1. Field of the Invention
The present invention relates to communications in mobile Internet Protocol (“IP”) networks. More particularly, it relates to automated provisioning of components of wireless access gateways such as packet data serving nodes with IP addresses, secrets and SPIs for a plurality of packet control functions associated with radio network nodes.
2. Description of the Related Art
Public packet switched networks can be used to carry traffic to and from a mobile communications device (a mobile node) from one network to another. The basic architecture of mobile IP data networking is known in the art and described in several publications, including the Request for Comments (“RFC”) document RFC 2002 (1996) (hereinafter “RFC 2002”), which is currently available from the Internet Engineering Task Force (“IETF”) at www.ietf.org for more information. Persons skilled in the art of mobile IP data networking are familiar with that document and devices used to implement mobile IP data networking in practice.
In a mobile IP communication network, a mobile node communicates with a target host on an IP network by means of two devices, a “foreign agent” and a “home agent”. One example of a mobile IP network that describes that type of communication is presented in U.S. patent application Ser. No. 09/354,659 entitled “Mobile Internet Protocol (IP) Networking with Home Agent and/or Foreign Agent Functions Distributed Among Multiple Devices,” the entire content of which is incorporated herein by reference. Typically, the foreign agent functionality is incorporated into a router on a mobile node's visited network. The foreign agent provides routing services for the mobile node while it is registered with the home agent. For example, the foreign agent de-tunnels and delivers datagrams that were tunneled by the mobile node's home agent to the mobile node.
The home agent is typically incorporated into a router on a mobile node's home network. The home agent maintains current location information for the mobile node. When one or more home agents are handling calls for multiple mobile nodes simultaneously, the home agents are providing, in essence, a service analogous to a virtual private network service. Each mobile node is typically associated with a separate home network and the routing path from that home network, through the home agent, to the foreign agent and mobile node is like a virtual private network for the mobile node.
Mobile IP requires link layer connectivity between a mobile node (a mobile entity) and a foreign agent. However, in some systems, the link layer from the mobile node may terminate at a point distant from the foreign agent. Such networks are commonly referred to as third generation wireless networks. The block diagram of
The packet data serving node 18 provides routing services for the mobile node 10 while it is registered with the home agent 20. The packet data serving node 18 de-tunnels and delivers datagrams that were tunneled from the home agent node 20 via an IP network 28 to the mobile node 10. The communication traffic exchanged between the packet data serving node 16 and the home agent 20 includes data traffic as well as control traffic. The control traffic includes registration request or registration reply messages. The control and data traffic is routed via the packet data serving node 16 and terminates at the mobile node 10. The target host 12 may be connected to the home network 22 by any number of networks, such as the IP networks 14 and 28, or it may be directly located on the home network 22. Alternatively, the target host 12 may be connected to the home network by other types of packet switched networks.
The home agent 20 may be implemented on a router on the mobile node's home network 22. The home agent 20 maintains current location information data for the mobile terminal such as foreign agent address, a Network Access Identifier (“NAI”) of the mobile node 10, a mobile home address and a secret key shared between the home agent and the mobile node. The home agent tunnels data from the target host 12 to the packet data serving node 18, and similarly provides tunneling services in the reverse direction.
The home agent 20, therefore, typically implements at least two distinct tasks for the mobile node 10. First, the home agent 20 performs a registration and authentication process to determine whether the mobile node 10 is authorized to access the home network 22. This may involve, for example, checking the identification of the mobile entity, such as through the use of the mobile entity's unique serial number, NAI, or manufacturing number, password authentication, and possibly checking whether the mobile entity's account is current and paid. The home agent's registration and authentication function may be performed in conjunction with, or with the assistance of, a second device, such as an authentication, authorization and accounting (“AAA”) server such as a Remote Authentication Dial-In User Service (“RADIUS”) server 30. The registration process includes receiving and processing registration request messages from the packet data serving node 18 and sending registration reply messages to the packet data serving node 18.
The packet data serving node 18 also performs four distinct tasks for the mobile node 10. The packet data serving node 18 handles registration and session control for the mobile node 10, including sending registration request messages to the home agent 20 and processing registration reply messages received from the home agent. Additionally, the packet data serving node 18 has tunneling responsibilities for forwarding data packets to the home agent 20 for ultimate transmission to the target host 12, as well as de-tunneling data from the home agent 20 for ultimate delivery to the mobile node 10. Further, the packet data serving node 18 provides authentication, authorization and accounting services for the mobile node 10. The packet data serving node may perform the authentication, authorization and accounting functions in conjunction with, or with the assistance of, an authentication, authorization and accounting server, such as a RADIUS server. Additionally, the packet data service node 18 may provide Pi/FA interfaces that provide signaling/data interfaces to/from an AAA server, mobile switching center (“MSC”) or a home agent.
