US20070297335A1 - Secure network architecture with quality of service - Google Patents

Secure network architecture with quality of service Download PDF

Info

Publication number
US20070297335A1
US20070297335A1 US11/850,862 US85086207A US2007297335A1 US 20070297335 A1 US20070297335 A1 US 20070297335A1 US 85086207 A US85086207 A US 85086207A US 2007297335 A1 US2007297335 A1 US 2007297335A1
Authority
US
United States
Prior art keywords
qos
session
user
module
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/850,862
Inventor
Heidi Picher-Dempsey
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Level 3 Communications LLC
Original Assignee
Level 3 Communications LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Level 3 Communications LLC filed Critical Level 3 Communications LLC
Priority to US11/850,862 priority Critical patent/US20070297335A1/en
Publication of US20070297335A1 publication Critical patent/US20070297335A1/en
Assigned to LEVEL 3 COMMUNICATIONS, LLC reassignment LEVEL 3 COMMUNICATIONS, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LEVEL 3 COMMUNICATIONS, INC.
Assigned to GTE INTERNETWORKING INCORPORATED reassignment GTE INTERNETWORKING INCORPORATED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PICHER-DEMPSEY, HEIDI
Assigned to LEVEL 3 COMMUNICATIONS, LLC reassignment LEVEL 3 COMMUNICATIONS, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LEVEL 3 COMMUNICATIONS, INC.
Assigned to LEVEL 3 COMMUNICATIONS, LLC reassignment LEVEL 3 COMMUNICATIONS, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GENUITY INC.
Assigned to GENUITY INC. reassignment GENUITY INC. CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: GTE INTERNETWORKING INCORPORATED
Assigned to MERRILL LYNCH CAPITAL CORPORATION, AS COLLATERAL AGENT reassignment MERRILL LYNCH CAPITAL CORPORATION, AS COLLATERAL AGENT SECURITY AGREEMENT Assignors: ICG COMMUNICATION, INC., LEVEL 3 COMMUNICATIONS, INC.
Assigned to LEVEL 3 COMMUNICATIONS, INC. reassignment LEVEL 3 COMMUNICATIONS, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LEVEL 3 COMMUNICATIONS, LLC
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5032Generating service level reports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5041Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
    • H04L41/5051Service on demand, e.g. definition and deployment of services in real time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5041Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
    • H04L41/5054Automatic deployment of services triggered by the service manager, e.g. service implementation by automatic configuration of network components
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • H04L43/106Active monitoring, e.g. heartbeat, ping or trace-route using time related information in packets, e.g. by adding timestamps

