EP1738521A1 - System zur dynamischen steuerung eines ip-netzwerks - Google Patents

System zur dynamischen steuerung eines ip-netzwerks

Info

Publication number
EP1738521A1
EP1738521A1 EP05717068A EP05717068A EP1738521A1 EP 1738521 A1 EP1738521 A1 EP 1738521A1 EP 05717068 A EP05717068 A EP 05717068A EP 05717068 A EP05717068 A EP 05717068A EP 1738521 A1 EP1738521 A1 EP 1738521A1
Authority
EP
European Patent Office
Prior art keywords
network
users
user
component
control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP05717068A
Other languages
English (en)
French (fr)
Inventor
Roland THALES SCHUTZ
Joseph THALES BORMANS
Reinhard THALES MEHNER
Mohamed THALES EL BAHRI
Knut THALES LILLEGRAVEN
Denis THALES GOURLAOUEN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales SA
Original Assignee
Thales SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thales SA filed Critical Thales SA
Publication of EP1738521A1 publication Critical patent/EP1738521A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/508Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement
    • H04L41/5096Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement wherein the managed service relates to distributed or central networked applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5061Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the interaction between service providers and their network customers, e.g. customer relationship management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the invention relates to a system for controlling the equipment present in a telecommunications network, taking into account in particular the constraints of mobility, security and quality of service of the users connected to the network and taking into account the quality of service requests. which can be expressed dynamically by a user via a signaling protocol.
  • the system is particularly intended for the control of the equipment present in a network based on the standards of the Internet protocol or IP for short (Internet Protocol in Anglo-Saxon language) and Ethernet.
  • the equipment is for example: o Level 2 switches, o Adaptation functions to the transmission medium, o IP routers, o Firewall systems, o Telephone communication management functions, o Communication functions message transfer, o Content distribution functions.
  • the object of the present invention is in particular a system capable of controlling, via interfaces designated IP-S, a whole assembly composed of IP-S components.
  • IP-S designates a service-oriented architecture.
  • the system control plan thus obtained, takes into account in particular the dynamics present in telecommunications systems linked in particular: o user mobility (authentication and service affiliations), o quality of service requests transmitted by users of the telecommunications, o the availability of system resources.
  • the invention relates to a system making it possible to dynamically control equipment present in a communications system taking into account the present dynamicities linked at least to the mobility of users. It is characterized in that it comprises at least one control module comprising at least: o a control block comprising: o an ACS control component adapted to process the authentication of users connected to the network, the dynamic configuration of IP addresses, management of authorizations for user service requests, configuration of network components according to authenticated users, o a LOC control component adapted to process the user affiliation process, server mobility, user location , and the application routing of the services, o a QSM control component adapted to process the management of the quality of service on the network arteries, o a block comprising one or more of the following elements: a component of the different user services, the components networks, a component for connectivity to external entities.
  • the system according to the invention has the following advantages in particular: o it makes it possible to control the behavior of telecommunications systems according to the connected users by processing the following functions: authentication and authorization, configuration of the equipment according to the connected users, resource management according to the services requested by users and mobility, o the components specified by the system do not redefine the existing standard interfaces, o the system control plan automatically configures the network equipment according to: connected users, available resources, requests for users in quality of service or QoS and in protection, o the organization of the system control plan according to the invention also allows the development of specific functionalities not present in the standards and in the equipment conforming to these standards, o the control plan system is generic, it allows to control many equipments of the market (COTS) thanks to the implementation of a generic protocol allowing the control of equipments of the network.
  • COTS equipments of the market
  • FIG. 1 showing the general organization of a component IP-S type
  • o Figure 2 a diagram of the different functions of the components in the IP-S organization
  • o Figure 3 a diagram showing an example of the IP-S control interfaces
  • o Figure 4 a diagram of the authentication steps
  • o Figure 5 a diagram of affiliation of a user to the service
  • Figure 6 a flow diagram showing the location mechanisms following the affiliation presented in Figure 5, o Figure 7, an example of a user location procedure on a network.
  • Figure 1 shows an example of the general organization of an IP-S component.
  • the service-oriented or IP-S components according to the invention are composed for example: o of a basic commercial product with interfaces processing the user plane and / or the control plane and having a native management interface, interface forming part integral of the commercial product, o of software, controlled through the IP-S interface which controls the behavior of the product and which constitutes the IP-S added value.
