ATM (Asynchronous Transfer Mode) high-speed switched networks have been proposed as a technology capable of integrating present digital services with new multimedia services, e.g., video on demand, live television from many sources, CD-quality music, LAN interconnection, and high-speed data transport for science and industry. To implement these different services, ATM networks are designed to handle a variety of traffic characteristics, e.g., constant rate, variable rate, and bursty, required for various real time, such as video conferencing, and non-real time, such as E-mail and web browsing, applications. The basic principles of ATM networks are well known to those skilled in the art and are discussed in numerous published references (see, for example, Andrew S. Tanenbaum, Computer Networks, Prentice Hall, 1996, 3rd ed.).
FIG. 1 illustrates an ATM network 6 with a simple topology and is shown herein for purposes of explanation of the operations of an ATM network relevant to the present invention. User A, User B, and Security Server C denote host computers which are connected at nodes to the network. The host computers generally execute applications for consumers whereas the ATM switches 1-5 of the ATM network 6 are solely concerned with the communication of data among the hosts along paths 31, 34, and 38. A host computer node could be a single host computer or multiple host computers connected via a local area network (LAN) or other type closed network. Each user is connected to the ATM network by a User-Network Interface (UNI), and the ATM switches are connected together by a NetworkNetwork Interface (NNI).
By way of example, in FIG. 1, one possible path of data flow would be from User A across the UNI to switch 1, and from switch 1 to switch 2 to switch 4 across the NNI interfaces and from switch 4 to User B across the UNI interface. In this example, User A would be considered the source user computer and User B the destination user computer. A path between User A and User B in the network is referred to herein alternately as connection or circuit.
This application also refers to the ingress and egress of the network denoting boundary points where data transfers to users. The ingress is where data enters the network from a source user. In FIG. 1, this would be the interface between User A and Switch 1. The egress is where data leaves the network to the destination computer. In FIG. 1, this would be the interface between User B and switch 4.
The ATM switches transfer data using a cell switching technology. All data in an ATM network is transmitted between the switches of the network in small, fixed size 53 byte long ATM cells having 5 bytes for a header and 48 bytes for the data payload. The header of each cell contains a virtual connection identifier used for routing the cells over the network. Each ATM cell contains a two-part connection identifier in the cell header: a Virtual Path Identifier (VPI) and a Virtual Circuit Identifier (VCI). This two-part connection identifier uniquely identifies an ATM virtual connection on a physical interface.
ATM is a connection-oriented technology. That is, a call is required by user A to user B, similar to a telephone call, to set up a connection between the two users. Once the connection path is established, all data cells are transferred over the same connection path. This guarantees that cells will be delivered in order. Although ATM establishes a circuit between hosts, it establishes this circuit internally using cell switching technology. When a virtual circuit is established between hosts, what really happens is that table entries storing routing information are made in each switch along the path between the hosts.
Referring to FIG. 1, the following is an example of what happens when a user A connects to user B. First, user A sends a call request to user B. The call request arrives at switch 1. Call control software located at switch 1 uses NNI signaling procedures combined with NNI routing services to locate user B and establish a virtual connection over which user A and user B exchange data.
Once a connection is established, data can be exchanged between User A and User B. Typically, the flow of data proceeds as follows. User A opens an application on the computer of User A which sends data to User B. Network software at User A's side will receive the data from the application of user A, and arrange the data into packets. Each packet is arranged as a variable length sequence of 53 byte ATM cells carrying the data payload preceded by a packet header cell containing information related to the application. The packets are sent over the ATM network cell by cell from User A to User B. The cells are reassembled into packets by software at User B's end and presented to User B as an application packet.
ATM networks provide several mechanisms for assuring quality of service and regulating traffic flow and congestion. Traffic shaping and traffic congestion control have been proposed for ATM networks. In traffic shaping, a quality of services contract is formed before data transmission between the customer and the network where the required transmission parameters are specified. For example, a customer could specify a requirement that data be transferred with a delay of 10 microseconds. In turn, the customer is required to abide by conditions of the contract, e.g., to transmit below an agreed upon rate. Traffic policing functions, e.g., user parameter control within the ATM network enforce the user's agreement to the terms in the contract. The ATM network also performs traffic congestion control. One proposed technique of traffic control is to control traffic flowing into the network at the ingress points of the network. A simple "open loop" congestion control method would discard cells at the ingress point before entering the network if congestion occurs. A "closed loop" method of flow control would collect status information on the network and throttle back cell delivery if congestion occurs.
The current ATM techniques of policing, and traffic/congestion control are limited in that the techniques do not take into account information on the application type of the ATM data cells. For example, a general cell rate algorithm will check every cell to see if it conforms to a maximum allowable arrival rate. However, the algorithm does not ascertain information on the application to which a cell belongs, because this information is contained in a higher level packet structure created by the application consisting of a header followed by a plurality of ATM cells. Management of the data flow at the application level is still possible, but is not supported by the ATM network and thus must be performed by the user.
A problem arises due to the above limitation in the situation where a source computer wishes to execute several applications during the same session requiring data be exchanged between the source computer and the destination computer. For example, a web browser application may require exchange of HTML data, and this exchange may require the user to open up an additional application requiring exchange of image data or even real time voice data.
In known ATM networks, there are basically two inadequate solutions towards solving this problem. In the first solution, a user sends both applications over the same virtual circuit which was established at the beginning of the session. However, if the circuit was initially established to meet a quality of service for a particular application, the connection established can not be guaranteed for any application of a different type. This may create a bottleneck in the original path since the new data of the new application may require an altogether different level of buffering and other quality of service (QOS) requirements. As a second solution, a user could execute a setup operation for each application and move the data of the applications over the separate paths. However, this would place a significant burden on the user since not only must a new communications path be created for each application, which requires additional setup time, but additionally the opened connections must also be managed.
Another problem is that of security. Many corporations now have a firewall between the company network and any public network so that there is only one path through which data can pass. The packets of data pass through the firewall where they are disassembled, inspected, and a decision made whether they should be passed on to security or permitted through. As an example, a security administrator may want to bar certain applications from using the company's network such as ftp transfer requests directed from the outside to the corporate network. In a typical conventional implementation, the packets will be disassembled at a router which receives packets from the outside network to determine the information of type of application. Software will be installed in the router to perform this function. This presents several disadvantages. First, the firewall router has the burden of monitoring and extracting the application information from the received packet. Additionally, this creates a cost in complexity and time delay because a packet has to be completely disassembled and reassembled at the router.
In order to overcome the above stated problems, it would be desirable for the ATM network itself to be able to direct ATM cells based on application information within packets, in a way that is transparent to the user.