Definitions

  • the present invention relates generally to network communication, and more particularly to establishing dedicated and secure communication sessions over a wide area network.
  • Certain types of business activities create the need to transfer information in a timely and secure manner. For instance, banks periodically “backup” their computer files to a remote central database and need to know that these files were successfully copied to the remote database without having been attacked or corrupted during the process.
  • Video conferencing is another example of an application that demands the timely and secure transmission of information (video/voice/data). Network transmission delay or the successful attack by a hacker can cause significant business problems or render applications useless.
  • One solution to the problem of network delay is to lease dedicated point-to-point digital data lines, such as an ISDN or T1 line, over which time critical information is sent.
  • these lines carry traffic that is not time critical between the two end points as well. Because neither of the two traffic types is given precedence under these circumstances, time critical traffic may be delayed.
  • a typical solution to the precedence problem is to introduce a “priority queuing” mechanism into the network.
  • Such queuing mechanisms give precedence to certain time critical traffic while handling the rest of the traffic on a “best effort” basis.
  • both dedicated leased lines and priority queuing require a significant configuration effort, usually by the system manager.
  • the system manager is not on site or may not even be an employee of the company using the service.
  • the user may have no ready means to modify the configuration, which dictates that the service being provided is static in nature and not adaptable to applications where the timing of critical traffic cannot be regularly scheduled.
  • ATM asynchronous transfer mode
  • QoS quality of service
  • An ATM network can support some number of virtual channels (VCs) over which traffic with certain defined QoS characteristics can travel. These QoS characteristics can be used to group traffic according to precedence, and VCs can be established to transmit the different traffic types.
  • VCs virtual channels
  • IP Internet protocol
  • PVC Permanent Virtual Channel
  • the Internet protocol only provides for the “best effort” transmission of information. This means that all traffic is of equal precedence meaning that if there is more traffic to be transmitted than the network can handle, this traffic must be buffered in a FIFO arrangement for some period of time until it gets to the top of the buffer at which time it would be transmitted. Clearly, “best effort” transmission is not suitable for time critical traffic.
  • the RSVP protocol was developed to allow an application to request QoS on the Internet and avoid delaying time critical traffic. Applications designed to employ this protocol are able to dynamically request specific QoS from a network, thereby ensuring that time critical traffic is transmitted over dedicated network resources. Specifically, the RSVP protocol reserves network bandwidth for certain traffic. Despite these benefits, the RSVP protocol is relatively new, and as a result, most applications have not been redesigned to process RSVP messages.
  • Firewall is another critical characteristic that certain types of customers demand before conducting their business over the Internet.
  • Internet security is provided by a firewall placed between a local area network (LAN) router, or premises router, and the host computers attached to the LAN.
  • Firewall products such as Gauntlet, are offered commercially by TIS Co.
  • firewall type products are needed to provide application security.
  • firewall products have not been designed to process RSVP messages, Internet security and QoS are mutually exclusive characteristics of Internet communication at the present time, even though both are desirable.
  • Systems and methods consistent with the present invention provide a QoS server that operates such that commercially available firewall products can be utilized by local networks to maintain security.
  • existing commercially available IP routers can be utilized to fulfill QoS requests from secure local networks.
  • a server system includes means for receiving a session request for establishing a communication path for transmitting information, means for sending a message to an originating router in the communication path in response to the request, the message including a request to reserve resources for transmitting the information, and means for monitoring the originating router to determine whether all of the routers along the transmission path have sufficient resources to establish the communication path in accordance with the session request.
  • FIG. 1 is a block diagram of a secure network architecture consistent with the present invention.
  • FIG. 2 is a block diagram of the IP/QoS module of FIG. 1 .
  • FIGS. 3A and 3B are flowcharts showing steps, consistent with the present invention, for establishing a QoS session.
  • FIG. 4 is a screenshot of a session request interface consistent with the present invention.
  • FIG. 1 is a block diagram of secure network 100 consistent with the present invention.
  • An Internet Service Provider maintains a wide area network (WAN) 150 to which are attached several LANs 110 , 130 , and 140 .
  • WAN 150 is composed of a number of interconnected WAN routers 116 , 118 , and 122 typically referred to as a “Backbone” and at least one IP/QoS module 120 with an associated firewall 124 .
  • WAN routers 116 , 118 , and 122 are RSVP capable and could be, for instance, Cisco 7507 routers running the Cisco 11.2 Internet Operating System (IOS).
  • IOS Internet Operating System
  • the WAN routers serve to receive packets of information from the LANs, determine whether or not the packet has been designated for QoS service, and if so, operate to transmit the packet to some destination router in a manner which provides the proper QoS.
  • IP/QoS module 120 and associated firewall module 124 are located at a QoS hosting site of ISP 150 .
  • Firewall module 124 servers to monitor traffic to the site to ensure that all traffic comes from registered and authorized users.
  • firewall modules are commercially available and could be composed of, for instance, an IBM/PC with IP security software (IPSEC).
  • IP/QoS module 120 could be any workstation running, for example, the Solaris 2.5 operating system.
  • Firewall 124 associated with IP/QoS module 120 is connected to router 118 by a communication line, such as a T1, and IP/QoS module 120 is connected to firewall 124 via a local communication line, such as an Ethernet connection.
  • IP/QoS module 120 serves to provide a session reservation setup application to the user upon request, to accept requests for QoS service from users, to transmit these user QoS requests to the WAN routers, to monitor the routers to determine if the QoS request has been established or not, and then notify the user of the state of the QoS request.
  • premises routers 114 , 126 , and 134 are connected to the WAN routers 116 , 118 , and 122 , respectively, via communication lines, such as a T1 line.
  • the premises routers serve as the “originating/destination” routers in the network.
  • Firewall 112 is attached to premises router 114 , by a local communication line, such as a T1 line, and serves to monitor traffic into LAN 110 , which is connected to firewall 112 via a local communication line, such as an Ethernet connection.
  • LAN 110 supports some number of users, which are illustrated as hosts 102 , 104 , and 106 in FIG. 1 .
  • Each host platform could be any personal computer or workstation computer running browser software, such as Netscape 3.0 or Internet Explorer 3.0 software.
  • Firewalls 128 and 136 are similarly attached to premises routers 126 and 134 , respectively, and monitor traffic into LANs 130 and 140 , respectively.
  • LANs 130 and 140 are shown as supporting hosts 132 and 138 , respectively, although more hosts could be supported.
  • FIG. 2 shows a block diagram of IP/QoS module 120 along with certain WAN and LAN elements.
  • IP/QoS server module 120 includes a browser user interface (BUI) 210 , a session set-up server 215 with a setup applet 220 , an event server 230 , an RSVP node server 225 , and an mSQL Database Server 240 with a corresponding database 235 .
  • BUI browser user interface
  • IP/QoS server module 120 executes software instructions read into a main memory from another computer-readable medium. Execution of the sequences of instructions contained in main memory causes module 120 to perform the process steps described herein.
  • hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
  • Non-volatile media includes, for example, optical or magnetic disks.
  • Volatile media includes dynamic memory.
  • Transmission media includes coaxial cables, copper wire and fiber optics. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and intra-red data communications.
  • Computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
  • BUI 210 provides all the client functions, including the RSVP setup functionality, which are available to an authorized user based on the level of that user profile.
  • Session setup server 215 accepts and executes requests from the host to add or remove sessions.
  • the sessions supported include RSVP point-to-point or multi-point sessions.
  • Session setup applet 220 included in session setup server 215 , specifically enables an authorized user to setup and tear down RSVP sessions.
  • the level of functionality within the applet depends upon the user type and realm, i.e., a logical grouping of customer sites of which the user is part.
  • Event Server 230 is a daemon that collects events from other QoS servers, such as RSVP node server 225 , and forwards those events to other servers or client functions. Event server 230 handles user, router and multicast event types. RSVP node server 225 periodically polls routers such as router 126 and 114 to determine the state of requested sessions. The sessions supported are RSVP point-to-point or multi-point sessions. Lastly, mSQL Database Server 240 accepts all queries from the IP/QoS server modules and functions. This database is used to store all IP/QoS module information about user administration, address administration, and RSVP session tables.
  • BUI 210 acts as an interface between the user and the IP/QoS functionality. All requests for QoS service from the user are sent to BUI 210 and all responses to these requests are then available to the user at BUI 210 .
  • session setup server 215 permits authorized users to log onto IP/QoS module 120 and to make reservation requests.
  • session setup applet 220 downloads JAVA user interface software to the host, providing a graphic interface to BUI 210 .
  • database module 235 provides an essential back end to IP/QoS module 120 .
  • Session setup server 215 depends upon database module 235 to provide user information such as user name, password, user level (e.g. desktop user, system analyst, network operation center), access level (none, some, all), domain name, and other relevant information.
  • Database module 235 is first accessed when the user enters BUI 210 to verify the user's name, password, user level, etc. and then again when the user submits a QoS request, to identify the domain, router names, session definitions, etc.
  • database module 235 is not necessarily required to establish a QoS session, it is more preferable than establishing each session by hand.
  • FIGS. 3A and 3B show steps, consistent with the present invention, for establishing a QoS session.
  • IP/QoS module 120 responds to a user logon by downloading a JAVA applet to the user's host (step 305 ).
  • This applet includes a page called the “Definition Wizard” that permits the user to define the parameters of a session.
  • FIG. 4 shows a screenshot of an exemplary interface window for defining the parameters of the session, including sender information 410 , receiver information 420 , reservation information 430 , miscellaneous information 440 , and a session status 450 .
  • Sender information 410 identifies the host IP address and port for the source of priority data.
  • Receiver information 420 identifies the IP address and ports of recipients of the priority data.
  • Reservation information 430 identifies the characteristics of the priority data, including bandwidth, RSVP service type and protocol type, for example.
  • Miscellaneous information 440 identifies users who can access the session by login name, and sets the maximum duration of the session. Miscellaneous information 440 also allows sessions to be saved in the database, or reset.
  • session status information 450 presents dynamic status on the state of the requested session.
  • the host can send a QoS session request to IP/QoS module 120 (step 310 ).
  • the session request is sent as a standard IP message, not as an RSVP message.
  • the format of the packet for the session request is different from the host to the firewall and from the firewall to IP/QoS module 120 .
  • the firewall may encrypt the session request packet before forwarding it to IP/QoS module 120 .
  • IP/QoS module 120 determines if the request was received from an authorized user (step 315 ). For example, IP/QoS module 120 may search database module 235 to determine whether the user requesting the service is authorized. In addition, IP/QoS module 120 determines if the resources necessary to fulfill the request are available. To determine the availability of the necessary resources, session setup server 215 runs an “expect” script to connect to the originating routers console. The originating router is often the premises router, such as premises router 114 shown in FIG. 2 . In the event the bi-directional service is requested, session setup server 215 could contact both the originating/premises router and the destination router.
  • the expect script causes a message to be sent from session setup server 215 to the originating router (step 320 ).
  • This message which includes information about the QoS reservation called for by the host, appears to the originating router to be a Telnet message not an RSVP message.
  • the information in the message includes a request for the originating router to reserve the router resources necessary to transmit traffic from the host in accordance with the QoS session request.
  • the originating router After receiving the message from session setup server 215 , the originating router checks to see if it can provide the requested resources for the QoS session request (step 325 ). For example, the originating router checks if it has sufficient bandwidth available to provide the requested service. In addition, the originating router transmits messages to the next router along the transmission path to see if it has the resources to provide the requested QoS service (step 330 ). Each of the other routers along the transmission path determines whether it has the available resources for the QoS service and returns a message to the originating router if the router has insufficient resources (step 335 ).
  • RSVP node server 225 monitors the routers to determine the RSVP state of the routers along the transmission path, i.e., to see if the QoS service is available and was enabled (step 340 ). This state information is then passed to event server 230 (step 345 ), which in turn passes state information to session setup server 215 (step 350 ). If all the resources necessary for establishing the QoS session are available, the user will be notified that their QoS session request has been granted and that they can begin their session (step 355 ). If granted, the session proceeds, and the routers handle all traffic associated with that session according to the QoS parameters included in the QoS session request (step 360 ).
  • a network communication system provides for QoS sessions while maintaining network security using commercially available firewall products.
  • QoS requests from secure local networks can be fulfilled using existing commercially available IP routers.