  • the latter can be of various types: o control of other components (control of call routing, filtering control, etc.), o interfaces with components processing system control, o additional functionalities not present in the equipment of trade and responding to a need of a given customer, usually designated by the Anglo-Saxon expression add-on (ad hoc routing, specific management, ).
  • IP-S architecture by domain comprising the following functionalities: o network module (communication, routing, filtering, adaptation to transport on the arteries, encryption and also adaptation for the transport of messages), o user services module (messaging, data distribution and replication, multimedia communications management, etc.), o interconnection with non-IP-S entities, o interconnection with non-IP-S networks (telephony, messaging), o connection of non-IP-S terminals to an IP-S network (telephone, messaging), o interconnection of non-IP-S networks via an IP-S network (tunneling), o system control (QSM resource management, authentication and ACS authorization, LOC mobility management, system configuration according to connected users).
  • o network module communication, routing, filtering, adaptation to transport on the arteries, encryption and also adaptation for the transport of messages
  • o user services module messagesaging, data distribution and replication, multimedia communications management, etc.
  • o interconnection with non-IP-S entities o interconnection with non-IP-S networks (telephony, messaging), o
  • the architecture of the IP-S system according to the invention is based in particular on a breakdown into components each having a precise definition of the functionalities provided and of the interfaces allowing the interconnection of the components together to form a system.
  • This architecture comprises for example 4 blocks whose functionalities are detailed further on in the description: o a system control block I comprising the ACS module, the LOC module, the QSM module, o a II block comprising the various user services (IP components -S communication services), o a block III comprising the network components, o a block IV comprising the connectivity to non-IP-S entities.
  • the L2P component deals with: switching, QoS level 2 quality of service management, link management protocols known by the Anglo-Saxon designation "Spanning tree”, aggregation of links, transmissions from a transmitter point to a receiver or “unicast” and from one transmitter to several receivers or “broadcast”, authentication protocols, etc.
  • the L3P component deals with: Unicast routing and the routing of one or more transmitters to one or more receivers or “Multicast”, management of QoS DiffServ quality of service, address translations, management of IP tunnel, flow redirection, etc.
  • the FRW component is used to define secure zones in a network. The FRW component processes filtering at the packet level, at the connection level, and also processes filtering at the application level.
  • the TAD component specifies the functional adaptations required for the transport of IP flows over transport subnetworks
  • the IPZ component secures the interconnection of classified LANs with the same level of security.
  • the MTG component specifies the functional adaptations required for the transport of IP-S messages on a non-IP-S network. This component is mainly used for the transport of messages on constrained networks. The protocols used are those specified for this type of transport. IP-S components communication services
  • the CDS component is responsible for the distribution of content via the core networks constrained. These networks are constrained by the available bandwidth, the high transmission latency, the level of security required on these networks, the transmission error rates, etc.
  • the MSG component is in charge of the IP-S messaging system. This system is based on IETF standards.
  • the LCC component is in charge of controlling multimedia communications, and in particular this component is the application platform for telephony systems with a view to providing advanced telephony services.
  • Components for interconnection with non-IP-S systems The GTW component deals with the interconnection of IP-S voice services with voice services of other external networks. The establishment of communications is controlled by the LCC component.
  • the MGW component processes interconnection of IP-S messaging services with messaging services of other networks external (ACP127 or Allied Communication Publication Number 127, MMHS, ...)
  • the TUN component provides a support service allowing interconnection of non-IP-S network elements via an IP-S infrastructure.
  • the IAD component is used to connect conventional telephone terminals to an IP-S telephony system.
  • the MAG component is used to connect non-IP-S messaging terminals to an IP-S messaging system. Via the MAG component, these terminals will be able to access a mailbox hosted by the MSG component.
  • Control components interact with the components described above, for example, based on logged in and authenticated users, the location of users, and user service requests.
  • the control components are:
  • the ACS component which processes: authentication of users connected to the network, dynamic configuration of IP addresses, management of authorizations for user service requests, configuration of components according to authenticated users ( QoS quality of service rules, filtering rules, ).
  • the ACS component also makes it possible to control the rights of access and / or use to a service, for example, the transmission of a message. This verification can be carried out at the emission source, at reception, etc.
  • the ACS component also allows time synchronization of each clock in each terminal, as well as the devices implemented in the network and in data transmission.
  • the LOC component which deals with: the user affiliation process, server mobility, user localization, and application routing of services.
  • the QSM component which deals with the management of quality of service on the arteries of the constrained core network: by allocation of resources according to the needs expressed by the network users, and by management pre-emption of communications if more important communications must be able to be established.
