Application integrated gateway

US 7,890,636 B2
Filed: 06/28/2006
Issued: 02/15/2011
Est. Priority Date: 06/28/2006
Status: Active Grant

First Claim

Patent Images

1. A method for allowing a network application to be stateless in an IP network, the method comprising:

receiving, at the network application in a network device, state information for a session for a user device, wherein the state information comprises a service route header and identification information for the user device;

sending, from the network device, the state information to a user-plane application through a network interface coupled to the network device, wherein the user-plane application comprises a gateway configured to route communications for the user device, the user-plane application being located in a network associated with the user device on an opposite side of the network interface from the network device, and wherein the user-plane application is configured to store the state information in a cache having the service route header associated with the user device identification information, and perform a stateful operation for the network application using the stored state information to offload the stateful operation from the network application of the network device to allow the network application to be stateless with respect to the offloaded stateful operation;

when the stateful operation is a security operation;

receiving in the network device, a message from the user device;

generating security information based on the received message; and

communicating with the user-plane application to have a crypto pointer allocated by the user-plane application for the security information, wherein the crypto pointer is stored in the cache associated with the user-plane application; and

upon a failure of the network application that causes the network device to lose the state information and the crypto pointer, and re-initialization of the network application in the network device after the failure, communicating with the user-plane application to receive the state information and the crypto pointer from the cache associated with the user-plane application for continuing the session with the re-initialized network application without needing to establish a new session for the user device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a network application may offload stateful operations to a user-plane application. In one embodiment, the network application receives state information for a user device. The network application then sends the state information to a user-plane application, which can maintain the state information. The network application may then offload a stateful operation to the user-plane application. For example, the network application may have the user-plane application perform stateful operations. Also, the network application may use the state information maintained at the user-plane application for error recovery after the network application fails. For example, the network application may recover the state information from the user-plane application after failure.

73 Citations

View as Search Results

36 Claims

1. A method for allowing a network application to be stateless in an IP network, the method comprising:
- receiving, at the network application in a network device, state information for a session for a user device, wherein the state information comprises a service route header and identification information for the user device;
  
  sending, from the network device, the state information to a user-plane application through a network interface coupled to the network device, wherein the user-plane application comprises a gateway configured to route communications for the user device, the user-plane application being located in a network associated with the user device on an opposite side of the network interface from the network device, and wherein the user-plane application is configured to store the state information in a cache having the service route header associated with the user device identification information, and perform a stateful operation for the network application using the stored state information to offload the stateful operation from the network application of the network device to allow the network application to be stateless with respect to the offloaded stateful operation;
  
  when the stateful operation is a security operation;
  
  receiving in the network device, a message from the user device;
  
  generating security information based on the received message; and
  
  communicating with the user-plane application to have a crypto pointer allocated by the user-plane application for the security information, wherein the crypto pointer is stored in the cache associated with the user-plane application; and
  
  upon a failure of the network application that causes the network device to lose the state information and the crypto pointer, and re-initialization of the network application in the network device after the failure, communicating with the user-plane application to receive the state information and the crypto pointer from the cache associated with the user-plane application for continuing the session with the re-initialized network application without needing to establish a new session for the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the network application comprises a proxy network application.
  - 3. The method of claim 1, wherein the stateful operation is a network application operation that is offloaded to the user-plane application, the user-plane application using the state information to perform the stateful operation, and wherein the state information further comprises IPSec state information when the stateful operation is a security operation.
  - 4. The method of claim 1, further comprising:
    - storing the state information at the network application; and
      
      performing network application operations using the stored state information, wherein if the stored state information at the network application is lost, the network application maintains state by communicating with the user-plane application to receive the state information.
  - 5. The method of claim 1, wherein after failure of the network application, the method further comprising:
    - receiving a message from the user device;
      
      determining that the service route header is not stored at the network application;
      
      requesting the service route header from the user-plane application using the identification information of the user device;
      
      receiving the service route header from the user-plane application; and
      
      policing the message using the service route header.
  - 6. The method of claim 1, further comprising:
    - receiving a message from the user device; and
      
      sending dialogue state information determined from the message to the user-plane application, the user-plane application maintaining the dialogue state information.
  - 7. The method of claim 6, further comprising:
    - receiving a message from the user-plane application indicating the session should be ended for the session associated with the dialogue state information, wherein the user-plane application receives an indication that the user device session should be ended; and
      
      ending the session associated with the dialogue state information.
  - 8. The method of claim 1, further comprising:
    - receiving a second encrypted message from the user device;
      
      sending the crypto pointer with the encrypted message to the user-plane application, wherein the user-plane application uses the crypto pointer to determine decryption information to decrypt the encrypted message; and
      
      receiving the decrypted message from the user-plane application.
  - 9. The method of claim 1, further comprising:
    - receiving a second encrypted message from the user device;
      
      determining that the crypto pointer that was stored is lost;
      
      sending a request to the user-plane application for the crypto pointer that is being maintained by the user-plane application, wherein the user-plane application looks up the crypto pointer for identification information for the user device; and
      
      receiving the crypto pointer from the user-plane application.

