SE523862C2 - A method and apparatus for transmitting data packets in IP routers - Google Patents

Abstract

A method and apparatus for transferring data packets over a router (100) comprising interface units (106) and a switchingunit (108). It is determined whether a received data packetbelongs to an existing session context by comparing extractedheader information with any session contexts stored in the router. In that case, a header translation is applied for thepacket according to the existing session context duringtransfer through the router from an ingress unit to an egress unit. Otherwise, a new session context is createdincluding selecting a header translation scheme to be used for further packets of the new session. The new session context is stored in the router together with a context IDassigned to the new session context. In this way, processingwork and delays are reduced in the router when transferring data packets, thereby enabling a high data throughput.

Description

'šüzïßš' _ ": '" Z .I.'. . _ 2 switches, mains ports, routers and interfaces. Therefore, individual data packets of a communication session can be transmitted with different delays and also over different routers. When they are received at their terminal, the packets are arranged in the correct sequence order and the coded information in the data packets can be decoded, for example to be presented or played to a user at the receiving side. The transmitting and receiving parties may each include some type of terminal, such as fixed or mobile telephones, computers, servers, gaming stations, TV sets, etc.

As mentioned above, data packets are typically transmitted over a number of different networks. Routers are transmission nodes, either in networks or interconnecting different networks to handle traffic between them. The Internet Protocol (IP) is widely used today as a transmission standard for communication in and between networks. Thus, data packets are typically transmitted over one or more IP rotitrexes in a transmission path during a communication session.

In addition to simply receiving and forwarding data packets, an IP router also performs other activities such as security checking, packet planning, and address and protocol translations. For example, the IP router can decide whether or not to forward an incoming packet based on predefined rules and security policies. For example, in the case of so-called domain edge routers, it can be checked that a data fate that goes into a predefined domain does not violate any agreements or provisions.

It may also be necessary to use planning mechanisms to multiplex your incoming packets from different communication sessions over shared transmission resources, for example based on quality of service (QOS) policies and priority classifications. Different sessions may thus have different requirements regarding delays and / or data speeds and be classified accordingly. End-user subscriptions can also have different QoS classes.

Additional address and protocol translations of the packets may be necessary when different protocols or address spaces are used by two interconnected networks. For example, translation may be required between private and public address spaces according to IP version 4 or between IP version 4 and IP version 6 domains. u. . -. .u -. -. n.

~ Q. - .u 523 862 3 However, all these activities in IP routers require significant processing resources and may also limit the data capacity speed. Especially if many or all of the functions described above are performed for each individual incoming data packet of your Sessions, the processing resources available in the IP router may not be sufficient. If so-called broadband access is used to a large extent, in principle all transmitted packets will require these functions.

Thus, there is a great need for a simple and more efficient solution that reduces transmission load, processing work and delays in the router and at the same time basically meets requirements for eg access, security and QoS.

SUMMARY OF THE INVENTION It is an object of the invention to overcome the disadvantages described above and to achieve a high data capacity and reduced processing load as well as to ensure the quality and security of packet data transmissions in IP routers. These and other objects are achieved by a simple solution for transmitting data packets over a router between a transmitting terminal and a receiving terminal. Packets from the transmitting terminal are received in an input unit at a first interface unit in the router and packets are transmitted from an output unit at a second interface unit to the receiving terminal. The router further includes a switching unit for transmitting packets between the first and second interface units.

When a data packet is received from the transmitting terminal at the input unit, information is extracted from a header in the packet. Extracting the master information may include calculating a hash key from data in the master fields as a checksum. The extracted master information may also include actual data in the master fields.

It is determined whether the received data packet belongs to an existing session context, which describes internal activities in the router, by comparing the extracted main information with any existing session context stored in the router. For example, a calculated hash key can be compared to a corresponding hash key of any stored session context. Om I ": š": š š: ". '" Z. If the packet belongs to an existing session context, a master translation of the packet is applied during transmission through the router from the input unit to the output unit according to a selected translation schedule for the existing session context. At the main translation, the header is replaced with a modified and substantially reduced header including a context ID assigned to the existing session context. The modified header may further include dynamic main fields and a TTL (Time to Live) field. After transmission through the router, the header can be recreated at the output device using the selected translation schedule and by retrieving the stored session context that matches the packet based on the assigned context ID before sending the packet to the receiving terminal.