  • the interfaces between the components convey the requests and the responses transmitted in the system control plane.
  • IP-S interfaces These are the IP-S interfaces. These interfaces allow the control components to control: o the functioning of the system, namely the configuration of the system according to the connected users (ACS to L2P, L3P, FRW).
  • the user database is communicated to ACS via the Management ACS interface. o the use made of the system by connected users, in particular: • controlling the communication rights available to subscribers (via the ACS interfaces to CDS, MSG, LCC), “locating the users and the servers connecting these users ( via LOC interfaces to CDS, MSG, LCC).
  • the location of servers and users is done through exchanges carried out on the LOC LOC interface is the use of system resources by users based on the importance of communication (via the QSM and interfaces to L3P.TAD via QSM to QSM and LCC to LCC interfaces).
  • IP-S or IP-S management The behavior of the various components is controlled by the interfaces via IP-S.
  • the ACS component is controlled by the manager.
  • the ACS component then controls all the other components because it knows the components present in the system, the IP-S configuration of each component, the users who are connected to the network or who could be connected to the network.
  • Data management is shared in a first step between the network management system and the ACS component which stores the information in a local database.
  • the information shared with the network management system concerns the level of service (user profiles, groups of users, ...) the network level (filtering, ...) and also the profiles assigned to the components (device profiles, interface configuration, etc.).
  • the information relating to the component level and to the network level is transferred to the components via the IP-S interfaces.
  • the ACS component can configure in a third step specific filtering rules (QoS processing, application filtering) associated with the users connected to the network.
  • the authentication step can be carried out in several ways, for example by unidirectional authentication between a terminal and a server. It can also use mutual authentication between the user and the server.
  • the access control to the network is carried out for example by authentication. This allows in particular to know the terminal on which the user is connected. Identity is verified, for example, upon affiliation, when requesting additional services, or when accessing a mailbox. This is done, for example, by checking the user's identity and password with the one stored in the database. Procedure for affiliating a user to a service offered by the network This procedure is shared between the ACS component and the LOC component.
  • the ACS component allows authentication / authorization.
  • the LOC component updates the symbolic address of the user, it notifies the other LOCs components of the system of this update and it deletes the old affiliation of the user.
  • the LOC function can be used at any level. It allows: o At the physical level, to know where is a connected terminal, where are the terminals used by users, o At the network level, what is the IP address of a terminal, o At the service level, where find a user, how to reach a node. Figures 4 to 7 which follow diagrammatically exchange messages between the various pieces of equipment in the system.
  • the device operates, for example, as follows: First, the functions of the devices are registered: o after startup, each device forming part of the system registers its functions with the ACS, o the ACS component verifies the identity of the device, where the ACS component stores the contact point for the device in its database.
  • the search for the device thus registered can be carried out using its generic name, or by searching for its identifier.
  • Figure 4 represents the diagram of the dynamic exchanges during a procedure of identification of a user 1.
  • the user can be an individual or a network or a server which requires an authorization to connect. This example shows that the network can adapt to the user connected to the network, regardless of the position of the access point selected by the user.
  • the user requests authentication from TACS.
  • FIG. 5 represents an example of the procedure for affiliating a user to a telephony service.
  • the user profile describes the specific settings that could be applied when the user is connected to the network. These parameters are made up of: o generic parameters that can be activated when the user is connected to the network (QoS quality of service and firewall filter), VLANs or Virtual Local Area Network), o parameters for each of the services the user can access.
  • the user profile specifies the telephone number, the personal code of the user used for affiliation and for the activation of specific telephony services (for example call transfer), the closest user groups, the level of precedence for the subscriber, etc.
  • the user can activate his telephone service via the affiliation process. This process requires the user to dial a specific number with their personal code, which is controlled by the system before entering the localization process.
  • Figure 6 shows schematically an example of flow exchanges during a telephone call. The following scenario represents the exchanges required for a telephone call. For the sake of simplification, the diagram represents the end of the communication.
  • FIG. 7 shows schematically an example of a user location procedure on a network. Two different solutions have been specified in the IP-S system for locating a user, or for locating an application more generally. The information can be replicated to each location server or the information is distributed to the network location servers.
EP05717068A 2004-03-30 2005-03-16 System zur dynamischen steuerung eines ip-netzwerks Withdrawn EP1738521A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0403297A FR2868645B1 (fr) 2004-03-30 2004-03-30 Systeme de controle dynamique de reseau ip
PCT/EP2005/051201 WO2005107158A1 (fr) 2004-03-30 2005-03-16 Systeme de controle dynamique de reseau ip

