US20150026769A1 - System And Method For Managing A Broadband Network - Google Patents
System And Method For Managing A Broadband Network Download PDFInfo
- Publication number
- US20150026769A1 US20150026769A1 US14/282,763 US201414282763A US2015026769A1 US 20150026769 A1 US20150026769 A1 US 20150026769A1 US 201414282763 A US201414282763 A US 201414282763A US 2015026769 A1 US2015026769 A1 US 2015026769A1
- Authority
- US
- United States
- Prior art keywords
- network
- usage
- subscriber
- control system
- event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
- G06Q30/0241—Advertisements
- G06Q30/0251—Targeted advertisements
- G06Q30/0255—Targeted advertisements based on user history
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0896—Bandwidth or capacity management, i.e. automatically increasing or decreasing capacities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5029—Service quality level-based billing, e.g. dependent on measured service level customer is charged more or less
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
- H04L43/0882—Utilisation of link capacity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H04L67/22—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/144—Detection or countermeasures against botnets
Definitions
- the present invention relates generally to a system and method for managing bandwidth on a broadband network, and, more specifically, to a system and method for optimizing network configuration and subscriber usage based on subscriber usage patterns.
- subscribers share a common network infrastructure, but subscribers consume network bandwidth at significantly differing rates. For example, the top 1% of subscribers may consume 15% attic total consumed network bandwidth per month, the top 5% may consume 35%, and the top 12% may consume 50%. Therefore, during peak traffic loads, a relatively small percentage of subscribers may generate network traffic that negatively impacts all subscribers served by the same network infrastructure.
- the present invention provides a system and process that integrates existing administrative, security management and network configuration functionality of a broadband network, while monitoring subscriber usage using existing data gathering components to optimize network configuration and to moderate usage, thereby improving network performance not only for the subscribers at large, but also for the relatively few high-usage subscribers.
- network configuration e.g., billing/provisioning
- security management e.g., billing/provisioning
- network capacity management leverages projections of numerical subscriber growth as well as network traffic growth in order to anticipate the requirements for broadband network expansion.
- Individual subscribers are typically provisioned without direct coordination with network capacity projections.
- security management detects that a subscriber computer has been compromised by malware, there is minimal coordination with provisioning—except perhaps for manual processes to block outbound SMTP traffic or to take the subscriber offline. In the situations mentioned above, the network configuration tends to be managed independently.
- the present invention provides for the automated coordination of network functions such as network configuration, administrative, and security management through an architecture, referred to herein as the “Network Control System.”
- the network control system also uses various—and preferable existing—sources of network usage information to collect data on subscriber usage. By coordinating these functions while monitoring subscriber usage, the network control system can moderate usage by charging subscribers premiums for high usage and promoting off peak service.
- the network control system can also signal the network and/or related administrative systems, such as billing/provisioning, to modify the network's configuration, to enable accounting for exceptional subscriber network usage, or to modify the subscriber's network usage for security and/or overall network performance.
- the present invention provides for a number of innovative broadband services that leverage the analysis and processing capabilities of the network control system. For example, high-usage subscribers may receive offers for short-term upgrades in network speed, dependent on their recent usage patterns and on the current available capacity of the broadband access network. To this end, the network control system may also allocate additional network capacity (e.g. new DOCSIS service flows or additional QAMs) for “premium” subscribers with heavy network traffic.
- additional network capacity e.g. new DOCSIS service flows or additional QAMs
- some subscribers may receive incentives to concentrate most of their network consumption during non-peak traffic times.
- the service provider is motivated to provide incentives to this group of subscribers because their non-peak time network consumption minimizes the incremental capital spending on network infrastructure.
- the capital spending tends to be driven by the capacity required for peak time network consumption.
- the network control system may recognize that a subscriber suffers from an infected computer participating as a “zombie” in a “botnet” by detecting abnormal network traffic via Intrusion Detection Systems.
- the network control system may re-provision the subscriber's broadband access into a “quarantine” state, which enables (perhaps limited) subscriber Internet access while the computer security issue is remedied.
- one aspect of the present invention is a process for optimizing network configuration and moderating usage on a broadband network by integrating network configuration, administrative and security functions while monitoring usage.
- the process comprises: (a) monitoring a subscriber's broadband usage; (b) determining if the usage rises to a noteworthy level indicative of an event; (c) determining if the event is consistent with heavy usage or with a security incident; (d) if the event is consistent with heavy usage, offering the subscriber at least one of a plan for an upgraded subscription, or an incentive to concentrate usage nonpeak time; and (c) if the event is consistent with a security incident, exercising security measures to minimize unintended usage.
- the network control system comprises: (a) a monitoring component configured for capturing network usage data and analyzing the data to identify events and trends; (b) a controller component configured for receiving an event generated from the monitoring component, processing the event according to the trends, business rules and subscriber information, and generating a response; and (c) a communication component configured to facilitate inter-component communication including reacting to the response by signaling a network configuration system, an administrative system, or a security system, to effect at least one of offering the subscriber an upgraded subscription, offering the subscriber an incentive to concentrate usage in nonpeak time, or exercising security measures to minimize unintended usage of the subscriber.
- Yet another aspect of the invention is a network comprising the network control system described above.
- FIG. 1 is a system diagram of one embodiment of the present invention
- FIG. 2 is a flow chart illustrating one embodiment of the present invention
- FIG. 3 is a conceptual diagram of the network control system integrated with a broadband network
- FIG. 4 is a schematic of one example of Data Analysis and Event Generation within the network control system.
- the system 100 comprises a monitoring component 101 , a communication component 102 , and a controller component 103 .
- the monitoring component interfaces with at least one usage data gathering system 104 associated with the network 105 .
- the monitoring component is configured to receive and analyze data from the data gathering system 104 to determine if the data is consistent with an event of high usage and, if so, to transmit an event signal to the controller component 103 via the communication component 102 .
- the controller component is configured to receive the event signal and determine if such an event indicates a need to initiate at least one of the following responses: modify the subscriber's bandwidth, offer the subscriber an upgraded service plan, incentivize the subscriber to concentrate usage in nonpeak times, or determine if the subscriber's terminal is infected.
- the controller component interfaces with a network configuration system 106 , an administrative system 107 and a security management system 108 via the communication component 102 .
- the network configuration component 106 is configured to modify the network to increase or decrease available bandwidth to a subscriber in response to a signal from the controller component 103 via the communication component 102 .
- the administrative system 107 is configured to offer the subscriber associated with the event incentives to change subscription plans for increased bandwidth or to concentrate use to non-peak times in response to a signal from the controller component 103 .
- the security management system 108 is configured to execute protective measures in response to a signal from the controller component 103 . This protective measures may involve, for example, quarantining the subscriber from the network, restricting usage, and/or heightened monitoring of usage.
- FIG. 1 The different embodiments and the components of the system 100 are discussed in detail below with respect to the schematic of FIG. 1 . It should be understood, however, that this schematic is provided for illustrative purposes only, and the system and process of the present invention may be practiced in ways not specifically shown in FIG. 1 . For example, although certain components and systems are depicted as single entities, this is done for illustrative purposes only. Their functionality may be distributed among multiple components or consolidated in just one. For example, the monitoring component may be integrated with the controller component, likewise the controller component may be distributed among different computers/components.
- the various components and systems described herein may comprise any known or later-developed discrete or networked computer(s) having one or more processors, memory, and an input/output functionality, and being particularly configured to execute the function(s) for which it is intended to perform.
- the various components shown in FIG. 1 are not necessarily housed in a common area or even operated by a common entity—i.e., the various components may be operated by different companies and interfaced together. Therefore, the schematic of system 100 should not be used to limit the structure of the system more narrowly than the claims.
- step 201 subscriber usage is monitored using, for example, the data gathering system 104 mentioned with respect to FIG. 1 .
- the monitoring component detects unusual activity across a plurality of subscribers, and then the process proceeds to the controller component in which a determination is made whether a single subscriber's activity is unusual.
- step 204 a determination is made whether the subscriber service plan is optimized to its usage. If so, the inquiry ends in step 209 . If the service plan is not optimized, then the process proceeds to step 205 in which the controller component 103 interfaces with the administrative system 107 (via the communication component 102 ) to offer the subscriber an enhanced subscription plan for higher usage, or an incentive to concentrate usage during off-peak times. Depending on whether the offer is accepted, the controller component 103 may instruct the network configuration system 106 to curtail or expand the subscriber's bandwidth or access to the network in step 211 . Alternatively, the controller component may determine that an optimized service plan is not available (e.g., the network lacks the necessary capacity), and proceed directly to step 211 .
- an optimized service plan is not available (e.g., the network lacks the necessary capacity), and proceed directly to step 211 .
- step 203 if the event is not consistent with normal high usage or historical usage, security measures are implemented.
- the implementation of the security measures can vary.
- the process proceeds to step 206 , in which a determination is made by the controller component 103 whether the usage is indicative of a problem such as a virus. If so, the process proceeds to step 210 in which the controller component signals the security management system 108 via the communication component 102 to quarantine the subscriber in step 210 .
- This quarantine may involve, for example, limiting bandwidth (or otherwise limiting access to the internet), or it may involve isolating the subscriber completely.
- step 207 in which an investigation into the anomaly is conducted.
- This investigation may include, for example, automated network protocol analysis using a security management system 108 , or a telephone call to the subscriber. If the results of this investigation indicate that the event is indicative of misuse the process proceeds to step 210 , as described above. If, however, the investigation results show no impropriety the inquiry is terminated in step 209 .
