1. Field of the Invention
The present invention relates to the field of data communications networks. More particularly, this invention relates to a method and apparatus for automatically detecting hardware and communication failures and accordingly adjusting the true count of users logged into a Max Session Server (MSS). The invention also has applicability to other forms of resource management within a data communications network.
2. The Background
A user, or subscriber, of a network system can remotely log into a data communications network and access resources, such as the Internet, provided by the server. Both businesses and individuals can be users or subscribers. The network systems are typically operated by Internet Service Providers (ISPs), telephone companies, or Online Service Providers (collectively referred to as ISPs). There are numerous transmission media available to connect to the ISPs, including dialing in over the telephone network (PSTN) or connecting in another conventional manner such as via DSL (digital subscriber line), cable, ISDN (integrated services digital network), etc. Via whichever selected form of transmission, users typically gain remote access through a network access server (NAS). The NAS then requires some type of unique identification to allow access, such as a user name and password.
FIG. 1 is a diagram depicting a typical relationship between users and the server. The users (clients or subscribers) can log into a number of network access servers (NAS1, NAS2 and NAS3), which provide data communications portals to a point of presence (PoP) on the data communications network. Each NAS is in communication with a conventional AAA (authentication, authorization and accounting) or similar service to determine if the log in is authorized. If authorized, the user then gains access to the network service.
Most ISPs provide large numbers of NASs to allow numerous users at various geographic regions to gain access to the system. However, it often becomes necessary to keep track of the total number of users or groups of users logged into the multiple NASs. For example, a company may purchase access for fifty of its employees at any given time from an ISP. Thus, the ISP needs to keep track of how many users from the particular company are logged into the system. Similarly, a single user may only pay for access to the system from one connection at any given time. However, a home user with multiple computers could attempt to log in from several computers. It is in the interest of the ISP to limit that user to only the one session that the user has purchased.
In order to keep track of the number of log ins, ISPs or Online Services may utilize a Max Sessions Server (MSS), which can either be a separate entity or integrated with an Authorization, Authentication and Accounting server (AAA) and is commercially available from vendors such as Cisco Systems, Inc. of San Jose, Calif. The MSS restricts a user or a group of users (collectively referred to as a group) to a maximum number of sessions across a complete administrative domain. It does this by maintaining a counter for each user or group of users. A single user may belong to multiple groups, where each group has its own session counter. For each logged in user added, the corresponding counter(s) is incremented by one. In the event that a user belongs to multiple groups, the counter for each associated group will be incremented. For example, a company may allocate 200 logins for the engineering group, which may be further subdivided into 50 logins for hardware engineering group, 50 logins for the systems engineering group, and 100 logins for the design engineering group. When a user belonging to the systems engineering group logs in, the counter for both the systems engineering group and the overall engineering group will be incremented by one. When the user logs out of the NAS, the NAS sends an accounting record to the AAA server with a conventional protocol such as RADIUS or TACACS+ indicating that the session has stopped. The AAA server notifies the MSS that the user at a particular NAS and port has logged off and the associated counter(s) for that user are decremented by one.
FIG. 2 is a flow diagram of the communication between client and server. The user connects to a NAS, which then sends a request for authorization to the AAA. The AAA sends a request to a Max Sessions Server (MSS) to determine if there are available slots left for the user to log into the system. If the connection is within the allotted number of log ins for that user or group of users, then the request is granted and the corresponding counter is incremented by one. However, if the connection would result in more log ins than are allotted to the user or group, then the request is denied.
It is important to note that each MSS maintains a counter for a particularly designated user or group of users and only that MSS will maintain the count for that designated user or group of users. For example, a company may have a systems division that has 200 logins allotted and a hardware division that has 200 logins allotted. One MSS may maintain the counter for both of these groups or there may be two MSSs, where one handles the systems division and one handles the hardware division.
Consider what happens when a user (USERA10) belonging to a group at site A of a company travels to site B of the company. Referring to FIG. 3, each site at the company has an MSS, which maintains its list of authorized number of users per group at each respective site. When USERA10 attempts to log into the server at site B, through the log in process the MSSB identifies the user's group and then recognizes that it does not maintain the counter for the users group. Instead, it will proxy the request to MSSA. Assuming the user is authorized to log in, the user will be located at a port on the NAS at site B, but accounted for at the MSS at site A. In other words, MSSA will add the connection to USERA10 to its count for users belonging to group A.
When a hardware or communication failure occurs, a user or group of users may actually be logged out through disconnection (abnormally disconnected) and yet the MSS will not be notified. Therefore, the count of the number of sessions maintained by MSS for the user or group will be more than the actually existing number of sessions. The MSS may deny users access based on the inaccurate count, when the users should be granted access. This will result in the user or group receiving fewer connections than entitled, which is a condition known as “under-subscription.” ISPs do not want to create customer dissatisfaction; therefore, this result is highly undesirable.
What is needed is an addition to the present MSS that can automatically detect hardware and communications failures and adjust the session count accordingly. This would overcome the under-subscription problem by allowing the correct number of users authorized on the system to log in.