Publications (1)

Publication Number Publication Date
EP1738521A1 true EP1738521A1 (de) 2007-01-03

Family

ID=34946268

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05717068A Withdrawn EP1738521A1 (de) 2004-03-30 2005-03-16 System zur dynamischen steuerung eines ip-netzwerks

Country Status (4)

Country Link
US (1) US20070195694A1 (de)
EP (1) EP1738521A1 (de)
FR (1) FR2868645B1 (de)
WO (1) WO2005107158A1 (de)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7826364B1 (en) * 2006-02-09 2010-11-02 Verizon Services Corp. Dynamic service-aware flow control in packet networks
US9123020B2 (en) * 2008-09-25 2015-09-01 International Business Machines Corporation Modeling, monitoring, and managing system dimensions for a service assurance system

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6856676B1 (en) * 1998-10-15 2005-02-15 Alcatel System and method of controlling and managing voice and data services in a telecommunications network
US7079499B1 (en) * 1999-09-08 2006-07-18 Nortel Networks Limited Internet protocol mobility architecture framework
US6769000B1 (en) * 1999-09-08 2004-07-27 Nortel Networks Limited Unified directory services architecture for an IP mobility architecture framework
US6714987B1 (en) * 1999-11-05 2004-03-30 Nortel Networks Limited Architecture for an IP centric distributed network
US7003571B1 (en) * 2000-01-31 2006-02-21 Telecommunication Systems Corporation Of Maryland System and method for re-directing requests from browsers for communication over non-IP based networks
US7068624B1 (en) * 2000-02-25 2006-06-27 Cisco Technology, Inc. Wireless router and method for processing traffic in a wireless communications network
US6970452B2 (en) * 2000-03-13 2005-11-29 Curitell Communications Inc. Common subscriber managing apparatus and method based on functional modeling of a common subscriber server for use in an ALL-IP network and method therefor
US6910074B1 (en) * 2000-07-24 2005-06-21 Nortel Networks Limited System and method for service session management in an IP centric distributed network
US7103066B2 (en) * 2000-10-12 2006-09-05 At&T Corp. Method and apparatus for providing common intelligent value-added service protocols for accessing value-added services by all multimedia application protocols
US6854014B1 (en) * 2000-11-07 2005-02-08 Nortel Networks Limited System and method for accounting management in an IP centric distributed network
AU2002216279A1 (en) * 2000-12-27 2002-07-08 Cellglide Technologies Corp. Resource allocation in cellular telephone networks
US7085279B1 (en) * 2000-12-29 2006-08-01 Cisco Technology, Inc. Method and apparatus for carrying telephony network traffic over an ATM network
US20020152319A1 (en) * 2001-02-08 2002-10-17 Amin Rajesh B. Accounting management support based on QOS in an IP centric distributed network
US20020198991A1 (en) * 2001-06-21 2002-12-26 International Business Machines Corporation Intelligent caching and network management based on location and resource anticipation
US7039037B2 (en) * 2001-08-20 2006-05-02 Wang Jiwei R Method and apparatus for providing service selection, redirection and managing of subscriber access to multiple WAP (Wireless Application Protocol) gateways simultaneously
US7136635B1 (en) * 2002-03-11 2006-11-14 Nortel Networks Limited Proxy SIP server interface for session initiation communications
US7072657B2 (en) * 2002-04-11 2006-07-04 Ntt Docomo, Inc. Method and associated apparatus for pre-authentication, preestablished virtual private network in heterogeneous access networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2005107158A1 *