- the present invention is described in terms of a cable based broadband service provider network. It should be understood, however, that the present invention is not limited to a cable-based networks and can be practiced with fiber-optic, telephony (e.g. DSL), or other broadband networks.
- the following acronyms are used to describe the system components and methods:
- the core components in the network control system process, analyze, and act on sources of information about network usage.
- the system comprises a monitoring component, which, in this embodiment, is a Data Reduction and Analysis component 301 . It accepts network usage information from the data sources 302 , normalizes the network usage information as appropriate (e.g.
- bandwidth consumption may be obtained from various data sources 302 such as IPDR 303 or SNMP 304 , messaging volume from Radius 307 or Diameter 308 , and malicious activities may be reported by IDS devices 305 or Syslog 306 ), captures the network usage information in storage, and analyzes the network usage information for immediate network events, as well as short-term and long-term trends.
- One exemplary immediate event may be that a broadband subscriber device is attempting to attack a critical network server.
- an exemplary long-term trend may be an estimate of time duration of the “peak traffic” period for a particular broadband access network.
- Control System Orchestration component 312 processes the events received from the Data Reduction and Analysis component 301 according to configured business rules and subscriber information.
- the Control System Orchestration component 312 may be realized as an orchestration server or a BPM (Business Process Management) server.
- the Control System Orchestration may obtain subscriber information from the Subscriber Datastore component 313 , including the association of cable moderns to subscribers, the subscriber email address and instant messaging identity, and the broadband services purchased by the subscriber.
- the business rules may direct the Control System Orchestration to do any one or more of the following: to ignore the incoming event; to notify the subscriber of unusual network usage; to change the subscriber's provisioned bandwidth; to bill the subscriber based on incremental network consumption; or to modify the network to provide additional capacity.
- the communication component which, in the embodiment of FIG. 3 , is the Enterprise Service Bus (ESB) component 314 .
- ESD Enterprise Service Bus
- MOM message-oriented middleware
- New components can be easily added to the Enterprise Service Bus using web services APIs or the Java Connector Architecture (JCA).
- JCA Java Connector Architecture
- Messages can be multicast to multiple components on the ESB.
- an Administrative Subscriber Interface 315 may track and display all inbound events from the Data Reduction and Analysis component 301 , as well as all actions taken by the network control system Orchestration component 312 , if that feature is desired.
- the PCMM Application Management component 323 may be used by an end user or a network management system to request QoS-based services from the PCMM Policy Server component 321 .
- the QoS-based service request may flow from the PCMM Application Management component 323 to the PCMM Policy Server component 321 through the Enterprise Service Bus component 314 .
- This enables the network control system 100 , particularly the Control System Orchestration component 312 , to have visibility into subscriber requests for QoS-based services, and perhaps to allow or disallow said requests based on the current usage of the subscriber and on any current security incidents.
- the network control system 100 may use various components (as well as others via the ESB 314 to act on the business rules configured in the Control System Orchestration component 312 .
- a Messaging/Presence component 316 may be used to inform the subscriber of unusual network usage activity and any subsequent account modification, via email, instant messaging, voicemail, etc.
- the presence functionality may be used to determine whether a subscriber is currently online or available by phone, so that a customer care agent may contact the subscriber in person.
- a Billing component 317 may be used in a variety of ways, such as to upgrade the subscriber account to a higher bandwidth consumption tier, to post charges for exceeding a monthly consumption limit, or to suspend or close a subscriber account (e.g. because of intentionally malicious subscriber network behavior).
- a Provisioning component 318 may be used in a variety of ways, such as to reprovision network service to a different bandwidth tier or to block outbound SMTP traffic (e.g. via the DOCSIS configuration file).
- a QoS Policy Propagation via BGP (QPPB) component 319 may be used to signal routers 324 , 326 , 327 , and 329 about special handling of subscriber traffic.
- QPPB component 319 may be used for router-based rate limiting of subscriber traffic targeted to a known infected computer, and for the redirection of subscriber network traffic to a security appliance to screen out inbound “botnet” command and control traffic.
- a PCMM (PacketCableTM MultiMedia) Policy Server component 321 may be used to signal an edge router 329 (e.g. a DOCSIS CMTS) to create a subscriber service flow with specific bandwidth management characteristics.
- an edge router 329 e.g. a DOCSIS CMTS
- the service flow may be configured to impact all subscriber traffic, or only a portion of subscriber traffic (based on, for example, IP addresses and TCP/UDP ports).
- An ERM (Edge Resource Manager) component 321 may be used for the management of downstream QAM channels on a Universal Edge QAM device, as part of a Modular CMTS architecture.
- the Universal Edge QAM device enables the delivery of DOCSIS data and MPEG video over the cable Hybrid Fiber Coax (HFC) network.
- the ERM may be used to enable the allocation of additional DOCSIS QAM channels in the HFC network in the presence of heavy Internet traffic.
- DOCSIS CMTS 329 supplies IPDR records 303 to the data sources 302 , enabling SNMP 304 to collect bandwidth and subscriber network usage information for the network control system.
- the security appliances 328 , 325 capture unusual subscriber network usage information (e.g. participation as a “zombie” in a “botnet”), as another potential source of data for the network control system 300 .
- These various sources of data are processed by the Data Reduction and Analysis component 301 , which generates a notice of network usage events transmitted over the Enterprise Service Bus component 314 for the Control System Orchestration component 312 .
- the Control System Orchestration component 312 applies business rules to the notice of network usage events; and leverages the QPPB 319 , PCMM Policy Server and ERM components 321 to affect the subscriber network experience.
- QPPB 319 may be used for router-based traffic shaping, and for the redirection of inbound subscriber traffic from a backbone router 324 or regional router 327 to a security appliance 325 or 328 , respectively, for malware mitigation, instead of forwarding that traffic to the next router 326 or 329 , respectively.
- PCMM component 321 may be used to increase or decrease the effective DOCSIS network bandwidth for the subscriber (without the reset of the DOCSIS cable modem), or change the traffic priority.
- the ERM may be used to allocate additional DOCSIS QAM channels as required for optimal network performance.
- the network control system of the present invention facilitates a number of functions including, for example, (1) dynamic bandwidth reallocation, (2) service plan optimization, (3) optimization of subscriber usage, and (4) enhanced security.
- the broadband service provider needs to supply a pool of ‘spare’ QAM channels from which to allocate. This is likely to be a serious business challenge, since there are many alternative uses for QAM channels such as broadcast linear video (analog and digital), narrowcast video (e.g. video on demand and switched digital), and potentially video multiplexes for targeted advertising.
- QAM channels such as broadcast linear video (analog and digital), narrowcast video (e.g. video on demand and switched digital), and potentially video multiplexes for targeted advertising.
- the competition for QAM channels may be simplified in the future as broadcast linear video and targeted advertising video streams eventually transition to unicast switched digital video streams; at least this narrows the QAM channel conflict between DOCSIS and narrowcast video.
- the other consideration is in the largely “passive” role of the Edge Resource Manager (ERM) in the Modular CMTS (M-CMTS) architecture, according to the interfaces defined in CableLabs, “Edge Resource Manager Interface Specification, CM-SP-ERMI-103-0811 07”, 2008.
- the Edge QAMs register their resources with the ERM, and the M-CMTS core initiates the resource transactions with the ERM to request or release a QAM channel.
- the ERM can detect an Edge QAM failure, and the ERM responds to M-CMTS resource requests with Edge QAM channel resources (possibly leveraging operator-dependent policies in the selection process). Therefore, with the current M-CMTS architecture, it appears that the M-CMTS core may actively participate in the DOCSIS QAM channel augmentation process.
- new ERMI messages might be defined to signal the availability of additional DOCSIS QAM channel resources to the M-CMTS core since the last M-CMTS core resource request.
- Some “premium” broadband subscribers such as commercial organizations or certain residential subscribers, may express interest in receiving offers for short-term upgrades of additional network bandwidth.
- An offer may include the proposed bandwidth augmentation and pricing, and may be communicated through instant messaging or email (via the Messaging/Presence component 316 of the network control system). If these premium subscribers accept the offer, the broadband access network is re-provisioned (dynamically via PCMM 321 ) for higher network bandwidth for a period of time, and the subscriber is billed according to the terms of the offer. Otherwise, the offer can be ignored or rejected with no penalty, although this may be interpreted as a lack of interest for the particular offer. The customer may have access to past offers that were accepted or rejected, as well as the ability to view any incremental charges.
- Control System Orchestration component 312 is responsible for determining whether any bandwidth augmentation offers are made, and if so, which subset of premium subscribers may receive offers at this time (depending on the amount of available broadband access capacity).
- the network control system should consider several factors. First, it should consider the amount of available capacity in the broadband access network. The broadband service provider may want to avoid making such offers if the broadband access network is currently congested. Second, it should consider the amount of recent network traffic generated by the premium subscriber. If the subscriber has been generating network traffic close to the maximum bandwidth limit, then the subscriber is much more likely to benefit from bandwidth augmentation. Third, it should anticipate interest in the offer by the premium subscriber. The subscriber may explicitly communicate interest to the broadband service provider, or interest may be inferred by the subscriber's reaction to past broadband augmentation offers.
- the network control system may rely on the following data sources to support this service:
- the Data Reduction and Analysis component 301 may generate events to the Control System Orchestration component 312 based on sustained bandwidth usage by premium subscribers, as well as events based on significant changes to the available capacity of the broadband access network (e.g. a transition from uncongested to congested network, or vice versa).
