wherein said programmable access device includes a packet header filter and a forwarding table for forwarding packets between the first network and second network through, respectively, a first network interface and a second network interface, said packet header filter identifying messages received from one of the first network interface or the second network interface on which the policy-based services is to be implemented, the identified messages being passed via a message interface to the external processor for processing and other messages are forwarded correspondingly to the first network or the second network.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed network access system in accordance with the present invention includes at least an external processor and a programmable access device. The programmable access device has a message interface coupled to the external processor and first and second network interfaces through which packets are communicated with a network. The programmable access device includes a packet header filter and a forwarding table that is utilized to route packets communicated between the first and second network interfaces. In response to receipt of a series of packets, the packet header filter in the programmable access device identifies messages in the series of messages upon which policy-based services are to be implemented and passes identified messages via the message interface to the external processor for processing. In response to receipt of a message, the external processor invokes service control on the message and may also invoke policy control on the message.

Citations

40 Claims

1. A network access system, comprising:
- an external processor configured to invoke a policy-based service on received messages according to a policy rule and to establish a network connection between a first network and a second network; and
  
  a programmable access device having a message interface coupled to said external processor configured to enforce the policy rule associated with the network connection, wherein said programmable access device includes a packet header filter and a forwarding table for forwarding packets between the first network and second network through, respectively, a first network interface and a second network interface, said packet header filter identifying messages received from one of the first network interface or the second network interface on which the policy-based services is to be implemented, the identified messages being passed via a message interface to the external processor for processing and other messages are forwarded correspondingly to the first network or the second network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The network access system of claim 1, and further comprising a policy server coupled to the external processor, wherein said policy server provides policy decisions to the external processor via the policy rule.
  - 3. The network access system of claim 2, wherein the policy server is a first policy server, and wherein the external processor supports a plurality of policy servers including the first policy server.
  - 4. The network access system of claim 2, wherein the external processor includes a policy cache that selectively caches policies obtained from the policy server.
  - 5. The network access system of claim 1, wherein the external processor includes a plurality of service controllers that each implements a respective one of a plurality of services.
  - 6. The network access system of claim 5, wherein the plurality of service controllers includes primary and secondary service controllers for a particular service, and wherein the secondary service controller provides said particular service to said programmable access device if said primary service controller fails.
  - 7. The network access system of claim 5, wherein the external processor comprises at least one signaling controller that, responsive to one of said plurality of service controllers, performs network signaling to setup a network connection.
  - 8. The network access system of claim 1, wherein the programmable access device is a first programmable access device, and wherein the external processor includes a plurality of programmable access device controllers that each control a respective one of a plurality of programmable access devices including said first programmable access device.
  - 9. The network access system of claim 1, and further comprising a network management server coupled to at least the external processor.
  - 10. The network access system of claim 9, wherein the network management server includes a billing facility that bills customers in accordance with services implemented by the external processor.
  - 11. The network access system of claim 1, said programmable access device further comprising a control interface, coupled to the external processor, through which operation of the packet header filter and forwarding table is controlled by the external processor.
  - 12. The network access system of claim 1, wherein the programmable access device further comprises at least one monitor that gathers statistics regarding network traffic and a reporting interface through which reporting messages related to the statistics are communicated to the external processor.
  - 13. The network access system of claim 1, wherein the packet header filter filters packets for service processing based upon protocol information pertaining to protocol layers higher than layer 3.
  - 14. The network access system of claim 1, wherein the programmable access device further comprises a policer that polices packets by reference to traffic parameters.
  - 15. The network access system of claim 14, wherein the policer comprises a marker that marks packets that do not conform with the traffic parameters.
  - 16. The network access system of claim 1, said programmable access device further comprising one or more output buffers and a scheduler that schedules the transmission of outgoing packets within the one or more output buffers to support multiple quality of service classes.
  - 17. The network access system of claim 1, and further comprising an access router coupled to the second network interface of the programmable access device.
  - 18. The network access system of claim 17, and further comprising a switched access network coupling said access router and the second network interface of the programmable access device.
  - 19. A network comprising:
    - a network access system in accordance with claim 17;
      
      at least one core router coupled to the access router; and
      
      a core communication link coupled to the core router.

20. A network access system, comprising:
- a policy decision point;
  
  an external processor configured to invoke a policy-based service on received messages according to a policy rule by reference to the policy decision point and to establish a network connection between a first network and a second network;
  
  a programmable access device having a message interface coupled to said external processor configured to enforce the policy rule associated with the network connection, wherein said programmable access device includes a packet header filter and a forwarding table for forwarding packets between the first network and the second network through, respectively, a first network interface and a second network interfaces, said packet header filter identifying messages received from the first network interface or the second network interface on which the policy-based services is to be implemented, the identified messages being passed via a message interface to the external processor for processing and other messages are forwarded correspondingly to the first network or the second network; and
  
  an access router coupled between the programmable access device and a network core.