10. A method for allowing a network application to be stateless in an IP network, the method comprising:
- receiving, at a user-plane application in a computing device, state information for a session for a user device, the state information required for communications to and from the user device and received through a network interface, wherein the user-plane application is located in a network associated with the user device on an opposite side of the network interface from the network application, wherein the computing device comprises a gateway configured to route communications for the user device;
  
  storing the state information with the user-plane application associated with the user device, wherein the state information comprises a service route header and address for the user device, wherein the user-plane application stores the service route header and the address in a cache having the service route header associated with the user device address;
  
  performing, using the computing device, a stateful operation using the state information for the network application, the stateful operation being offloaded from being performed by the network application to allow the network application to be stateless with respect to the offloaded stateful operation;
  
  when the stateful operation is a security operation;
  
  receiving a message from the network application to have a crypto pointer allocated in the computing device, wherein the crypto pointer allocation is based on security information from the received message;
  
  storing the crypto pointer in the cache associated with the user-plane application for the security information associated with identification information for the network application; and
  
  sending the crypto pointer to the network application;
  
  upon a failure of the network application that causes the network device to lose the state information and the crypto pointer, and re-initialization of the network application in the network device after the failure, receiving a request from the network device for the state information and the crypto pointer; and
  
  sending the state information and the crypto pointer retrieved from the cache associated with the user-plane application to the re-initialized network application in the network device for continuing the session with the network application without needing to establish a new session for the user device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein the network application comprises proxy network application.
  - 12. The method of claim 10, wherein the stateful operation is a network application operation that is offloaded to the user-plane application, the user-plane application using the state information to perform the stateful operation, and wherein the state information further comprises IPSec state information when the stateful operation is a security operation.
  - 13. The method of claim 10, wherein after failure of the network application, the method further comprising:
    - receiving a request from the network application for the service route header using the identification information of the user device;
      
      determining the service route header using the identification information for the network application; and
      
      sending the service route header to the network application, wherein the network application polices the message using the service route header.
  - 14. The method of claim 10, further comprising:
    - receiving dialogue state information determined for a message; and
      
      maintaining the dialogue state information at the user-plane application.
  - 15. The method of claim 14, further comprising:
    - receiving an indication that the user device session should be ended; and
      
      sending a message indicating the session should be ended for the session associated with the dialogue state information, wherein the network application ends the session associated with the dialogue state information.
  - 16. The method of claim 10, further comprising:
    - receiving the crypto pointer with an encrypted message;
      
      using the crypto pointer to determine decryption information to decrypt the encrypted message; and
      
      sending the decrypted message to the network application.
  - 17. The method of claim 10, further comprising:
    - receiving a request for the crypto pointer that is being maintained by the user-plane application, wherein the network application has lost the crypto pointer;
      
      looking up the crypto pointer for identification information for the user device; and
      
      sending the crypto pointer to the network application.

18. An apparatus configured to allow a network application to be stateless in an IP network, the apparatus comprising:
- one or more computer processors in a network device; and
  
  a non-transitory computer-readable storage medium containing instructions that, when executed by the one or more computer processors, cause the one or more computer processors to perform a set of steps comprising;
  
  receiving, at the network application in the network device, state information for a session for a user device, wherein the state information comprises a service route header and identification information for the user device;
  
  sending, from the one or more computer processors, the state information to a user-plane application through a network interface coupled to the network device, wherein the user-plane application comprises a gateway configured to route communications for the user device, the user-plane application being located in a network associated with the user device on an opposite side of the network interface from the network device, and wherein the user-plane application is configured to store the state information in a cache having the service route header associated with the user device identification information, and perform a stateful operation for the network application using the stored state information to offload the stateful operation from the network application of the network device to allow the network application to be stateless with respect to the offloaded stateful operation;
  
  when the stateful operation is a security operation;
  
  receiving in the network device, a message from the user device;
  
  generating security information based on the received message; and
  
  communicating with the user-plane application to have a crypto pointer allocated by the user-plane application for the security information, wherein the crypto pointer is stored in the cache associated with the user-plane application; and
  
