Digital communications networks have continued to grow in importance as people have come to rely on the electronic exchange of information to support both business and personal pursuits. E-mail, the electronic transfer of files, and various other services are made possible by the use of digital communications networks.
The type of digital communications network employed often depends on the size of the network to be implemented, as well as the needs and capabilities of the party or parties implementing the network. Hardware cost and network management complexity are often a factor when choosing the type of network to be implemented.
Networks limited to a small geographical region, e.g., home or single office location, are frequently called local area networks (“LANs”). LANs are often privately-owned networks within a single building or small campus. LANS are widely used to connect personal computers and workstations at a single location, e.g., company office or residence, to one another and to shared resources such as printers and/or local centralized file storage.
One popular type of LAN, an IEEE 802.3 standard based LAN is popularly called Ethernet. Ethernet is a bus based broadcast network with decentralized control. When using Ethernet, data, e.g., messages, information and signals are transmitted in Ethernet using frames. Ethernet devices broadcast and receive frames over the shared bus over which the frames are broadcast. The format of an IEEE 802.3 frame 100 is shown in FIG. 1. Each frame 100 starts with a 7 byte preamble 102 containing a preset bit pattern. The preamble 102 is followed by a start of frame byte 104 which includes the bit pattern 10101011 used to denote the start of the frame. Next come two addresses, a destination address 106 and a source address 108. The high-order bit of the destination address is a 0 for ordinary addresses and 1 for group addresses. Group addresses, in contrast to individual device addresses, allow multiple stations, e.g., devices coupled to the Ethernet, to receive frames including a single group address. When a frame is sent to a group address, all the stations in the group receive it. Sending to a group of stations is called a multicast. The address consisting of all 1 bits is reserved for broadcast. A frame containing all is in the destination field, indicating a broadcast, is delivered to all stations on the network.
Six byte global Media Access Control (MAC) Ethernet device addresses are assigned by a central authority to ensure that no two stations on the same Layer 2 network, e.g., Ethernet LAN, have the same global address. Manufacturers of Ethernet devices, e.g., networking boards, request a block of addresses from the central authority to assure that no two Ethernet boards are assigned the same global MAC address. The boards then send and receive frames based on the 48-bit MAC address programmed into the board by the manufacturer. Because source MAC address information is inserted into Ethernet frames by the Ethernet boards, the source address 108 in an Ethernet frame is usually accurate and is difficult to fake.
Since Ethernet MAC address are unique at least on the same Layer 2 network and potentially globally, any device on a Layer 2 network can address any other device on the network by just using the right 48 bit MAC address assigned to the device being addressed.
MAC addresses are data link layer addresses. The data link layer corresponds to the second layer of the seven layer OSI (Open Systems Interconnection) Reference Model. As a result, Ethernet LANs and other LANS which use data link layer addresses are sometimes called Layer 2 networks.
In addition to the address information 106, 108 the Ethernet frame includes a length of data field 110, data field 112, padding field 114 and a checksum field 116. As will be discussed below, information intended to be transmitted over an IP based network may be included in the data field 112.
While Layer 2 networks are well suited for implementing LANs, e.g., at relatively small sites, it is often desirable to connect devices, e.g., computers located on different LANs. Layer 3 networks, which rely on network protocols, e.g. TCP/IP protocols, are often used for interconnecting Layer 2 networks. Layer 3 packets, e.g., IP packets, are often encapsulated in Layer 2 frames to extend the reach of the Layer 3 network to host devices on the Layer 2 network. This permits Layer 2 signaling and frames to be used for transmissions of data over the Ethernet while preserving Layer 3 addressing information for transmission over the Layer 3 network. The network resulting from interconnecting one or more Layer 2 and Layer 3 networks is often referred to as an internet.
The Internet is a well-known worldwide internet that is used to connect computers and other devices located at universities, governments offices, businesses and individuals together.
FIG. 2 is an extremely simplistic representation of the Internet 200. As illustrated, the Internet 200 includes a plurality, e.g., first and second, Layer 2 networks 201, 203, coupled together by a Layer 3 network 205. While only two Layer 2 networks, e.g., Ethernet LANs, are shown, many thousands of such networks may be part of the Internet. Edge routers, e.g., multi-protocol routers, capable of converting between Layer 2 and Layer 3 formats and addressing schemes, are often used to connect Layer 2 networks to Layer 3 networks. In FIG. 2, first edge router 216, connects the first Layer 2 network 201 to the Layer 3 network 205. Similarly the second edge router 218 connects the second Layer 2 network 203 to the Layer 3 network 205.
In the FIG. 2 example, two host devices 208, 210 are shown coupled to the first Ethernet bus 204, used to implement the Ethernet LAN 201, while third and fourth host devices 212, 214 are shown coupled to the second Ethernet bus 206 used to implement Ethernet LAN 203. While only two hosts are shown on each Ethernet LAN it is to be understood that a large number of hosts may be coupled to any one of the Layer 2 networks, corresponding to Ethernet busses 204, 206, at any given time.
Routers, serve as forwarding devices and, optionally, protocol conversion devices. In the FIG. 2 diagram, edge routers 216 and 218 have the capability of converting between Ethernet frames and IP packets, and vice versa, using one or more tables relating IP addresses to MAC addresses.
Routers 222, 224, 226 and 228 internal to the Layer 3 network form part of what is sometimes called the Internet backbone. Since these routers do not need to handle Ethernet frames, they do not include the protocol conversion functionality present in the edge routers 216, 218. Groups of routers 216, 218, 222, 224, 226, 228 managed by a single administrator is often called an Autonomous System (AS). The Internet includes several AS which are connected to each other. Each AS may include one or more DHCP (Dynamic Host Configuration Protocol) servers which are responsible for assigning IP addresses to host devices connected to the AS. In FIG. 2, a single DHCP server 220 is shown coupled to edge routers 216, 218.
Unlike LANs which use data link layer addresses, the Internet uses Layer 3 (Network layer) addresses, e.g., IP Addresses, for purposes of identifying source and destination devices and determining the appropriate route upon which packets should be transmitted. Source and destination IP addresses are included, along with data, in IP packets used to transmit information across the Internet. Every host and router on the Internet has an IP address which encodes its IP network number and host number. The combination is unique, no two machines have the same IP address.
Exemplary IP addresses are 32 bits long and are used in the Source address and Destination address fields of IP packets. FIG. 3 is a diagram 300 which illustrates the standard 32 bit format for IP addresses. Note that host addresses are divided into different classes (A, B, C) with different numbers of bits allocated to the network number and host portion number in each address class. From a management perspective, system administrators may divide the host number portion of a 32 bit IP address into a subnet portion 402 and a host portion 404 as illustrated in block 400 of FIG. 4. In such embodiments, within the network defined by the network portion of the IP address, a subnet mask is used at the routers within the network to distinguish between the host portion 404 and the rest of the 32 bit IP address and thereby allow for routing within the network based on the subnet portion of the address.
The demand for IP address continues to grow and, with fewer bits than are used for MAC addresses, there are considerably fewer IP addresses available for allocation. Given the demand for IP addresses and the limited supply, IP addresses are leased from a central authority responsible for overseeing their allocation. Internet service providers, may lease a large number, e.g., a block of IP addresses, which the provider then sub-leases to end users, e.g., host devices.
As a result of the lease (actually the sub-lease) process, end users obtain an IP address which is subject to lease restrictions including the right to use the IP address for a limited period of time. IP addresses leased for extended periods of time, e.g., a year or more, are often termed “static” IP addresses. Static IP addresses are used for applications such as Web site hosting where the Internet connection is likely to remain active and in use for extended periods of time. Users normally pay a premium for static IP addresses.
With regard to individual Internet users, IP addresses are more commonly leased to end users on a dynamic basis. Internet service providers frequently use a DHCP server to assign users IP addresses for a limited lease time when they seek to access the Internet, e.g., from a host device coupled to the Internet by way of a Layer 2 network. FIG. 2 illustrates a single DHCP server 220 coupled to the two edge routes 216, 218 to oversee IP address allocation. In practice, the Layer 3 network 202 may include multiple DHCP servers with each server being responsible for allocating IP addresses to users on a different network or subnet. The system administrator responsible for overseeing an AS determines the relationship between DHCP servers, sets of IP addresses allocated by each of the DHCP servers and the edge routes which connect users to the DHCP servers for IP address assignment.
Once an IP address is leased to a host, e.g., user, if the host remains active beyond the lease term, the lease may be extended or a new IP address assigned to the host from the available pool of IP addresses at the end of the first lease term.
When a user intends to stop using the IP address, the user's device, e.g., host device 208, normally signals to the DHCP server that assigned the IP address that the address is being released. This allows the address to be added to the pool of available addresses and reused. In the event that a release message is not received prior to the IP address lease timing out, and the DHCP server encounters a shortage of addresses in the pool of available addresses, the DHCP server may poll devices to which it allocated IP addresses to see if they are still active. Failure to receive a response may result in the DHCP adding the IP address assigned to the non-responding device back into the pool of available IP addresses.
Thus, unlike MAC address which are fixed for the life of a product by the manufacturer, the IP address assigned to a particular host device can change from moment to moment. Accordingly, in contrast to MAC addresses which are fixed for the life of a product by the manufacturer, there is no permanent fixed relationship between a physical device and the IP address assigned to the device.
Many contemplated IP applications could benefit from reliable information about the location and/or identity of a host device using an IP address. The dynamic allocation of IP addresses and re-use of IP addresses discussed above, greatly complicates attempts to accurately correlate specific devices and/or physical locations with an IP address.
The problem of associating IP addresses with physical locations is further complicated by the manner in which IP addresses are assigned and used. Blocks of IP addresses are assigned by the central authority to different network providers based on the size of their networks. Unlike zip codes or telephone number area codes, assignment of IP addresses is independent of geographic location. Accordingly, IP addresses do not inherently convey geographic location information as do, for example, zip codes used by the post office or the area code portion of a telephone number.
Reliable location information is also difficult to obtain in an IP network because IP based routing relies, in most cases, on the intelligence of the network to determine the routing path to a specified destination address. The host need not, and in most cases does not, know the physical location of the destination device to which it is sending packets or the route over which the transmitted packets will be conveyed. In addition, routers in an IP network usually only need to determine the next router in a path based on an IP address and therefore often do not include detailed topology information relating to large portions of an IP network. While shielding end devices and routers from having to make end to end routing decisions has many advantages, the lack of information about the physical devices corresponding to IP addresses poses problems in many contemplated IP based applications.
IP based services, those based on private internets and the larger Internet are continuing to grow in importance. IP and the Internet are beginning to be used for a wide range of applications such as music file sharing, news delivery, software distribution, etc. IP and Internet applications which are expected to grow in importance in the future include Internet telephony and video on demand services. In the case of Internet telephony voice signals are exchanged over the Internet through the use of packets including voice data.
The need to provide law enforcement with the ability to monitor telephone calls, whether or not they are based on IP, is of great interest given present day concerns over the need to monitor terrorist activity for law enforcement purposes. In wiretapping applications, the goal is to intercept the communications associated with a particular individual or device for which the wiretap is authorized without interfering with or monitoring the communications of other individuals.
In order to encourage communications service providers to deploy equipment and software which will enable law enforcement to implement wiretaps, the U.S. Federal government provides financial compensation to communications companies to cover the costs associated with supporting wiretapping in communications networks. The law supporting such reimbursements is sometimes referred to as COLLEA.
One problem with placing a wiretap on an IP telephone is that the IP telephony device can access an IP network from any one of a plurality of ports corresponding to different physical locations. In addition, the access port used at any given time by a particular IP telephony device may carry communications corresponding to the IP telephone for which a wiretap is authorized and communications corresponding to other devices for which a wiretap is not authorized.
IP telephony devices normally register with a registration/routing device, e.g., a soft switch, which is then responsible for providing IP address information used to route calls. The registration process normally involves providing the soft switch with telephone number and current IP address information. This information is then used by the soft switch to direct IP telephony calls.
While a soft switch knows the IP address being used by an IP telephony device at any given time, and is contacted for routing information associated with calls directed to IP telephone numbers serviced by the soft switch, the soft switch is normally not aware of an IP telephony device's physical location or physical point of attachment to the IP network. Furthermore, the voice portion of a call is generally not routed through the soft switch which is used for registration purposes and to provide the IP address used to route a call. As a result, the soft switch does not provide a suitable location where calls can be monitored since the voice portion of an IP call is generally not available at the location of the soft switch.
The problem of identifying a suitable point in the network where an IP telephony call corresponding to a particular telephone number can be monitored is complicated by the soft switch's lack of telephony device physical location information and by the fact that the telephony devices point of network attachment may be different at different times, e.g., depending on the location the user selects to attach to the IP network at different points in time.
Wiretapping of IP based calls presents many challenges. The current inability to wiretap IP based telephone calls has many law enforcement officials concerned given the expected growth in IP telephony over the next few years.
Ideally, it would be desirable if law enforcement personal could monitor a telephone call placed from or received by an IP telephony device and record the telephone call regardless of the port, e.g., point of attachment, used to connect the IP telephony device to the IP communications network. From both a privacy and legality standpoint, it is desirable that communications corresponding to a targeted IP call be intercepted and recorded without recording communications corresponding to IP communications sessions, which are not authorized by a warrant, to be monitored. This is particularly challenging given that multiple users may connect to an IP network through a common shared router port.
In view of the above discussion, there is a need for methods and apparatus for monitoring IP-based telephony transmissions, e.g., telephone calls.