Abstract

In a wide area network arrangement composed of some number of secure local networks and an Internet service provider (ISP) back-bone, LAN hosts are able to indirectly access network routers, through an ISP quality of service (QoS) module, to request that information transmitted during certain specified sessions be given priority treatment by the network.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • The present application is a continuation of U.S. Nonprovisional application Ser. No. 08/990,096, entitled “SECURE NETWORK ARCHITECTURE WITH QUALITY OF SERVICE,” filed on Dec. 12, 1997, which is specifically incorporated by reference herein for all that it discloses and teaches.
  • BACKGROUND OF THE INVENTION
  • The present invention relates generally to network communication, and more particularly to establishing dedicated and secure communication sessions over a wide area network.
  • Certain types of business activities create the need to transfer information in a timely and secure manner. For instance, banks periodically “backup” their computer files to a remote central database and need to know that these files were successfully copied to the remote database without having been attacked or corrupted during the process. Video conferencing is another example of an application that demands the timely and secure transmission of information (video/voice/data). Network transmission delay or the successful attack by a hacker can cause significant business problems or render applications useless.
  • One solution to the problem of network delay is to lease dedicated point-to-point digital data lines, such as an ISDN or T1 line, over which time critical information is sent. In addition to carrying the critical traffic, however, these lines carry traffic that is not time critical between the two end points as well. Because neither of the two traffic types is given precedence under these circumstances, time critical traffic may be delayed.
  • A typical solution to the precedence problem is to introduce a “priority queuing” mechanism into the network. Such queuing mechanisms give precedence to certain time critical traffic while handling the rest of the traffic on a “best effort” basis. However, both dedicated leased lines and priority queuing require a significant configuration effort, usually by the system manager. Typically, the system manager is not on site or may not even be an employee of the company using the service. As a result, the user may have no ready means to modify the configuration, which dictates that the service being provided is static in nature and not adaptable to applications where the timing of critical traffic cannot be regularly scheduled.
  • Another solution to the problem of network delay typically utilized by network managers is to incorporate an asynchronous transfer mode (ATM) backbone between the various local networks to handle the transfer of information. ATM was designed to provide a wide range of quality of service (QoS) capabilities. An ATM network can support some number of virtual channels (VCs) over which traffic with certain defined QoS characteristics can travel. These QoS characteristics can be used to group traffic according to precedence, and VCs can be established to transmit the different traffic types.
  • Using ATM interfaces to carry QoS Internet traffic, however, requires the router to map Internet protocol (IP) data flows into the VCs based on QoS characteristics. In addition, the current practice is to default to a single Permanent Virtual Channel (PVC) between routers, which does not allow for multiple service classes within the ATM net work. Although multiple PVCs are sometimes configured, there is no standard way of mapping QoS characteristics to PVCs. Also, there are no multicast PVCs, so Internet multicast traffic cannot be delivered over an equivalent PVC. Consequently, it must be duplicated and sent over separate PVCs to each multicast designation, which uses up a lot more bandwidth.
  • Inherently, the Internet protocol only provides for the “best effort” transmission of information. This means that all traffic is of equal precedence meaning that if there is more traffic to be transmitted than the network can handle, this traffic must be buffered in a FIFO arrangement for some period of time until it gets to the top of the buffer at which time it would be transmitted. Clearly, “best effort” transmission is not suitable for time critical traffic.
  • To overcome the problems of “best effort” transmission, the RSVP protocol was developed to allow an application to request QoS on the Internet and avoid delaying time critical traffic. Applications designed to employ this protocol are able to dynamically request specific QoS from a network, thereby ensuring that time critical traffic is transmitted over dedicated network resources. Specifically, the RSVP protocol reserves network bandwidth for certain traffic. Despite these benefits, the RSVP protocol is relatively new, and as a result, most applications have not been redesigned to process RSVP messages.
  • Security is another critical characteristic that certain types of customers demand before conducting their business over the Internet. Typically, Internet security is provided by a firewall placed between a local area network (LAN) router, or premises router, and the host computers attached to the LAN. Firewall products, such as Gauntlet, are offered commercially by TIS Co.
  • Because QoS-enhanced applications do not typically include security provisions, firewall type products are needed to provide application security. However, since such firewall products have not been designed to process RSVP messages, Internet security and QoS are mutually exclusive characteristics of Internet communication at the present time, even though both are desirable.
  • SUMMARY OF THE INVENTION
  • Systems and methods consistent with the present invention provide a QoS server that operates such that commercially available firewall products can be utilized by local networks to maintain security. In addition, existing commercially available IP routers can be utilized to fulfill QoS requests from secure local networks.
  • A server system, consistent with the present invention, includes means for receiving a session request for establishing a communication path for transmitting information, means for sending a message to an originating router in the communication path in response to the request, the message including a request to reserve resources for transmitting the information, and means for monitoring the originating router to determine whether all of the routers along the transmission path have sufficient resources to establish the communication path in accordance with the session request.
  • Both the foregoing general description and the following detailed description provide examples and explanations only. They do not restrict the claimed invention.
  • DESCRIPTION OF THE DRAWINGS
  • The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with the description, explain the advantages and principles of the invention. In the drawings,
  • FIG. 1 is a block diagram of a secure network architecture consistent with the present invention.
  • FIG. 2 is a block diagram of the IP/QoS module of FIG. 1.
  • FIGS. 3A and 3B are flowcharts showing steps, consistent with the present invention, for establishing a QoS session.
  • FIG. 4 is a screenshot of a session request interface consistent with the present invention.
  • DESCRIPTION OF THE PREFERRED EMBODIMENT
  • Reference will now be made to preferred embodiments of this invention, examples of which are shown in the accompanying drawings and will be obvious from the description of the invention. In the drawings, the same reference numbers represent the same or similar elements in the different drawings whenever possible.
  • FIG. 1 is a block diagram of secure network 100 consistent with the present invention. An Internet Service Provider (ISP) maintains a wide area network (WAN) 150 to which are attached several LANs 110, 130, and 140. WAN 150 is composed of a number of interconnected WAN routers 116, 118, and 122 typically referred to as a “Backbone” and at least one IP/QoS module 120 with an associated firewall 124. WAN routers 116, 118, and 122 are RSVP capable and could be, for instance, Cisco 7507 routers running the Cisco 11.2 Internet Operating System (IOS). In addition to providing standard best-effort Internet Protocol Service, the WAN routers serve to receive packets of information from the LANs, determine whether or not the packet has been designated for QoS service, and if so, operate to transmit the packet to some destination router in a manner which provides the proper QoS.
  • As shown in FIG. 1, IP/QoS module 120 and associated firewall module 124 are located at a QoS hosting site of ISP 150. Firewall module 124 servers to monitor traffic to the site to ensure that all traffic comes from registered and authorized users. As mentioned previously, firewall modules are commercially available and could be composed of, for instance, an IBM/PC with IP security software (IPSEC). IP/QoS module 120 could be any workstation running, for example, the Solaris 2.5 operating system. Firewall 124 associated with IP/QoS module 120 is connected to router 118 by a communication line, such as a T1, and IP/QoS module 120 is connected to firewall 124 via a local communication line, such as an Ethernet connection.
  • IP/QoS module 120 serves to provide a session reservation setup application to the user upon request, to accept requests for QoS service from users, to transmit these user QoS requests to the WAN routers, to monitor the routers to determine if the QoS request has been established or not, and then notify the user of the state of the QoS request.
  • As also shown in FIG. 1, premises routers 114, 126, and 134 are connected to the WAN routers 116, 118, and 122, respectively, via communication lines, such as a T1 line. The premises routers serve as the “originating/destination” routers in the network. Firewall 112 is attached to premises router 114, by a local communication line, such as a T1 line, and serves to monitor traffic into LAN 110, which is connected to firewall 112 via a local communication line, such as an Ethernet connection. LAN 110 supports some number of users, which are illustrated as hosts 102, 104, and 106 in FIG. 1. Each host platform could be any personal computer or workstation computer running browser software, such as Netscape 3.0 or Internet Explorer 3.0 software. Firewalls 128 and 136 are similarly attached to premises routers 126 and 134, respectively, and monitor traffic into LANs 130 and 140, respectively. LANs 130 and 140 are shown as supporting hosts 132 and 138, respectively, although more hosts could be supported.
  • FIG. 2 shows a block diagram of IP/QoS module 120 along with certain WAN and LAN elements. The LAN, hosts, firewalls, premises router, and WAN router all with interconnection communications lines are the same as described above with reference to FIG. 1. IP/QoS server module 120 includes a browser user interface (BUI) 210, a session set-up server 215 with a setup applet 220, an event server 230, an RSVP node server 225, and an mSQL Database Server 240 with a corresponding database 235.
  • In general, IP/QoS server module 120 executes software instructions read into a main memory from another computer-readable medium. Execution of the sequences of instructions contained in main memory causes module 120 to perform the process steps described herein. In an alternative embodiment, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
  • The term “computer-readable medium” as used herein refer to any media that participates in providing instructions for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical or magnetic disks. Volatile media includes dynamic memory. Transmission media includes coaxial cables, copper wire and fiber optics. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and intra-red data communications.
  • Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
  • BUI 210 provides all the client functions, including the RSVP setup functionality, which are available to an authorized user based on the level of that user profile. Session setup server 215 accepts and executes requests from the host to add or remove sessions. The sessions supported include RSVP point-to-point or multi-point sessions. Session setup applet 220, included in session setup server 215, specifically enables an authorized user to setup and tear down RSVP sessions. The level of functionality within the applet depends upon the user type and realm, i.e., a logical grouping of customer sites of which the user is part.
  • Event Server 230 is a daemon that collects events from other QoS servers, such as RSVP node server 225, and forwards those events to other servers or client functions. Event server 230 handles user, router and multicast event types. RSVP node server 225 periodically polls routers such as router 126 and 114 to determine the state of requested sessions. The sessions supported are RSVP point-to-point or multi-point sessions. Lastly, mSQL Database Server 240 accepts all queries from the IP/QoS server modules and functions. This database is used to store all IP/QoS module information about user administration, address administration, and RSVP session tables.
  • As shown in FIG. 2, BUI 210 acts as an interface between the user and the IP/QoS functionality. All requests for QoS service from the user are sent to BUI 210 and all responses to these requests are then available to the user at BUI 210. Running within BUI 210, session setup server 215 permits authorized users to log onto IP/QoS module 120 and to make reservation requests. Running within session setup server 215, session setup applet 220 downloads JAVA user interface software to the host, providing a graphic interface to BUI 210.
  • As also shown in FIG. 2, database module 235 provides an essential back end to IP/QoS module 120. Session setup server 215 depends upon database module 235 to provide user information such as user name, password, user level (e.g. desktop user, system analyst, network operation center), access level (none, some, all), domain name, and other relevant information. Database module 235 is first accessed when the user enters BUI 210 to verify the user's name, password, user level, etc. and then again when the user submits a QoS request, to identify the domain, router names, session definitions, etc. Although database module 235 is not necessarily required to establish a QoS session, it is more preferable than establishing each session by hand.
  • FIGS. 3A and 3B show steps, consistent with the present invention, for establishing a QoS session. First, IP/QoS module 120 responds to a user logon by downloading a JAVA applet to the user's host (step 305). This applet includes a page called the “Definition Wizard” that permits the user to define the parameters of a session. FIG. 4 shows a screenshot of an exemplary interface window for defining the parameters of the session, including sender information 410, receiver information 420, reservation information 430, miscellaneous information 440, and a session status 450.
  • Sender information 410 identifies the host IP address and port for the source of priority data. Receiver information 420 identifies the IP address and ports of recipients of the priority data. Reservation information 430 identifies the characteristics of the priority data, including bandwidth, RSVP service type and protocol type, for example. Miscellaneous information 440 identifies users who can access the session by login name, and sets the maximum duration of the session. Miscellaneous information 440 also allows sessions to be saved in the database, or reset. Finally, session status information 450 presents dynamic status on the state of the requested session.
  • Based on information entered in the Definition Wizard by the user, the host can send a QoS session request to IP/QoS module 120 (step 310). The session request is sent as a standard IP message, not as an RSVP message. Generally, the format of the packet for the session request is different from the host to the firewall and from the firewall to IP/QoS module 120. For example, the firewall may encrypt the session request packet before forwarding it to IP/QoS module 120.
  • After receiving the QoS session request, IP/QoS module 120 determines if the request was received from an authorized user (step 315). For example, IP/QoS module 120 may search database module 235 to determine whether the user requesting the service is authorized. In addition, IP/QoS module 120 determines if the resources necessary to fulfill the request are available. To determine the availability of the necessary resources, session setup server 215 runs an “expect” script to connect to the originating routers console. The originating router is often the premises router, such as premises router 114 shown in FIG. 2. In the event the bi-directional service is requested, session setup server 215 could contact both the originating/premises router and the destination router. The expect script causes a message to be sent from session setup server 215 to the originating router (step 320). This message, which includes information about the QoS reservation called for by the host, appears to the originating router to be a Telnet message not an RSVP message. The information in the message includes a request for the originating router to reserve the router resources necessary to transmit traffic from the host in accordance with the QoS session request.
  • After receiving the message from session setup server 215, the originating router checks to see if it can provide the requested resources for the QoS session request (step 325). For example, the originating router checks if it has sufficient bandwidth available to provide the requested service. In addition, the originating router transmits messages to the next router along the transmission path to see if it has the resources to provide the requested QoS service (step 330). Each of the other routers along the transmission path determines whether it has the available resources for the QoS service and returns a message to the originating router if the router has insufficient resources (step 335).
  • At the same time these messages are received by the routers of the transmission path, RSVP node server 225 monitors the routers to determine the RSVP state of the routers along the transmission path, i.e., to see if the QoS service is available and was enabled (step 340). This state information is then passed to event server 230 (step 345), which in turn passes state information to session setup server 215 (step 350). If all the resources necessary for establishing the QoS session are available, the user will be notified that their QoS session request has been granted and that they can begin their session (step 355). If granted, the session proceeds, and the routers handle all traffic associated with that session according to the QoS parameters included in the QoS session request (step 360).
  • A network communication system, consistent with the present invention, provides for QoS sessions while maintaining network security using commercially available firewall products. In addition, QoS requests from secure local networks can be fulfilled using existing commercially available IP routers.
  • It will be apparent to those skilled in the art that various modifications and variations can be made to disclosed embodiments of the present invention without departing from the scope or spirit of the invention. Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the embodiments of the invention disclosed herein. The specification and examples should be considered exemplary, with the true scope and spirit of the invention being indicated by the following claims and their full range of equivalents.

