Electrical computers and digital processing systems: multicomput – Computer network managing
Reexamination Certificate
1998-10-29
2001-02-06
Vu, Viet D. (Department: 2154)
Electrical computers and digital processing systems: multicomput
Computer network managing
C709S220000, C709S238000, C709S242000, C709S243000, C709S249000
Reexamination Certificate
active
06185612
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to path selection in computer networks, and relates more particularly to providing secure but efficient access to information about costs associated with different paths in a network.
TECHNICAL BACKGROUND OF THE INVENTION
Computer networks are very flexible. A network can be viewed as a conduit for messages, in that data enters the network at one or more points, is transmitted through the network, and leaves the network at one or more other points. A network can also be viewed as a repository of data and/or as a source of data. A network is a repository if data enters the network at one or more points and travels to a storage location in the network. A network is a source of data if previously stored data or internally generated data travels out of the network or is sent to a different location in the network.
The flexibility of a given network arises in part from the internal organization of the network as a collection of linked nodes. When data is sent from one user to another, or between a user and a repository, the data travels in turn from node to node to node until it reaches its destination. Because data can often leave a given node over any of several links, a large number of routes may exist between any two nodes which are not immediate neighbors of one another. Often, however, some routes are better than others. The process of choosing a route in a particular situation is called “routing” or “route selection.” Routes are sometimes called “paths.”
Because route selection is both important and challenging, it has been the object of much study and experimentation. One set of challenges involves selecting appropriate ways to measure the costs associated with different network links and nodes. For instance, a weight may be associated with each link and each node in a network based on the item's measured or expected performance; the weight may reflect characteristics such as bandwidth, latency, reliability, memory size, and/or processor speed.
A second set of challenges involves mapping connectivity by identifying which links and nodes are connected. Various exploration protocols have been devised and applied to map the connections in networks. One main goal of such protocols is performing the mapping with the smallest necessary amount of network bandwidth and other resources. Another goal is providing sufficiently rapid updates when a node or link does down, is removed, is added, or returns to service.
Another set of challenges involves using topology information (information about weights and/or connectivity) to identify the desirable paths in a given network at a given time. Various methods can be used to identify the “best” route between two nodes, namely, the route having the lowest total weight. If the computing resources needed to identify the best route are too expensive, then “near-optimal” or “pretty good” routes may be identified instead.
Further challenges are posed by the question of when and how to update topology information. Updates may include changes to current routing information and/or the addition of wholly new routing information. Routing protocols such as the RIP (Routing Information Protocol) and OSPF (Open Shortest Path First) protocols allow routers to request and obtain information from neighboring routers about paths to other routers.
Instead of trying to compute the entire route from scratch each time, some systems store partial computational results and reuse them when possible. For instance, U.S. Pat. No. 5,321,815 issued to Bartolanzo, Jr. et al. describes a process for selecting a least weight path between two nodes in a network using partial trees which were created and cached in prior route selection operations.
Some systems also distribute the task of selecting a route. For instance, U.S. Pat. No. 5,398,012 issued to Derby et al. describes a distributed process for determining the best communication route from a source end station to a destination end station. Network nodes, at the interface between a wide area network (“WAN”) and each subnetwork , contain access agents to control the communication flow between the wide area network and an end station in the subnetwork. The task of selecting the best route between two end stations is distributed between the access agents at the WAN interface in the first subnetwork and the access agents at the WAN interface in the second subnetwork.
However, previous work has not adequately addressed the problem of providing secured access to the network topology. In general, the route selection agents and processes in a given network have been given ready access to detailed information about the network's nodes and about the links between the nodes. In some networks, this poses a security risk, because such knowledge could be used to intercept or eavesdrop on communications, to masquerade as an authorized user, and/or to insert spurious data packets into the network.
Accordingly, it would be an advance to provide an approach to routing which takes advantage of existing tools but also enhances the security of network topology information, and which does so in an efficient manner.
Such an approach to secure network topology storage and use is described and claimed below.
BRIEF SUMMARY OF THE INVENTION
The present invention provides methods, systems, signals, and devices for secure access to a digital representation of a network topology and secure use of topology information. The digital representation of the topology may include a database, tables, linked lists, graphs, and/or other data structures representing the nodes and links and their capabilities. For convenience, the digital representation and the topology it represents are both referred to here as the topology. Suitable topologies include both conventional topologies and proprietary topologies now known and hereafter invented.
Pieces of topology information such as partial trees and hidden paths are stored at one or more locations throughout the network, on disk or other permanent media. The topology information may also be stored locally in a fast but volatile cache. Any given node does not necessarily have a complete description of the entire network topology, and the union of all information fragments is not necessarily complete. Moreover, since the network topology changes when a node or link goes down or is added, and since the topology may also change in response to varying loads on the network links, the fragments of topology information are not necessarily current. In general, however, the fragments are useful in selecting routes for data transmission within or across the network.
In some embodiments of the invention, the topology information on a given node is managed by a Topology Information Manager (“TIM”). The TIM may be implemented as an agent or other process which provides information both from and about the topology fragments it manages. Some of the fragments may be freely available, but the TIM provides access to other topology fragments only in response to authenticated requests. Conventional or proprietary authentication methods may be used to authenticate the requests. Thus, detailed information about some or all of the network's nodes and links is available only to authenticated users.
Topology Information Managers may be identified by a network-wide naming convention, or they may be located on specific nodes such as gatekeeper nodes, or they may be identified in a directory. If present, the directory may be a monolithic directory, or it may be a distributed directory such as a Novell Directory Services (“NDS”) distributed directory.
In some embodiments a Path Selector gathers information about the network topology, using at least one TIM, and then selects a path. Like TIMs, Path Selectors may be monolithic or distributed. A given Path Selector may gather topology information from a combination of TIMs and other sources, or the information may be gathered using no source except TIMs. Using the gathered information, the Path Selector chooses a path which ma
Carter Stephen R
Jensen Del
Computer Law++
Novell Inc.
Vu Viet D.
LandOfFree
Secure distribution and use of weighted network topology... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure distribution and use of weighted network topology..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure distribution and use of weighted network topology... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2613065