- a subset of potential broadband subscribers may receive incentives from the broadband service provider (e.g. a reduced price and/or additional packaged services) to choose a broadband access service in which they consume most of their traffic volume during non-peak traffic times.
- the “incentive subscribers” may enjoy the “flagship” bandwidth rate, but the subscriber bandwidth may be restricted during peak traffic times. Notice that this is envisioned to be a voluntary service (hence the need for subscriber incentives); depending on the lower bandwidth during peak traffic times, this service may or may not be appropriate for best effort VoIP services.
- the incentive subscriber may be notified about bandwidth changes for non-peak-to peak transitions (if desired), and the subscriber may be offered an upgrade to a premium subscriber service if the bandwidth usage during peak traffic times is consistently at the bandwidth maximum.
- yield management This term is used to describe techniques for the allocation of limited resources among a variety of customers, in a manner that optimizes the total revenue or “yield.”
- the travel industry uses yield management in the allocation of airplane seats and hotel rooms to business travelers and leisure travels.
- Other examples of yield management include time of use electric metering, and mobile phone calling plans with night and weekend rates.
- CMTS complementary metal-oxide-semiconductor
- peak e.g. 8 pm local time
- non-peak traffic times e.g. 4 am local time
- the network control system may rely on the following data sources to support this service:
- the Data Reduction and Analysis component 301 may generate events to the Orchestration component 312 based on sustained bandwidth usage by incentive subscribers during peak traffic time periods, as well as events based on significant aggregate network traffic changes in the broadband access network (e.g. a transition from peak traffic to non-peak traffic, or vice versa).
- the Orchestration component 312 may be responsible for determining when to transition incentive subscribers from non-peak to peak bandwidth rates, and vice versa. The Orchestration component may also determine whether to send subsidiary upgrade offers to incentive subscribers who may benefit from the subsidiary bandwidth rate during peak traffic periods.
- the “quarantine service” is designed for the broadband subscriber with security issues caused by involuntary means, such as a subscriber with an infected computer participating as a “zombie” in a “botnet.” While no subscriber may “volunteer” to have a computer infected with malware, it may be a fairly commonplace occurrence; some security experts suggest that between 10% and 25% of all broadband subscriber computers are infected with mai ware or a virus. Symantec estimates that 10% of all “spam zombies” in the world are located in the United States. (See, e.g., Symantec, “Internet Security Threat Report Trends for January-June 07, Volume XII”, 2007.) The goal of this service is to enable (perhaps limited) subscriber Internet access while the computer security issue is remedied.
- the network control system may detect subscriber computer infections automatically, through information from the broadband service provider's own Intrusion Detection Systems (IDS), information obtained from security appliances 325 and 328 , or through the analysis of “signature” network patterns (such as unusual coordinated traffic patterns by groups of computers organized in a single “botnet”).
- IDS Intrusion Detection Systems
- security appliances 325 and 328 or through the analysis of “signature” network patterns (such as unusual coordinated traffic patterns by groups of computers organized in a single “botnet”).
- the network control system may also be manually notified of computer infections reported by external entities such as law enforcement agencies.
- QPPB 319 may be used for the redirection of inbound subscriber traffic to a security appliance (similar to the operation of an IDS) for malware network mitigation; QPPB 319 may also be used for router-based traffic shaping, in order to control the aggregate amount of traffic directed to the security appliance. Provisioning of a new DOCSIS configuration file may be used to redirect outbound subscriber traffic to a security appliance, to restrict upstream traffic directed to the security appliance, and/or to block outbound SMTP traffic (for a “spam zombie” infection).
- the network control system may rely on the following data sources to support this service:
- the Control System Orchestration component 312 may be responsible for identifying infected computers and applying appropriate mitigation measures (e.g. redirection of subscriber traffic to a security appliance, and/or blocking of outbound SMTP traffic), as well as restoring subscriber service after a computer infection has been remedied.
- appropriate mitigation measures e.g. redirection of subscriber traffic to a security appliance, and/or blocking of outbound SMTP traffic
- a core component of the network control system 300 is the Data Reduction and Analysis component 301 , which may detect significant network usage events for processing by the Control System Orchestration component 312 .
- the Data Reduction and Analysis component 301 should avoid overwhelming the Control System Orchestration component 312 or Enterprise Service Bus 314 with unnecessary messages. Therefore, a key concept for the network control system 300 is to distinguish the rules for determining a network usage event, from the rules for processing and reacting to a network usage event.
- the rules for the determining a usage event by the Data Reduction and Analysis component 301 are based on engineering/IT constraints. Specifically, data analysts 408 review the raw network usage data 409 from a data repository 407 and the baseline business-requirements 410 , and use these inputs to build event generation rules 411 for Data Reduction and Analysis in step 404 . Ideally, these rules limit the maximum number of a notice of network usage events to the capacity of the Enterprise Service Bus and Control System Orchestration components.
- the baseline business requirements 410 help the data analysts 408 ensure that “potentially interesting” network usage events are generated, although some such events will be subsequently ignored by the Control System Orchestration component 312 .
- Control System Orchestration business rules 412 by the business owners 419 may be changed independently of the network usage event rules by the analysts 408 .
- the baseline business requirement 410 may require the generation of an event for each premium subscriber reaching a certain network consumption threshold in a week, in order to identify potential candidates for offers to upgrade their network bandwidth.
- the Control System Orchestration component 312 may implement business rules 412 that process these events, and determine the feasibility and prioritization of such offers in particular portions of the broadband access network.
- event generation rules 411 are preferably, although not necessarily, programmed as state-of-the-art software (e.g. Java or C++), whereas the business rules 412 are likely, although not necessarily, to be configured as Business Process Execution Language (BPEL) logic using off-the-shelf graphical tools.
- BPEL Business Process Execution Language
- the diagram of FIG. 4 shows one possible instantiation of the core components of the network control system architecture.
- the network usage control system data sources e.g., IPDR 303 , IDS 305 , etc.
- the network usage control system data sources transmit data to the network control system 300 .
- data extraction occurs, using a data extraction/formatting/storage software 403 , for example, “VIVID” developed for Comcast.
- VIVID is a real-time, high-volume, general data collection and management system, with data analysis and archival storage 407 capabilities.
- the data extraction/formatting/storage software 403 feeds the Data Analysis and Event Generation component in step 404 , which uses data analyst-developed event generation rules 411 to generate network usage events described previously.
- an event signal is transmitted using the enterprise service bus function in step 405 for control system orchestration in step 406 .
- the Control System Orchestration component uses the business rules 412 to determine a response to the event.
- the network configuration is optimized while subscribers usage is moderated, thereby decreasing latency in the network and reducing the frequency for costly increases in network capacity.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computing Systems (AREA)
- Strategic Management (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Finance (AREA)
- Entrepreneurship & Innovation (AREA)
- Game Theory and Decision Science (AREA)
- Economics (AREA)
- Marketing (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Quality & Reliability (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A process for managing usage on a broadband network, said process comprising: (a) monitoring a subscriber's broadband usage; (b) determining if said usage rises to a level indicative of an event; (c) determining if said event is consistent with heavy usage or with a security incident; (d) if said event is consistent with heavy usage, offering said subscriber at least one of a plan for an upgraded subscription, or an incentive to concentrate usage in nonpeak time; and (e) if said event is consistent with a security incident, exercising security measures to minimize unintended usage.
Description
- The present invention relates generally to a system and method for managing bandwidth on a broadband network, and, more specifically, to a system and method for optimizing network configuration and subscriber usage based on subscriber usage patterns.
- In a broadband service provider network, subscribers share a common network infrastructure, but subscribers consume network bandwidth at significantly differing rates. For example, the top 1% of subscribers may consume 15% attic total consumed network bandwidth per month, the top 5% may consume 35%, and the top 12% may consume 50%. Therefore, during peak traffic loads, a relatively small percentage of subscribers may generate network traffic that negatively impacts all subscribers served by the same network infrastructure.
- One solution to this problem is to measure subscriber network consumption and curtail subscribers using exceptional traffic volume. Such an approach, however, has significant shortcomings. For example, some heavy network consumers may be willing to “pay for the privilege” of exceptional traffic volume, perhaps through a higher monthly recurring charge or through variable usage charges based on monthly consumption. Alternatively, some heavy network consumers might be willing to consume most of their bandwidth during non-peak traffic times in which their higher usage would have little impact.
- While some subscribers consume bandwidth willingly, others do so unknowingly as a result of their terminal being “infected” with a virus or malware. The conventional solution for an infected terminal transmitting a large volume of emails or consuming inordinate bandwidth is to prevent the subscriber from accessing the network. Again, this solution tends to be heavy handed. This solution makes it difficult to remediate the computer or even periodically check on it to see if the problem has been rectified. This leaves the subscriber on his own to remedy the situation, typically without the use of the Internet or other online help.
- Therefore, a need exists to more effectively manage bandwidth not only to provide reliable service for the subscribers at large, but also to meet the needs of the relatively few high-usage subscribers. The present invention fulfills this need among others.
- The present invention provides a system and process that integrates existing administrative, security management and network configuration functionality of a broadband network, while monitoring subscriber usage using existing data gathering components to optimize network configuration and to moderate usage, thereby improving network performance not only for the subscribers at large, but also for the relatively few high-usage subscribers.