When the mobile node 10 initiates a communication session with the radio network node 16 by sending a call setup indication to the radio network node 16 across a radio communication link, the radio network node 16 initiates a registration process through the foreign agent control node 24 with the packet data serving node 18. Typically, the radio network node 16 is configured with one or more FACNs which control a number of packet data serving nodes that may provide services to the mobile node 10. The foreign agent control node 24 selects a packet data serving node based on memory usage, or processing power usage of the packet data serving node. During handoffs by the radio network node due to roaming by the mobile, the foreign agent control node must reselect a packet data serving node for communications with the mobile node. In general, it is desirable for the foreign agent control node to attempt to assign the same packet data serving node particularly where the roaming mobile node is subject to PCF only handoffs. Thus, once a mobile is assigned to a PDSN, the FACN will attempt to reassign the same PDSN no matter how many PCF handoffs occur. The mobile node may be assigned a different PDSN when the mobile logs off and then back on.
In present operational systems, provisioning of communication data, notably addresses, secrets and SPIs for communication with PCFs in the network, to packet data service nodes has been accomplished through manual configuration. In practice, dozens or hundreds of PDSNs are associated with each FACN pair and dozens or hundreds of PCFs are associated with each PDSN.
Thus, there is a need for improved system and method for provisioning packet data serving nodes in a mobile IP network.
Provisioning of wireless access gateways in an Internet Protocol network is accomplished for a set of first managed components engaged in communication with a set of second managed components using an Element Management System (EMS) for the first managed components. An interface is provided between the EMS and the first managed components for heartbeat and control communication. Access authorization information for the set of second managed components is downloaded from the EMS to the first managed components over the interface. By employing a Network Management System (NMS) in communication with the EMS, the access authorization information for the set of second managed components is input to the NMS and pushed down from the NMS to the EMS. The EMS then converts the access authorization information to a format compatible with the first managed components.
Operation of invention with peer EMS systems is accomplished by providing a second EMS in communication with the NMS for the set of second managed components. An interface between the second EMS and the second managed components for heartbeat and control communication is provided and upon entry of the access authorization information into the NMS, it is pushed down to the second EMS, which converts the access authorization information a format compatible with the second managed components and downloads the access authorization information to the second managed components over the interface.
In the system with the NMS communicating with peer EMSs, inputting of access authorization information for the set of second managed components is conducted into the second EMS which converts the access authorization information to a generic format. The converted access authorization information is then uploaded from the second EMS to the NMS. The NMS then pushes down the access authorization information the peer EMS which converts the access authorization information to a format compatible with the first managed components and downloads the access authorization information to the first managed components over the interface.
In a selected embodiment of the invention, provisioning of wireless access gateways is accomplished through providing a first plurality packet data serving nodes (PDSNs) to act as foreign agents for mobile nodes communicating through a second plurality of radio network nodes. A foreign agent control node (FACN) is provided for redirecting incoming calls from a mobile node to a selected PDSN with an interface between the PDSNs and the FACN. Access authorization information for the plurality of radio network nodes is downloaded from the FACN to the PDSNs over the interface.
The radio network node employs packet control functions (PCF) and the authorization information includes PCF IP addresses, secrets and SPIs. Population of a table with authorization information for a plurality of PCFs by the PDSN is accomplished in the downloading and is initially accomplished with each PDSN upon heartbeat initialization by that PDSN. Subsequently, information update is accomplished responsive to a predetermined trigger such as updating a table of PCF addresses, secrets and SPIs in the FACN.
Indicators are employed for sensing a download for replacement of the entire table or for selective replacement of the information for each PCF. Notification of the FACN is accomplished by each PDSN of anomalies in the update.
To assure redundancy, a second FACN is connected to the interface with the PDSNs and downloading access authorization information for the plurality of radio network nodes from the first FACN to the second FACN is accomplished over a communication link.
These as well as other aspects and advantages of the present invention will become more apparent to those of ordinary skill in the art by reading the following detailed description, with reference to the accompanying drawings.
Exemplary embodiments of the present invention are described with reference to the following drawings, in which:
As shown in
The FACN1 and FACN2 may communicate with each other via a communication link 34. It should be understood that the two FACNs and may be located on the same network entity. In such an embodiment, the communication link may be a communication link within a chassis, for instance. Alternatively, the two FACNs and may be located on different network entities. In such an embodiment, the communication link may include a wired communication link, a wireless communication link, or a combination thereof. Further, each FACN1 and FACN2 includes an inter-FACN interface that allows for communications with one or more FACNs. In one embodiment, the inter-FACN interface may be an Ethernet interface. However, different interfaces could also be used.