21. A network access method, comprising:
- in response to receiving packets at a first network interface of a programmable access device, filtering the packets at the programmable access device to identify messages according to a policy rule, wherein the first network interface couples to a first network;
  
  passing identified messages to an external processor configured to enforce the policy rule and to setup a connection with the first network;
  
  performing service processing on identified messages at said external processor; and
  
  for messages that are not identified, routing packets by reference to a forwarding table in the programmable access device to a second network over a second network interface of the programmable access device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 22. The network access method of claim 21, and further comprising communicating policy decisions to the external processor from a policy server coupled to the external processor.
  - 23. The network access method of claim 22, wherein the policy server is a first policy server, and the method further comprises coupling a plurality of policy servers including the first policy server to the external processor.
  - 24. The network access method of claim 22, wherein the external processor includes a policy cache, and wherein the method further comprises selectively caching policies obtained from the policy server in the policy cache.
  - 25. The network access method of claim 21, wherein the external processor includes a plurality of service controllers, and wherein the method further comprises implementing a respective one of a plurality of services with each of the plurality of service controllers.
  - 26. The network access method of claim 25, wherein the plurality of service controllers includes primary and secondary service controllers for a particular service, and wherein the method further comprises providing said particular service to said programmable access device utilizing said secondary service controller if said primary service controller fails.
  - 27. The network access method of claim 25, wherein the external processor comprises at least one signaling controller, wherein the method further comprises performing network signaling to setup a network connection utilizing the at least one signaling controller.
  - 28. The network access method of claim 21, wherein the programmable access device is a first programmable access device and the external processor includes a plurality of programmable access device controllers, said method further comprising controlling each of a plurality of programmable access devices including said first programmable access device with a respective one of said plurality of programmable access device controllers.
  - 29. The network access method of claim 21, and further comprising coupling a network management server at least the external processor.
  - 30. The network access method of claim 29, and further comprising billing customers in accordance with services implemented by the external processor utilizing a billing facility of the network management server.
  - 31. The network access method of claim 21, said programmable access device further comprising a control interface coupled to the external processor, said method further comprising coupling the control interface to the external processor and controlling operation of the packet header filter by the external processor through the control interface.
  - 32. The network access method of claim 21, wherein the programmable access device further comprises at least one monitor, said method further comprising gathering statistics regarding network traffic utilizing the at least one monitor and communicating reporting messages related to the statistics to the external processor via a reporting interface.
  - 33. The network access method of claim 21, wherein filtering comprises filtering packets for service processing based upon protocol information pertaining to protocol layers higher than layer 3.
  - 34. The network access method of claim 21, wherein the programmable access device further comprises a policer and said method further comprises policing packets by reference to traffic parameters.
  - 35. The network access method of claim 34, wherein the policer comprises a marker and said method further comprises marking packets that do not conform with the traffic parameters.
  - 36. The network access method of claim 21, said programmable access device further comprising one or more output buffers and a scheduler, wherein the method further comprises scheduling the transmission of outgoing packets within the one or more output buffers to support multiple quality of service classes.
  - 37. The network access method of claim 21, and further comprising coupling an access router to the second network interface of the programmable access device and transmitting network traffic from the programmable access device to the access router.
  - 38. The network access method of claim 37, wherein coupling said access router comprises coupling said access router to the network interface of the programmable access device with a switched access network.
  - 39. The network access method of claim 21, wherein passing messages to the external processor comprises passing messages via an intermediate network.

40. A system for providing distributed control of communication services, the system comprising:
- an external processing module configured to provide signaling for establishment and teardown of a connection between a first network and a second network, the external processing module being further configured to apply a policy rue on traffic flow from the first network over the connection; and
  
  an access module configured to communicate with a customer premise equipment coupled to the first network, the access module being configurable by the external processing module to support the communication services, wherein the access module selectively diverts a message within the traffic flow to the external processing module for enforcement of the policy rule, and another message within the traffic flow is forwarded to the second network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
MCI Incorporated (Verizon Communications Inc.)
Inventors
Yao, Lei, Thomas, Howard Lee, McDysan, Dave
Primary Examiner(s)
Pezzlo, John
Assistant Examiner(s)
Levitan, Dmitry

Application Number

US09/723,482
Time in Patent Office

1,995 Days
Field of Search

370/351, 370/357, 370/360, 370/372, 370/386, 370/389, 370/392, 370/396, 370/395.2, 370/395.21, 370/400, 370/401, 370/422, 709/223, 709/226, 709/227, 709/229, 709/238, 709/244
US Class Current

370/396
CPC Class Codes

H04L 45/308   Route determination based o...

H04L 45/60   Router architectures

H04L 47/2475   for supporting traffic char...

H04L 63/0236   Filtering by address, proto...

H04L 63/102   Entity profiles

Network access system including a programmable access device having distributed service control

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Network access system including a programmable access device having distributed service control

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links