- By way of background, applicants have identified that the network configuration, administration (e,g., billing/provisioning), and security management functions have been typically viewed as independent systems in a broadband service provider network. For example, network capacity management leverages projections of numerical subscriber growth as well as network traffic growth in order to anticipate the requirements for broadband network expansion. Individual subscribers are typically provisioned without direct coordination with network capacity projections. Additionally, when security management detects that a subscriber computer has been compromised by malware, there is minimal coordination with provisioning—except perhaps for manual processes to block outbound SMTP traffic or to take the subscriber offline. In the situations mentioned above, the network configuration tends to be managed independently.
- In contrast, the present invention provides for the automated coordination of network functions such as network configuration, administrative, and security management through an architecture, referred to herein as the “Network Control System.” The network control system also uses various—and preferable existing—sources of network usage information to collect data on subscriber usage. By coordinating these functions while monitoring subscriber usage, the network control system can moderate usage by charging subscribers premiums for high usage and promoting off peak service. The network control system can also signal the network and/or related administrative systems, such as billing/provisioning, to modify the network's configuration, to enable accounting for exceptional subscriber network usage, or to modify the subscriber's network usage for security and/or overall network performance.
- The present invention provides for a number of innovative broadband services that leverage the analysis and processing capabilities of the network control system. For example, high-usage subscribers may receive offers for short-term upgrades in network speed, dependent on their recent usage patterns and on the current available capacity of the broadband access network. To this end, the network control system may also allocate additional network capacity (e.g. new DOCSIS service flows or additional QAMs) for “premium” subscribers with heavy network traffic.
- Furthermore, some subscribers may receive incentives to concentrate most of their network consumption during non-peak traffic times. The service provider is motivated to provide incentives to this group of subscribers because their non-peak time network consumption minimizes the incremental capital spending on network infrastructure. The capital spending tends to be driven by the capacity required for peak time network consumption.
- Additionally, the network control system may recognize that a subscriber suffers from an infected computer participating as a “zombie” in a “botnet” by detecting abnormal network traffic via Intrusion Detection Systems. In response, the network control system may re-provision the subscriber's broadband access into a “quarantine” state, which enables (perhaps limited) subscriber Internet access while the computer security issue is remedied.
- Accordingly, one aspect of the present invention is a process for optimizing network configuration and moderating usage on a broadband network by integrating network configuration, administrative and security functions while monitoring usage. In one embodiment, the process comprises: (a) monitoring a subscriber's broadband usage; (b) determining if the usage rises to a noteworthy level indicative of an event; (c) determining if the event is consistent with heavy usage or with a security incident; (d) if the event is consistent with heavy usage, offering the subscriber at least one of a plan for an upgraded subscription, or an incentive to concentrate usage nonpeak time; and (c) if the event is consistent with a security incident, exercising security measures to minimize unintended usage.
- Another aspect of the present invention is a network control system for optimizing network configuration and moderating usage on a broadband network by integrating the network configuration, administrative, and security management functions. In one embodiment, the network control system comprises: (a) a monitoring component configured for capturing network usage data and analyzing the data to identify events and trends; (b) a controller component configured for receiving an event generated from the monitoring component, processing the event according to the trends, business rules and subscriber information, and generating a response; and (c) a communication component configured to facilitate inter-component communication including reacting to the response by signaling a network configuration system, an administrative system, or a security system, to effect at least one of offering the subscriber an upgraded subscription, offering the subscriber an incentive to concentrate usage in nonpeak time, or exercising security measures to minimize unintended usage of the subscriber.
- Yet another aspect of the invention is a network comprising the network control system described above.
-
FIG. 1 is a system diagram of one embodiment of the present invention; -
FIG. 2 is a flow chart illustrating one embodiment of the present invention; -
FIG. 3 is a conceptual diagram of the network control system integrated with a broadband network; and -
FIG. 4 is a schematic of one example of Data Analysis and Event Generation within the network control system. - Referring to
FIG. 1 , an embodiment of acontrol system 100 of the present invention is shown. Thesystem 100 comprises amonitoring component 101, acommunication component 102, and acontroller component 103. Specifically, the monitoring component interfaces with at least one usagedata gathering system 104 associated with thenetwork 105. The monitoring component is configured to receive and analyze data from thedata gathering system 104 to determine if the data is consistent with an event of high usage and, if so, to transmit an event signal to thecontroller component 103 via thecommunication component 102. The controller component is configured to receive the event signal and determine if such an event indicates a need to initiate at least one of the following responses: modify the subscriber's bandwidth, offer the subscriber an upgraded service plan, incentivize the subscriber to concentrate usage in nonpeak times, or determine if the subscriber's terminal is infected. To this end, the controller component interfaces with anetwork configuration system 106, an administrative system 107 and asecurity management system 108 via thecommunication component 102. Thenetwork configuration component 106 is configured to modify the network to increase or decrease available bandwidth to a subscriber in response to a signal from thecontroller component 103 via thecommunication component 102. The administrative system 107 is configured to offer the subscriber associated with the event incentives to change subscription plans for increased bandwidth or to concentrate use to non-peak times in response to a signal from thecontroller component 103. Thesecurity management system 108 is configured to execute protective measures in response to a signal from thecontroller component 103. This protective measures may involve, for example, quarantining the subscriber from the network, restricting usage, and/or heightened monitoring of usage. - The different embodiments and the components of the
system 100 are discussed in detail below with respect to the schematic ofFIG. 1 . It should be understood, however, that this schematic is provided for illustrative purposes only, and the system and process of the present invention may be practiced in ways not specifically shown inFIG. 1 . For example, although certain components and systems are depicted as single entities, this is done for illustrative purposes only. Their functionality may be distributed among multiple components or consolidated in just one. For example, the monitoring component may be integrated with the controller component, likewise the controller component may be distributed among different computers/components. Furthermore, the various components and systems described herein may comprise any known or later-developed discrete or networked computer(s) having one or more processors, memory, and an input/output functionality, and being particularly configured to execute the function(s) for which it is intended to perform. Additionally, it should be understood that the various components shown inFIG. 1 are not necessarily housed in a common area or even operated by a common entity—i.e., the various components may be operated by different companies and interfaced together. Therefore, the schematic ofsystem 100 should not be used to limit the structure of the system more narrowly than the claims. - The operation of the
network control system 100 is described with reference to the flow chart 200 disclosed inFIG. 2 . Instep 201, subscriber usage is monitored using, for example, thedata gathering system 104 mentioned with respect toFIG. 1 . Instep 202, a determination is made by themonitoring component 101 that the usage is indicative of an event such as an inordinate amount of downloading, uploading, or email transmission activity. If an event is detected, a signal is transmitted to thecontroller component 103 instep 203, which determines if the event is consistent with typical heavy subscriber network usage. To this end, in one embodiment, the monitoring component detects unusual activity across a plurality of subscribers, and then the process proceeds to the controller component in which a determination is made whether a single subscriber's activity is unusual. If the activity of a subscriber is determined to be unusual, the process proceeds to step 204, in which a determination is made whether the subscriber service plan is optimized to its usage. If so, the inquiry ends instep 209. If the service plan is not optimized, then the process proceeds to step 205 in which thecontroller component 103 interfaces with the administrative system 107 (via the communication component 102) to offer the subscriber an enhanced subscription plan for higher usage, or an incentive to concentrate usage during off-peak times. Depending on whether the offer is accepted, thecontroller component 103 may instruct thenetwork configuration system 106 to curtail or expand the subscriber's bandwidth or access to the network in step 211. Alternatively, the controller component may determine that an optimized service plan is not available (e.g., the network lacks the necessary capacity), and proceed directly to step 211. - Returning to step 203, if the event is not consistent with normal high usage or historical usage, security measures are implemented. The implementation of the security measures can vary. In the embodiment depicted in flow chart 200, the process proceeds to step 206, in which a determination is made by the
controller component 103 whether the usage is indicative of a problem such as a virus. If so, the process proceeds to step 210 in which the controller component signals thesecurity management system 108 via thecommunication component 102 to quarantine the subscriber instep 210. This quarantine may involve, for example, limiting bandwidth (or otherwise limiting access to the internet), or it may involve isolating the subscriber completely. If the usage is determined not to be indicative of misuse instep 206, the process proceeds to step 207 in which an investigation into the anomaly is conducted. This investigation may include, for example, automated network protocol analysis using asecurity management system 108, or a telephone call to the subscriber. If the results of this investigation indicate that the event is indicative of misuse the process proceeds to step 210, as described above. If, however, the investigation results show no impropriety the inquiry is terminated instep 209. - Referring now to
FIGS. 3-5 , the present invention is described in terms of a cable based broadband service provider network. It should be understood, however, that the present invention is not limited to a cable-based networks and can be practiced with fiber-optic, telephony (e.g. DSL), or other broadband networks. In referring to this embodiment, the following acronyms are used to describe the system components and methods: -
- 3GPP Third Generation Partnership Project
- API Application Programming Interface
- BGP Border Gateway Protocol
- BPEL Business Process Execution Language
- BPM Business Process Management
- CDR Call Detail Record
- CMTS Cable Modem Termination System
- CPE Customer Premises Equipment
- DB Database
- DHCP Dynamic Host Configuration Protocol
- DOCSIS Data over Cable Service Interface Specifications
- DSL Digital Subscriber Line
- ERM Edge Resource Manager
- ERMI Edge Resource Manager interface
- ESB Enterprise Service Bus
- HFC Hybrid Fiber Coax
- IDS Intrusion Detection System
- IETF Internet Engineering Task Force
- IMS IP Multimedia Subsystem
- IP Internet Protocol
- IPDR Internet Protocol Detail Record
- JCA Java Connection Architecture
- M-CMTS Modular Cable Modem Termination System
- MIB Management Information Base
- MOM Message-Oriented Middleware
- MPEG Moving Pictures Expert Group
- OSS Operation Support System
- PCMM PacketCable Multimedia
- QAM Quadrature Amplitude Modulation
- QoS Quality of Service
- QPPB QoS Policy Propagation on BGP
- RADIUS Remote Authentication Dial-In Subscriber Service
- SAMIS Security Assistance Management Information System
- SMTP Simple Mail Transfer Protocol
- SNMP Simple Network Management Protocol
- TCP Transmission Control Protocol
- UDP Subscriber Datagram Protocol
- VoIP Voice over Internet Protocol
- XML Extensible Markup Language
- These are well known acronyms and terms and should be construed in accordance with their ordinary meaning.