Claims (20)

1. A method comprising:
receiving parameters defining a quality of service (QoS) session from a user via an applet provided at a host machine of the user; and
setting up the QoS session on a transmission path between an originating router and a destination router according to the parameters of the QoS session provided by the user;
wherein a QoS module performs the setting up of the QoS session and is located at a QoS hosting site that is communicably coupled to the originating and destination routers.
2. The method of claim 1, wherein the applet includes inputs for at least one of sender information, receiver information, reservation information, miscellaneous information, and session status.
3. The method of claim 1, wherein the parameter definitions are sent to the QoS module from the user as a standard Internet Protocol (IP) message.
4. The method of claim 1, wherein the QoS session establishes a pre-determined service level between the originating router and the destination router by setting the parameters for the routers to maintain during the QoS session.
5. The method of claim 2, wherein the sender information identifies a host Internet Protocol (IP) address and a port for a source of priority data sent via the QoS session.
6. The method of claim 2, wherein the receiver information identifies the Internet Protocol (IP) address and ports of recipients of priority data sent via the QoS session sent via the QoS session.
7. The method of claim 2, wherein the reservation information identifies the characteristics of priority data, and includes at least one of bandwidth, RSVP service type, and protocol type.
8. A quality of service (QoS) module to set up a QoS session between an originating router and a destination router, comprising:
a browser user interface module to provide a session set-up applet to a user at a host machine, the applet including QoS session parameters to be defined by the user; and
a session setup server communicably coupled to the browser user interface module to:
receive the defined QoS session parameters via the applet from the user; and
set up the QoS session on a transmission path between the originating router and the destination router according to the defined QoS session parameters;
wherein the QoS module is located at a QoS hosting site that is communicably coupled to the originating and destination routers.
9. The method of claim 1, wherein the applet includes inputs for at least one of sender information, receiver information, reservation information, miscellaneous information, and session status.
10. The QoS module of claim 8, wherein the defined QoS parameter definitions are sent to the session setup server from the user as a standard Internet Protocol (IP) message.
11. The QoS module of claim 8, wherein the QoS session establishes a pre-determined service level between the originating router and the destination router by setting the parameters for the routers to maintain during the QoS session.
12. The QoS module of claim 9, wherein the miscellaneous information identifies users that can access the QoS module by login name, sets a maximum duration of the QoS session, allows the QoS session to be saved in a database, and allows the QoS session to be reset.
13. The QoS module of claim 9, wherein the session status information presents dynamic status on a state of a requested QoS session.
14. An article of manufacture, comprising a computer-readable medium including data that, when accessed by a computer, cause the computer to perform operations comprising:
receiving parameters defining a quality of service (QoS) session from a user via an applet provided to the user at a host machine; and
setting up the QoS session on a transmission path between an originating router and a destination router according to the parameters of the QoS session provided by the user;
wherein a QoS module performs the setting up of the QoS session and is located at a QoS hosting site that is communicably coupled to the originating and destination routers.
15. The article of manufacture of claim 14, wherein the applet includes inputs for at least one of sender information, receiver information, reservation information, miscellaneous information, and session status.
16. The article of manufacture of claim 14, wherein the parameter definitions are sent to the QoS module from the user as a standard Internet Protocol (IP) message.
17. The article of manufacture of claim 14, wherein the QoS session establishes a pre-determined service level between the originating router and the destination router by setting the parameters for the routers to maintain during the QoS session.
18. The article of manufacture of claim 15, wherein the sender information identifies a host Internet Protocol (IP) address and port for a source of priority data sent via the QoS session.
19. The article of manufacture of claim 15, wherein the receiver information identifies the Internet Protocol (IP) address and ports of recipients of priority data sent via the QoS session.
20. The article of manufacture of claim 15, wherein the reservation information identifies the characteristics of priority data sent via the QoS session, including at least one of bandwidth, RSVP service type, and protocol type.
US11/850,862 1997-12-12 2007-09-06 Secure network architecture with quality of service Abandoned US20070297335A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/850,862 US20070297335A1 (en) 1997-12-12 2007-09-06 Secure network architecture with quality of service