Also Published As

Publication number Publication date
WO2005107158A1 (fr) 2005-11-10
US20070195694A1 (en) 2007-08-23
FR2868645A1 (fr) 2005-10-07
FR2868645B1 (fr) 2006-06-23

Similar Documents

Publication Publication Date Title
US11659385B2 (en) Method and system for peer-to-peer enforcement
US7536720B2 (en) Method and apparatus for accelerating CPE-based VPN transmissions over a wireless network
US10484335B2 (en) Secure remote computer network
US20060117174A1 (en) Method of auto-configuration and auto-prioritizing for wireless security domain
US20070115898A1 (en) Use of wireline networks to access 3G wireless services
US7853705B2 (en) On demand session provisioning of IP flows
FR3048574A1 (fr) Selection d'une instanciation de tranche de reseau pour la transmission de paquets montants
CN106789952B (zh) 一种局域网服务互联网化的方法和系统
US20030005147A1 (en) IP/HDLC addressing system for replacing frame relay based systems and method therefor
US8417942B2 (en) System and method for identifying encrypted conference media traffic
US11647069B2 (en) Secure remote computer network
CN110830317B (zh) 一种上网行为管理系统、设备及方法
EP1738521A1 (de) System zur dynamischen steuerung eines ip-netzwerks
US8305918B2 (en) Method of configuring the quality-of-service profile of a given stream at an access node of a packet communications network
US9124586B2 (en) Confidential or protected access to a network of nodes distributed over a communication architecture with the aid of a topology server
EP1511217A1 (de) Verwendung eines Verwaltungssystems für Netzwerkelemente basierend auf Policy-Regeln, zur zentralen Steuerung des Betriebs der Policy-Regeln.
EP1432210B1 (de) System zum Steuern von Prozessen, die zu Datenstromen in einem Kommunikationsnetzwerk zugehören
EP1349319B1 (de) Verfahren zur Verwaltung eines Netzwerkdienstes unter Verwendung des COPS Protokolls zur Konfigurierung in einem virtuellen privaten Netzwerk
EP4033794A1 (de) Verfahren zur dynamischen zuweisung von kennungen an eine eingebettete universelle integrierte schaltkreiskarte (euicc) eines benutzergeräts und entsprechendes system
RU2604328C1 (ru) Способ формирования защищенного соединения в сетевой компьютерной системе
Paliwal Convergence: the next big step
CN116866985A (zh) 数据转发方法、网络系统及计算机可读取存储介质
Nishiyama et al. Method for user network resource management
US20090210543A1 (en) System and Method for Subscription Resource Discovery

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20061026

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20120705

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20121116