If the received data packet does not belong to an existing session context, a new session context is created including selecting a translation schedule to be used to apply a master translation for additional packets of the new session. Session characteristics can then be determined from the received packet based on information extracted from the packet header and on predetermined rules or policies. The session characteristics may include any of: a source IP address, a destination IP address, a communication protocol, a required QOS, a source port number, and a destination port number. The new session context may also include decisions made regarding forwarding, access control, QOS and address or protocol translations. The created session context is then stored together with a context ID assigned to the session as a key.

Creating the new session context involves making a forwarding decision by checking if the packet was allowed to transfer based on predetermined policies and if any path to its destination exists from the router.

Creating the new session context further involves designing context descriptors that describe the characteristics of the data session.

The context descriptors include the selected master translation scheme and any of: main templates, a forwarding decision and identifications of input and output devices in the router to be used during the session. The context descriptors can be defined separately for the original and final interface devices of the router and can be further defined separately for. -. . .fi -. . - -. 523 862 5 the input and output units of each of the original and final interface units, respectively.

The invention comprises a method and a router having means for performing the method. The inventive method can further be performed by means of a computer program comprising a software code adapted to perform the method in a router.

BRIEF DESCRIPTION OF THE DRAWINGS The present invention will now be described in more detail and with reference to the accompanying drawings in which: Figure 1 is a schematic view of an example of a communication scenario for transmitting data.

Figure 2 is a more detailed view of a router.

Figure 3 is a schematic illustration of an example of a data packet.

Figure 4 is a flow chart of a procedure for receiving data packets in a router.

Figure 5 is a flow chart of the first part of a procedure for creating a new session context when a first packet is received.

Figure 6 is a fate diagram of the second part of a procedure for creating the new session context.

Figure 7 is a schematic illustration of the original and final pages of a router.

DESCRIPTION OF PREFERRED EMBODIMENTS Figure 1 is an overview of an example of a communication scenario in which the inventive method and apparatus for transmitting data packets may. . . . .n 52s 862 -. ~ «. .- 6 implemented. A router 100 connects a plurality of different nodes 102 to enable communication between terminals 104 connected thereto. The router 100 may communicate data packets in various formats between a variety of terminals or terminals such as fixed or mobile telephones, computers, gaming stations, servers, etc. Furthermore, the networks 102 may include any type of communication network such as mobile or fixed networks, private or public networks, backbone IP - (Internet Protocol) network, Internet etc.

A first terminal 104A is connected to a first network 102A and a second terminal 104B is connected to a second network 102B. The router includes a plurality of network interface units 106, of which interface unit 106A is connected to the first network 102A and interface unit 106B is connected to the second network 102B.

The interface units 106A, 106B are also connected in the router 100 by means of a switching unit 108. This is a simplified router structure and in reality additional switches and / or links may be involved, which are not shown here for simplicity.

Figure 1 shows only four interface units 106 and networks 102, but the router 100 may, of course, include any number of interface units connected to any number of networks. Each interface unit 106 may also be connected to one or more of the networks 102 and may act either as an original packet processing unit or as a termination packet processing unit depending on which networks the original and terminating terminals are connected to, i.e. from which side a communication session is initiated.

In this example, the first terminal 104A initiates a packet data session by sending a first data packet addressed to the second terminal 104B. The first data packet will be followed by additional packets during the session. The first data packet may comprise a service request to a server, a first block or frame of voice data from a telephone, a first clata block for video streaming from a server to name just a few examples.

By definition, then, the first terminal 104A is the original terminal, and thus comes the interface unit 106A which receives the first data packet. . .n ---- .- 523 362 7 to act as an origin packet processing unit. Accordingly, the second end station 104B is the terminating terminal and the interface unit 106B will act as a termination packet processing unit. Later, a new session will be initiated in the opposite direction, which reverses the roles described OVQD.

For each ongoing data session communicated over the router 100, a session context is created and stored in the router 100 which defines parameters that are valid for the session. When the first data packet is received from the first terminal station 104A, the interface unit 106A extracts information from a header in the packet and detects that the packet does not belong to an existing session by comparing the extracted main information with any stored session context. A new session context is therefore created and stored in the router 100 based on the information in the header and on predetermined rules or policies.

