The present invention pertains to a system for control and supervision of residential control in a broadband network.
An Internet Service Provider (ISP) is responsible for all existing IP addresses which are assigned to a customer in, for example, a broadband network by the IANA. All IP addresses leased to residential customers are dynamic and random assigned via a Dynamic DHCP.
Each computer is uniquely identified by a MAC-address. Based on the MAC-address the client is assigned an IP address. However the MAC-address is easy to change and can not be used as a secure identifier for each computer.
In an ethernet(copyright) network all connected to it share the same range of addresses. In a broadband over ethernet(copyright) network it is to be sure that each customer can only be assigned as many addresses per access class as they have brought or subscribe for. Each access class carries a specific type of network equipment, computers, IP Telephones, Set-Top boxes, etc.
Before any user can use services in a network according to the present invention they have to identify themselves to the network. There can be a plurality of users per each customer in the network, family members, employees, etc. Hence, there is a need for a controlled method of identifying each user before they can use any other provided services.
Clients or customers shall not be able to set static IP addresses on their own clients, because they should not be able to send traffic from an address which has not been assigned to them
Other problems, or relating to those above, have to be solved in order to provide a feasible broadband network. These problems are mainly related to port control, forced redirections, traffic mediation, port snooping, IP to port logging, intelligent real time analysing.
One aim of the present invention is to solve problems related to control and supervision of residential control in a broadband network.
In order to solve these problems the present invention sets forth a system for control and supervision of residential control in a broadband network. It comprises at least one of the following features provided by hardware and software broadband network dedicated means:
port control by feeding a protocol server for auto-configuration of client network parameters with information from a VMPS client providing that each network customer address can be connected to a unique name of a port for one customer inside the network;
class of service assurance for specific types of customer equipment denying attempts to lease additional customer addresses through said protocol server which keeps a record of all assigned addresses to said policy server;
forced redirection for network login procedure by redirecting a customers browser to a predetermined login procedure when a network connected computer/equipment is turned on, thus providing a controlled way of identifying each customer before using other available services;
abuse and anti-spoof protection by adjusting boarder gateway control routing tables in real time in respect of said protocol for auto-configuration.
In one embodiment it announces helper addresses as dynamic routes providing instant fail-over if a daemon fails by withdrawing routes from a network service provider boarder gateway control table, whereby a lower prioritized daemon immediately takes control.
Another embodiment comprises that it adjusts boarder gateway protocol routes to customer devices in real time according to a protocol for auto-configuration of client network parameters, thus enhancing load balancing in network fiber rings, and which provides that it is impossible for a customer to use an address without leasing it from said protocol server.
A further embodiment of the present invention comprises a real time traffic analyzing, detecting unauthorized servers run by a customer and software which provides a a network address.
A still further embodiment comprises that said port control controls activation and deactivation of residential access ports.
Another embodiment comprises that said port control provides the assigning of a static network address to a specific port and MAC address.
Yet another embodiment comprises that said forced redirection provides forced network portal logins.
One embodiment of the present invention comprises that it provides traffic mediation which enables the system to aggregate Cisco(copyright) NetFlow 24 information based an a resedential port.
A further embodiment comprises that it provides port snooping, looking at ports so to say, through display of port information or port link states.
Yet a further embodiment provides network addresses to residential port logging, which enables to find out who a specific network address was leased to at a given time, which provides abuse administration in a broadband network.