WO2002071697A1 - A method and apparatus for transferring data packets in communication networks - Google Patents

A method and apparatus for transferring data packets in communication networks Download PDF

Info

Publication number
WO2002071697A1
WO2002071697A1 PCT/SE2002/000356 SE0200356W WO02071697A1 WO 2002071697 A1 WO2002071697 A1 WO 2002071697A1 SE 0200356 W SE0200356 W SE 0200356W WO 02071697 A1 WO02071697 A1 WO 02071697A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
packet
data stream
gateway switch
interface
Prior art date
Application number
PCT/SE2002/000356
Other languages
French (fr)
Inventor
Johan Svedberg
Jan Berglund
Jonas Rendel
Johan Gerhardsson
Peter Lindeberg
Dusan Stevanovic
Original Assignee
Reddo Networks Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Reddo Networks Ab filed Critical Reddo Networks Ab
Priority to AU2002233902A priority Critical patent/AU2002233902B2/en
Priority to EP02700969A priority patent/EP1374487A1/en
Publication of WO2002071697A1 publication Critical patent/WO2002071697A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/102Gateways
    • H04L65/1023Media gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Definitions

  • the present invention relates generally to a method and apparatus for providing a plurality of different services from a single multi-service access provider.
  • the invention is concerned with the switching and monitoring of digitally encoded data packets between an end-user and a third party service provider.
  • a) Charging The charging for services should be based on the service as delivered and be relevant to the end-user rather than based on service provider costs, such as the number of transported bytes .
  • b) Delivery It must be verified that the service actually has been delivered with a certain known level of QoS in order to make proper charging and to deal with any end- user complaints or charging claims that may arise.
  • c) Quality A satisfying level of QoS, including delay confinements, must be ensured to make the offered services attractive .
  • d) Access In order to provide services from plural third party service providers, it is necessary to establish agreements with each of those providers regarding charging, security etc, and to define communication paths to be used.
  • e) Security Reliable mechanisms are needed for identification and authentication between the end-user, the multi-service access provider and the various third party service providers. During delivery of a service, the data streams must also be protected from manipulations and eavesdropping, e.g. over the Internet.
  • Differentiated Services in a predefined domain aim at ensuring QoS by classifying and marking the data packets with a type of service indication. Routers along the way from the sender to the receiver will then treat those packets accordingly, e.g. by assigning the packets different priorities for queuing, etc.
  • Integrated Services ensure QoS by using pre-flow signalling for reserving transmission resources along the route for individual data streams .
  • Multi Protocol Label Switching MPLS
  • MPLS can be regarded as a combination of Differentiated Services and Integrated Services in that data packets of a certain data flow are classified and reserved MPLS tunnels are established in an MPLS network domain for the data stream by means of pre-flow signalling. Each tunnel is assigned a priority for achieving the required QoS .
  • the data packets are transmitted end-to-end over a number of. interconnected routers or switches .
  • the basic structure of a router includes interface units connected to a switch core.
  • routers There is also a number of available techniques within the routers for providing a required QoS . For example, it may be checked at so-called domain edge routers that a data flow entering a predefined domain does not violate any agreement or reservation. In the interface units, queues are maintained for data packets scheduled for output and further transmission to the next router.
  • VPNs Networks
  • a firewall operates to protect a certain domain and is basically a router using predefined rules for allowing or preventing data packets, coming from an unprotected domain, to enter the protected domain.
  • a VPN is a private protected network logically deployed over a public network, e.g. using IP SEC or MPLS mechanisms, which are both known in the art .
  • the object of this invention is to reduce or eliminate the problems outlined above.
  • This object and others are obtained by providing a method and apparatus for offering a variety of different services from plural third party service providers by one single multi-service access provider to end-users via an access network.
  • the invention is implemented in a gateway switch comprising a first set of interface units for communicating data packets with the end- users, a second set of interface units for communicating data packets with the service providers, a switching unit for transferring data packets, and at least one Routing & Stream Manager RSM for initiating new data streams by establishing communication routes through the gateway switch.
  • An incoming data packet from a sender which may be either an end-user or a third party service provider, is received at a receiving or ingress unit of a first interface unit which determines whether the received data packet belongs to an already initiated data stream or not. If so, the packet is forwarded to the sending or egress unit of a second interface unit, which is assigned to the initiated data stream, for transmission to its destination. If the received data packet is a first packet which does not belong to an initiated data stream, a new data stream must be initiated. In that case, the packet is forwarded to an RSM which determines the characteristics of the new stream based on the contents of the packet. In some cases, more than one packet may be needed for determining the stream characteristics. Then, the RSM initiates a new data stream by establishing a communication route through the gateway switch. This is done by reserving transmission resources including assigning and updating a pair of interface units, one unit of each set, with the determined stream characteristics.
  • the interface unit on the end-user side is predetermined by a dedicated connection with the end-user and the interface unit on the service provider side is selected according to a look-up Forwarding Table .
  • the gateway switch is now ready to transfer data packets belonging to the initiated data stream. Further received data packets are thus identified by the updated interface units and transferred over the established communication route if they match the determined stream characteristics .
  • the ongoing data session is monitored and later, when it is detected that the data session is finished, the established communication route is terminated and a record for the finished data session is generated.
  • the generated record may include the duration of the data session and the quantity of transferred data and may further include quality parameters such as jitter, packet loss, a number of packets delivered in the wrong order and delay, depending on the protocol used.
  • Fig. 1 is a schematic view of a communication system for providing multiple services from third party service providers to end-users .
  • - Fig. 2 is a block diagram of an embodiment of the gateway switch according to the invention.
  • - • - Fig. 3 is a block diagram of an exemplary interface unit.
  • - Fig. 4a is a flow chart illustrating the steps executed in a method according to one aspect of the invention.
  • Fig. 4b is a flow chart illustrating in more detail one of the steps in the flow chart of Fig. 4a.
  • FIG. 5 is a schematic illustration of an exemplary data packet .
  • Fig. 1 is a schematic view of a communication system for providing multiple services from a plurality of third party service providers 100 to end-users 102.
  • the end- users 102 may include individual households 104 or small or medium sized enterprises 106 where plural end stations, not shown, are interconnected as a Local Area Network (LAN) or a Wide Area Network (WAN) .
  • LAN Local Area Network
  • WAN Wide Area Network
  • Each end-user may have one or more terminals or end stations, such as PCs, large computers,
  • the network 108 may be configured to operate with a single access method or may be capable of using a plurality of different access methods.
  • the access methods may be based on wireline or wireless transmissions and may use any technique for multiplexing etc. The invention is thus not limited to the use of any particular terminals or access methods .
  • the access network 108 is further connected to a gateway switch 110 over an access interface 112. According to one aspect of the invention, all communication between the end-users 102 and the third party service providers 100 is directed through the gateway switch 110, thus enabling the controlling and monitoring of data streams by the multiservice access provider.
  • the gateway switch 110 is connected via a service provider interface 116 to each of the third party service providers 100, either over dedicated connections or over an IP backbone network 114, such as the Internet.