Creating a new session context involves a number of decisions that are made based on the first received packet where the decisions made are included in the stored session context. These decisions are made with regard to predefined rules or policies that may be stored in the source input unit and the output output unit, respectively. Alternatively, rules may be received from a separate and common controller which is sometimes referred to as an Application Layer Gateway (ALG) which monitors control signals transmitted between the terminals 104A, 1048 before starting the session. The ALG adds relevant rules to the interface units concerned, which can then make the necessary decisions according to the added rules.

Decisions to be made may include one or more of: - forwarding decisions that can be based on routing tables - access control decisions that can be based on predefined security policies - QoS decisions with regard to eg priority classifications and package planning and - address or protocol translation decisions. 523 862 When additional packets for the initiated session are received after the first packet, such decisions do not need to be made or retrieved for each received packet because the decisions stored in the context are made valid by simply detecting that a packet belongs to the stored session context. This will save significant processing work and reduce delays in the router 100. A similar procedure is described in the applicant's previous Swedish patent application 0100708-7 where a data stream is initiated based on current characteristics determined from a first received data packet.

To further simplify the transmission of data packets in the router, a main translation is applied for each packet during transmission through the router, which will be described below. By using head translation, the head size can be significantly reduced and thereby reduce bandwidth and processing needs internally in the router so that the throughput speed can be increased and delays can be reduced.

Figure 2 illustrates components of the router 100 in Figure 1 that are involved in communication of data packets between the terminals 104A and 104B. Each of the interface units 106A and 106B comprises an input unit 200Ai, 20OBi an output unit 20OAe, 200Be and a control unit 202A, 202B, respectively. It should be noted that Figure 2 is only a logical illustration and the functional components 200Ai, Bi, 20OAe, Be and 202A, B may be physically implemented as separate or combined process elements. For example, the controllers 202A, B may be implemented in separate processors or a common processor either located in any of the interface units 106A, B or elsewhere. Furthermore, the input and output units of each interface unit 106A and 106B may be one and the same unit taking on different roles depending on the direction of communicated packets.

In an exemplary procedure, data packets are received from the first terminal 104A at the input unit QOOAi of the interface unit 106A. The received packets are intended to go to the other terminal station 104B. Figure 3 schematically illustrates an example of an incoming data packet 300 comprising a header 302 with different header fields 304-314 including information about the data session. In this example, the main fields include a source IP address field 304, a destination IP. . . . .. 523 862 '. ~. . »- -. . m. 9 address field 306, a communication protocol field 308, a field 310 for requested QoS.

Depending on the protocol, the header further comprises in this case a source port number field 312 and a destination port number field 314. The data packets also include a payload data field 316 in addition to the header 302. The main fields described above are typically included in each packet for a session.

With reference to the fate diagram in Figure 4, the input unit 200Ai operates according to the following procedure when receiving data packets. In a first step 400, the input unit 200Ai receives a data packet from the terminal 104A and extracts information from a header therein to match the packet with some existing and stored session context in a next step 402. Extracting information preferably includes calculating a hash key or the like from the data in the main fields as a checksum which is compared with a corresponding hash key of some stored session context, for example in a stored hash look-up table. Alternatively, real data can be extracted from the main fields for comparison. A combination of hash key and real data can also be used.

If it is detected in step 402 that the packet does not belong to any existing session, the packet is sent to the controller 202A to create and store a new session context in a step 404 which will be described later. On the other hand, if the packet is matched with a stored session context in step 402, the procedure moves to a step 406.

In step 406, a TTL (Time To Live) field and main dynamic fields are locked, such as a TCP (Transmission Control Protocol) field comprising a segment number. It is then determined in a step 408 whether the packet is valid, for example based on the read TTL field. If it has expired, the packet is discarded in a step 410. If the packet is still valid, a master translation is applied to the packet in a step 412 according to a translation schedule selected for the session maintained during transmission through the router.