FACN1 and FACN2 communicate with a plurality of PDSNs.
Describing exemplary communications using FACN1 as an example, FACN124 includes a radio node mobile IP interface 40 for communicating with radio network nodes, such as the radio network node 16. When the radio network node detects a call set up request from the mobile node, the radio network node requests mobile registration service from FACN1 over the radio network node interface 40. When FACN1 receives a registration request, FACN1 selects a third network device to provide network services to the mobile node 10. In one embodiment, FACN1 selects a PDSN using a set of predetermined criteria and sends the selected PDSN network address to the radio network node 16. FACN1 further includes a PDSN interface 42 for communicating with the pool of PDSNs, such as the PDSNs 18, 38, and 48. In the embodiment illustrated in
In one specific embodiment, the PDSN interface 42 and the RNN interface 40 may be implemented in a Total Control Enterprise Network Hub commercially available from 3Com Corporation of Santa Clara, Calif. The Total Control product includes multiple network interface cards connected by a common bus. See “Modem Input/Output Processing Signaling Techniques,” U.S. Pat. No. 5,528,595, granted to Dale M. Walsh et al. for a description of the architecture of the Total Control product, which is incorporated herein by reference herein. However, the interfaces may also be implemented in other devices with other hardware and software configurations and are not limited to implementations in a Total Control product or the equivalent.
In the embodiment shown, FACN124 uses the capacity information of the managed PDSNs to determine the ability of a PDSN to handle a new mobile nodes registration. When the radio network node 16 registers the mobile node 10 with FACN1 as will be described subsequently, FACN1 may first attempt to assign the registering mobile node 10 to the PDSN currently providing communication services to the mobile node. However, if the FACN has no active history for the mobile node, or if the PDSN currently serving the mobile node is unavailable or invalid for the radio network node, a new PDSN is selected from a PDSN pool or group associated with the registering radio network node.
FACN1 further includes a memory unit 44. The memory unit includes a volatile memory unit 44A and a nonvolatile memory unit 44B. In one embodiment, before an FACN initiates processing of radio network node registration requests, the FACN is configured with a number of configuration records or tables that may be stored in the nonvolatile memory unit 44B or, alternatively, may be stored to a configuration file by a system administrator. In an embodiment where the nonvolatile records are stored in the configuration file, any subsequent FACN startups restore the configuration file. The configuration of the FACN is accomplished via a Command Line Interface (“CLI”) or a Simple Network Management Protocol (“SNMP”) interface 46. The CLI/SNMP interface provides a manner in which to add, delete and modify configuration entries. Any type of interface that provides an access for configuration may be used as an alternative to the CLI/SNMP interface. In one embodiment, a hardware platform for the FACN includes a Sun Microsystems Netra hardware platform.
One of the configuration tables in the nonvolatile memory 44B may include port numbers for exchanging control data between the FACN, the PDSNs and the radio network node. For example, the FACN may employ User Datagram Protocol (“UDP”) ports for exchanging control data with the PDSNs and the radio network node. The FACN may be configured to use an UDP port number 697 for exchanging data with the radio network node. The FACN may further be configured to use default UDP ports 15000 and 15001 for communicating control data with the PDSNs. However, it should be understood that the present invention is not limited to using these port numbers, and the FACN may employ different ports for communicating control data with the radio network node and PDSNs.
PDSNs in the network exchange heartbeat information with both FACNs and the FACNs communicate via the PDSN interface. The exemplary PDSN118 sends a heartbeat request 202 to FACN124 which provides a heartbeat acknowledgement and load response 204. Similarly, the PDSN sends a heartbeat request 206 to FACN226 which responds with a heartbeat acknowledgement and load response 208. An incoming canonical A11 call results in an A11 request 210 from an exemplary PCF 212 of the Radio Network Node to FACN1 which provides an A11 response and code 214 designating a PDSN, in this example PDSN118. The PCF then transmits an A11 request 215 to PDSN1 which responds with an A11 response with appropriate code 216. PDSN1 provides a first user profile update 218 to one of the FACNs which then acknowledges 220 and a second user profile update 222 to the second FACN which acknowledges 224.
In this exemplary embodiment, the FACN will generally attempt to assign the same PDSN to mobile nodes that roam and are subject to PCF-only handoffs. As a result, as PCF hand-offs occur, the mobile node will be assigned to that PDSN regardless of the number of PCF hand-offs that occur. When the mobile node logs off and then back on, a different PDSN may be assigned by the FACN.