  • Each of the interfaces 112, 116 may be any packet based interface, such as IP over ATM, Packet over SONET, MPLS or Gigabit Ethernet.
  • Each service provider 100 may use a Virtual Private Network VPN 118 associated with the service provider 100 as an overlaid protected network on the backbone network 114.
  • the gateway switch 110 is considered as a part of the VPN 118.
  • one or more of the third party service providers 100 may be a further multi-service access provider, e.g. equipped with a gateway switch similar to the gateway switch 110.
  • the firewalls must be able to identify and authenticate each end-user and service provider by applying rules based on various profiles.
  • the routers and firewalls must, in addition to having the required security functionalities, also be capable of tracking transmission sessions for generating detailed information as a basis for charging. Further, functionality must also be provided for VPN tunnel entries/exits, when applicable.
  • the invention provides a single gateway switch having these functionalities through which all data packets may be transferred between end-users and third party service providers .
  • Fig. 2 is a block diagram of an embodiment of the gateway switch 110.
  • the end-users 102 are connected via the access interface 112 on the end-user side 212 of the gateway switch 110 to a first set of interface units 200, which are further connected to a switching unit 202.
  • the third party service providers 100 are connected via the service provider interface 116 on the service provider side 216 of the gateway switch 110 to a second set of interface units 204, which are connected to the switching unit 202 as well.
  • the switching unit 202 is also connected to at least one first stream managing unit, hereafter referred to as a Routing & Stream Manager (RSM) 206, for initiating new data streams or sessions .
  • the RSM comprises a look-up Forwarding Table 207.
  • At least one second stream managing unit is connected to the switching unit 202 for monitoring control signals and for creating e.g. delay- sensitive data streams according to the Real Time Streaming Protocol (RTSP) or Session Initiation Protocol (SIP) , both of which are well-known in the art.
  • RTSP Real Time Streaming Protocol
  • SIP Session Initiation Protocol
  • the RSM 206 and ALG 208 may be implemented in a single General Processor Unit (GPU) , not shown, also connected to the switching unit 202. Then, it is not necessary to transfer information between the RSM and the ALG via the switching unit 202. It is also possible to implement the RSM and the ALG in the interface units 200, 204.
  • Each interface unit is divided into a receiving or ingress unit 302 for receiving packets and a sending or egress unit 304 for sending packets.
  • the ingress- and egress units 302, 304 may be implemented on the same physical board for handling traffic in either direction.
  • Incoming packets 306 are identified and forwarded by the ingress unit 302 to the switching unit 202 and packets coming from the switching unit 202 are sent as outgoing packets 308 to its destination by the egress unit 304.
  • interface units 200, 204 are arranged at both the end-user side 212 and the service provider side 216 of the gateway switch 110, as mentioned above.
  • the interface units 200, 204 further comprises processors, not shown, for processing the data packets.
  • Each interface unit 200 on the end-user side 212 holds a plurality of interface identities, each being associated with a specific end-user 10-2.
  • the interface units 204 on the service provider side 216 hold interface identities linked with specific service providers 100.
  • the interface unit 200 is thus predetermined by a dedicated connection with the end-user 102, which may be a physical or a logical connection.
  • the interface unit 204 is selected according to a look-up Forwarding Table, such as the look-up Forwarding Table 207 in the RSM 206.
  • An interface identity may comprise information on the following: identities of the interface unit and the physical connection to the interface unit, and a logical channel identity such as a virtual channel identifier for ATM interfaces, a MAC address for Ethernet, a PPP link identity or an MPLS tag.
  • the ingress unit 302 may attach the associated source interface identity to the incoming packet before it is forwarded to the switching unit 202, for determining the identity of the sender of the packet .
  • the gateway switch 110 operates according to the following procedure: An incoming data packet from a sender, which may be either an end-user 102 or a third party service provider 100, is received at the ingress unit 302 of an interface unit 200, 204 on one side 212, 216 of the gateway switch 110 in a first step 400. In a next step 402, the ingress unit 302 determines whether the received data packet belongs to . an already initiated data stream or not, as will be explained below.
  • the packet is forwarded via the switching unit 202 to the egress unit 302 of an interface unit 200, 204 being assigned to the initiated data stream on the other side 216, 212 of the gateway switch 110 in step 404 for transmission to its destination.
  • the procedure then returns to step 400 for receiving the next packet.
  • step 402 determines in step 402 that a received data packet is a first packet which does not belong to an already initiated data stream, a new data stream must be initiated.
  • An associated source interface identity is then attached to the packet by the ingress unit 302 in step 405, for determining the sender of the packet.
  • the packet is then forwarded by the ingress unit 302 via the switching unit 202 to an RSM 206 in step 406.
  • the RSM 206 reads the contents of the packet, including a header and the attached source interface identity, for determining the characteristics of the new stream in step 408, which will be explained in more detail below. It should be noted that in some cases, it may be necessary to receive more than one data packet in order to determine the stream characteristics.
  • the received packet may, for example, include a service ..request from an end-user 102.
  • the RSM 2.06 initiates a new data stream in step 410 by establishing a communication route through the gateway switch 110. This is done by reserving transmission resources, including assigning and updating a pair of interface units 200, 204, one unit at either side 212, 216 of the gateway switch 110, with the determined stream characteristics . For some streams, an ALG 208 is also updated with the stream characteristics, which will be explained later.
  • transmission resources may be reserved in either one direction or both directions.
  • the gateway switch 110 is now ready to transfer data packets belonging to the initiated new data stream.
  • the packet is finally forwarded to the egress unit 304 of the assigned interface unit 200, 204 on the other side of the gateway switch 110 for transmission to its destination, after which the procedure returns to the step 400.
  • Further received data packets from the sender are thus identified by the updated receiving interface unit 200, 204 and forwarded to the updated sending interface unit 200, 204 if they match the determined stream characteristics.
  • step 4a is divided into the substeps 408.1 - 408.6 in Fig. 4b.
  • the RSM 206 When receiving a packet from an ingress unit 302 according to step 406, the RSM 206 reads the contents of the packet, including a header and the attached source interface identity. Thereby, the identity of the sender of the packet can be determined.
  • substep 408.1 it is determined whether the sender, is authorised to send the packet. If not, the packet is discarded in step 408.2. Otherwise, a forwarding decision is taken in step 408.3 which means that the destination is determined by checking a look-up Forwarding Table 207 in the RSM 206 using e.g. the destination address, type of protocol and destination port, if any, as input. This information is typically obtained from the header of the packet.
  • the Forwarding Table 207 thus provides the destination interface identity of a sending interface unit 200, 204 or, when applicable, directs the packet to an ALG 208, which will be described later.
  • the forwarding decision in step 408.3 it is determined whether the packet is allowed to be sent to its destination in step 408.4. If not, the packet is discarded in step 408.5. Otherwise, the QoS parameters to be used during the data stream are determined in step 408.6 based on the protocol, identity and subscription of the end-user, service provider agreements, and also depending on available 5 transmission resources .
  • the QoS parameters may include a required data rate, priority class, delay sensitivity etc.
  • the stream characteristics have been determined and they include the source and destination interface identities, the source and. destination addresses,
  • the procedure may then move on to the stream initiating step 410 in Fig. 4a.
  • the decision steps 408.1 and 408.4 provide controls or firewalls at two levels and may result in a decision to