The master translation performed in step 412 involves replacing the header of the incoming packet with a modified and substantially reduced header according to the selected translation scheme stored in the session context of the recognized session. The modified header preferably includes only a context ID and the dynamic header fields. The context ID can be extracted from the stored hash look-up table checked in step 402. The packet comprising the modified and reduced header and payload data is finally passed from the input unit 200Ai to the output unit 200Be over the switching unit 108 in a step 414.

The output unit 200Be receiving the packet then recreates a real header including the received dynamic fields by retrieving the stored session context that matches the packet based on said received context ID.

The output unit 200Be then finally sends the packet over the second network 102B to the end station 104B. Since the header is modified and substantially reduced in size during the transmission between the input and output units 200Ai, 200Be, the packet transmission requires less resources in the router, for example in the switching unit 108, thus enabling a higher data capacity and reduced delays.

It will now be described with reference to Figures 5 and 6 how a new session context is created. Figure 5 is a fate diagram illustrating the procedure performed at the original interface unit 106A. As mentioned above, a first data packet that did not belong to any existing session was sent to the controller 202A to create and store a new session context in step 404 in step 4. The new packet is thus received at the controller 202A in a first step 500 and various main fields as illustrated. in figure 3 is read to create the new ssion context.

In a next step 502, it is checked whether it is possible to forward the packet to its destination and a forwarding decision is made. It can then be checked if the packet has been allowed to be transmitted based on predefined input policies and if any path to its destination exists from the router. If it is not possible to forward the packet, it is thrown in a step 504.

If the packet is accepted in step 502, it is checked in a step 506 if any translation of eg protocols and addresses is necessary. If so, translations are performed accordingly in a step 508 before proceeding to a next step 510. If no translations are necessary, the procedure proceeds directly from step 506 to step 510.

- ~. . .- .E “.5 gi". ”IÉQ .å. '°..' ::": E ll In the next step 510, a session context is created based on the main fields in the packet. Creating a new session context involves extracting session characteristics from the received packet comprising one or more of: a source IP address, a destination IP address, a communication protocol, a required QOS, a source port number and a destination port number. The session context is created by defining context descriptors that describe session characteristics that are valid at the origin and end pages. In particular, a main translation schedule is selected for the session context. The contextual scripts may further include master templates, a forwarding decision, and identifications of the input and output units 200Ai, 200Be to be used during the session.

Further, a context ID is assigned to the session in step 510 to identify the session.

The master translation schedule selected in the context should be applied to additional packets of the session during transmission in the router 100.

The first packet is then sent along with the defined context descriptors and assigned context ID to the controller 202B at the termination interface unit 106B in a step 512.

Referring to the destiny diagram of Figure 6, the termination interface unit 106B operates according to the following procedure when receiving the first data packet from the source interface unit 106A. In a first step 600, the control unit 202B at the termination interface unit 106B receives the first data packet forwarded from the source interface unit 106A over the switching unit 108 in step 512 in Figure 5.

The received first packet includes the context descriptors defined at the controller 202A and the assigned context ID. At the control unit 202B, it is then checked whether it is possible to transmit the packet in a step 602. It can then be checked whether the packet has been allowed to be transmitted in accordance with the output policy and whether an output unit exists to the destination terminal. If it is not possible to send the packet, the packet is discarded in a step 604. If the packet is allowed, it is checked if the session context needs to be updated in a step 606. It thus checks if the received context descriptors are correct and valid or if they need to be updated. 523 862. . . w. .n 12 If the received context descriptors need to be updated, this is done in a step 608.

Additional forwarding decisions can then be made and the received context descriptors can be modified if necessary. Updating the context descriptors can be based on output policies, security and QOS requirements for sending packets from the termination interface unit 106B. Context descriptors can also be defined separately for the origin and end pages, which will be described later. The updated session context that includes the fi initiated and terminated context descriptors is finally stored in the router along with the assigned context ID as a key in a step 610.

The final context descriptors are then added to the packet in a step 612 after which the first packet can be forwarded to the selected output unit 20Be in a step 614. The final context descriptors are stored at the output unit 2000e with said context ID as a key. The packet is then reset based on the final context descriptors so that it is valid for the terminating output context and is finally transmitted to its destination terminal 104B in a step 616. If no update is needed in step 606, the process for fl can be transferred directly to the packet transmission step 6 1 6.

