Subscriber-based network traffic management
First Claim
1. A service node device for providing subscriber-specific services upstream from an access router of an access network and coupled by a communication link to an external session and resource controller (SRC) that manages application services applied at the service node, the service node device comprising:
- a network interface to receive an initial packet of a packet flow associated with a subscriber device attached to the access network, wherein the initial packet includes a network address dynamically assigned to the subscriber device by an authentication server upon attachment of the subscriber device to the access network, and wherein the service node device does not store a subscriber identifier associated with the network address when the initial packet is received;
a packet-triggered subscriber and policy interface (PTSP) client to generate a message that includes the network address but does not include a subscriber identifier associated with the network address, wherein the PTSP client sends the message to the external SRC to request an enforcement policy for the network address;
wherein the PTSP client receives, from the external SRC and in response to the message, the enforcement policy, wherein the enforcement policy represents a subscriber-specific service mapped to the network address by the external SRC; and
a services unit to apply the enforcement policy to the packet flow.
1 Assignment
0 Petitions
Accused Products
Abstract
In general, the invention is directed to techniques for offloading per-subscriber traffic management from an access gateway to one or more upstream service nodes within a service provider network. For example, as described herein, an upstream service node receives a new packet flow for a subscriber and sends packet flow information, such as a network address, to a session and resource controller (SRC). The SRC maintains a table of subscriber attachment sessions and maps the packet flow information to a subscriber attachment session in the table to obtain a subscriber identifier for a subscriber. The SRC then determines subscriber-specific services to be applied to subscriber data traffic, transforms the services to a set of one or more enforcement policies, and returns the enforcement policies to the service node. In turn, the service node applies the enforcement policies for the subscriber-specific services to the subscriber data traffic in the packet flow.
138 Citations
26 Claims
-
1. A service node device for providing subscriber-specific services upstream from an access router of an access network and coupled by a communication link to an external session and resource controller (SRC) that manages application services applied at the service node, the service node device comprising:
-
a network interface to receive an initial packet of a packet flow associated with a subscriber device attached to the access network, wherein the initial packet includes a network address dynamically assigned to the subscriber device by an authentication server upon attachment of the subscriber device to the access network, and wherein the service node device does not store a subscriber identifier associated with the network address when the initial packet is received; a packet-triggered subscriber and policy interface (PTSP) client to generate a message that includes the network address but does not include a subscriber identifier associated with the network address, wherein the PTSP client sends the message to the external SRC to request an enforcement policy for the network address; wherein the PTSP client receives, from the external SRC and in response to the message, the enforcement policy, wherein the enforcement policy represents a subscriber-specific service mapped to the network address by the external SRC; and a services unit to apply the enforcement policy to the packet flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A session and resource controller (SRC) comprising:
-
a session repository to store an attachment sessions table and a service sessions table, wherein the attachment sessions table comprises one or more subscriber attachment records that each map a network address to a subscriber identifier, and wherein the service sessions table comprises one or more service sessions records that each map a subscriber identifier to a service; a subscriber attachment front end to receive an attachment notification message for a subscriber device, wherein the attachment notification message includes a mapping that maps, to a subscriber identifier, a network address dynamically assigned to the subscriber device by an authentication server upon attachment of the subscriber device to an access network, and wherein the subscriber attachment front end stores the mapping to the attachment sessions table as a subscriber attachment record; and a service activation engine to receive, from an external service node device coupled by a communication link to the SRC, a message that includes a network address, but does not include the subscriber identifier associated with the network address, that characterizes a packet flow traversing the external service node device, wherein the service activation engine, upon receiving the message from the external service node device; queries the attachment sessions table using the first network address to obtain the subscriber identifier mapped to the network address; queries the service sessions table using the subscriber identifier to obtain a subscriber-specific service to apply to the packet flow characterized by the network address; and sends service information for the subscriber-specific service to the external service node device to cause the external service node device to apply the subscriber-specific service to the packet flow characterized by the network address. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method for applying, to a packet flow, policies with a service node device that is located upstream from an access router of an access network a coupled by a communication link to an external session and resource controller (SRC), comprising:
-