  • the stream characteristics further include corresponding security parameters and/or protocols . - ... Fig. 5- illustrates schematically an exemplary security routines, e.g. authentication, encryption etc.
  • the stream characteristics further include corresponding security parameters and/or protocols . - ... Fig. 5- illustrates schematically an exemplary security routines, e.g. authentication, encryption etc.
  • the stream characteristics further include corresponding security parameters and/or protocols . - ... Fig. 5- illustrates schematically an exemplary
  • a header 502 includes various fields 504-510... containing information on the new stream.
  • the header fields may include a source IP address field 504 of the sender, a destination IP address field 506, a protocol field 508, a required QoS field 510, etc.
  • the header may further include source and destination port number fields, not shown.
  • the data packet may also contain a user data field 512 in addition to the header 502.
  • the ongoing data session is monitored by the user
  • the gateway switch 110 After it is detected that the data session is finished, the established communication route is terminated and a record is generated at the sending interface unit 200, 204 for the finished data session. If the data session involves communication of packets in both directions, a session record may be generated for each direction. Optionally, a session record may also be generated by the interface unit 200, 204 at the receiving side.
  • the end of the session may be detected in different ways, depending on the protocol used. A time-out function may be used when no matching packet has been received during a pre-set time period. The end may in some cases be detected by monitoring control signals . A last packet indication may further be included in the last packet of the session.
  • the generated session record comprises information on the data session which may include duration and quantity of transferred data as well as various quality parameters such as jitter, packet loss, a number of packets delivered in the wrong order and delay, depending on the protocol used.
  • the ingress unit 302 of each interface unit 200, 204 is preferably configured to perform the following tasks for each incoming data packet :
  • Layer 1 and layer 2 protocol termination including identification of the sender of the packet for determining the source interface identity.
  • the packet may be received over an ATM virtual channel, Ethernet, MPLS or a PPP link.
  • the packet may also be received from a security tunnel such as IP SEC.
  • the ingress unit performs authentication and decryption of the packet .
  • Stream identification The ingress unit 302 determines whether the data packet belongs to an initiated data stream or not by reading the contents of the packet including certain header fields, such as destination and source addresses, protocol, destination and source ports, depending on the protocol. Other parts of the packet may also be read, such as a user data field.
  • Traffic policing It is determined whether the data stream of the data packet is within predefined limits. If not, the packet is dropped or the data stream is reclassified to a lower priority class.
  • the ingress unit 302 is capable of forwarding incoming data packets to egress units 304, RSMs 206 or ALGs 208 as dictated by the stream identification above .
  • the switching unit 202 simply operates to switch data packets between the other units of the gateway switch
  • each interface unit 200, 204 is preferably configured to perform the following tasks for each data packet to be sent :
  • the egress unit 302 determines which data stream the packet belongs to by reading the packet contents .
  • a queue is maintained for each data stream and each packet is scheduled for output based on the transmission resources being reserved for the stream. The scheduling further depends on a priority of the stream which is set according to the QoS parameters .
  • Stream accounting Transmission characteristics of the data stream are monitored and a data session record with information on those characteristics is generated.
  • the session record may include information on session duration and quantity of transmitted data as well as quality related information such as jitter, packet loss and delay, depending on the service and the protocol used.
  • the generated data session record is used for assessing the QoS as perceived by the end-user and for charging for the delivered service . It should be noted that the stream accounting functionality may also be implemented in the ingress unit .
  • the layer 1 and layer 2 protocol framing may be a security tunnel such as IP SEC.
  • the egress unit encrypts and signs the packet .
  • the Routing and Streaming Manger RSM 206 receives data packets not belonging to any initiated data stream as described above.
  • the RSM 206 reads the packet contents including the header fields for initiating a new stream based.on stream characteristics derived therefrom.
  • the RSM 206 then either assigns and updates interface units 200, 204 with the determined stream characteristics, or forwards the packet to an ALG 208.
  • the Application Layer Gateway ALG 208 is capable of monitoring control signals and determining stream characteristics therefrom. New data streams may be initiated by the RSM 206 based on at least a first received packet for some service applications, such as web surfing. For other service applications, a certain amount of control signalling must be exchanged between the end-user and the third party service provider 100, before any user data can be transferred. Control signalling is typically performed for relatively delay-sensitive services, e.g. when using Real Time Protocol RTP for media streams or telephony, and includes a negotiation of stream parameters . The first packet thus typically includes a service request from an end-user 102.
  • the first packet including an attached destination interface identity, is therefore forwarded by the receiving interface unit 200, 204 to the RSM 206 which reads the packet contents including certain header fields and, by checking the look-up Forwarding Table 207, determines that the destination interface identity points to an ALG 208.
  • the RSM 206 then forwards the first and following packets of the control signalling to the ALG 208 which monitors the control signals for determining the stream characteristics and for initiating a new data stream.
  • the ALG 208 also assigns a sending interface unit 200, 204 and forwards each control signalling packet thereto.
  • the RSM 206 may initiate a first control data stream between the receiving interface unit 200, 204 and the ALG 208 upon receiving the first packet in a procedure similar -to the one described above in connection with Figs. 4a and 4b.
  • the RSM 206 then forwards the first packet to the ALG 208 which reads any control signalling information and forwards the packet to the sending interface unit 200, 204 for transmission to its destination.
  • Two control data streams are now initiated for the control signalling, one from the interface unit 200 on the end-user side 212 to the ALG and one from the ALG to the interface unit 204 on the service provider side 216.
  • the receiving and sending interface units 200, 204 as well as the ALG 208 have thus been updated by the RSM 206.
  • the ALG 208 now monitors the control signals being exchanged over these two control data streams, which may include negotiated stream parameters .
  • the ALG 208 orders the RSM 206 to initiate a new data stream for the actual user data and the assigned interface units 200, 204 are updated accordingly and the transfer of user data packets may begin.
  • the ALG 208 may thus monitor the control signalling and order the RSM to initiate a new stream accordingly, or the ALG may intercept the control signalling if it is detected that the end-user or the service provider violates business agreements or that no transmission resources are available.
  • the ALG 208 may also perform application layer authentication of the end-user and/or the service provider, such as verification of keys or passwords as defined in the control signalling protocol used...
  • the -ALG 208 may further also generate a record for the service invocation to be used, in addition to the session record (s) generated at the sending interface unit(s) 200, 204, for charging determination .
  • a computer program product comprising the software code means, may be directly loadable into an internal memory of the computer.
  • a computer program product may be stored on a computer usable medium, comprising readable program for causing the computer to perform the method.
  • the described embodiments of the invention thus have the advantage of enabling delivery of various services to customers from third party service providers by a single multi-service access provider, being able to monitor the delivered QoS as perceived by the customer.
  • the multiservice access provider will further be able to keep detailed records on individual packet data sessions in order to account and charge for what has actually been delivered.