After step 612, the final context descriptors are also sent back to the original interface unit 106A in a step 618 and the updated and final context descriptors are stored there as well.

Following the process context establishment described in Figures 5 and 6, the session context including relevant context descriptors has been stored in both the origin and end interface units 106A, B. Additional packets of the session can then be smoothly transmitted through the router 100 as described above in connection with fi gur 4 using of main translation according to the translation schedule defined for the session.

The session context can be stored either in a common database or in separate databases at the origin and end interface units 106A, 106B, respectively.

A hash value, such as a checksum, can also be calculated and stored in a hash lookup table so that subsequent packets can be identified as belonging o u. . »- -. . . .- 523 862 _. 13 to the same session context by checking the hash lookup table as described above in step 402 of Figure 4. Thus, additional packets can be easily recognized as belonging to the established session.

In one embodiment, context descriptors can be clefined separately for the origin and end interface units 106A, 106B. N is a first new packet received at the controller 202A of the source interface unit 106A, thus defining origin context descriptors based on input policies, security and QoS requirements for receiving packets at the source interface unit 106A. Similarly, when the new packet is received at the control unit 2028 of the termination interface unit 106B, termination context descriptors are defined based on output policies, security and QoS requirements for sending packets from the termination interface unit 106A.

Additional preliminary termination context descriptors may be defined at the source interface unit 106A which may be modified when the first packet arrives at the termination interface unit 106B. When the origin and end context descriptors are completed, they are stored in the router together with an assigned context ID as a key, as described above.

In another embodiment, reverse context descriptors may be denoted for packets to be transmitted in the opposite direction in the same session based on the first packet received. Thus, a total of the following four different context descriptors can be defined with reference to Figure 6: 1. An origin input descriptor 700Ai which is valid for packets from the origin side A when they reach the input unit 200AAi of the origin interface unit 106A. 2. A termination output descriptor 7OOBe which is valid for packets from the origin side A when they reach the output unit 200Be of the termination interface unit 106B. o - »- .a 14 3. A termination input descriptor 700Bi which is valid for packets from termination side B when they reach the input unit 200Bi of the termination interface unit 106B. An origin output descriptor 70OAe which is valid for packets from the termination side B when they reach the output unit 200Ae of the origin interface unit 106A.

In this way, a context descriptor is defined for packets in both directions and on both sides of the router. Each of these context descriptors may include a master template, a forwarding decision and a selected translation scheme, as mentioned above. Once all four context descriptors have been denigrated, they are stored as a session context along with an assigned context ID. Thus, subsequent packets in any of the directions can be recognized as belonging to the stored session context and the packet header can be translated and significantly reduced in size at the input unit and recreated at the output unit as described above for efficient transmission through the router.

By using the described invention, processing work and delays in the router are reduced when data packets are transmitted and thus a high clata capacity is enabled and functionality resources are freed up. The inventive method can be implemented in a software code running in a computer in the router 100. Although the invention has been described with reference to specific embodiments given by way of example, the description is only intended to illustrate the concept of invention and should not be construed as limiting the scope of the invention.

Various alternatives, modifications, and equivalents may be used without departing from the scope of the invention as defined by the appended claims. .... .-

Claims (21)