receiving an initial packet of a packet flow associated with a subscriber device attached to the access network, wherein the initial packet includes a network address dynamically assigned to the subscriber device by an authentication server upon attachment of the subscriber device to the access network, and wherein the service node device does not store a subscriber identifier associated with the network address when the initial packet is received; generating a message that includes the network address but does not include the subscriber identifier associated with the network address and sending the message from the service node device to the external SRC to request an enforcement policy for the network address; receiving the enforcement policy with the service node device and from the SRC, wherein the enforcement policy represents a subscriber-specific service mapped to the network address; and applying the enforcement policy with the service node device to the packet flow. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method comprising:
-
with a session and resource controller (SRC), storing an attachment sessions table and a service sessions table, wherein the attachment sessions table comprises one or more subscriber attachment records that each map a network address to a subscriber identifier, and wherein the service sessions table comprises one or more service sessions records that each map a subscriber identifier to a service; receiving, with the SRC, an attachment notification message for a subscriber device, wherein the attachment notification message includes a mapping that maps, to a subscriber identifier, a network address dynamically assigned to the subscriber device by an authentication server upon attachment of the subscriber device to an access network; storing the mapping to the attachment sessions table as a subscriber attachment record; receiving, with the SRC from an external service node device, a message that includes a network address, but does not include the subscriber identifier associated with the network address, that characterizes a packet flow traversing the external service node device; by the SRC and in response to receiving the message, querying the attachment sessions table using the network address to obtain the subscriber identifier mapped to the network address in the subscriber attachment record; by the SRC and in response to receiving the message, querying the service sessions table using the subscriber identifier to obtain a subscriber-specific service to apply to the packet flow characterized by the network address; and by the SRC and in response to receiving the message, sending service information for the subscriber-specific service to the external service node device to cause the external service node device to apply the subscriber-specific service to the packet flow characterized by the network address. - View Dependent Claims (20, 21, 22)
-
-
23. A system comprising:
-
an access gateway of an access network for a service provider network; a session and resource controller (SRC) external to the access gateway; and first and second service node devices of the service provider network that are external to and located upstream from the access gateway in the service provider network, wherein the first service node device comprises; a first network interface to receive a first initial packet for a first packet flow associated with a subscriber device attached to the access network, wherein the first initial packet includes a network address dynamically assigned to the subscriber device by an authentication server upon attachment of the subscriber device to the access network, and wherein the first service node device does not store a subscriber identifier associated with the network address when the first initial packet is received; a first packet-triggered subscriber and policy interface (PTSP) client to generate a first message that includes the network address but does not include a subscriber identifier associated with the network address and to send the first message to the SRC to request and receive an enforcement policy for the network address; and a first service unit to apply the first enforcement policy to the first packet flow, wherein the second service node device comprises; a second network interface to receive a second initial packet for a second packet flow associated with the subscriber device, wherein the second initial packet includes the network address, and wherein the second service node device does not store a subscriber identifier associated with the network address when the second initial packet is received; a second packet-triggered subscriber and policy interface (PTSP) client to generate a second message that includes the network address but does not include the subscriber identifier associated with the network address and to send the second message to the SRC to request and receive the enforcement policy for the network address; and a second service unit to apply the second enforcement policy to the second packet flow, wherein the SRC is external to the first and second service node devices and comprises; an attachment sessions table comprising one or more attachment session records that each map a network address to a subscriber identifier; a service sessions table comprising one or more service session records that each map a subscriber identifier to a service; a service activation engine to receive the first message and the second message, wherein the service activation engine uses the network address received in the first message and the second message to determine a subscriber identifier from the attachment sessions table, wherein the service activation engine uses the subscriber identifier to determine the service from the service sessions table, wherein the service activation engine sends the enforcement policy for the service to the first and second service node devices, and wherein the respective first and second service units of the first and second service node devices apply the enforcement policy to the respective first and second packet flows. - View Dependent Claims (24, 25, 26)
-
Specification