The present invention relates generally to digital data transmission, and more specifically to data prioritization in computer networks.
A computer network is a system of individual computers, computer peripheral devicesxe2x80x94e.g.,printers, modems, scanners, etc., and associated interconnecting cables and equipment. Various recognized hardware and software protocols specify how to configure and operate such network devices in order to exchange data. Data transfer over a network can be described by various characteristics including accuracy, dependability, and speed.
As computer networks initially evolved, protocols such as TCP/IP (Transmission Control Protocol/Internet Protocol) and network services such as FTP (File Transfer Protocol) emerged in which error-free data transmission was the most important requirement. Considerations such as transmission delay and jitter received no special attention. Over time, however, new applications and services have emerged, such as real-time and multi-media applications, in which data transmission accuracy is less important, and considerations such as delay and jitter are more important.
For applications such as Internet telephony services, it is desirable that voice data packet traffic receive priority handling in preference to other network data services. If the voice packets use a known pre-assigned UDP (User Datagram Protocol) port (e.g., 7070) then a network administrator can manually set traffic filters in network devices, especially in legacy router and switches, to provide that voice packets be given high priority. However, some data transmission standards, e.g., H.323, utilize dynamically assigned UDP ports which cannot be predicted in advance.
In addition, malicious users might know that UDP port 7070 is prioritized, and hence would set their applications to use this port number, even though their applications might be very aggressive and bursty rather than the intended voice data. Similarly, some applications might unintentionally use one of the prioritized ports without proper authorization. Such use of priority data queues by unauthorized applications reduces the usefulness of data stream prioritization. Accordingly, unauthorized applications need to be prevented from using such prioritized port numbers.
A preferred embodiment of the present invention includes a packet mapper that maps streams of data packets in a computer network, each data packet having a packet header containing feature values descriptive of the data packet. The packet mapper includes a mapping table that associates application-related feature values with network-reserved feature values from a range of feature values reserved for use by selected network data packet streams, and a feature value mapper that performs at least one of: (i) in each packet header having an application-related feature value associated with a network-reserved feature value, substituting the associated network-reserved feature value for the application-related feature value, and (ii) in each packet header having a network-reserved feature value associated with an application-related feature value, substituting the associated application-related feature value number for the network-reserved feature value.
A preferred embodiment also includes a method of prioritizing streams of data packets in a computer network, each data packet having a packet header containing feature values descriptive of the data packet. The method includes associating application-related feature values with a network-reserved feature values from a range of feature values reserved for use by selected priority data streams; and performing at least one of: (i) in each packet header having an application-related feature value associated with a network-reserved feature value, substituting the associated network-reserved feature value for the application-related feature value; and (ii) in each packet header having a network-reserved feature value associated with an application-related feature value, substituting the associated application-related feature value number for the network-reserved feature value. Preferred embodiments also include a computer program product comprising a computer-usable medium having computer-readable program code thereon for performing the various steps of the above method.
Another preferred embodiment includes a router for prioritizing streams of data packets in a computer network, each data packet having a packet header containing feature values descriptive of the data. The router includes a plurality of data interfaces for streams of data packets to enter and exit the router, and a packet mapper that maps the data streams. The packet mapper includes a mapping table that associates application-related feature values with network-reserved feature values from a range of feature values reserved for use by selected network data packet streams, and a feature value mapper that performs at least one of: (i) in each packet header having an application-related feature value associated with a network-reserved feature value, substituting the associated network-reserved feature value for the application-related feature value, and (ii) in each packet header having a network-reserved feature value associated with an application-related feature value, substituting the associated application-related feature value number for the network-reserved feature value. A preferred embodiment also includes a computer network having a plurality of prioritized streams of data packets, each data packet having a packet header containing feature values descriptive of the data packet. The computer network includes a plurality of subnetworks, each subnetwork having at least one application that generates a stream of data packets for transmission over the computer network, a plurality of routers that prioritize streams of data packets, at least one router having a plurality of data interfaces for streams of data packets to enter and exit the router, and a packet mapper that maps the data streams. The packet mapper includes a mapping table that associates application-related feature values with network-reserved feature values from a range of feature values reserved for use by selected network data packet streams, and a feature value mapper that performs at least one of: (i) in each packet header having an application-related feature value associated with a network-reserved feature value, substituting the associated network-reserved feature value for the application-related feature value, and (ii) in each packet header having a network-reserved feature value associated with an application-related feature value, substituting the associated application-related feature value number for the network-reserved feature value.
In any of the above embodiments, the feature values may include packet source data port values and packet destination data port values. The selected network data packet streams may be selected to provide quality of service (QoS) routing of the network data packet streams. There may further be included a priority violation reporter that identifies unauthorized data packet streams which are not selected network data packet streams that have data packet headers using network-reserved feature values. The priority violation reporter may further communicate the identity of such unauthorized data packet streams to a network administrator. The application-related feature values may have dynamically assigned data ports. The selected network data packet streams may be at least one of H.323, H.225.0, H.245, RTP (Real Time Protocol), RTCP (Real Time Control Protocol), and MGCP (Media Gateway Control Protocol) data packets. Alternatively, or in addition, the selected network data packet streams may include at least one of audio data, voice data, and video data. The feature values may be Transmission Control Protocol (TCP) data port numbers, and/or User Datagram Protocol (UDP) data port numbers.