- Referring to
FIG. 3 , one embodiment of the network control system is shown integrated into abroadband network 300. The core components in the network control system process, analyze, and act on sources of information about network usage. The system comprises a monitoring component, which, in this embodiment, is a Data Reduction andAnalysis component 301. It accepts network usage information from thedata sources 302, normalizes the network usage information as appropriate (e.g. bandwidth consumption may be obtained fromvarious data sources 302 such asIPDR 303 orSNMP 304, messaging volume from Radius 307 orDiameter 308, and malicious activities may be reported byIDS devices 305 or Syslog 306), captures the network usage information in storage, and analyzes the network usage information for immediate network events, as well as short-term and long-term trends. One exemplary immediate event may be that a broadband subscriber device is attempting to attack a critical network server. On the other hand, an exemplary long-term trend may be an estimate of time duration of the “peak traffic” period for a particular broadband access network. - The following is a partial list of potential sources of information about network usage:
-
-
IPDR 303, or IP Detail Records, which are defined by IPDR.org and implemented by many vendors. (See, e.g., IPDR.org, “IPDR/SP Protocol Specification Version 2.1”, 2004.) IP Detail Records provide information about IP-based service usage. In the cable broadband environment, DOCSIS® CMTSs generate IPDRs that may report information at the granularity of individual broadband subscribers. (See, e.g., CableLabs, “Operations Support System Interface Specification CM-SP-OSSiv3.0-107-080522”, 2008.) -
SNMP 304, or Simple Network Management Protocol, is an IETF standard for monitoring network devices over an IP network, as well as enabling network devices to generate alert messages to network management systems. (See, e.g., Case, J., Mundy, R., Partain, D., and B. Stewart, “Introduction and Applicability Statements for Internet Standard Management Framework”, RFC 3410, 2002.) Routers, servers, and other network nodes usually support SNMP-based network management, both for the polling of bandwidth usage as well as the generation of alerts for unusual conditions and subscriber activities. - Information from security appliances such as Intrusion Detection Systems (IDS) 305; this information tends to be vendor-specific.
Security appliances -
Syslog 306, an IETF standard for transmitting logging messages across an IP network (although the payload of Syslog messages tends to be vendor-specific). (See, e.g., C. Lonvick, “The BSD Syslog Protocol”, RFC 3164, 2001, and R. Gerhards, “The Syslog Protocol”, RFC 5424, 2008.) Routers, servers, and other network nodes usually support the generation of Syslog messages for a wide variety of anomalous conditions, including malicious or unusual subscriber network activity observed by the Syslog message source. - RADIUS 307 and
DIAMETER 308, IETF standards to enable authentication, authorization, and accounting over an IP network. (See, e,g., Rigney, C., Willens, S., Rubens, A. and W. Simpson, “Remote Authentication Dial In User Service (RADIUS)”, REC2865, 2000, and Calhoun, P., Loughney, J., Guttman, E., Zorn, G. and J. Arkko, “Diameter Base Protocol”, RFC 3588, 2003.) RADIUS is the earlier IETF standard, and is often used in dial-up and DSL networks. RADIUS accounting messages report on the volume of traffic for a single subscriber session. In some cases, RADIUS accounting messages are transmitted as Call Detail Records (CDRs) in Voice over IP (VoIP) applications. DIAMETER is the planned IETF replacement for RADIUS, and is the protocol basis of many authentication andaccounting messages 330 defined in the 3GPP/IMS standards [See, e.g., 3GPP TS 32.299, “Telecommunication management; Charging management; Diameter charging applications”].
-
- Both immediate events and short-term and tong-term trends are reported to the controller component, which, in this embodiment, is a Control
System Orchestration component 312. The ControlSystem Orchestration component 312 processes the events received from the Data Reduction andAnalysis component 301 according to configured business rules and subscriber information. In a Service Oriented Architecture, the ControlSystem Orchestration component 312 may be realized as an orchestration server or a BPM (Business Process Management) server. The Control System Orchestration may obtain subscriber information from theSubscriber Datastore component 313, including the association of cable moderns to subscribers, the subscriber email address and instant messaging identity, and the broadband services purchased by the subscriber. - The business rules may direct the Control System Orchestration to do any one or more of the following: to ignore the incoming event; to notify the subscriber of unusual network usage; to change the subscriber's provisioned bandwidth; to bill the subscriber based on incremental network consumption; or to modify the network to provide additional capacity.
- It may be useful in some circumstances (e.g. critical network security breach) for events to bypass the Data Reduction and Analysis component, and to be processed immediately by the Control System Orchestration component.
- Communication among the components of the
network control system 100 and the other components of the network is facilitated by the communication component, which, in the embodiment ofFIG. 3 , is the Enterprise Service Bus (ESB)component 314. (See, e.g., Chappell, D., “Enterprise Service Bus”, 2004.) It links many of the components of thenetwork control system 100 using XML messaging using, for example, message-oriented middleware (MOM), which is also common in a Service Oriented Architecture. New components can be easily added to the Enterprise Service Bus using web services APIs or the Java Connector Architecture (JCA). Messages can be multicast to multiple components on the ESB. For example, anAdministrative Subscriber Interface 315 may track and display all inbound events from the Data Reduction andAnalysis component 301, as well as all actions taken by the network controlsystem Orchestration component 312, if that feature is desired. - The PCMM
Application Management component 323 may be used by an end user or a network management system to request QoS-based services from the PCMMPolicy Server component 321. (See, e.g., CableLabs, “PacketCable Multimedia Specification PKT-SPMM-104-080522”, 2008.) The QoS-based service request may flow from the PCMMApplication Management component 323 to the PCMMPolicy Server component 321 through the EnterpriseService Bus component 314. This enables thenetwork control system 100, particularly the ControlSystem Orchestration component 312, to have visibility into subscriber requests for QoS-based services, and perhaps to allow or disallow said requests based on the current usage of the subscriber and on any current security incidents. - The
network control system 100 may use various components (as well as others via theESB 314 to act on the business rules configured in the ControlSystem Orchestration component 312. For example, a Messaging/Presence component 316 may be used to inform the subscriber of unusual network usage activity and any subsequent account modification, via email, instant messaging, voicemail, etc. The presence functionality may be used to determine whether a subscriber is currently online or available by phone, so that a customer care agent may contact the subscriber in person. - A
Billing component 317 may be used in a variety of ways, such as to upgrade the subscriber account to a higher bandwidth consumption tier, to post charges for exceeding a monthly consumption limit, or to suspend or close a subscriber account (e.g. because of intentionally malicious subscriber network behavior). - A
Provisioning component 318 may be used in a variety of ways, such as to reprovision network service to a different bandwidth tier or to block outbound SMTP traffic (e.g. via the DOCSIS configuration file). - A QoS Policy Propagation via BGP (QPPB)
component 319 may be used to signalrouters QPPB component 319 may be used for router-based rate limiting of subscriber traffic targeted to a known infected computer, and for the redirection of subscriber network traffic to a security appliance to screen out inbound “botnet” command and control traffic. - A PCMM (PacketCable™ MultiMedia)
Policy Server component 321 may be used to signal an edge router 329 (e.g. a DOCSIS CMTS) to create a subscriber service flow with specific bandwidth management characteristics. (See, e,g., CableLabs, “PacketCable Multimedia Specification PKT-SP-MM-104-080522”, 2008.) The service flow may be configured to impact all subscriber traffic, or only a portion of subscriber traffic (based on, for example, IP addresses and TCP/UDP ports). - An ERM (Edge Resource Manager) component 321 (shown integrated with the PCMM component) may be used for the management of downstream QAM channels on a Universal Edge QAM device, as part of a Modular CMTS architecture. (See, e.g., CableLabs, “Edge Resource Manager Interface Specification, CM-SP-ERMI-103-081107”, 2008.) The Universal Edge QAM device enables the delivery of DOCSIS data and MPEG video over the cable Hybrid Fiber Coax (HFC) network. With respect to the network control system, the ERM may be used to enable the allocation of additional DOCSIS QAM channels in the HFC network in the presence of heavy Internet traffic.