Abstract

A method and gateway switch (110) for transferring data packets in a communication network between sevice providers (100) and end-users (102). The gateway switch (110) comprises a first set of interface units (200) for communicating data packets with the end-users (102) and a second set of interface units (204) for communicating data packets with the service providers (100). The gateway switch (110) further comprises at least one Routing and Stream Manger RSM (206) for initiating data streams through the gateway switch (110) and a switching unit (302) for transferring data packets. Incoming packets, not belonging to an already initiated data stream, are transferred to the RSM (206) which initiates a new data stream by assigning and updating interface units of the first and second sets of interface units (200, 204) with data stream characteristics.

Description

A method and apparatus for transferring data packets in communication networks
TECHNICAL FIELD The present invention relates generally to a method and apparatus for providing a plurality of different services from a single multi-service access provider. In particular, the invention is concerned with the switching and monitoring of digitally encoded data packets between an end-user and a third party service provider.
BACKGROUND OF THE INVENTION AND PRIOR ART
Today, the steadily increasing use of the Internet is well-known and a multitude of different access technologies are used for providing Internet access to private households as well as to small or medium sized enterprises. These access technologies typically attempt to offer a so-called "high-speed" access and the number of available technologies is also increasing. The end-users put higher demands on, and are willing to pay for, a fast access, whereas service providers are interested in offering added value to the mere service of Internet browsing, such as telephony, TV/video, on-line games, on-line transactions, etc . , in order to increase their business areas . From the end-user perspective, it would be a great advantage to obtain multiple services from a single multi-service access provider instead of subscribing to a plurality of different service providers, each having its own access method and/or medium as well as charging routines. However, this requires a number of functionalities when using a single access, method for providing a multitude of services from third party service providers, at the same time obtaining satisfying end-tb-end delivered Quality of Service (QoS) , security and charging mechanisms . There is a number of problem areas that need to be addressed in order to achieve this :
a) Charging. The charging for services should be based on the service as delivered and be relevant to the end-user rather than based on service provider costs, such as the number of transported bytes . b) Delivery. It must be verified that the service actually has been delivered with a certain known level of QoS in order to make proper charging and to deal with any end- user complaints or charging claims that may arise. c) Quality. A satisfying level of QoS, including delay confinements, must be ensured to make the offered services attractive . d) Access . In order to provide services from plural third party service providers, it is necessary to establish agreements with each of those providers regarding charging, security etc, and to define communication paths to be used. e) Security. Reliable mechanisms are needed for identification and authentication between the end-user, the multi-service access provider and the various third party service providers. During delivery of a service, the data streams must also be protected from manipulations and eavesdropping, e.g. over the Internet.
Today, there exists a multitude of solutions aiming at satisfying one or more of the above-mentioned requirements, some of which will be briefly described herein. Differentiated Services in a predefined domain aim at ensuring QoS by classifying and marking the data packets with a type of service indication. Routers along the way from the sender to the receiver will then treat those packets accordingly, e.g. by assigning the packets different priorities for queuing, etc.
Integrated Services ensure QoS by using pre-flow signalling for reserving transmission resources along the route for individual data streams . Multi Protocol Label Switching (MPLS) can be regarded as a combination of Differentiated Services and Integrated Services in that data packets of a certain data flow are classified and reserved MPLS tunnels are established in an MPLS network domain for the data stream by means of pre-flow signalling. Each tunnel is assigned a priority for achieving the required QoS .
These exemplary known methods seek to provide end- to-end QoS, including delay confinements. The data packets are transmitted end-to-end over a number of. interconnected routers or switches . The basic structure of a router includes interface units connected to a switch core.
There is also a number of available techniques within the routers for providing a required QoS . For example, it may be checked at so-called domain edge routers that a data flow entering a predefined domain does not violate any agreement or reservation. In the interface units, queues are maintained for data packets scheduled for output and further transmission to the next router.
There are also a number of known solutions directed to security, including firewalls and Virtual Private
Networks (VPNs) . A firewall operates to protect a certain domain and is basically a router using predefined rules for allowing or preventing data packets, coming from an unprotected domain, to enter the protected domain. A VPN is a private protected network logically deployed over a public network, e.g. using IP SEC or MPLS mechanisms, which are both known in the art .
Although it is possible to configure a system for providing multiple services from a single multi-service access provider by establishing various connections with third party service providers using a number of known techniques, this would involve considerable complexity since these known techniques are typically not designed to be combined with each other and to work well together side by side. It is quite difficult to integrate the separate hardware components and software programs needed into a unified and effective product/system. Hence, there is a great need for a simple and more effective solution that basically fulfils requirements for e.g. accessibility, security and quality of service .
SUMMARY OF THE INVENTION
The object of this invention is to reduce or eliminate the problems outlined above. This object and others are obtained by providing a method and apparatus for offering a variety of different services from plural third party service providers by one single multi-service access provider to end-users via an access network. The invention is implemented in a gateway switch comprising a first set of interface units for communicating data packets with the end- users, a second set of interface units for communicating data packets with the service providers, a switching unit for transferring data packets, and at least one Routing & Stream Manager RSM for initiating new data streams by establishing communication routes through the gateway switch.
An incoming data packet from a sender, which may be either an end-user or a third party service provider, is received at a receiving or ingress unit of a first interface unit which determines whether the received data packet belongs to an already initiated data stream or not. If so, the packet is forwarded to the sending or egress unit of a second interface unit, which is assigned to the initiated data stream, for transmission to its destination. If the received data packet is a first packet which does not belong to an initiated data stream, a new data stream must be initiated. In that case, the packet is forwarded to an RSM which determines the characteristics of the new stream based on the contents of the packet. In some cases, more than one packet may be needed for determining the stream characteristics. Then, the RSM initiates a new data stream by establishing a communication route through the gateway switch. This is done by reserving transmission resources including assigning and updating a pair of interface units, one unit of each set, with the determined stream characteristics.
The interface unit on the end-user side is predetermined by a dedicated connection with the end-user and the interface unit on the service provider side is selected according to a look-up Forwarding Table . The gateway switch is now ready to transfer data packets belonging to the initiated data stream. Further received data packets are thus identified by the updated interface units and transferred over the established communication route if they match the determined stream characteristics . The ongoing data session is monitored and later, when it is detected that the data session is finished, the established communication route is terminated and a record for the finished data session is generated. The generated record may include the duration of the data session and the quantity of transferred data and may further include quality parameters such as jitter, packet loss, a number of packets delivered in the wrong order and delay, depending on the protocol used.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will now be described in more detail and with reference to the accompanying drawings, in which:
- Fig. 1 is a schematic view of a communication system for providing multiple services from third party service providers to end-users .
- Fig. 2 is a block diagram of an embodiment of the gateway switch according to the invention. -- Fig. 3 is a block diagram of an exemplary interface unit. - Fig. 4a is a flow chart illustrating the steps executed in a method according to one aspect of the invention.
- Fig. 4b is a flow chart illustrating in more detail one of the steps in the flow chart of Fig. 4a.
- Fig. 5 is a schematic illustration of an exemplary data packet .
DESCRIPTION OF PREFERRED EMBODIMENTS
Fig. 1 is a schematic view of a communication system for providing multiple services from a plurality of third party service providers 100 to end-users 102. The end- users 102 may include individual households 104 or small or medium sized enterprises 106 where plural end stations, not shown, are interconnected as a Local Area Network (LAN) or a Wide Area Network (WAN) . Each end-user may have one or more terminals or end stations, such as PCs, large computers,