  upon a failure of the network application that causes the network device to lose the state information and the crypto pointer, and re-initialization of the network application in the network device after the failure, communicating with the user-plane application to receive the state information and the crypto pointer from the cache associated with the user-plane application for continuing the session with the re-initialized network application without needing to establish a new session for the user device.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The apparatus of claim 18, wherein the network application comprises a proxy network application.
  - 20. The apparatus of claim 18, wherein the stateful operation is a network application operation that is offloaded to the user-plane application, the user-plane application using the state information to perform the stateful operation, and wherein the state information further comprises IPSec state information when the stateful operation is a security operation.
  - 21. The apparatus of claim 18, further comprising:
    - storing the state information at the network application; and
      
      performing network application operations using the stored state information, wherein if the stored state information at the network application is lost, the network application maintains state by communicating with the user-plane application to receive the state information.
  - 22. The apparatus of claim 18, wherein after failure of the network application, wherein the instructions cause the one or more processors to perform further steps comprising:
    - receiving a message from the user device;
      
      determining that the service route header is not stored at the network application;
      
      requesting the service route header from the user-plane application using the identification information of the user device;
      
      receiving the service route header from the user-plane application; and
      
      policing the message using the service route header.
  - 23. The apparatus of claim 18, wherein the instructions cause the one or more processors to perform further steps comprising:
    - receiving a message from the user device; and
      
      sending dialogue state information determined from the message to the user-plane application, the user-plane application maintaining the dialogue state information.
  - 24. The apparatus of claim 23, wherein the instructions cause the one or more processors to perform further steps comprising:
    - receiving a message from the user-plane application indicating the session should be ended for the session associated with the dialogue state information, wherein the user-plane application receives an indication that the user device session should be ended; and
      
      ending the session associated with the dialogue state information.
  - 25. The apparatus of claim 18, wherein the instructions cause the one or more processors to perform further steps comprising:
    - receiving a second encrypted message from the user device;
      
      sending the crypto pointer with the encrypted message to the user-plane application, wherein the user-plane application uses the crypto pointer to determine decryption information to decrypt the encrypted message; and
      
      receiving the decrypted message from the user-plane application.
  - 26. The apparatus of claim 18, wherein the instructions cause the one or more processors to perform further steps comprising:
    - receiving a second encrypted message from the user device;
      
      determining that the crypto pointer that was stored is lost;
      
      sending a request to the user-plane application for the crypto pointer that is being maintained by the user-plane application, wherein the user-plane application looks up the crypto pointer for identification information for the user device; and
      
      receiving the crypto pointer from the user-plane application.

27. An apparatus configured to allow a network application to be stateless in an IP network, the apparatus comprising:
- one or more computer processors; and
  
  a non-transitory computer-readable storage medium containing instructions that, when executed by the one or more computer processors, cause the one or more computer processors to perform a set of steps comprising;
  
  receiving, in a gateway at a user-plane application from a network device, state information for a session for a user device, the state information required for communications to and from the user device and received through a network interface, wherein the user-plane application is located in a network associated with the user device on an opposite side of the network interface from the network application of the network device, wherein the gateway having the user-plane application is configured to route communications for the user device;
  
  storing the state information with the user-plane application associated with the user device, wherein the state information comprises a service route header and address for the user device, wherein the user-plane application stores the service route header and the address in a cache having the service route header associated with the user device address;
  
  performing, using the one or more computer processors, a stateful operation using the state information for the network application, the stateful operation being offloaded from being performed by the network application to allow the network application to be stateless with respect to the offloaded stateful operation;
  
  when the stateful operation is a security operation;
  
  receiving a message from the network application to have a crypto pointer allocated in the computing device, wherein the crypto pointer allocation is based on security information from the received message;
  
  storing the crypto pointer in the cache associated with the user-plane application for the security information associated with identification information for the network application; and
  
  sending the crypto pointer to the network application;
  
  upon a failure of the network application that causes the network device to lose the state information and the crypto pointer, and re-initialization of the network application in the network device after the failure, receiving a request from the network device for the state information and the crypto pointer; and
  
  sending the state information and the crypto pointer retrieved from the cache associated with the user-plane application to the re-initialized network application in the network device for continuing the session with the network application without needing to establish a new session for the user device.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
- - 28. The apparatus of claim 27, wherein the network application comprises proxy network application.
  - 29. The apparatus of claim 27, wherein the stateful operation is a network application operation that is offloaded to the user-plane application, the user-plane application using the state information to perform the stateful operation, and wherein the state information further comprises IPSec state information when the stateful operation is a security operation.
  - 30. The apparatus of claim 27, wherein after failure of the network application, wherein the instructions cause the one or more computer processors to perform further steps comprising:
    - receiving a request from the network application for the service route header using the identification information of the user device;
      
      determining the service route header using the identification information for the network application;
      