- It should be appreciated that the functionality of the
network configuration system 106, administration system 107 andsecurity system 108 disclosed inFIG. 1 , are distributed over the systems mentioned above. - The interaction of the network control system with network elements in a
cable broadband network 300 is now considered.DOCSIS CMTS 329supplies IPDR records 303 to thedata sources 302, enablingSNMP 304 to collect bandwidth and subscriber network usage information for the network control system. Thesecurity appliances network control system 300. These various sources of data are processed by the Data Reduction andAnalysis component 301, which generates a notice of network usage events transmitted over the EnterpriseService Bus component 314 for the ControlSystem Orchestration component 312. The ControlSystem Orchestration component 312 applies business rules to the notice of network usage events; and leverages theQPPB 319, PCMM Policy Server andERM components 321 to affect the subscriber network experience. - In the context of security management,
QPPB 319 may be used for router-based traffic shaping, and for the redirection of inbound subscriber traffic from abackbone router 324 orregional router 327 to asecurity appliance next router -
PCMM component 321 may be used to increase or decrease the effective DOCSIS network bandwidth for the subscriber (without the reset of the DOCSIS cable modem), or change the traffic priority. The ERM may be used to allocate additional DOCSIS QAM channels as required for optimal network performance. - As mentioned above, the network control system of the present invention facilitates a number of functions including, for example, (1) dynamic bandwidth reallocation, (2) service plan optimization, (3) optimization of subscriber usage, and (4) enhanced security.
- 1. Bandwidth Reallocation
- There are at least two significant considerations in the dynamic allocation of additional DOCSIS QAM channels. First, the broadband service provider needs to supply a pool of ‘spare’ QAM channels from which to allocate. This is likely to be a serious business challenge, since there are many alternative uses for QAM channels such as broadcast linear video (analog and digital), narrowcast video (e.g. video on demand and switched digital), and potentially video multiplexes for targeted advertising. The competition for QAM channels may be simplified in the future as broadcast linear video and targeted advertising video streams eventually transition to unicast switched digital video streams; at least this narrows the QAM channel conflict between DOCSIS and narrowcast video.
- The other consideration is in the largely “passive” role of the Edge Resource Manager (ERM) in the Modular CMTS (M-CMTS) architecture, according to the interfaces defined in CableLabs, “Edge Resource Manager Interface Specification, CM-SP-ERMI-103-0811 07”, 2008. The Edge QAMs register their resources with the ERM, and the M-CMTS core initiates the resource transactions with the ERM to request or release a QAM channel. The ERM can detect an Edge QAM failure, and the ERM responds to M-CMTS resource requests with Edge QAM channel resources (possibly leveraging operator-dependent policies in the selection process). Therefore, with the current M-CMTS architecture, it appears that the M-CMTS core may actively participate in the DOCSIS QAM channel augmentation process. Alternatively, new ERMI messages might be defined to signal the availability of additional DOCSIS QAM channel resources to the M-CMTS core since the last M-CMTS core resource request.
- 2. Service Plan Optimization
- Rather than or in addition to reallocating bandwidth, it may be beneficial to modify usage to optimize system performance by offering optimized plans. Some “premium” broadband subscribers, such as commercial organizations or certain residential subscribers, may express interest in receiving offers for short-term upgrades of additional network bandwidth. An offer may include the proposed bandwidth augmentation and pricing, and may be communicated through instant messaging or email (via the Messaging/
Presence component 316 of the network control system). If these premium subscribers accept the offer, the broadband access network is re-provisioned (dynamically via PCMM 321) for higher network bandwidth for a period of time, and the subscriber is billed according to the terms of the offer. Otherwise, the offer can be ignored or rejected with no penalty, although this may be interpreted as a lack of interest for the particular offer. The customer may have access to past offers that were accepted or rejected, as well as the ability to view any incremental charges. - In one embodiment, the Control
System Orchestration component 312 is responsible for determining whether any bandwidth augmentation offers are made, and if so, which subset of premium subscribers may receive offers at this time (depending on the amount of available broadband access capacity). - In order to make effective offers of bandwidth augmentation, the network control system should consider several factors. First, it should consider the amount of available capacity in the broadband access network. The broadband service provider may want to avoid making such offers if the broadband access network is currently congested. Second, it should consider the amount of recent network traffic generated by the premium subscriber. If the subscriber has been generating network traffic close to the maximum bandwidth limit, then the subscriber is much more likely to benefit from bandwidth augmentation. Third, it should anticipate interest in the offer by the premium subscriber. The subscriber may explicitly communicate interest to the broadband service provider, or interest may be inferred by the subscriber's reaction to past broadband augmentation offers.
- The network control system may rely on the following data sources to support this service:
-
- SNMP-based collection of
counters 304 associated with the interfaces Group MIB from CMTS DOCSIS interfaces, to determine the currently available capacity of the broadband access network. (See, e.g., McCloghrie, K., and F. Kastenholz, “The Interfaces Group MIB”, RFC 2863, 2000.) - IPDR-based collection of
SAMIS records 303 with per-service flow statistics [DOCSIS-OSS], to determine the recent network traffic profile of the premium subscriber.
- SNMP-based collection of
- The Data Reduction and
Analysis component 301 may generate events to the ControlSystem Orchestration component 312 based on sustained bandwidth usage by premium subscribers, as well as events based on significant changes to the available capacity of the broadband access network (e.g. a transition from uncongested to congested network, or vice versa). - 3. Incentives for Non-Peak Time Usage
- A subset of potential broadband subscribers, such as value-conscious consumers with time flexibility, may receive incentives from the broadband service provider (e.g. a reduced price and/or additional packaged services) to choose a broadband access service in which they consume most of their traffic volume during non-peak traffic times. During non-peak traffic times, the “incentive subscribers” may enjoy the “flagship” bandwidth rate, but the subscriber bandwidth may be restricted during peak traffic times. Notice that this is envisioned to be a voluntary service (hence the need for subscriber incentives); depending on the lower bandwidth during peak traffic times, this service may or may not be appropriate for best effort VoIP services. The incentive subscriber may be notified about bandwidth changes for non-peak-to peak transitions (if desired), and the subscriber may be offered an upgrade to a premium subscriber service if the bandwidth usage during peak traffic times is consistently at the bandwidth maximum.
- This subscriber service is reminiscent of a service industry concept known as “yield management”. This term is used to describe techniques for the allocation of limited resources among a variety of customers, in a manner that optimizes the total revenue or “yield.” For example, the travel industry uses yield management in the allocation of airplane seats and hotel rooms to business travelers and leisure travels. Other examples of yield management include time of use electric metering, and mobile phone calling plans with night and weekend rates.
- In the case of broadband access networks, there is often significant and consistent variation in aggregate network traffic based on the time of day. With respect to a representative CMTS, approximately 50% of the CMTS downstream capacity may be consumed at peak (e.g. 8 pm local time), but at least 70% of CMTS downstream capacity may be available at non-peak traffic times (e.g. 4 am local time). Network infrastructure expansion is typically driven by congestion during peak traffic periods, so additional subscriber traffic during non-peak traffic periods is efficient for the broadband service provider with respect to capital spending.
- The network control system may rely on the following data sources to support this service:
-
- SNMP-based collection of
counters 304 associated with the Interfaces Group MIB from CMTS DOCSIS interfaces, to determine the transitions from non-peak to peak traffic periods for the broadband access network; and - IPDR-based collection of
SAMIS records 303 with per-service flow statistics [DOCSIS-OSS], to determine the network traffic profile of the incentive subscriber during peak traffic periods.
- SNMP-based collection of
- The Data Reduction and
Analysis component 301 may generate events to theOrchestration component 312 based on sustained bandwidth usage by incentive subscribers during peak traffic time periods, as well as events based on significant aggregate network traffic changes in the broadband access network (e.g. a transition from peak traffic to non-peak traffic, or vice versa). - The
Orchestration component 312 may be responsible for determining when to transition incentive subscribers from non-peak to peak bandwidth rates, and vice versa. The Orchestration component may also determine whether to send flagship upgrade offers to incentive subscribers who may benefit from the flagship bandwidth rate during peak traffic periods. - 4. Quarantine Service for Subscribers with Security Issues
- The “quarantine service” is designed for the broadband subscriber with security issues caused by involuntary means, such as a subscriber with an infected computer participating as a “zombie” in a “botnet.” While no subscriber may “volunteer” to have a computer infected with malware, it may be a fairly commonplace occurrence; some security experts suggest that between 10% and 25% of all broadband subscriber computers are infected with mai ware or a virus. Symantec estimates that 10% of all “spam zombies” in the world are located in the United States. (See, e.g., Symantec, “Internet Security Threat Report Trends for January-June 07, Volume XII”, 2007.) The goal of this service is to enable (perhaps limited) subscriber Internet access while the computer security issue is remedied.
- The network control system may detect subscriber computer infections automatically, through information from the broadband service provider's own Intrusion Detection Systems (IDS), information obtained from
security appliances - Regardless of the means of detection, the subscriber is notified of the computer infection through instant messaging, email, and/or other communication mechanisms (via the Messaging/
Presence component 316 of the network control system), so that the subscriber has visibility and understanding of the security threat, and has the information needed to remediate or restore the computer.QPPB 319 may be used for the redirection of inbound subscriber traffic to a security appliance (similar to the operation of an IDS) for malware network mitigation;QPPB 319 may also be used for router-based traffic shaping, in order to control the aggregate amount of traffic directed to the security appliance. Provisioning of a new DOCSIS configuration file may be used to redirect outbound subscriber traffic to a security appliance, to restrict upstream traffic directed to the security appliance, and/or to block outbound SMTP traffic (for a “spam zombie” infection). - The network control system may rely on the following data sources to support this service:
-
- IPDR-based collection of
SAMIS records 303 with per-service flow statistics [DOCSIS-OSS], as a possible mechanism to detect unusual coordinated traffic patterns associated with a “botnet.” - IPDR-based collection of CPE records 303 [DOCSIS-OSS], to track the current IP addresses of infected subscriber computers (which may change due to DHCP protocol operation). The CPE IP addresses are needed to ensure that
QPPB 319 is applied only to traffic associated with infected computers. - Collection of information from security appliances to determine the status of infected computers.