_ telephones, TV sets, web browsers or game stations, for receiving and/or sending information in data packets. These terminals are connected to an access network 108 using an access method appropriate for the respective terminal .
The network 108 may be configured to operate with a single access method or may be capable of using a plurality of different access methods. The access methods may be based on wireline or wireless transmissions and may use any technique for multiplexing etc. The invention is thus not limited to the use of any particular terminals or access methods . The access network 108 is further connected to a gateway switch 110 over an access interface 112. According to one aspect of the invention, all communication between the end-users 102 and the third party service providers 100 is directed through the gateway switch 110, thus enabling the controlling and monitoring of data streams by the multiservice access provider.
The gateway switch 110 is connected via a service provider interface 116 to each of the third party service providers 100, either over dedicated connections or over an IP backbone network 114, such as the Internet. Each of the interfaces 112, 116 may be any packet based interface, such as IP over ATM, Packet over SONET, MPLS or Gigabit Ethernet.
Each service provider 100 may use a Virtual Private Network VPN 118 associated with the service provider 100 as an overlaid protected network on the backbone network 114. In that case, the gateway switch 110 is considered as a part of the VPN 118. Furthermore, one or more of the third party service providers 100 may be a further multi-service access provider, e.g. equipped with a gateway switch similar to the gateway switch 110.
If previously available techniques were to be used by a multi-service access provider in order to act as a retailer of the plural services, it would be necessary to employ a plurality of different switches or routers including firewalls, configured for specific third party service providers and/or end-users. The firewalls must be able to identify and authenticate each end-user and service provider by applying rules based on various profiles. The routers and firewalls must, in addition to having the required security functionalities, also be capable of tracking transmission sessions for generating detailed information as a basis for charging. Further, functionality must also be provided for VPN tunnel entries/exits, when applicable. The invention provides a single gateway switch having these functionalities through which all data packets may be transferred between end-users and third party service providers .
Fig. 2 is a block diagram of an embodiment of the gateway switch 110. The end-users 102 are connected via the access interface 112 on the end-user side 212 of the gateway switch 110 to a first set of interface units 200, which are further connected to a switching unit 202. The third party service providers 100 are connected via the service provider interface 116 on the service provider side 216 of the gateway switch 110 to a second set of interface units 204, which are connected to the switching unit 202 as well. The switching unit 202 is also connected to at least one first stream managing unit, hereafter referred to as a Routing & Stream Manager (RSM) 206, for initiating new data streams or sessions . The RSM comprises a look-up Forwarding Table 207. Preferably, also at least one second stream managing unit, hereafter referred to as an Application Layer Gateway (ALG) 208, is connected to the switching unit 202 for monitoring control signals and for creating e.g. delay- sensitive data streams according to the Real Time Streaming Protocol (RTSP) or Session Initiation Protocol (SIP) , both of which are well-known in the art. Alternatively, the RSM 206 and ALG 208 may be implemented in a single General Processor Unit (GPU) , not shown, also connected to the switching unit 202. Then, it is not necessary to transfer information between the RSM and the ALG via the switching unit 202. It is also possible to implement the RSM and the ALG in the interface units 200, 204. In Fig. 3, an exemplary interface unit 200, 204 is illustrated in more detail. Each interface unit is divided into a receiving or ingress unit 302 for receiving packets and a sending or egress unit 304 for sending packets. The ingress- and egress units 302, 304 may be implemented on the same physical board for handling traffic in either direction. Incoming packets 306 are identified and forwarded by the ingress unit 302 to the switching unit 202 and packets coming from the switching unit 202 are sent as outgoing packets 308 to its destination by the egress unit 304. It should be noted that interface units 200, 204 are arranged at both the end-user side 212 and the service provider side 216 of the gateway switch 110, as mentioned above. The interface units 200, 204 further comprises processors, not shown, for processing the data packets. Each interface unit 200 on the end-user side 212 holds a plurality of interface identities, each being associated with a specific end-user 10-2. Correspondingly, the interface units 204 on the service provider side 216 hold interface identities linked with specific service providers 100. For each end-user, the interface unit 200 is thus predetermined by a dedicated connection with the end-user 102, which may be a physical or a logical connection. For a service provider 100, the interface unit 204 is selected according to a look-up Forwarding Table, such as the look-up Forwarding Table 207 in the RSM 206.
An interface identity may comprise information on the following: identities of the interface unit and the physical connection to the interface unit, and a logical channel identity such as a virtual channel identifier for ATM interfaces, a MAC address for Ethernet, a PPP link identity or an MPLS tag. When receiving a data packet from a sender, the ingress unit 302 may attach the associated source interface identity to the incoming packet before it is forwarded to the switching unit 202, for determining the identity of the sender of the packet .
With reference, to -the flow chart of. Fig. 4a, the gateway switch 110 operates according to the following procedure: An incoming data packet from a sender, which may be either an end-user 102 or a third party service provider 100, is received at the ingress unit 302 of an interface unit 200, 204 on one side 212, 216 of the gateway switch 110 in a first step 400. In a next step 402, the ingress unit 302 determines whether the received data packet belongs to . an already initiated data stream or not, as will be explained below. If it does, the packet is forwarded via the switching unit 202 to the egress unit 302 of an interface unit 200, 204 being assigned to the initiated data stream on the other side 216, 212 of the gateway switch 110 in step 404 for transmission to its destination. The procedure then returns to step 400 for receiving the next packet.
If the ingress unit 302 determines in step 402 that a received data packet is a first packet which does not belong to an already initiated data stream, a new data stream must be initiated. An associated source interface identity is then attached to the packet by the ingress unit 302 in step 405, for determining the sender of the packet. The packet is then forwarded by the ingress unit 302 via the switching unit 202 to an RSM 206 in step 406.
The RSM 206 reads the contents of the packet, including a header and the attached source interface identity, for determining the characteristics of the new stream in step 408, which will be explained in more detail below. It should be noted that in some cases, it may be necessary to receive more than one data packet in order to determine the stream characteristics.
The received packet may, for example, include a service ..request from an end-user 102. Then,, the RSM 2.06 initiates a new data stream in step 410 by establishing a communication route through the gateway switch 110. This is done by reserving transmission resources, including assigning and updating a pair of interface units 200, 204, one unit at either side 212, 216 of the gateway switch 110, with the determined stream characteristics . For some streams, an ALG 208 is also updated with the stream characteristics, which will be explained later.
Depending on the stream characteristics, transmission resources may be reserved in either one direction or both directions. The gateway switch 110 is now ready to transfer data packets belonging to the initiated new data stream. In the next step 412, the packet is finally forwarded to the egress unit 304 of the assigned interface unit 200, 204 on the other side of the gateway switch 110 for transmission to its destination, after which the procedure returns to the step 400. Further received data packets from the sender are thus identified by the updated receiving interface unit 200, 204 and forwarded to the updated sending interface unit 200, 204 if they match the determined stream characteristics. •- With reference to Fig. 4b, the step 408 of determining stream characteristics by the RSM 206 in Fig. 4a will now be explained in more detail. Thus, the step 408 in Fig. 4a is divided into the substeps 408.1 - 408.6 in Fig. 4b. When receiving a packet from an ingress unit 302 according to step 406, the RSM 206 reads the contents of the packet, including a header and the attached source interface identity. Thereby, the identity of the sender of the packet can be determined. In substep 408.1, it is determined whether the sender, is authorised to send the packet. If not, the packet is discarded in step 408.2. Otherwise, a forwarding decision is taken in step 408.3 which means that the destination is determined by checking a look-up Forwarding Table 207 in the RSM 206 using e.g. the destination address, type of protocol and destination port, if any, as input. This information is typically obtained from the header of the packet. The Forwarding Table 207 thus provides the destination interface identity of a sending interface unit 200, 204 or, when applicable, directs the packet to an ALG 208, which will be described later. After the forwarding decision in step 408.3, it is determined whether the packet is allowed to be sent to its destination in step 408.4. If not, the packet is discarded in step 408.5. Otherwise, the QoS parameters to be used during the data stream are determined in step 408.6 based on the protocol, identity and subscription of the end-user, service provider agreements, and also depending on available 5 transmission resources . The QoS parameters may include a required data rate, priority class, delay sensitivity etc. After this step 408.6, the stream characteristics have been determined and they include the source and destination interface identities, the source and. destination addresses,