      sending the service route header to the network application, wherein the network application polices the message using the service route header.
  - 31. The apparatus of claim 27, wherein the instructions cause the one or more computer processors to perform further steps comprising:
    - receiving dialogue state information determined for a message; and
      
      maintaining the dialogue state information at the user-plane application.
  - 32. The apparatus of claim 31, wherein the instructions cause the one or more computer processors to perform further steps comprising:
    - receiving an indication that the user device session should be ended; and
      
      sending a message indicating the session should be ended for the session associated with the dialogue state information, wherein the network application ends the session associated with the dialogue state information.
  - 33. The apparatus of claim 27, wherein the instructions cause the one or more computer processors to perform further steps comprising:
    - receiving the crypto pointer with an encrypted message;
      
      using the crypto pointer to determine decryption information to decrypt the encrypted message; and
      
      sending the decrypted message to the network application.
  - 34. The apparatus of claim 27, wherein the instructions cause the one or more computer processors to perform further steps comprising:
    - receiving a request for the crypto pointer that is being maintained by the user-plane application, wherein the network application has lost the crypto pointer;
      
      looking up the crypto pointer for identification information for the user device; and
      
      sending the crypto pointer to the network application.

35. An apparatus configured to allow a network application to be stateless in an IP network, the apparatus comprising:
- a computer processor;
  
  means for receiving, at the network application in a network device, state information for a session for a user device, wherein the state information comprises a service route header and identification information for the user device;
  
  means for sending from the computer processor, the state information to a user-plane application through a network interface coupled to the network device, wherein the user-plane application comprises a gateway configured to route communications for the user device, the user-plane application being located in a network associated with the user device on an opposite side of the network interface from the network device, and wherein the user-plane application is configured to store the state information in a cache having the service route header associated with the user device identification information, and perform a stateful operation for the network application using the stored state information to offload the stateful operation from the network application of the network device to allow the network application to be stateless with respect to the offloaded stateful operation;
  
  when the stateful operation is a security operation;
  
  means for receiving in the network device, a message from the user device;
  
  means for generating security information based on the received message; and
  
  means for communicating with the user-plane application to have a crypto pointer allocated by the user-plane application for the security information, wherein the crypto pointer is stored in the cache associated with the user-plane application; and
  
  upon a failure of the network application that causes the network device to lose the state information and the crypto pointer, and re-initialization of the network application in the network device after the failure, communicating with the user-plane application to receive the state information and the crypto pointer from the cache associated with the user-plane application for continuing the session with the re-initialized network application without needing to establish a new session for the user device.

36. An apparatus configured to allow a network application to be stateless in an IP network, the apparatus comprising:
- a computer processor;
  
  means for receiving, in a gateway at a user-plane application, state information for a session for a user device, the state information required for communications to and from the user device and received through a network interface, wherein the user-plane application is located in a network associated with the user device on an opposite side of the network interface from the network application, wherein the gateway having the user-plane application is configured to route communications for the user device;
  
  means for storing the state information with the user-plane application associated with the user device, wherein the state information comprises a service route header and address for the user device, wherein the user-plane application stores the service route header and the address in a cache having the service route header associated with the user device address;
  
  means for performing, using the computer processor, a stateful operation using the state information for the network application, the stateful operation being offloaded from being performed by the network application to allow the network application to be stateless with respect to the offloaded stateful operation;
  
  when the stateful operation is a security operation;
  
  means for receiving a message from the network application to have a crypto pointer allocated in the computing device, wherein the crypto pointer allocation is based on security information from the received message;
  
  means for storing the crypto pointer in the cache associated with the user-plane application for the security information associated with identification information for the network application; and
  
  means for sending the crypto pointer to the network application;
  
  upon a failure of the network application that causes the network device to lose the state information and the crypto pointer, and re-initialization of the network application in the network device after the failure, receiving a request from the network device for the state information and the crypto pointer; and
  
  means for sending the state information and the crypto pointer retrieved from the cache associated with the user-plane application to the re-initialized network application in the network device for continuing the session with the network application without needing to establish a new session for the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Grayson, Mark, Iyer, Jayaraman
Primary Examiner(s)
Lin; Kenny S
Assistant Examiner(s)
WIDHALM, ANGELA M

Application Number

US11/477,977
Publication Number

US 20080005300A1
Time in Patent Office

1,693 Days
Field of Search

None
US Class Current

709/227
CPC Class Codes

H04L 63/164   at the network layer

H04L 67/1001   for accessing one among a p...

H04L 67/101   based on network conditions

H04L 67/1034   Reaction to server failures...

H04L 67/1038   Load balancing arrangements...

H04L 69/40   for recovering from a failu...

Application integrated gateway

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

73 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Application integrated gateway

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links