- IPDR-based collection of
- The Control
System Orchestration component 312 may be responsible for identifying infected computers and applying appropriate mitigation measures (e.g. redirection of subscriber traffic to a security appliance, and/or blocking of outbound SMTP traffic), as well as restoring subscriber service after a computer infection has been remedied. - An important step in the network control system is the data analysis and event generation. As described above, a core component of the
network control system 300 is the Data Reduction andAnalysis component 301, which may detect significant network usage events for processing by the ControlSystem Orchestration component 312. However, the Data Reduction andAnalysis component 301 should avoid overwhelming the ControlSystem Orchestration component 312 orEnterprise Service Bus 314 with unnecessary messages. Therefore, a key concept for thenetwork control system 300 is to distinguish the rules for determining a network usage event, from the rules for processing and reacting to a network usage event. - Referring to
FIG. 4 , the interaction of the rules for determining events and responding to those events is considered. The rules for the determining a usage event by the Data Reduction andAnalysis component 301 are based on engineering/IT constraints. Specifically,data analysts 408 review the rawnetwork usage data 409 from adata repository 407 and the baseline business-requirements 410, and use these inputs to build event generation rules 411 for Data Reduction and Analysis instep 404. Ideally, these rules limit the maximum number of a notice of network usage events to the capacity of the Enterprise Service Bus and Control System Orchestration components. Thebaseline business requirements 410 help thedata analysts 408 ensure that “potentially interesting” network usage events are generated, although some such events will be subsequently ignored by the ControlSystem Orchestration component 312. - The benefit is that the Control System Orchestration business rules 412 by the
business owners 419 may be changed independently of the network usage event rules by theanalysts 408. For example, thebaseline business requirement 410 may require the generation of an event for each premium subscriber reaching a certain network consumption threshold in a week, in order to identify potential candidates for offers to upgrade their network bandwidth. The ControlSystem Orchestration component 312 may implementbusiness rules 412 that process these events, and determine the feasibility and prioritization of such offers in particular portions of the broadband access network. - Another key difference between the event generation rules for Data Reduction and Analysis, and the business rules for Control System Orchestration, is that the event generation rules 411 are preferably, although not necessarily, programmed as state-of-the-art software (e.g. Java or C++), whereas the business rules 412 are likely, although not necessarily, to be configured as Business Process Execution Language (BPEL) logic using off-the-shelf graphical tools. This enables less-
technical business owners 419 to build and understand their own Control System Orchestration business rules 412. - The diagram of
FIG. 4 shows one possible instantiation of the core components of the network control system architecture. Specifically, instep 401, the network usage control system data sources (e.g.,IPDR 303,IDS 305, etc.) transmit data to thenetwork control system 300. Instep 402, data extraction occurs, using a data extraction/formatting/storage software 403, for example, “VIVID” developed for Comcast. VIVID is a real-time, high-volume, general data collection and management system, with data analysis andarchival storage 407 capabilities. The data extraction/formatting/storage software 403 feeds the Data Analysis and Event Generation component instep 404, which uses data analyst-developed event generation rules 411 to generate network usage events described previously. - Once an event is generated in
step 404, an event signal is transmitted using the enterprise service bus function instep 405 for control system orchestration instep 406. In this step, the Control System Orchestration component uses the business rules 412 to determine a response to the event. - By implementing the
network control system 300 innetwork 105, the network configuration is optimized while subscribers usage is moderated, thereby decreasing latency in the network and reducing the frequency for costly increases in network capacity.
Claims (1)
1. A process comprising:
monitoring data about a user's usage of a network;
determining from the monitored data that the user's network usage has exceeded a level indicative of an event using a control system that comprises one or more computing devices;
determining, by the control system, whether the event is a security incident by comparing the user's network usage to one or more of a usage of other users and a historical usage of the user, wherein determining whether the event is a security incident comprises determining whether the user's network usage is consistent with a normal network usage, and wherein an abnormal network usage indicates the event is a security incident;
if the event is not determined to be a security incident, the control system sending the user an offer to change usage plans that will result, if the offer is accepted, in an adjustment to the amount of bandwidth allocated to the user; and
if the event is determined to be a security incident, the control system restricting the user's access to the network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/282,763 US20150026769A1 (en) | 2008-12-30 | 2014-05-20 | System And Method For Managing A Broadband Network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/346,162 US8762517B2 (en) | 2008-12-30 | 2008-12-30 | System and method for managing a broadband network |
US14/282,763 US20150026769A1 (en) | 2008-12-30 | 2014-05-20 | System And Method For Managing A Broadband Network |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/346,162 Continuation US8762517B2 (en) | 2008-12-30 | 2008-12-30 | System and method for managing a broadband network |
Publications (1)
Publication Number | Publication Date |
---|---|
US20150026769A1 true US20150026769A1 (en) | 2015-01-22 |
Family
ID=42286238
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/346,162 Active 2030-11-23 US8762517B2 (en) | 2008-12-30 | 2008-12-30 | System and method for managing a broadband network |
US14/282,763 Abandoned US20150026769A1 (en) | 2008-12-30 | 2014-05-20 | System And Method For Managing A Broadband Network |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/346,162 Active 2030-11-23 US8762517B2 (en) | 2008-12-30 | 2008-12-30 | System and method for managing a broadband network |
Country Status (1)
Country | Link |
---|---|
US (2) | US8762517B2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140378147A1 (en) * | 2010-03-26 | 2014-12-25 | Microsoft Corporation | Cellular service with improved service availability |
WO2016144701A1 (en) * | 2015-03-06 | 2016-09-15 | Mastercard International Incorporated | Systems and methods for risk based decisioning |
Families Citing this family (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7782898B2 (en) * | 2003-02-04 | 2010-08-24 | Cisco Technology, Inc. | Wideband cable system |
US8160098B1 (en) | 2009-01-14 | 2012-04-17 | Cisco Technology, Inc. | Dynamically allocating channel bandwidth between interfaces |
US8861546B2 (en) * | 2009-03-06 | 2014-10-14 | Cisco Technology, Inc. | Dynamically and fairly allocating RF channel bandwidth in a wideband cable system |
US8094661B2 (en) * | 2009-03-31 | 2012-01-10 | Comcast Cable Communications, Llc | Subscriber access network architecture |
US8428063B2 (en) * | 2009-03-31 | 2013-04-23 | Comcast Cable Communications, Llc | Access network architecture having dissimilar access sub-networks |
US9413598B2 (en) * | 2009-09-02 | 2016-08-09 | International Business Machines Corporation | Graph structures for event matching |
US10157280B2 (en) * | 2009-09-23 | 2018-12-18 | F5 Networks, Inc. | System and method for identifying security breach attempts of a website |
WO2011042903A1 (en) | 2009-10-07 | 2011-04-14 | Comability Ltd. | Computer network service providing system including self adjusting volume enforcement functionality |
CN101741734B (en) * | 2009-12-08 | 2012-02-22 | 南京联创科技集团股份有限公司 | Method for implementing dynamic strategic model based on mass data |
US20110264477A1 (en) * | 2010-01-27 | 2011-10-27 | CALM Energy, Inc. | Methods and a system for use of business process management for demand response |
US10191783B2 (en) | 2010-02-26 | 2019-01-29 | Red Hat, Inc. | UDP multicast over enterprise service bus |
CA2714224C (en) | 2010-06-18 | 2011-10-25 | Guest Tek Interactive Entertainment Ltd. | Controller for providing user-tailored entertainment experience at entertainment device and method thereof |
US8989159B2 (en) * | 2010-10-01 | 2015-03-24 | Smith Micro Software, Inc. | System and method managing hotspot network access of a plurality of devices |
US9159038B2 (en) * | 2010-10-14 | 2015-10-13 | Active Broadband Networks, Inc. | Pre-paid service system and method |
US20120124629A1 (en) * | 2010-11-12 | 2012-05-17 | Roger Musick | Managing Bandwidth in an IPTV Environment |
KR101036750B1 (en) * | 2011-01-04 | 2011-05-23 | 주식회사 엔피코어 | System for blocking zombie behavior and method for the same |
US8935389B2 (en) * | 2011-05-17 | 2015-01-13 | Guavus, Inc. | Method and system for collecting and managing network data |
EP2530871B1 (en) * | 2011-06-03 | 2016-08-31 | Alcatel Lucent | Managing a quality of an execution of a network provided service on a user device |
