摘要:
A packet processing system comprises two packet inspection systems for tracking packet flows between a first network and a second network. A memory is accessible by each of the packet inspection systems for storing flow entries. Each of the flow entries includes a flow key characterizing a packet flow associated with flow entry, a flow identifier. State information is further maintained indicating ownership of the flow identifiers among the two packet inspection systems. Using stateful identifiers ensures that two packet processing systems do not become incoherent and properly indicate the status of free flow identifiers.
摘要:
A system and method of providing high speed, prioritized delivery of data packets over broadband communications networks that avoids inducing unwanted latency in data packet transmission. The system employs a hierarchical, real-time, weighted token bucket prioritization scheme that provides for fair sharing of the available network bandwidth. At least one token bucket is employed at each level of the hierarchy to meter data flows providing service applications included in multiple subscribers' service plans. Each token bucket passes, discards, or marks as being eligible for subsequent discarding data packets contained in the data flows using an algorithm that takes into account the priority of the data packets, including strict high, strict medium, and strict low priorities corresponding to strict priority levels that cannot be overridden. The algorithm also takes into account weighted priorities of at least a subset of the low priority data packets. The priority levels of these low priority data packets are weighted to provide for fair sharing of the available network bandwidth among the low priority data flows, and to assure that none of the low priority data flows is starved of service.
摘要:
A packet processing system comprises two packet inspection systems for tracking packet flows between a first network and a second network. A memory is accessible by each of the packet inspection systems for storing flow entries. Each of the flow entries includes a flow key characterizing a packet flow associated with flow entry, a flow identifier. State information is further maintained indicating ownership of the flow identifiers among the two packet inspection systems. Using stateful identifiers ensures that two packet processing systems do not become incoherent and properly indicate the status of free flow identifiers.
摘要:
A system and method of providing high speed, prioritized delivery of data packets over broadband communications networks that avoids inducing unwanted latency in data packet transmission. The system employs a hierarchical, real-time, weighted token bucket prioritization scheme that provides for fair sharing of the available network bandwidth. At least one token bucket is employed at each level of the hierarchy to meter data flows providing service applications included in multiple subscribers' service plans. Each token bucket passes, discards, or marks as being eligible for subsequent discarding data packets contained in the data flows using an algorithm that takes into account the priority of the data packets, including strict high, strict medium, and strict low priorities corresponding to strict priority levels that cannot be overridden. The algorithm also takes into account weighted priorities of at least a subset of the low priority data packets. The priority levels of these low priority data packets are weighted to provide for fair sharing of the available network bandwidth among the low priority data flows, and to assure that none of the low priority data flows is starved of service.
摘要:
Methods and systems for providing scaleable flow based application control in private and public Internet. A flow table can be used to control the application and subscriber traffic for communication flows in access networks. The flow table entry can provide granular, unidirectional packet transmission of data for all or a subset of all host and application communications originating from or destined to network hosts in the access network. Using a flow table entry for multiple unidirectional packet transmissions of data provides efficient use of flow table entries and allows varying operator control of application communication exchanges between network hosts and applications. By using variable masking techniques, the flow table can be used for varying degrees of control over the packet transmissions in the network.
摘要:
Tailored application or service may be delivered via a communication device to a number of subscribers in a manner that avoids having to store individual copies of a service profile on the device for each subscriber receiving the application or service. Specifically, a packet is received requesting delivery of the application or service from the subscriber at a communication device. In response, the communication device retrieves a subscriber context, which references policies that describe each of the applications and services available to the subscriber. The application or service requested by the packet is compared with the policies referenced by the subscriber context to identify any matching policies. Subsequently, the requested application or service is delivered to the subscriber via the communication device according to the matching policies as described by a service profile. This service profile is accessible for describing the application or service when requested by other subscribers. In addition, in some cases each application or service is described by a single set of polices in the service profile. In these instances, each request for the application or service is fulfilled according to that single set of policies.
摘要:
A facility is provided in a data network to prevent a so-called connectionless broadcast message from flooding the network as a result of each network node retransmitting such messages to its neighboring nodes even though a neighboring node may have received them from another neighbor. Specifically, a node x that receives a connectionless broadcast message retransmits the message to a neighboring node y only when node x finds that it is closer to the source of the message than node y is including any other neighbor of node y.
摘要:
A communications system that is arranged to transport so-called connection oriented messages via respective virtual circuit connections is enhanced so that it also transports so-called connectionless messages via a predefined virtual circuit connection that is common among those data modules which participate in the connectionless message service. In particular, each module which participates in the connectionless message service is assigned, in addition to a primary address that is used in conjunction with associated channels numbers to transport respective connection oriented messages, a common address and a channel number that is used solely for transporting connectionless messages. In this way, the communications system processes connectionless messages as though they were connection oriented messages.