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/990,096 US7283561B1 (en) 1997-12-12 1997-12-12 Secure network architecture with quality of service
US11/850,862 US20070297335A1 (en) 1997-12-12 2007-09-06 Secure network architecture with quality of service

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US08/990,096 Continuation US7283561B1 (en) 1997-12-12 1997-12-12 Secure network architecture with quality of service

Publications (1)

Publication Number Publication Date
US20070297335A1 true US20070297335A1 (en) 2007-12-27

Family

ID=32851390

Family Applications (3)

Application Number Title Priority Date Filing Date
US08/990,096 Expired - Lifetime US7283561B1 (en) 1997-12-12 1997-12-12 Secure network architecture with quality of service
US09/362,781 Expired - Lifetime US6779031B1 (en) 1997-12-12 1999-07-28 Network architecture with event logging
US11/850,862 Abandoned US20070297335A1 (en) 1997-12-12 2007-09-06 Secure network architecture with quality of service

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US08/990,096 Expired - Lifetime US7283561B1 (en) 1997-12-12 1997-12-12 Secure network architecture with quality of service
US09/362,781 Expired - Lifetime US6779031B1 (en) 1997-12-12 1999-07-28 Network architecture with event logging

Country Status (1)

Country Link
US (3) US7283561B1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060268694A1 (en) * 2005-05-24 2006-11-30 Cisco Technology, Inc. System and method for implementing RSVP in a communication environment
US20070268841A1 (en) * 2003-04-23 2007-11-22 Deepak Dube Methods and systems for configuring voice over internet protocol network quality of service
US20080291827A1 (en) * 2007-05-22 2008-11-27 Bo Xiong Systems and methods for dynamic quality of service
US8909196B2 (en) 2012-12-10 2014-12-09 Actiontec Electronics, Inc. Systems and methods for facilitating communication between mobile devices and wireless access points