JP5820533B2 (en) * | 2011-09-28 | 2015-11-24 | スミス マイクロ ソフトウエア, インコーポレイテッドSmith Micro Software, Inc. | Method for controlling network access for mobile devices |
EP2850793B1 (en) * | 2012-05-14 | 2016-09-21 | Sable Networks, Inc | System and method for ensuring subscriber fairness using outlier detection |
US10637760B2 (en) * | 2012-08-20 | 2020-04-28 | Sandvine Corporation | System and method for network capacity planning |
US9515892B2 (en) * | 2012-09-12 | 2016-12-06 | Tekelec, Inc. | Methods, systems, and computer readable media for providing diameter traffic estimator |
US9693231B2 (en) | 2014-01-27 | 2017-06-27 | Time Warner Cable Enterprises Llc | Wireless gateway, network access, and management |
CA2844724A1 (en) | 2014-03-04 | 2015-09-04 | Guest Tek Interactive Entertainment Ltd. | Leveraging push notification capabilities of mobile app to send event-triggered invitations to upgrade service offered by hospitality establishment |
JP6421436B2 (en) * | 2014-04-11 | 2018-11-14 | 富士ゼロックス株式会社 | Unauthorized communication detection device and program |
EP3207762A4 (en) * | 2014-10-17 | 2018-04-04 | Seven Networks, LLC | Collaborative policy management strategies at a mobile device |
US10379802B2 (en) * | 2015-06-16 | 2019-08-13 | Verizon Patent And Licensing Inc. | Dynamic user identification for network content filtering |
US9813396B2 (en) | 2015-10-30 | 2017-11-07 | Rovi Guides, Inc. | Methods and systems for managing content subscription data |
US10178421B2 (en) * | 2015-10-30 | 2019-01-08 | Rovi Guides, Inc. | Methods and systems for monitoring content subscription usage |
EP3497885B1 (en) | 2016-08-15 | 2021-08-11 | Incognito Software Systems Inc. | System and method for bandwidth activity reporting |
US10958652B1 (en) * | 2017-05-05 | 2021-03-23 | EMC IP Holding Company LLC | Secure communication link for integrated computing system management and method of operating the same |
US10666619B2 (en) * | 2017-07-28 | 2020-05-26 | The Boeing Company | Network address translation and service aware rule generation |
CN109636338A (en) * | 2018-12-12 | 2019-04-16 | 北京光电新创通信技术有限公司 | A kind of broad band photoelectrical operation management platform system |
US11240049B2 (en) * | 2019-06-05 | 2022-02-01 | International Business Machines Corporation | Automatic recharging of data quota for successful completion of transaction |
US11689426B2 (en) * | 2019-08-27 | 2023-06-27 | OpenVault, LLC | System and method for applying CMTS management policies based on individual devices |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020095498A1 (en) * | 2000-06-05 | 2002-07-18 | Accordion Networks | Network architecture for multi-client units |
US20030093520A1 (en) * | 2001-10-26 | 2003-05-15 | Beesley Richard Craig | Method of controlling the amount of data transferred between a terminal and a server |
US20030134648A1 (en) * | 2001-10-04 | 2003-07-17 | Reed Mark Jefferson | Machine for providing a dynamic data base of geographic location information for a plurality of wireless devices and process for making same |
US20040199635A1 (en) * | 2002-10-16 | 2004-10-07 | Tuan Ta | System and method for dynamic bandwidth provisioning |
US20040199634A1 (en) * | 2003-02-20 | 2004-10-07 | Gilat Satellite Networks, Ltd. | Enforcement of network service level agreements |
US20050249214A1 (en) * | 2004-05-07 | 2005-11-10 | Tao Peng | System and process for managing network traffic |
US20060230444A1 (en) * | 2005-03-25 | 2006-10-12 | At&T Corp. | Method and apparatus for traffic control of dynamic denial of service attacks within a communications network |
US20070033282A1 (en) * | 2005-08-08 | 2007-02-08 | Weidong Mao | Signaling redirection for distributed session and resource management |
US20070064617A1 (en) * | 2005-09-15 | 2007-03-22 | Reves Joseph P | Traffic anomaly analysis for the detection of aberrant network code |
US20070094725A1 (en) * | 2005-10-21 | 2007-04-26 | Borders Kevin R | Method, system and computer program product for detecting security threats in a computer network |
US20070156822A1 (en) * | 2005-12-30 | 2007-07-05 | Ray Modaresi | Methods and computer programs for formulating messaging platform capacity projections |
US20070180090A1 (en) * | 2006-02-01 | 2007-08-02 | Simplicita Software, Inc. | Dns traffic switch |
US20070203714A1 (en) * | 2006-02-28 | 2007-08-30 | Microsoft Corporation | Purchasable Token Bandwidth Portioning |
US20080045234A1 (en) * | 2001-10-04 | 2008-02-21 | Reed Mark J | Machine for providing a dynamic data base of geographic location information for a plurality of wireless devices and process for making same |
US7885222B2 (en) * | 2006-09-29 | 2011-02-08 | Advanced Micro Devices, Inc. | Task scheduler responsive to connectivity prerequisites |
-
2008
- 2008-12-30 US US12/346,162 patent/US8762517B2/en active Active
-
2014
- 2014-05-20 US US14/282,763 patent/US20150026769A1/en not_active Abandoned
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020095498A1 (en) * | 2000-06-05 | 2002-07-18 | Accordion Networks | Network architecture for multi-client units |
US20080045234A1 (en) * | 2001-10-04 | 2008-02-21 | Reed Mark J | Machine for providing a dynamic data base of geographic location information for a plurality of wireless devices and process for making same |
US20030134648A1 (en) * | 2001-10-04 | 2003-07-17 | Reed Mark Jefferson | Machine for providing a dynamic data base of geographic location information for a plurality of wireless devices and process for making same |
US20030093520A1 (en) * | 2001-10-26 | 2003-05-15 | Beesley Richard Craig | Method of controlling the amount of data transferred between a terminal and a server |
US20040199635A1 (en) * | 2002-10-16 | 2004-10-07 | Tuan Ta | System and method for dynamic bandwidth provisioning |
US20040199634A1 (en) * | 2003-02-20 | 2004-10-07 | Gilat Satellite Networks, Ltd. | Enforcement of network service level agreements |
US20050249214A1 (en) * | 2004-05-07 | 2005-11-10 | Tao Peng | System and process for managing network traffic |
US20060230444A1 (en) * | 2005-03-25 | 2006-10-12 | At&T Corp. | Method and apparatus for traffic control of dynamic denial of service attacks within a communications network |
US20070033282A1 (en) * | 2005-08-08 | 2007-02-08 | Weidong Mao | Signaling redirection for distributed session and resource management |
US20070064617A1 (en) * | 2005-09-15 | 2007-03-22 | Reves Joseph P | Traffic anomaly analysis for the detection of aberrant network code |
US20070094725A1 (en) * | 2005-10-21 | 2007-04-26 | Borders Kevin R | Method, system and computer program product for detecting security threats in a computer network |
US20070156822A1 (en) * | 2005-12-30 | 2007-07-05 | Ray Modaresi | Methods and computer programs for formulating messaging platform capacity projections |
US20070180090A1 (en) * | 2006-02-01 | 2007-08-02 | Simplicita Software, Inc. | Dns traffic switch |
US20070203714A1 (en) * | 2006-02-28 | 2007-08-30 | Microsoft Corporation | Purchasable Token Bandwidth Portioning |
US7885222B2 (en) * | 2006-09-29 | 2011-02-08 | Advanced Micro Devices, Inc. | Task scheduler responsive to connectivity prerequisites |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140378147A1 (en) * | 2010-03-26 | 2014-12-25 | Microsoft Corporation | Cellular service with improved service availability |
WO2016144701A1 (en) * | 2015-03-06 | 2016-09-15 | Mastercard International Incorporated | Systems and methods for risk based decisioning |
US9600819B2 (en) | 2015-03-06 | 2017-03-21 | Mastercard International Incorporated | Systems and methods for risk based decisioning |
US9870564B2 (en) | 2015-03-06 | 2018-01-16 | Mastercard International Incorporated | Systems and methods for risk based decisioning |
US10592905B2 (en) | 2015-03-06 | 2020-03-17 | Mastercard International Incorporated | Systems and methods for risk based decisioning |
Also Published As
Publication number | Publication date |
---|---|
US20100169475A1 (en) | 2010-07-01 |
US8762517B2 (en) | 2014-06-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8762517B2 (en) | System and method for managing a broadband network | |
CA2840432C (en) | Dynamic service delivery with topology discovery for communication networks | |
KR101861503B1 (en) | Device-assisted services for protecting network capacity | |
US8594621B2 (en) | Usage sharing across fixed line and mobile subscribers | |
US20100103820A1 (en) | Fair use management method and system | |
US20090059812A1 (en) | Adaptive method and apparatus for adjusting network traffic volume reporting | |
US11689426B2 (en) | System and method for applying CMTS management policies based on individual devices | |
US20130124719A1 (en) | Determining a bandwidth throughput requirement | |
US8959218B2 (en) | Secure dynamic quality of service using packetcable multimedia | |
JP3962046B2 (en) | Apparatus for processing parameters and / or traffic stream measurements for local billing of resource usage per equipment element in a communication network | |
US9380169B2 (en) | Quality of service (QoS)-enabled voice-over-internet protocol (VoIP) and video telephony applications in open networks | |
EP2982085B1 (en) | System and method for hierarchical mobile policy control and mobile policy roaming | |
Karur | Providing Enhanced Nextgen VoIP Service Using Packetcable Network with Efficient QoS | |
Riley | Evolution to IP Video Issues for Consideration |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: COMCAST CABLE COMMUNICATIONS, LLC, PENNSYLVANIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WOUNDY, RICHARD M.;LEDDY, JOHN;HERTZ, RICHARD;AND OTHERS;SIGNING DATES FROM 20090128 TO 20090212;REEL/FRAME:032936/0684 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |