The present invention relates to controlling a flow of data in a network. More particularly, information is cached and the data flow is compared against the cache before searching a set of rules that are used to control a data flow.
Wireless communication systems and networks are used in connection with many applications, including, for example, satellite communications systems, portable digital assistants (PDAs), laptop computers, and portable communication devices (e.g., cellular telephones). One significant benefit that users of such applications obtain is the ability to connect, or stay connected, to a network (e.g., the Internet) as long as the user is within range of such a wireless communication system.
Current wireless communication systems use either, or a combination of, circuit switching and packet switching in order to provide mobile data services to a mobile subscriber. Generally speaking, with circuit-based approaches, wireless data is carried by establishing a dedicated (and uninterrupted) connection between the sender and recipient of data using a series of circuits controlled by switches or exchanges. This direct connection is set up between the parties involved in a call by exchanging signaling messages which contain the parties' addresses and request the establishment of a physical switching path. Once the direct connection is set-up, it is maintained for as long as the sender and receiver have data to exchange. The establishment of such a direct and dedicated switching path results in a fixed share of network resources being tied up, with no one else being able to make use of them until the connection is closed. When the physical connection between the sender and the receiver is no longer desired, it is torn-down and the network resources are allocated to other users as necessary.
Packet-based approaches, on the other hand, do not permanently assign transmission resources to a given call, and do not require the set-up and tear-down of physical connections between a sender and receiver of data. In general, a data flow in packet-based approaches is “packetized,” where the data is divided into separate segments of information, and each segment receives “header” information that may provide, for example, source information, destination information, information regarding the number of bits in the packet, priority information, and security information. The packets are then routed to a destination independently based on the header information. The data flow may include a number of packets or a single packet.
The packetized data flow is organized in many communication systems according to the International Standards Organization's Open System Interconnect Model. This model generally includes seven layers that are involved in the transmission of data. Layer 1 is a physical layer, layer 2 is a data link layer, layer 3 is a network layer, layer 4 is a transport layer, layer 5 is a session layer, layer 6 is a presentation layer, and layer 7 is an application layer. The application layer is the highest level and includes programs such as Microsoft Outlook email program. The lowest layer is the physical layer which encompasses details such as how information is transmitted on wires or through radio signals. A data flow can be packetized differently on the various layers when it is being transmitted.
Sometimes it is desirable to control a data flow. Rules generally denote something that can or cannot be done. An access control list is a set of rules that provides a way to determine the appropriate access rights a certain object should be allowed. Access control lists are typically used by operating systems to determine user access rights and are usually implemented in a data structure. The data structure is typically a table containing rules or entries that specify an individual user's or group's rights to specific system objects, such as a program, process, or a file. The access rights are usually whether a user can read from, write to, or execute an object.
In packet communications, an access control list is generally used to control access to ports and services that are available on a host, such as a router or server. The access control list is used to control both inbound and outbound traffic, and may be similar to a firewall or packet filter in some instances. However, when an access control list becomes lengthy, or when a data flow includes high packet data rates, delay is introduced because the list needs to be searched for each packet. In addition to delay, processing power is consumed by searching the list for the rules for each packet.