Session redundancy among a server cluster

US 8,499,336 B2
Filed: 11/23/2010
Issued: 07/30/2013
Est. Priority Date: 11/23/2010
Status: Active Grant

First Claim

Patent Images

1. An authentication server comprising:

a memory;

a processor operable to execute instructions stored in the memory;

a network interface in communication with an authentication client on a network using an authentication protocol;

an authentication module for maintaining state for an individual authentication session with the authentication client; and

a mirroring module in communication with the authentication module, the mirroring module configured to receive authentication messages from the authentication module and from the authentication client for the individual authentication session, the mirroring module configured to individually forward each of the received authentication messages to an authentication mirror via a service provider'"'"'s network, and the mirroring module configured to select the authentication mirror from a pool of peer servers on the service provider'"'"'s network,each incoming authentication message being forwarded upon arrival by the authentication server to provide synchronization with a mirror server, allowing the authentication mirror to be up-to-date,wherein the instructions are operable to send identifying information of the authentication mirror to the authentication client via authentication protocol messages while received authentication messages for the authentication session are being forwarded by the authentication module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for providing redundancy and failover for servers communicating via an authentication protocol. Mirroring is initiated at the beginning of a Diameter application session by an enhanced Diameter server, which continuously provides updates of the Diameter session to one or more peer Diameter mirror servers and thereby maintains an active mirror of the session.

Citations

20 Claims

1. An authentication server comprising:
- a memory;
  
  a processor operable to execute instructions stored in the memory;
  
  a network interface in communication with an authentication client on a network using an authentication protocol;
  
  an authentication module for maintaining state for an individual authentication session with the authentication client; and
  
  a mirroring module in communication with the authentication module, the mirroring module configured to receive authentication messages from the authentication module and from the authentication client for the individual authentication session, the mirroring module configured to individually forward each of the received authentication messages to an authentication mirror via a service provider'"'"'s network, and the mirroring module configured to select the authentication mirror from a pool of peer servers on the service provider'"'"'s network,each incoming authentication message being forwarded upon arrival by the authentication server to provide synchronization with a mirror server, allowing the authentication mirror to be up-to-date,wherein the instructions are operable to send identifying information of the authentication mirror to the authentication client via authentication protocol messages while received authentication messages for the authentication session are being forwarded by the authentication module.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The authentication server of claim 1, wherein the authentication server is operable to mirror a plurality of client sessions to a plurality of authentication mirrors.
  - 3. The authentication server of claim 1, wherein the authentication server is configured to be responsive to a request to serve as an authentication mirror for a mirrored session from a peer server, and to resume the mirrored session in place of the peer server in case of failure of the peer server.
  - 4. The authentication server of claim 1, wherein the instructions are operable to select a peer server as a mirror at time of creation of a new authentication session between the authentication client and the authentication server.
  - 5. The authentication server of claim 1, further comprising a module for functioning as a mirror of a peer server.
  - 6. The authentication server of claim 1, wherein the authentication protocol is a Diameter-based protocol.
  - 7. The authentication server of claim 1, wherein the authentication server is one of a Serving Gateway (SGW), a Policy Charging and Rules Function (PCRF), or a Call Session Control Function (CSCF).

8. A method comprising:
- receiving an authentication protocol message from an authentication client at a server initiating an authentication application session;
  
  receiving at a mirroring module authentication messages from authentication module and from authentication client for the authentication application session, the mirroring module individually forwarding the received authentication messages to a mirror server;
  
  establishing an authentication application session between the authentication client and the server;
  
  selecting at least the mirror server for the authentication application session from a pool of peer servers;
  
  configuring continuous and active forwarding of individual authentication protocol messages from the authentication client to the mirror server;
  
  sending identifying information about the mirror server to the authentication client in an authentication message while the authentication application session is being handled by the server; and
  
  allowing the mirror server to maintain up-to-date authentication state for the authentication application session.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising receiving a request to serve as a mirror for an authentication session from the peer server and resuming the mirrored session in place of the peer server in case of failure of the peer server.
  - 10. The method of claim 8, further comprising forwarding authentication protocol messages relating to a plurality of client sessions to a plurality of mirror servers.
  - 11. The method of claim 8, further comprising maintaining a centralized list of mirror servers for each authentication session.
  - 12. The method of claim 8, further comprising discovering and storing addresses of peer servers that may be selected as mirrors.
  - 13. The method of claim 8, further comprising selecting a peer server as a mirror at time of creation of a new authentication session between the authentication client and the authentication server.
  - 14. The method of claim 8, further comprising functioning as a mirror server of a peer authentication server.
  - 15. The method of claim 8, wherein the authentication protocol is a Diameter-based protocol, the identifying information is an IP address, and the server is one of a Serving Gateway (SGW), a Policy Charging and Rules Function (PCRF), or a Call Session Control Function (CSCF).

16. Logic encoded in one or more non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- receiving an authentication protocol message from an authentication client at a server initiating an authentication application session;
  
  receiving at a mirroring module authentication messages from authentication module and from authentication client for the authentication application session, the mirroring module individually forwarding the received authentication messages to a mirror server;
  
  establishing an authentication application session between the authentication client and the server;
  
  selecting at least the mirror server for the authentication application session from a pool of peer servers;
  
  configuring continuous and active forwarding of individual authentication protocol messages from the authentication client to the mirror server;
  
  sending identifying information about the mirror server to the authentication client in an authentication message while the authentication application session is being handled by the server; and
  
  allowing the mirror server to maintain up-to-date authentication state for the authentication application session.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The logic of claim 16, the operations further comprising receiving a request to serve as a mirror for an authentication session from the peer server and resuming the mirrored session in place of the peer server in case of failure of the peer server.
  - 18. The logic of claim 16, further comprising forwarding authentication protocol messages relating to a plurality of client sessions to a plurality of mirror servers.
  - 19. The logic of claim 16, the operations further comprising discovering and storing addresses of peer servers that may be selected as mirrors.
  - 20. The logic of claim 16, wherein the authentication protocol is a Diameter-based protocol, and the server is one of a Serving Gateway (SGW), a Policy Charging and Rules Function (PCRF), or a Call Session Control Function (CSCF).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Alex, Arun C., Mathai, Stinson
Primary Examiner(s)
Etienne, Ario
Assistant Examiner(s)
MENDAYE, KIDEST H

Application Number

US12/952,441
Publication Number

US 20120131639A1
Time in Patent Office

980 Days
Field of Search

726 6- 8, 726/11, 726/12, 713/153, 713/168, 713/170, 709/248, 709/247
US Class Current

726/3
CPC Class Codes

H04L 63/0892   by using authentication-aut...

H04L 67/142   Managing session states for...

H04L 67/143   Termination or inactivation...

H04L 67/146   Markers for unambiguous ide...

H04L 67/148   Migration or transfer of se...

H04L 69/40   for recovering from a failu...

H04M 15/00   Arrangements for metering, ...

H04M 15/66   Policy and charging system

H04W 4/24   Accounting or billing

Session redundancy among a server cluster

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Session redundancy among a server cluster

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links