10 source and destination ports when applicable, the protocol and the determined QoS parameters . The procedure may then move on to the stream initiating step 410 in Fig. 4a.
The decision steps 408.1 and 408.4 provide controls or firewalls at two levels and may result in a decision to
15 apply certain security routines, e.g. authentication, encryption etc. In that case, the stream characteristics further include corresponding security parameters and/or protocols . - ... Fig. 5- illustrates schematically an exemplary
20 incoming data packet 500 wherein a header 502 includes various fields 504-510... containing information on the new stream. The header fields may include a source IP address field 504 of the sender, a destination IP address field 506, a protocol field 508, a required QoS field 510, etc.
25 Depending on the protocol, the header may further include source and destination port number fields, not shown. The data packet may also contain a user data field 512 in addition to the header 502.
The ongoing data session is monitored by the
30 interface unit 200 , 204 at the sending side of the gateway switch 110. Later, when it is detected that the data session is finished, the established communication route is terminated and a record is generated at the sending interface unit 200, 204 for the finished data session. If the data session involves communication of packets in both directions, a session record may be generated for each direction. Optionally, a session record may also be generated by the interface unit 200, 204 at the receiving side. The end of the session may be detected in different ways, depending on the protocol used. A time-out function may be used when no matching packet has been received during a pre-set time period. The end may in some cases be detected by monitoring control signals . A last packet indication may further be included in the last packet of the session. The generated session record comprises information on the data session which may include duration and quantity of transferred data as well as various quality parameters such as jitter, packet loss, a number of packets delivered in the wrong order and delay, depending on the protocol used.
With reference to Figs . 2 and 3 , exemplary functionalities of the components in the gateway switch.110 will now be described in more detail .
The ingress unit 302 of each interface unit 200, 204 is preferably configured to perform the following tasks for each incoming data packet :
1. Layer 1 and layer 2 protocol termination, including identification of the sender of the packet for determining the source interface identity. The packet may be received over an ATM virtual channel, Ethernet, MPLS or a PPP link. The packet may also be received from a security tunnel such as IP SEC. In this case, the ingress unit performs authentication and decryption of the packet . 2. Stream identification. The ingress unit 302 determines whether the data packet belongs to an initiated data stream or not by reading the contents of the packet including certain header fields, such as destination and source addresses, protocol, destination and source ports, depending on the protocol. Other parts of the packet may also be read, such as a user data field.
3. Traffic policing. It is determined whether the data stream of the data packet is within predefined limits. If not, the packet is dropped or the data stream is reclassified to a lower priority class.
4. Stream forwarding. The ingress unit 302 is capable of forwarding incoming data packets to egress units 304, RSMs 206 or ALGs 208 as dictated by the stream identification above .
The switching unit 202 simply operates to switch data packets between the other units of the gateway switch
110 and may be any type, such as x shared memory' or ' cross bar' . . ._ . . _. The egress unit 402 of each interface unit 200, 204 is preferably configured to perform the following tasks for each data packet to be sent :
1. Stream identification. The egress unit 302 determines which data stream the packet belongs to by reading the packet contents .
2. Traffic management. A queue is maintained for each data stream and each packet is scheduled for output based on the transmission resources being reserved for the stream. The scheduling further depends on a priority of the stream which is set according to the QoS parameters .
3. Stream accounting. Transmission characteristics of the data stream are monitored and a data session record with information on those characteristics is generated. The session record may include information on session duration and quantity of transmitted data as well as quality related information such as jitter, packet loss and delay, depending on the service and the protocol used. The generated data session record is used for assessing the QoS as perceived by the end-user and for charging for the delivered service . It should be noted that the stream accounting functionality may also be implemented in the ingress unit .
4. Layer 1 and layer 2 protocol framing. The layer 2 protocol to be used may be a security tunnel such as IP SEC. In this case, the egress unit encrypts and signs the packet . The Routing and Streaming Manger RSM 206 receives data packets not belonging to any initiated data stream as described above. The RSM 206 reads the packet contents including the header fields for initiating a new stream based.on stream characteristics derived therefrom. The RSM 206 then either assigns and updates interface units 200, 204 with the determined stream characteristics, or forwards the packet to an ALG 208.
The Application Layer Gateway ALG 208 is capable of monitoring control signals and determining stream characteristics therefrom. New data streams may be initiated by the RSM 206 based on at least a first received packet for some service applications, such as web surfing. For other service applications, a certain amount of control signalling must be exchanged between the end-user and the third party service provider 100, before any user data can be transferred. Control signalling is typically performed for relatively delay-sensitive services, e.g. when using Real Time Protocol RTP for media streams or telephony, and includes a negotiation of stream parameters . The first packet thus typically includes a service request from an end-user 102. The first packet, including an attached destination interface identity, is therefore forwarded by the receiving interface unit 200, 204 to the RSM 206 which reads the packet contents including certain header fields and, by checking the look-up Forwarding Table 207, determines that the destination interface identity points to an ALG 208. The RSM 206 then forwards the first and following packets of the control signalling to the ALG 208 which monitors the control signals for determining the stream characteristics and for initiating a new data stream. The ALG 208 also assigns a sending interface unit 200, 204 and forwards each control signalling packet thereto.
Alternatively, the RSM 206 may initiate a first control data stream between the receiving interface unit 200, 204 and the ALG 208 upon receiving the first packet in a procedure similar -to the one described above in connection with Figs. 4a and 4b. The RSM 206 then forwards the first packet to the ALG 208 which reads any control signalling information and forwards the packet to the sending interface unit 200, 204 for transmission to its destination. There are then two possible scenarios: 1) no second control data stream exists between the ALG and the sending interface unit 200, 204, wherein the packet is returned to the RSM 206 with an order to initiate the second stream. 2) a second control data stream already exists and the packet may be forwarded to the assigned sending interface unit 200, 204 accordingly. Two control data streams are now initiated for the control signalling, one from the interface unit 200 on the end-user side 212 to the ALG and one from the ALG to the interface unit 204 on the service provider side 216. The receiving and sending interface units 200, 204 as well as the ALG 208 have thus been updated by the RSM 206. The ALG 208 now monitors the control signals being exchanged over these two control data streams, which may include negotiated stream parameters . After the control signalling has been monitored, the ALG 208 orders the RSM 206 to initiate a new data stream for the actual user data and the assigned interface units 200, 204 are updated accordingly and the transfer of user data packets may begin.
The ALG 208 may thus monitor the control signalling and order the RSM to initiate a new stream accordingly, or the ALG may intercept the control signalling if it is detected that the end-user or the service provider violates business agreements or that no transmission resources are available. The ALG 208 may also perform application layer authentication of the end-user and/or the service provider, such as verification of keys or passwords as defined in the control signalling protocol used... The -ALG 208 may further also generate a record for the service invocation to be used, in addition to the session record (s) generated at the sending interface unit(s) 200, 204, for charging determination .
The various methods and steps described above may be performed by a software code means running on computers, not shown, in the gateway switch (110) . A computer program product, comprising the software code means, may be directly loadable into an internal memory of the computer. Alternatively, a computer program product may be stored on a computer usable medium, comprising readable program for causing the computer to perform the method. The described embodiments of the invention thus have the advantage of enabling delivery of various services to customers from third party service providers by a single multi-service access provider, being able to monitor the delivered QoS as perceived by the customer. The multiservice access provider will further be able to keep detailed records on individual packet data sessions in order to account and charge for what has actually been delivered. While the invention has been described with reference to specific exemplary embodiments, the description is only intended to illustrate the inventive concept and should not be taken as limiting the scope of the invention. Various alternatives, modifications and equivalents may be used without departing from the spirit of the invention, which is defined by the appended claims .