The implementation of the present invention takes advantage of the heartbeat communication to provide provisioning information from the FACN to the PDSNs. Automatic provisioning of PCF IP addresses, secrets and SPIs are downloaded without the necessity of any a priori knowledge of the PCF(s) or their information by the PDSN. This capability allows adding of new PCF IP addresses, secrets and SPI information to the system elements of the network while it is running as well as the ability to dynamically delete entries from the PCF list and signal such removal information from the PDSN. Further, if desired, the ability to specify a default PCF secret and SPI to allow the network operator to configure multiple PCFs with the same secret and SPI is available.
Messaging to accomplish provisioning of PCF data is accomplished through two message formats for the FACN-PDSN interface. An information update is sent by the FACN to the PDSN and contains one or more PCF entries. The update message is not sent at regular intervals but initiated based on predefined triggers. The definition of this message is flexible to allow various information to be included. Specific elements of the embodiments described herein are exemplary of the provisioning information capability but are not exhaustive. In response to the information update, the PDSN sends and information update acknowledgement message to confirm receiving the information sent by the FACN.
Where PCF information is the data sent in the update message, the information update includes either a complete PCF list or a PCF list modification. Definition of the message type is accomplished by a bit in the message header or the inclusion of an attribute that indicates the type of update. For a complete list, the PDSN replaces its existing list with the new one. For a list modification, the PDSN adds or deletes PCF information to modify the previously provisioned list.
For the embodiment described herein, the PCF list format has each PCF IP address, secret and SPI formatted as an individual option in the FACN-PDSN interface. An initial list of entries is sent to each PDSN after the PDSN sends its heartbeat initialization message and the FACN has acknowledged. An exemplary format for the PCF list is shown in Table 1.
In an exemplary reduction to practice, The PCF IP address 0.0.0.0 is to be interpreted as a default address. Thus, a secret and SPI associated with this address would be used for all PCFs that the PDSN communicates with that are not explicitly in the PDSN's PCF address list. For various embodiments, multiple default entries are legal, but each must have a different SPI. When a PCF entry is to be deleted, the format of the message will be the same but the option code for a deleted entry will be different, i.e. the first byte would be different for the add/modify and delete operations. This allows the same message to include both add and delete entries.
As will be described subsequently with respect to
The PDSN accepts additional PCF entries in any information update message and properly adds these to the table. If there is a match between the PCF IP address and SPI of a new and an old entry, the new entry shall overwrite the old entry. For the embodiment described herein, the PDSN also may be statically configured with PCF addresses, secrets and SPIs, and then auto-provisioned. If there is a situation in which a static entry and an auto-provisioned entry have the same IP address and SPI but a different secret, the PDSN has a preconfigured option to overwrite the static entry with the auto-provisioned entry.
However, the PDSN is provided with alarms or warnings for anomalies such as an indication in the update message that a PCF entry should be deleted but that entry does not exist, the PDSN has overwritten a statically configured PCF entry, a PCF entry cannot be parsed or contains an invalid PCF IP address or there is a loss of heartbeat with a FACN when the PDSN relies on that FACN for its PCF update lists. For the embodiment disclosed herein, the alarm interface is SNMP.
If a PDSN loses contact with the FACN providing information updates, the current PCF list is maintained indefinitely. For the embodiment shown, if heartbeat is lost with one of the FACNs the backup FACN in communication with the PDSN commences supplying the PCF information updates upon receipt of the loss of heartbeat message.
Each FACN for the embodiment disclosed herein is provisioned with a list of PCF IP addresses, secrets and SPIs. Each of the entries in this list is able to be associated with one or more groups of PDSNs. Each PDSN group may include zero or more PDSNs. Further, each FACN is able to be provisioned while it is running so that PCF IP entries can be added to the list without re-starting the FACN. Modification of the PCF list on the FACN is a predefined trigger for the FACN to send the updated list to all of the applicable PDSNs. The PCF database is shared across the FACN-FACN interface via the existing heartbeat messages. When the PCF list is modified on the primary FACN, it is updated on the backup FACN.
Referring to
The present invention is also generalized for application at a network management system level as shown in
Automated provisioning of the security associations (SAs) on the PDSN and PCF occurs as shown in
For the exemplary embodiment of
A similar procedure exists as an alternative if the SA set is configured directly on one of the EMSs instead. This procedure is shown in
In view of the wide variety of embodiments to which the principles of the present invention can be applied, it should be understood that the illustrated embodiments are examples only, and should not be taken as limiting the scope of the present invention. For example, the steps of the flow diagrams may be taken in sequences other than those described, more or fewer steps may be used, and more or fewer elements may be used in the block diagrams. While various elements of the preferred embodiments have been described as being implemented in software, in other embodiments in hardware or firmware implementations may alternatively be used, and vice-versa.
The claims should not be read as limited to the described order or elements unless stated to that effect. Therefore, all embodiments that come within the scope and spirit of the following claims and equivalents thereto are claimed as the invention.