523 862 15 NEW REQUIREMENTS 2003-12-23 A method of transmitting data packets over a router between a transmitting terminal and a receiving terminal, comprising the steps of: A) receiving a data packet from the transmitting terminal at an input device B) extracting information from a header in the packet C) determining whether received data packet belongs to an existing session context, describing internal activities in the router, by comparing the main information extracted in step B) with existing session context stored in the router characterized by the additional steps: D) apply a main translation for the packet during transmission through the router from the input device to an output device according to a selected translation schedule if the packet was identified in step C) as belonging to an existing session context where the header is replaced with a modified and substantially reduced header including a context ID assigned to the existing session context or E) creating a new session context if the packet was identified in step C ) which does not belong to any existing session context including selecting a translation schedule to be used to apply a master translation for additional packets for the new session and F) storing the new session context created in step E) in the router together with a context ID assigned to the new session the session context as a key. Method according to claim 1, characterized in that the modified head applied in step D) further comprises dynamic main fields and a TTL (Time T o Live = field to live) field. Method according to claim 1 or 2, characterized by the further step of recreating the head at the output unit after step D) by using the selected translation scheme and by retrieving the stored session context as ». . . .- 523 862. . . _ u n ... a ». f '' ”'z - -.-. .. _, _ ''. . 16 ~ - ... . . . . .- matches the packet based on said assigned context ID before the packet is transmitted to the receiving terminal. A method according to any one of claims 1 to 3, characterized in that step E), creating a new session context, comprises determining session characteristics from the received packet based on information extracted from the packet header and on predetermined rules or policies comprising one or more of: a source IP address, a destination IP address, a communication protocol, a required QoS, a source port number and a destination port number. Method according to any one of claims 1 to 4, characterized in that step E), to create a new session context, comprises making a forwarding decision by checking whether the packet is allowed to be transferred based on preferred policies and whether any path to its destination exists from routers. Methods according to any one of claims 1 - 5, characterized in that the new session context is created in step E) by defining context descriptors that describe the characteristics of data sessions. Method according to claim 6, characterized in that the context descriptors comprise the selected main translation scheme and one or more of: main templates, a forwarding decision and identifications of input and output units in the router to be used during the session. Method according to claim 6 or 7, characterized in that the context descriptors are defined separately for origin and termination interface units of the router. Method according to claim 8, characterized in that the context descriptors are defined separately for input and output units in each of the origin and end interface units, respectively. Method according to any one of claims 1 to 9, characterized in that step B), extracting master information, comprises calculating a hash key from data in the main fields as a checksum which is compared with a corresponding hash key of some stored session context. . . «- .-, 523 862 _¿ 17" '~ nn n. -;, .., Method according to one of Claims 1 to 10, characterized in that the main information extracted in step B) comprises actual data in the main fields. A router for transmitting data packets between a transmitting terminal and receiving terminal comprising: - a first interface unit comprising an input unit for receiving data packets from the transmitting terminal, - a second interface unit comprising an output unit for transmitting data packets to the receiving terminal, - a switching unit for transmitting packets between the first and second interface units, - means for extracting information from a header in a received data packet, - means for determining whether the received packet belongs to an existing session context, describing internal activities in the router, by comparing extracted master information with existing session context stored in the router characterized by: - means in the input unit for applying a master translation of the received packet during transmission through the router from the input unit to the output unit according to a selected translation schedule if the packet belongs to an existing session means for replacing the header with a modified and substantially reduced header including a context ID assigned to the existing session context, - means for creating a new session context if the received packet does not belong to any existing session context including means for selecting a translation schedule to be used to apply a master translation for additional packets of the new session and ~ ~~~~ e »523 862 18 - means for storing the created new session context in the router together with a context ID assigned to the new session context as a key. Router according to claim 12, characterized by means in the output unit for recreating a header by using the selected translation scheme and by retrieving the stored session context that matches the packet based on said assigned context ID before the packet is transmitted to the receiving terminal. Router according to claim 12 or 13, characterized in that the means for creating a new session context comprises means for determining session characteristics from the received packet comprising one or more of: a source IP address, a destination IP address, a communication protocol , a required QOS, a source port number and a destination port number. Router according to one of Claims 12 to 14, characterized! that the means for creating a new session context includes means for making a forwarding decision by checking whether the packet is allowed to be transmitted based on predefined policies and whether any path to its destination exists from the router. Router according to one of Claims 12 to 15, characterized in that the means for creating a new session context comprises means for defining context descriptors which describe the characteristics of the data session. 17. Router according to claim 16 characterized! of the means for defining context descriptors includes means for selecting the main translation schedule and any or some of: main templates, a forwarding decision and identifications of input and output devices in the router to be used during the session. Router according to claim 16 or 17! of means for defining context descriptors separately for origin and termination interface units of the router. Router according to claim 18, characterized by means for defining context descriptors separately for input and output units in each of the origin and end interface units, respectively. 523 862 19 Router according to one of Claims 12 to 19, characterized in that the means for extracting information from a header comprises means for calculating a hash key from data in the main fields, such as a checksum which is compared with a corresponding hash key of some stored session context. A computer program comprising a software code adapted to perform the method in any of claims 1 - 1 l in a router. - ». . .-