1. Field of the Disclosure
The disclosure relates generally to the service providers of data communications, and in particular, to the upgrading of service profiles for network subscribers.
2. The Prior Art
Background
Edge services provided to subscribers can take the form of basic Internet access through DSL, cable access and the likes, or more specific services such as secure access to corporate Intranets. Users typically are provided the services through an “Edge” device, usually a router coupled between the subscriber and the Internet that is configured to provide gateway services.
In operation, each subscriber has an associated subscriber profile maintained by the service provider that indicates which of the many offered services a particular subscriber is entitled to access.
When a subscriber begins a new session, typically the edge device accesses a AAA server to authenticate the subscriber's profile, and then loads the subscriber's profile into a cache memory located in the edge device. The subscriber is then presented with the authenticated services in the form of a dashboard or home page that includes indications of what services have been authorized for the subscriber's account. When the subscriber selects a particular service, a service selection request is then sent from the edge device to the AAA server for authentication, and a subscriber service profile is returned to the edge device for storage locally.
In providing the service profile to the edge device, the service profile also enables the edge device to be configured to provide the service. For example, routing paths, secure tunnels, and gateway configuration parameters may be uploaded to the edge device as a result of a service request from the subscriber.
Overall policies exist to further define and authenticate a session associated with a particular subscriber. When a subscriber requests access to a given feature, the subscriber's session activates service profile associated with the new service. The services can then activate flows associated with their particular traffic requirements. Thus each session can have many activated services associated with the user, and each service can have respective flows, all being managed by the subscriber's particular session.
As will be appreciated by those of ordinary skill in the art, many subscribers will access many of the same service offered by the service provider. To reduce overhead, typically the policies and profiles associated with a particular service are then cached by the edge device the first time accessed by a subscriber, and these cached profiles are retrieved locally when subsequent subscribers request the same service.
A problem presents itself when a profile provided by the service provider needs to be upgraded. For example, the profile of an Intranet secure access service may be needed to be upgraded in light of newly-discovered security threats. If a service provider has many sessions active that are using a particular service that is in need of an update, each session would need to be brought down and re-started with the updated service profile.
In prior art systems, the service profile is updated off-line from the edge box, i.e., on the AAA server and ‘pushed’ to the edge server. At a scheduled downtime, all sessions are taken down and updated. Alternatively, the service profiles may be simply pushed and overlayed on active sessions that have services that need to be updated, in an attempt to update the services in real-time. However, if service attributes are changed, many active sessions may be left in unstable states, causing problems for subscribers.
As will be appreciated, this forced updating in the prior art will necessarily interrupt service for the subscribers who are currently using the services. Hence, there is a need for a procedure to update services without interrupting a subscriber's experience or requiring scheduled downtime.