Claims

1. A method of transferring data packets in a communication network between a service provider (100) and an end-user (102) in a gateway switch providing services by a multiservice access provider, the gateway switch comprising a plurality of interface units to which a plurality of third party service providers and a plurality of end- users are connected, characterised by the steps of: - receiving a first data packet from a sender, the packet comprising information in a header, determining data stream characteristics based on the data packet contents including the header information, initiating a data stream in the gateway switch (110) for a data session, by reserving transmission resources including assigning and updating a receiving interface unit (200, 204) and a sending interface unit (200, 204) with the determined data stream characteristics for receiving and sending data packets of the data stream, and transferring further data packets that match the determined data stream characteristics over the assigned and updated interface units (200, 204) during the data session.
A method according to claim 1, characterised by the further step of attaching a source interface identity to the packet after receiving the packet, for determining the identity of the sender.
A method according to claim 1 or 2, characterised in that the data packets are transferred between the receiving and sending interface units (200, 204) over a switching unit (202) .
.- A method according to any of claims 1 - 3 , characterised in that the data packets are received by an ingress unit (302) of the receiving interface unit (200, 204), and are sent by an egress unit (304) of the sending interface unit (200, 204) .
5. A method according to any of claims 1 - 4, characterised by the further step of : scheduling each data packet for output from the sending interface unit (200, 204) based on the reserved transmission resources .
6. A method according to any of claims 1 - 5, characterised in that the determined data stream characteristics include at least one of : source and destination interface identities, source and destination addresses, source and destination ports, protocol, Quality of Service parameters, and security parameters.
7. A method according to any of claims 1 - 6, characterised in that the steps of determining data stream characteristics and initiating the data stream are performed by a Routing and Stream Manager RSM (206) .
8. A method according to claim 7, characterised in that the data stream characteristics are determined by reading the packet contents including the header information and a source interface identity attached to the packet, and by checking a look-up Forwarding Table (207) in the RSM (206) .
9. A method according to claim 8, characterised in that the assigned and updated interface unit (200) on the end-user side is predetermined by a physical or logical dedicated connection with the end-user, and that the assigned and updated interface unit (204) on the service provider side is selected according to the look-up Forwarding Table (207) .
10.A method according to any of claims 1 - 7, characterised in that the step of determining data stream characteristics is performed by an Application Layer Gateway ALG (208) by monitoring control signals between the service provider (100) and the end-user (102) .
11.A method according to claim 10, characterised in that the control signals are monitored by. initiating a first. control data stream from the receiving interface unit (200, 204) to the ALG (208) and a second control data stream from the ALG (208) to the sending interface unit (200, 204) .
12.A method according to claim 10 or 11, characterised in that the monitored control signals include negotiated stream parameters.
13.A method according to any of claims 1 - 12, characterised in that the step of transferring data packets comprises the substeps of : - receiving a stream of data packets, reading the contents of each data packet including the header information, and comparing the read contents to the determined data stream characteristics .
14.A method according to claim 13, characterised in that the receiving, reading and comparing substeps are performed by the receiving interface unit (200, 204) .
15.A method according to any of claims 1 - 14, characterised in that the step of determining data stream characteristics comprises the substeps of: determining whether the sender is authorised to send the packet, and - determining whether the packet is allowed to be sent to its destination.
16.A method according to any of claims 1 - 15, characterised by the further steps of : - terminating the initiated data stream in response to detecting that the data session is finished, and generating a record for the finished data session.
17.A method according to claim 16, characterised in that the step of generating the session record is performed by at least the sending interface unit (200, 204) .
18.A method according to claim 16 or 17, characterised in that the generated session record includes a session duration and a quantity of transferred data.
19.A method according to claim 18, characterised in that the generated session record further includes information on at least one of: jitter, packet loss, number of packets delivered in the wrong order and delay.
20.A method of transferring data packets in a gateway switch (110) between a service provider (100) and an end-user (102) , wherein the gateway switch provides services by a multi-service access provider and comprises a plurality of interface units to which a plurality of third party service providers and a plurality of end-users are connected, characterised by the steps of: receiving a first data packet from a sender, the packet comprising information in a header, - detecting that the packet does not belong to an already initiated data stream, attaching a source interface identity to the packet, initiating a data stream through the gateway switch (110) based on the data packet contents including the header information and the attached source interface identity.
21.A method according to claim 20, characterised in that the data packet includes a service request and is received from the end-user (102) over an access network (108) .
22.A method according to claim 20 or 21, characterised in that the data stream is initiated by assigning and updating a receiving interface unit (200, 204) and a sending interface unit (200, 204) for receiving and sending data packets of the data stream in the gateway switch (110) , wherein the interface units (200, 204) are updated with data stream characteristics .
23.A method according to claim 22, characterised in that the data stream characteristics are based on the data packet contents including the header information and the attached source interface identity.
24.A gateway switch (110) for providing services by a multiservice access provider and for transferring data packets between third party service providers (100) and end-users (102) , characterised in that the gateway switch (110) comprises : a first set of interface units (200) for communicating data packets with the end-users (102) , a second set of interface units (204) for communicating data packets with the third party service providers (100), a switching unit (302) for transferring data packets, and - means for transferring data packets, being detected as belonging to an initiated data stream, between a first interface unit (200) of the first set and a second interface unit (204) of the second set via the switching unit (302) , wherein the first and second interface units (200, 204) are assigned to the initiated data stream and updated with characteristics of the initiated data stream.
25.A gateway switch (110) according to claim 24, characterised in that the interface units (200) of the first set hold interface identities associated with specific end-users (102) , and that the interface units (204) of the second set hold interface identities linked with specific service providers (100) .
26.A gateway switch (110) according to claim 25, characterised in that each interface unit (200, 204) includes an ingress unit (302) for receiving incoming data packets and an egress unit (304) for sending data packets to their destination.
27.A gateway switch (110) according to any of claims 24 - 26, characterised in that the gateway switch (110) comprises at least one Routing and Stream Manager RSM (206) for initiating data streams through the gateway switch (110) by assigning and updating interface units (200, 204) of the first and second sets with characteristics of the data streams.
28.A gateway switch (110) according to claim 27, characterised in that the RSM (206) comprises a look-up Forwarding Table (207) for determining the data stream characteristics .
29.A gateway switch (110) according to any of claims 25 - 28, characterised in that the gateway switch (110) comprises at least one Application Layer Gateway ALG
(208) for monitoring control signals between the service provider (100) and the end-user (102) in order to determine, the data stream characteristics.
30. computer program product directly loadable into the internal memory of a computer in a gateway switch (110) comprising software code means for performing the method of any of the claims 1-23.
31.A computer program product stored on a computer usable medium, comprising readable program for causing a computer in a gateway switch (110) to perform the method of any of the claims 1-23.
PCT/SE2002/000356 2001-03-01 2002-02-28 A method and apparatus for transferring data packets in communication networks WO2002071697A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2002233902A AU2002233902B2 (en) 2001-03-01 2002-02-28 A method and apparatus for transferring data packets in communication networks
EP02700969A EP1374487A1 (en) 2001-03-01 2002-02-28 A method and apparatus for transferring data packets in communication networks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0100708A SE523330C2 (en) 2001-03-01 2001-03-01 Method, network port and computer software product for transmitting data packets in communication networks
SE0100708-7 2001-03-01