Families Citing this family (97)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7283561B1 (en) * 1997-12-12 2007-10-16 Level 3 Communications, Llc Secure network architecture with quality of service
US6185598B1 (en) 1998-02-10 2001-02-06 Digital Island, Inc. Optimized network resource location
US7949779B2 (en) * 1998-02-10 2011-05-24 Level 3 Communications, Llc Controlling subscriber information rates in a content delivery network
AU3045801A (en) * 2000-02-01 2001-08-14 Markport Limited A messaging applications router
US7739362B1 (en) * 2000-02-02 2010-06-15 Cisco Technology, Inc. Method and apparatus for browsing a management information base
US7249195B2 (en) * 2001-03-30 2007-07-24 Minor Ventures, Llc Apparatus and methods for correlating messages sent between services
JP4284009B2 (en) * 2001-05-18 2009-06-24 富士通株式会社 A method for securing a transmission band in the Internet
ES2215870T3 (en) * 2001-06-14 2004-10-16 Alcatel TERMINAL, ACCESS SERVER SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT THAT ALLOWS AT LEAST A USER CONTACT WITH AT LEAST A SERVICE SYSTEM.
US7099285B1 (en) * 2001-06-15 2006-08-29 Advanced Micro Devices, Inc. Remote configuration of a subnet configuration table in a network device
JP2003030141A (en) * 2001-07-13 2003-01-31 Hitachi Ltd Cooperation type outsourcing service system
US7231486B2 (en) * 2001-08-24 2007-06-12 Intel Corporation General input/output architecture, protocol and related methods to support legacy interrupts
US7039953B2 (en) * 2001-08-30 2006-05-02 International Business Machines Corporation Hierarchical correlation of intrusion detection events
US10360545B2 (en) 2001-12-12 2019-07-23 Guardian Data Storage, Llc Method and apparatus for accessing secured electronic data off-line
US7565683B1 (en) 2001-12-12 2009-07-21 Weiqing Huang Method and system for implementing changes to security policies in a distributed security system
US7930756B1 (en) 2001-12-12 2011-04-19 Crocker Steven Toye Multi-level cryptographic transformations for securing digital assets
US8006280B1 (en) 2001-12-12 2011-08-23 Hildebrand Hal S Security system for generating keys from access rules in a decentralized manner and methods therefor
US8065713B1 (en) 2001-12-12 2011-11-22 Klimenty Vainstein System and method for providing multi-location access management to secured items
US7921450B1 (en) 2001-12-12 2011-04-05 Klimenty Vainstein Security system using indirect key generation from access rules and methods therefor
US7921284B1 (en) 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US7260555B2 (en) 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
US7380120B1 (en) 2001-12-12 2008-05-27 Guardian Data Storage, Llc Secured data format for access control
US7178033B1 (en) 2001-12-12 2007-02-13 Pss Systems, Inc. Method and apparatus for securing digital assets
US7921288B1 (en) 2001-12-12 2011-04-05 Hildebrand Hal S System and method for providing different levels of key security for controlling access to secured items
US10033700B2 (en) 2001-12-12 2018-07-24 Intellectual Ventures I Llc Dynamic evaluation of access rights
US7950066B1 (en) 2001-12-21 2011-05-24 Guardian Data Storage, Llc Method and system for restricting use of a clipboard application
US8176334B2 (en) 2002-09-30 2012-05-08 Guardian Data Storage, Llc Document security system that permits external users to gain access to secured files
US6934784B2 (en) * 2002-07-11 2005-08-23 Hewlett-Packard Development Company, L.P. Systems and methods for managing-system-management-event data
US20040260947A1 (en) * 2002-10-21 2004-12-23 Brady Gerard Anthony Methods and systems for analyzing security events
US7673048B1 (en) * 2003-02-24 2010-03-02 Cisco Technology, Inc. Methods and apparatus for establishing a computerized device tunnel connection
US8707034B1 (en) 2003-05-30 2014-04-22 Intellectual Ventures I Llc Method and system for using remote headers to secure electronic files
US20050071494A1 (en) * 2003-09-30 2005-03-31 Rundquist William A. Method and apparatus for providing fixed bandwidth communications over a local area network
US8127366B2 (en) 2003-09-30 2012-02-28 Guardian Data Storage, Llc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US8750246B2 (en) * 2003-09-30 2014-06-10 Thomson Licensing Quality of service control in a wireless local area network
US7703140B2 (en) 2003-09-30 2010-04-20 Guardian Data Storage, Llc Method and system for securing digital assets using process-driven security policies
US7702909B2 (en) * 2003-12-22 2010-04-20 Klimenty Vainstein Method and system for validating timestamps
US20050216519A1 (en) * 2004-03-26 2005-09-29 Mayo Glenna G Access point that monitors guest usage
JP2006268205A (en) * 2005-03-23 2006-10-05 Fujitsu Ltd Monitor device for network equipment where snmp interface is not available
US8040875B2 (en) * 2005-07-30 2011-10-18 Alcatel Lucent Network support for caller ID verification
US7966648B2 (en) * 2006-05-01 2011-06-21 Qualcomm Incorporated Dynamic quality of service pre-authorization in a communications environment
US8898293B2 (en) 2009-01-28 2014-11-25 Headwater Partners I Llc Service offer set publishing to device agent with on-device service selection
US8340634B2 (en) 2009-01-28 2012-12-25 Headwater Partners I, Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US8832777B2 (en) 2009-03-02 2014-09-09 Headwater Partners I Llc Adapting network policies based on device service processor configuration
US8626115B2 (en) 2009-01-28 2014-01-07 Headwater Partners I Llc Wireless network service interfaces
US8725123B2 (en) 2008-06-05 2014-05-13 Headwater Partners I Llc Communications device with secure data path processing agents
US8275830B2 (en) 2009-01-28 2012-09-25 Headwater Partners I Llc Device assisted CDR creation, aggregation, mediation and billing
US8924469B2 (en) 2008-06-05 2014-12-30 Headwater Partners I Llc Enterprise access control and accounting allocation for access networks
US8406748B2 (en) 2009-01-28 2013-03-26 Headwater Partners I Llc Adaptive ambient services
US8548428B2 (en) 2009-01-28 2013-10-01 Headwater Partners I Llc Device group partitions and settlement platform
US8589541B2 (en) 2009-01-28 2013-11-19 Headwater Partners I Llc Device-assisted services for protecting network capacity
US8391834B2 (en) 2009-01-28 2013-03-05 Headwater Partners I Llc Security techniques for device assisted services
US8924543B2 (en) 2009-01-28 2014-12-30 Headwater Partners I Llc Service design center for device assisted services
US8635335B2 (en) 2009-01-28 2014-01-21 Headwater Partners I Llc System and method for wireless network offloading
US8346225B2 (en) 2009-01-28 2013-01-01 Headwater Partners I, Llc Quality of service for device assisted services
US8402111B2 (en) 2009-01-28 2013-03-19 Headwater Partners I, Llc Device assisted services install
US8331901B2 (en) 2009-01-28 2012-12-11 Headwater Partners I, Llc Device assisted ambient services
US10798252B2 (en) 2009-01-28 2020-10-06 Headwater Research Llc System and method for providing user notifications
US9392462B2 (en) 2009-01-28 2016-07-12 Headwater Partners I Llc Mobile end-user device with agent limiting wireless data communication for specified background applications based on a stored policy
US10783581B2 (en) 2009-01-28 2020-09-22 Headwater Research Llc Wireless end-user device providing ambient or sponsored services
US9270559B2 (en) 2009-01-28 2016-02-23 Headwater Partners I Llc Service policy implementation for an end-user device having a control application or a proxy agent for routing an application traffic flow
US10264138B2 (en) 2009-01-28 2019-04-16 Headwater Research Llc Mobile device and service management
US10492102B2 (en) 2009-01-28 2019-11-26 Headwater Research Llc Intermediate networking devices
US10200541B2 (en) 2009-01-28 2019-02-05 Headwater Research Llc Wireless end-user device with divided user space/kernel space traffic policy system
US9578182B2 (en) 2009-01-28 2017-02-21 Headwater Partners I Llc Mobile device and service management
US8893009B2 (en) 2009-01-28 2014-11-18 Headwater Partners I Llc End user device that secures an association of application to service policy with an application certificate check
US9955332B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Method for child wireless device activation to subscriber account of a master wireless device
US9572019B2 (en) 2009-01-28 2017-02-14 Headwater Partners LLC Service selection set published to device agent with on-device service selection
US10779177B2 (en) 2009-01-28 2020-09-15 Headwater Research Llc Device group partitions and settlement platform
US10237757B2 (en) 2009-01-28 2019-03-19 Headwater Research Llc System and method for wireless network offloading
US9980146B2 (en) 2009-01-28 2018-05-22 Headwater Research Llc Communications device with secure data path processing agents
US9858559B2 (en) 2009-01-28 2018-01-02 Headwater Research Llc Network service plan design
US9565707B2 (en) 2009-01-28 2017-02-07 Headwater Partners I Llc Wireless end-user device with wireless data attribution to multiple personas
US10248996B2 (en) 2009-01-28 2019-04-02 Headwater Research Llc Method for operating a wireless end-user device mobile payment agent
US8351898B2 (en) 2009-01-28 2013-01-08 Headwater Partners I Llc Verifiable device assisted service usage billing with integrated accounting, mediation accounting, and multi-account
US9954975B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Enhanced curfew and protection associated with a device group
US10715342B2 (en) 2009-01-28 2020-07-14 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US9571559B2 (en) 2009-01-28 2017-02-14 Headwater Partners I Llc Enhanced curfew and protection associated with a device group
US8793758B2 (en) 2009-01-28 2014-07-29 Headwater Partners I Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US8606911B2 (en) 2009-03-02 2013-12-10 Headwater Partners I Llc Flow tagging for service policy implementation
US10064055B2 (en) 2009-01-28 2018-08-28 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US10326800B2 (en) 2009-01-28 2019-06-18 Headwater Research Llc Wireless network service interfaces
US10057775B2 (en) 2009-01-28 2018-08-21 Headwater Research Llc Virtualized policy and charging system
US9755842B2 (en) 2009-01-28 2017-09-05 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US10841839B2 (en) 2009-01-28 2020-11-17 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US9351193B2 (en) 2009-01-28 2016-05-24 Headwater Partners I Llc Intermediate networking devices
US9253663B2 (en) 2009-01-28 2016-02-02 Headwater Partners I Llc Controlling mobile device communications on a roaming network based on device state
US10484858B2 (en) 2009-01-28 2019-11-19 Headwater Research Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US8745191B2 (en) 2009-01-28 2014-06-03 Headwater Partners I Llc System and method for providing user notifications
US9647918B2 (en) 2009-01-28 2017-05-09 Headwater Research Llc Mobile device and method attributing media services network usage to requesting application
US9557889B2 (en) 2009-01-28 2017-01-31 Headwater Partners I Llc Service plan design, user interfaces, application programming interfaces, and device management
US9609510B2 (en) 2009-01-28 2017-03-28 Headwater Research Llc Automated credential porting for mobile devices
US9706061B2 (en) 2009-01-28 2017-07-11 Headwater Partners I Llc Service design center for device assisted services
US11218854B2 (en) 2009-01-28 2022-01-04 Headwater Research Llc Service plan design, user interfaces, application programming interfaces, and device management
CN101567861B (en) * 2009-05-20 2013-07-24 福建星网锐捷网络有限公司 Data synchronization method and application system between heterogeneous application systems
US9055113B2 (en) * 2010-08-20 2015-06-09 Arbor Networks, Inc. Method and system for monitoring flows in network traffic
US9154826B2 (en) 2011-04-06 2015-10-06 Headwater Partners Ii Llc Distributing content and service launch objects to mobile devices
US10374933B2 (en) * 2015-07-31 2019-08-06 Verizon Patent And Licensing Inc. Systems and methods for monitoring operational statuses of network services
US11467882B2 (en) * 2018-12-21 2022-10-11 Target Brands, Inc. Methods and systems for rapid deployment of configurable computing resources

