Controlling access to a host processor in a session border controller

US 7,764,612 B2
Filed: 06/16/2005
Issued: 07/27/2010
Est. Priority Date: 06/16/2005
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a host processor configured to manage calls in a network, each call associated with a plurality of signaling packets, each signaling packet comprising a source endpoint identifier; and

a traffic manager coupled to the host processor via a first path and a second path, each path associated with a bandwidth limit for a respective one of the paths,the traffic manager configured to receive the plurality of signaling packets and to communicate at least a first portion of the plurality of signaling packets to the host processor via a selected one of the paths,the traffic manager further configured to regulate traffic along the first path such that the bandwidth limit of the first path is respected, and to regulate traffic along the second path such that the bandwidth limit of the second path is respected.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for controlling access to a host processor is disclosed. One exemplary method comprises the steps of receiving a plurality of signaling packets and controlling access to a host processor, via a first and a second path, for at least a portion of the packets in accordance with a bandwidth limit for the respective path. An exemplary system comprises: a host processor; and a traffic manager coupled to the host processor via a first path and a second path. The traffic manager is configured to communicate at least a portion of the packets to the host processor via a selected one of the paths. The traffic manager is further configured to regulate traffic along the first path such that the bandwidth limit of the first path is respected, and to regulate traffic along the second path such that the bandwidth limit of the second path is respected.

71 Citations

View as Search Results

42 Claims

1. A system comprising:
- a host processor configured to manage calls in a network, each call associated with a plurality of signaling packets, each signaling packet comprising a source endpoint identifier; and
  
  a traffic manager coupled to the host processor via a first path and a second path, each path associated with a bandwidth limit for a respective one of the paths,the traffic manager configured to receive the plurality of signaling packets and to communicate at least a first portion of the plurality of signaling packets to the host processor via a selected one of the paths,the traffic manager further configured to regulate traffic along the first path such that the bandwidth limit of the first path is respected, and to regulate traffic along the second path such that the bandwidth limit of the second path is respected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 39, 40)
- - 2. The system of claim 1, wherein each path is associated with a respective policy defining the bandwidth limit for the respective one of the paths, and the traffic manager is further configured to apply the first policy to regulate traffic along the first path such that the bandwidth limit of the first path is respected, and to apply the second policy to regulate traffic along the second path such that the bandwidth limit of the second path is respected.
  - 3. The system of claim 1, wherein the first policy comprises at least one of a peak data rate, an average data rate, and a maximum burst size.
  - 4. The system of claim 1, wherein the traffic manager is further configured to select one of the paths for communication to the host processor based on the source endpoint identifier.
  - 5. The system of claim 1, wherein traffic manager is further configured to select the first path when the source endpoint identifier has previously registered with the session controller and to select the second path otherwise.
  - 6. The system of claim 1, wherein the first path comprises a plurality of sub-paths, each sub-path associated with a respective policy defining a bandwidth limit for the sub-path, wherein the traffic manager is further configured to apply the policy associated with the sub-path to regulate traffic along the sub-path such that the bandwidth limit of the sub-path is respected.
  - 7. The system of claim 6, wherein each signaling packet comprises a source endpoint identifier and the traffic manager is further configured to select one of the sub-paths for communication to the host processor based on the source endpoint identifier.
  - 8. The system of claim 1, wherein the traffic manager is further configured to selectively route at least a second portion of the plurality of signaling packets to a third path, the selection based on the source endpoint identifier of the signaling packet, the third path not coupled to the host processor.
  - 9. The system of claim 1, wherein the host processor is further configured to examine each signaling packet and to maintain signaling statistics associated with the endpoint identifier in the signaling packet.
  - 10. The system of claim 9, wherein the selection by the traffic manager is based on the source endpoint identifier of the signaling packet and the signaling statistics associated with that endpoint.
  - 39. The system of claim 1, wherein the traffic manager is separate from the host processor.
  - 40. The system of claim 1, wherein the traffic manager is a chipset that is separate from the host processor.

11. A method implemented in a session border controller, comprising the steps of:
- receiving a plurality of signaling packets, each signaling packet comprising a source endpoint identifier; and
  
  controlling access to a host processor of the session border controller by a traffic manager, via a first and a second path, for at least a portion of the signaling packets in accordance with a bandwidth limit for a respective one of the paths by regulating traffic along the first path such that the bandwidth limit of the first path is respected, and by regulating traffic along the second path such that the bandwidth limit of the second path is respected.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 12. The method of claim 11, wherein the controlling access step further comprises the step of:
    - selectively denying access to the host processor for at least one of the signaling packets, responsive to the source endpoint identifier of the at least one packet.
  - 13. The method of claim 12, wherein the denying step further comprises the steps of:
    - comparing the source endpoint identifier of the at least one signaling packet to a first list and a second list; and
      
      denying access when the source endpoint identifier is contained in the first list and is not contained in the second list.
  - 14. The method of claim 12, further comprising the step of:
    - discarding those packets in the plurality of signaling packets that are denied access to the host processor.
  - 15. The method of claim 12, further comprising the steps of:
    - marking those packets in the plurality of signaling packets that are denied access to the host processor; and
      
      accumulating statistics associated with the marked packets.
  - 16. The method of claim 11, wherein the controlling access step further comprises the step of:
    - controlling access to the host processor in accordance with a first and a second policy, each policy defining the bandwidth limit for a respective one of the paths.
  - 17. The method of claim 16, wherein the controlling step further comprises the step of:
    - applying the first policy to the first path such that the bandwidth limit of the first path is respected.
  - 18. The method of claim 16, wherein the controlling step further comprises the steps of:
    - routing at least one of the received signaling packets on the first path when the signaling packet does not violate the first policy; and
      
      routing at least one of the received signaling packets on a third path not coupled to the host processor when the signaling packet does violate the first policy.
  - 19. The method of claim 16, wherein the first policy comprises at least one of a peak data rate, an average data rate, and a maximum burst size.
  - 20. The method of claim 11, wherein the controlling access step further comprises the steps of:
    - selecting one of the paths, responsive to the source endpoint identifier of the signaling packet; and
      
      routing the signaling packet to the host processor via the selected path.
  - 21. The method of claim 11, further comprising the steps of:
    - examining a signaling layer message contained in each signaling packet;
      
      maintaining a state associated with each source endpoint identifier responsive to the signaling layer message;
      
      selecting one of the paths for the signaling packet, responsive to the state of the source endpoint identifier of the signaling packet; and
      
      routing the signaling packet to the host processor via the selected path.
  - 22. The method of claim 21, wherein the maintaining step further comprises the steps of:
    - promoting an endpoint to a trusted state responsive to a signaling layer registration message; and
      
      selecting the first path for the signaling packet when the endpoint is in the trusted state.
  - 23. The method of claim 21, wherein the maintaining step further comprises the step of:
    - demoting an endpoint to an untrusted state responsive to a timeout after promotion of the endpoint.

24. A system comprising:
- means for receiving a plurality of signaling packets, each signaling packet comprising a source endpoint identifier; and
  
  means for controlling access to a host processor by a traffic manager, via a first and a second path, for at least a portion of the signaling packets in accordance with a bandwidth limit for a respective one of the paths by regulating traffic along the first path such that the bandwidth limit of the first path is respected, and by regulating traffic along the second path such that the bandwidth limit of the second path is respected.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 25. The system of claim 24, further comprising:
    - means for selectively denying access to the host processor for a portion of the signaling packets, responsive to the source endpoint identifier of the packet.
  - 26. The system of claim 24, further comprising:
    - means for comparing the source endpoint identifier of the signaling packet to a first list and a second list; and
      
      means for denying access when the source endpoint identifier is contained in the first list and is not contained in the second list.
  - 27. The system of claim 24, wherein the means for controlling further comprises:
    - means for applying a first policy to the first path such that the bandwidth limit of the first path is respected.
  - 28. The system of claim 27, wherein the first policy comprises at least one of a peak data rate, an average data rate, and a maximum burst size.
  - 29. The system of claim 27, further comprising:
    - means for routing a signaling packet onto the first path when the signaling packet does not violate the first policy.
  - 30. The system of claim 27, further comprising:
    - means for routing a signaling packet onto a third path not coupled to the host processor when the signaling packet does violate the first policy.
  - 31. The system of claim 24, further comprising:
    - means for selecting one of the paths, responsive to the source endpoint identifier of the signaling packet; and
      