Publications (1)

Publication Number Publication Date
WO2002071697A1 true WO2002071697A1 (en) 2002-09-12

Family

ID=20283183

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2002/000356 WO2002071697A1 (en) 2001-03-01 2002-02-28 A method and apparatus for transferring data packets in communication networks

Country Status (4)

Country Link
EP (1) EP1374487A1 (en)
AU (1) AU2002233902B2 (en)
SE (1) SE523330C2 (en)
WO (1) WO2002071697A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5088032A (en) * 1988-01-29 1992-02-11 Cisco Systems, Inc. Method and apparatus for routing communications among computer networks
US5548731A (en) * 1993-01-13 1996-08-20 International Business Machines Corporation System for forwarding data packets with different formats to different software entitles respectively based upon match between portion of data packet and filter
US5706507A (en) * 1995-07-05 1998-01-06 International Business Machines Corporation System and method for controlling access to data located on a content server
US6111877A (en) * 1997-12-31 2000-08-29 Cisco Technology, Inc. Load sharing across flows
WO2001005098A1 (en) * 1999-07-09 2001-01-18 Malibu Networks, Inc. Tcp/ip packet-centric wireless transmission system architecture

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5088032A (en) * 1988-01-29 1992-02-11 Cisco Systems, Inc. Method and apparatus for routing communications among computer networks
US5548731A (en) * 1993-01-13 1996-08-20 International Business Machines Corporation System for forwarding data packets with different formats to different software entitles respectively based upon match between portion of data packet and filter
US5706507A (en) * 1995-07-05 1998-01-06 International Business Machines Corporation System and method for controlling access to data located on a content server
US6111877A (en) * 1997-12-31 2000-08-29 Cisco Technology, Inc. Load sharing across flows
WO2001005098A1 (en) * 1999-07-09 2001-01-18 Malibu Networks, Inc. Tcp/ip packet-centric wireless transmission system architecture

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HORNBACH B.H. ET AL.: "The 5ESS international gateway exchange: A unique introduction in the international network", INTERNATIONAL CONFERENCE ON COMMUNICATIONS, 1991. ICC'91, CONFERENCE RECORD, vol. 2, 23 June 1991 (1991-06-23) - 26 June 1991 (1991-06-26), pages 993 - 1001, XP002950442 *
JONES A.: "Proxy servers vs. firewalls", February 2000 (2000-02-01), XP002950443, Retrieved from the Internet <URL:http://www.iisadministrator.com/Articles/Print.cfm?ArticleID> [retrieved on 20011109] *

Also Published As

Publication number Publication date
SE0100708D0 (en) 2001-03-01
AU2002233902B2 (en) 2006-06-29
SE523330C2 (en) 2004-04-13
EP1374487A1 (en) 2004-01-02
SE0100708L (en) 2002-09-02

Similar Documents

Publication Publication Date Title
US8542592B2 (en) Managing a network flow using application classification information and active signaling relay
US7209473B1 (en) Method and apparatus for monitoring and processing voice over internet protocol packets
CA2296213C (en) Distributed subscriber management
US7649890B2 (en) Packet forwarding apparatus and communication bandwidth control method
US20040223498A1 (en) Communications network with converged services
Braun et al. Virtual private network architecture
US20070147243A1 (en) Method and system for guaranteeing end-to-end quality of service
EP2636188B1 (en) Apparatus and methods for multimode internetworking connectivity
US7843944B2 (en) System and method to provide multiple private networks using MPLS
KR20000076720A (en) Providing quality of service in layer two tunneling protocol networks
WO2004014045A1 (en) Service class dependant asignment of ip addresses for cotrolling access to an d delivery of e-sevices
AU2002233902B2 (en) A method and apparatus for transferring data packets in communication networks
Pujolle Management, control and evolution of IP networks
AU2002233902A1 (en) A method and apparatus for transferring data packets in communication networks
Wood et al. Network quality of service for the enterprise: A broad overview
Balmer et al. Virtual Private Network and Quality of Service Management Implementation
Miloucheva et al. QoS Roadmap
Armengol et al. D A1. 2-Network Requirements for multi-service access
SER The ABCsof Cisco IOS Software Networking the
Boava et al. A Methodology to Build VPN IP MPLS with Performance and Quality of Service
Billard et al. Virtual Private Network Architecture
MULLER RESOURCE MANAGEMENT ARCHITECTURE FOR REALTIME TRAFFIC IN INTRANETS
Abade Realization of Multipoint Communication over the Internet using XCAST
de Comunicaçoes WiMAX QoS
Chowdhury IP and Policy Services

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2002700969

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2002233902

Country of ref document: AU

Ref document number: 1265/KOLNP/2003

Country of ref document: IN

WWP Wipo information: published in national office

Ref document number: 2002700969

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Ref document number: JP