Citations (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5732078A (en) * 1996-01-16 1998-03-24 Bell Communications Research, Inc. On-demand guaranteed bandwidth service for internet access points using supplemental user-allocatable bandwidth network
US5845267A (en) * 1996-09-06 1998-12-01 At&T Corp System and method for billing for transactions conducted over the internet from within an intranet
US5870562A (en) * 1997-03-24 1999-02-09 Pfn, Inc. Universal domain routing and publication control system
US5884037A (en) * 1996-10-21 1999-03-16 International Business Machines Corporation System for allocation of network resources using an autoregressive integrated moving average method
US5898668A (en) * 1996-12-13 1999-04-27 Siemens Information And Communication Networks, Inc. Method and system for increasing quality of service at or below a threshold cost
US5903559A (en) * 1996-12-20 1999-05-11 Nec Usa, Inc. Method for internet protocol switching over fast ATM cell transport
US5903735A (en) * 1996-12-24 1999-05-11 Intel Corporation Method and apparatus for transmitting data having minimal bandwidth requirements
US5933412A (en) * 1994-10-17 1999-08-03 Lucent Technologies Inc. Parallel connection control
US5958016A (en) * 1997-07-13 1999-09-28 Bell Atlantic Network Services, Inc. Internet-web link for access to intelligent network service control
US5968176A (en) * 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
US5978373A (en) * 1997-07-11 1999-11-02 Ag Communication Systems Corporation Wide area network system providing secure transmission
US5995503A (en) * 1996-06-12 1999-11-30 Bay Networks, Inc. Method and apparatus for providing quality of service routing in a network
US6006264A (en) * 1997-08-01 1999-12-21 Arrowpoint Communications, Inc. Method and system for directing a flow between a client and a server
US6012039A (en) * 1994-11-28 2000-01-04 Smarttouch, Inc. Tokenless biometric electronic rewards system
US6021263A (en) * 1996-02-16 2000-02-01 Lucent Technologies, Inc. Management of ATM virtual circuits with resources reservation protocol
US6047322A (en) * 1997-05-27 2000-04-04 Ukiah Software, Inc. Method and apparatus for quality of service management
US6092113A (en) * 1996-08-29 2000-07-18 Kokusai Denshin Denwa, Co., Ltd. Method for constructing a VPN having an assured bandwidth
US6144638A (en) * 1997-05-09 2000-11-07 Bbn Corporation Multi-tenant unit
US6243752B1 (en) * 1995-09-13 2001-06-05 British Telecommunications Plc Transmitting data between a host computer and a terminal computer
US6363053B1 (en) * 1999-02-08 2002-03-26 3Com Corporation Method and apparatus for measurement-based conformance testing of service level agreements in networks
US6400681B1 (en) * 1996-06-20 2002-06-04 Cisco Technology, Inc. Method and system for minimizing the connection set up time in high speed packet switching networks
US6449259B1 (en) * 1997-03-31 2002-09-10 Lucent Technologies Inc. Communication controller
US6452922B1 (en) * 1998-06-19 2002-09-17 Nortel Networks Limited Method and apparatus for fallback routing of voice over internet protocol call
US6496477B1 (en) * 1999-07-09 2002-12-17 Texas Instruments Incorporated Processes, articles, and packets for network path diversity in media over packet applications
US6502131B1 (en) * 1997-05-27 2002-12-31 Novell, Inc. Directory enabled policy management tool for intelligent traffic management
US6502135B1 (en) * 1998-10-30 2002-12-31 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US6507577B1 (en) * 1998-11-12 2003-01-14 Nortel Networks Limited Voice over internet protocol network architecture
US6512761B1 (en) * 1999-02-02 2003-01-28 3Com Corporation System for adjusting billing for real-time media transmissions based on delay
US6529499B1 (en) * 1998-09-22 2003-03-04 Lucent Technologies Inc. Method for providing quality of service for delay sensitive traffic over IP networks
US6614781B1 (en) * 1998-11-20 2003-09-02 Level 3 Communications, Inc. Voice over data telecommunications network architecture
US6690651B1 (en) * 1999-07-22 2004-02-10 Nortel Networks Limited Method and apparatus for automatic transfer of a call in a communications system in response to changes in quality of service
US6744767B1 (en) * 1999-12-30 2004-06-01 At&T Corp. Method and apparatus for provisioning and monitoring internet protocol quality of service
US6778494B1 (en) * 1999-03-10 2004-08-17 Nortel Networks Limited Label switched media gateway and network
US6779031B1 (en) * 1997-12-12 2004-08-17 Level 3 Communications, Inc. Network architecture with event logging
US6832256B1 (en) * 1996-12-27 2004-12-14 Intel Corporation Firewalls that filter based upon protocol commands
US6904017B1 (en) * 2000-05-08 2005-06-07 Lucent Technologies Inc. Method and apparatus to provide centralized call admission control and load balancing for a voice-over-IP network
US6907000B1 (en) * 2000-06-12 2005-06-14 Tierra Telecom Advanced packet transfer with integrated channel monitoring
US7143438B1 (en) * 1997-09-12 2006-11-28 Lucent Technologies Inc. Methods and apparatus for a computer network firewall with multiple domain support
US7260060B1 (en) * 1997-06-07 2007-08-21 Nortel Networks Limited Call admission control
US7457233B1 (en) * 1999-07-15 2008-11-25 Juniper Networks, Inc. Method and apparatus for fast reroute in a connection-oriented network

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU693462B2 (en) * 1993-09-22 1998-07-02 E-Talk Corporation Method and system for automatically monitoring the performance quality of call center service representatives
US5586304A (en) * 1994-09-08 1996-12-17 Compaq Computer Corporation Automatic computer upgrading
US5742762A (en) * 1995-05-19 1998-04-21 Telogy Networks, Inc. Network management gateway
US6003077A (en) * 1996-09-16 1999-12-14 Integrated Systems, Inc. Computer network system and method using domain name system to locate MIB module specification and web browser for managing SNMP agents
US5974237A (en) * 1996-12-18 1999-10-26 Northern Telecom Limited Communications network monitoring
US6041041A (en) * 1997-04-15 2000-03-21 Ramanathan; Srinivas Method and system for managing data service systems
US6134591A (en) * 1997-06-18 2000-10-17 Client/Server Technologies, Inc. Network security and integration method and system
US6389464B1 (en) * 1997-06-27 2002-05-14 Cornet Technology, Inc. Device management system for managing standards-compliant and non-compliant network elements using standard management protocols and a universal site server which is configurable from remote locations via internet browser technology
US6192034B1 (en) * 1997-06-30 2001-02-20 Sterling Commerce, Inc. System and method for network integrity management
US5987430A (en) * 1997-08-28 1999-11-16 Atcom, Inc. Communications network connection system and method
US6347339B1 (en) * 1998-12-01 2002-02-12 Cisco Technology, Inc. Detecting an active network node using a login attempt
US6636894B1 (en) * 1998-12-08 2003-10-21 Nomadix, Inc. Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability
US6463474B1 (en) * 1999-07-02 2002-10-08 Cisco Technology, Inc. Local authentication of a client at a network device