      means for routing the signaling packet to the host processor via the selected path.
  - 32. The system of claim 24, further comprising:
    - means for examining a signaling layer message contained in each signaling packet;
      
      means for maintaining a state associated with each source endpoint identifier responsive to the signaling layer message; and
      
      means for selecting one of the paths for the signaling packet, responsive to the state of the source endpoint identifier of the signaling packet; and
      
      means for routing the signaling packet to the host processor via the selected path.
  - 33. The system of claim 32, further comprising:
    - means for promoting an endpoint to a trusted state responsive to a signaling layer registration message; and
      
      means for selecting the first path for the signaling packet when the endpoint is in the trusted state.
  - 34. The system of claim 32, wherein the means for maintaining further comprises:
    - means for demoting an endpoint to an untrusted state responsive to a timeout after promotion of the endpoint.

35. A method implemented in a session border controller, comprising the steps of:
- receiving a plurality of signaling packets, each signaling packets comprising a source endpoint identifier; and
  
  selecting a first or a second path, responsive to the source endpoint identifier of the packet, for at least a portion of the packets in accordance with a bandwidth limit for a respective one of the paths; and
  
  routing by a traffic manager each packet in the portion of packets to a host processor of the session border controller via the selected path to respect the bandwidth limit of the first path and the bandwidth limit of the second path.
- View Dependent Claims (36, 37, 38, 41, 42)
- - 36. The method of claim 35, further comprising the steps of:
    - examining, in the host processor, a service request contained in a first packet routed to the host processor;
      
      responsive to the service request, maintaining a state associated with the source endpoint identifier of the first packet;
      
      selecting one of the paths for a second packet, responsive to the state of the source endpoint identifier of the first packet; and
      
      routing the second packet to the processor via the selected path.
  - 37. The method of claim 36, wherein the maintaining step further comprises the steps of:
    - promoting an endpoint to a trusted state responsive to the service request; and
      
      selecting the first path for the second packet when the endpoint is in the trusted state.
  - 38. The method of claim 36, wherein the maintaining step further comprises the step of:
    - demoting an endpoint to an untrusted state responsive to a timeout after promotion of the endpoint.
  - 41. The method of claim 35, wherein the selecting and routing is performed by hardware rather than by software.
  - 42. The method of claim 35, wherein the selecting and routing is performed by hardware rather than by software executing on the host processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Acme Packet Incorporated (Oracle Corporation)
Original Assignee
Acme Packet Incorporated (Oracle Corporation)
Inventors
Manuja, Ajay, Dobbins, Ephraim Webster, Penfield, Robert Flagg, MeLampy, Patrick John
Primary Examiner(s)
Moe; Aung S
Assistant Examiner(s)
RIYAMI, ABDULLA A

Application Number

US11/153,983
Publication Number

US 20060285493A1
Time in Patent Office

1,867 Days
Field of Search

370/229, 370/230, 370/230.1, 370/231, 370/31, 370/236, 370/352, 370/356, 370/412, 370/466, 370/392, 370/493, 370/353, 370/354, 370/355, 370/358, 370/395.2, 370/389, 370/394, 370/428, 370/232, 370/235, 370/395.21, 370/398, 709/206, 709/223, 709/224, 709/229, 709/234, 709/235, 379/88.22, 379/211.02, 379/212.01
US Class Current

370/231
CPC Class Codes

H04L 47/125   by balancing the load, e.g....

H04L 47/20   Traffic policing

H04L 47/2416   Real-time traffic

H04L 63/1458   Denial of Service

H04L 65/1073   Registration or de-registra...

H04L 65/1079   of unsolicited session atte...

H04L 65/1101   Session protocols

H04L 65/1104   Session initiation protocol...

H04L 65/80   Responding to QoS

Controlling access to a host processor in a session border controller

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling access to a host processor in a session border controller

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links