Patent Citations (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5933412A (en) * 1994-10-17 1999-08-03 Lucent Technologies Inc. Parallel connection control
US6012039A (en) * 1994-11-28 2000-01-04 Smarttouch, Inc. Tokenless biometric electronic rewards system
US6243752B1 (en) * 1995-09-13 2001-06-05 British Telecommunications Plc Transmitting data between a host computer and a terminal computer
US5732078A (en) * 1996-01-16 1998-03-24 Bell Communications Research, Inc. On-demand guaranteed bandwidth service for internet access points using supplemental user-allocatable bandwidth network
US6021263A (en) * 1996-02-16 2000-02-01 Lucent Technologies, Inc. Management of ATM virtual circuits with resources reservation protocol
US5995503A (en) * 1996-06-12 1999-11-30 Bay Networks, Inc. Method and apparatus for providing quality of service routing in a network
US6400681B1 (en) * 1996-06-20 2002-06-04 Cisco Technology, Inc. Method and system for minimizing the connection set up time in high speed packet switching networks
US6092113A (en) * 1996-08-29 2000-07-18 Kokusai Denshin Denwa, Co., Ltd. Method for constructing a VPN having an assured bandwidth
US5845267A (en) * 1996-09-06 1998-12-01 At&T Corp System and method for billing for transactions conducted over the internet from within an intranet
US5884037A (en) * 1996-10-21 1999-03-16 International Business Machines Corporation System for allocation of network resources using an autoregressive integrated moving average method
US5898668A (en) * 1996-12-13 1999-04-27 Siemens Information And Communication Networks, Inc. Method and system for increasing quality of service at or below a threshold cost
US5903559A (en) * 1996-12-20 1999-05-11 Nec Usa, Inc. Method for internet protocol switching over fast ATM cell transport
US5903735A (en) * 1996-12-24 1999-05-11 Intel Corporation Method and apparatus for transmitting data having minimal bandwidth requirements
US6832256B1 (en) * 1996-12-27 2004-12-14 Intel Corporation Firewalls that filter based upon protocol commands
US5870562A (en) * 1997-03-24 1999-02-09 Pfn, Inc. Universal domain routing and publication control system
US6449259B1 (en) * 1997-03-31 2002-09-10 Lucent Technologies Inc. Communication controller
US6144638A (en) * 1997-05-09 2000-11-07 Bbn Corporation Multi-tenant unit
US6047322A (en) * 1997-05-27 2000-04-04 Ukiah Software, Inc. Method and apparatus for quality of service management
US6502131B1 (en) * 1997-05-27 2002-12-31 Novell, Inc. Directory enabled policy management tool for intelligent traffic management
US5968176A (en) * 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
US7260060B1 (en) * 1997-06-07 2007-08-21 Nortel Networks Limited Call admission control
US5978373A (en) * 1997-07-11 1999-11-02 Ag Communication Systems Corporation Wide area network system providing secure transmission
US5958016A (en) * 1997-07-13 1999-09-28 Bell Atlantic Network Services, Inc. Internet-web link for access to intelligent network service control
US6006264A (en) * 1997-08-01 1999-12-21 Arrowpoint Communications, Inc. Method and system for directing a flow between a client and a server
US7143438B1 (en) * 1997-09-12 2006-11-28 Lucent Technologies Inc. Methods and apparatus for a computer network firewall with multiple domain support
US6779031B1 (en) * 1997-12-12 2004-08-17 Level 3 Communications, Inc. Network architecture with event logging
US7283561B1 (en) * 1997-12-12 2007-10-16 Level 3 Communications, Llc Secure network architecture with quality of service
US6452922B1 (en) * 1998-06-19 2002-09-17 Nortel Networks Limited Method and apparatus for fallback routing of voice over internet protocol call
US6529499B1 (en) * 1998-09-22 2003-03-04 Lucent Technologies Inc. Method for providing quality of service for delay sensitive traffic over IP networks
US6502135B1 (en) * 1998-10-30 2002-12-31 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US6507577B1 (en) * 1998-11-12 2003-01-14 Nortel Networks Limited Voice over internet protocol network architecture
US6614781B1 (en) * 1998-11-20 2003-09-02 Level 3 Communications, Inc. Voice over data telecommunications network architecture
US6512761B1 (en) * 1999-02-02 2003-01-28 3Com Corporation System for adjusting billing for real-time media transmissions based on delay
US6363053B1 (en) * 1999-02-08 2002-03-26 3Com Corporation Method and apparatus for measurement-based conformance testing of service level agreements in networks
US6778494B1 (en) * 1999-03-10 2004-08-17 Nortel Networks Limited Label switched media gateway and network
US6496477B1 (en) * 1999-07-09 2002-12-17 Texas Instruments Incorporated Processes, articles, and packets for network path diversity in media over packet applications
US7457233B1 (en) * 1999-07-15 2008-11-25 Juniper Networks, Inc. Method and apparatus for fast reroute in a connection-oriented network
US6690651B1 (en) * 1999-07-22 2004-02-10 Nortel Networks Limited Method and apparatus for automatic transfer of a call in a communications system in response to changes in quality of service
US6744767B1 (en) * 1999-12-30 2004-06-01 At&T Corp. Method and apparatus for provisioning and monitoring internet protocol quality of service
US6904017B1 (en) * 2000-05-08 2005-06-07 Lucent Technologies Inc. Method and apparatus to provide centralized call admission control and load balancing for a voice-over-IP network
US6907000B1 (en) * 2000-06-12 2005-06-14 Tierra Telecom Advanced packet transfer with integrated channel monitoring

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070268841A1 (en) * 2003-04-23 2007-11-22 Deepak Dube Methods and systems for configuring voice over internet protocol network quality of service
US7817624B2 (en) * 2003-04-23 2010-10-19 At&T Intellectual Property Ii, L.P. Methods and systems for configuring voice over internet protocol network quality of service
US20060268694A1 (en) * 2005-05-24 2006-11-30 Cisco Technology, Inc. System and method for implementing RSVP in a communication environment
US7756138B2 (en) * 2005-05-24 2010-07-13 Cisco Technology, Inc. System and method for implementing RSVP in a communication environment
US20080291827A1 (en) * 2007-05-22 2008-11-27 Bo Xiong Systems and methods for dynamic quality of service
US20100118699A9 (en) * 2007-05-22 2010-05-13 Bo Xiong Systems and methods for dynamic quality of service
US8194657B2 (en) * 2007-05-22 2012-06-05 Actiontec Electronics, Inc. Systems and methods for dynamic quality of service
US8737217B2 (en) 2007-05-22 2014-05-27 Actiontec Electronics, Inc. Systems and methods for dynamic quality of service
US20140247723A1 (en) * 2007-05-22 2014-09-04 Actiontec Electronics, Inc. Systems and methods for dynamic quality of service
US9426078B2 (en) * 2007-05-22 2016-08-23 Actiontec Electronics, Inc. Systems and methods for dynamic quality of service
US8909196B2 (en) 2012-12-10 2014-12-09 Actiontec Electronics, Inc. Systems and methods for facilitating communication between mobile devices and wireless access points

Also Published As

Publication number Publication date
US6779031B1 (en) 2004-08-17
US7283561B1 (en) 2007-10-16

Similar Documents

Publication Publication Date Title
US7283561B1 (en) Secure network architecture with quality of service
US6895433B1 (en) HTTP redirection of configuration data for network devices
US7174378B2 (en) Co-location service system equipped with global load balancing (GLB) function among dispersed IDCS
US6138162A (en) Method and apparatus for configuring a client to redirect requests to a caching proxy server based on a category ID with the request
US6311275B1 (en) Method for providing single step log-on access to a differentiated computer network
US8214875B2 (en) Network security policy enforcement using application session information and object attributes
US7734770B2 (en) System and method for monitoring information in a network environment
US7756033B2 (en) Systems and methods for managing multicast data transmissions
US8510376B2 (en) Processing requests transmitted using a first communication directed to an application that uses a second communication protocol
EP1229685B1 (en) Service level agreement manager for a data network
US8219622B2 (en) Systems and methods for providing extended peering
Cisco Release Notes for Cisco 7000 Family for Cisco IOS Release 12.2 B
Cisco Protocol Translator Configuration and Reference Software Release 9.1 September 1992
Cisco Configuration Fundamentals Configuration Guide Cisco IOS Release 11.3
Cisco Chap 4: Administration
Cisco Cisco IOS Command Summary Volume 1 of 2 Release 12.1
Cisco Rel Notes for Cisco 1600 Series Routers/Cisco IOS Rel 11.2(11)
Cisco SNMP Support for VPNs
Bowles et al. Network management and performance monitoring
AU2003262120B2 (en) Monitoring of information in a network environment
Hernandez Practical Experiences with Internet Service Providers
Koblas David Koblas Independent Consultant] koblas@ sgi. c0m
Mahmud Improving Internet access in the UMMC-A Nadi it innovation
Gross et al. PRO CEEDIN GS OF THE SIXTEENTH INTERNET ENGINEERING TASK FORCE FLORIDA STATE UNIVERSITY
Mahmud et al. Mohktar", Nor Mila Mohd Shafie, Shereena Shahrudin', Asmarudi Awang, Marina Abdul Jalil", Siti Noor

Legal Events

Date Code Title Description
AS Assignment

Owner name: LEVEL 3 COMMUNICATIONS, LLC, COLORADO

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LEVEL 3 COMMUNICATIONS, INC.;REEL/FRAME:026181/0094

Effective date: 20070312

AS Assignment

Owner name: GTE INTERNETWORKING INCORPORATED, MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PICHER-DEMPSEY, HEIDI;REEL/FRAME:027329/0499

Effective date: 19980309

AS Assignment

Owner name: GENUITY INC., COLORADO

Free format text: CHANGE OF NAME;ASSIGNOR:GTE INTERNETWORKING INCORPORATED;REEL/FRAME:027449/0945

Effective date: 20000405

Owner name: LEVEL 3 COMMUNICATIONS, LLC, COLORADO

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LEVEL 3 COMMUNICATIONS, INC.;REEL/FRAME:027445/0511

Effective date: 20070312

Owner name: LEVEL 3 COMMUNICATIONS, LLC, COLORADO

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GENUITY INC.;REEL/FRAME:027446/0268

Effective date: 20030204

AS Assignment

Owner name: MERRILL LYNCH CAPITAL CORPORATION, AS COLLATERAL A

Free format text: SECURITY AGREEMENT;ASSIGNORS:LEVEL 3 COMMUNICATIONS, INC.;ICG COMMUNICATION, INC.;REEL/FRAME:027585/0842

Effective date: 20060627

AS Assignment

Owner name: LEVEL 3 COMMUNICATIONS, INC., COLORADO

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LEVEL 3 COMMUNICATIONS, LLC;REEL/FRAME:027699/0303

Effective date: 20040520

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION