Wireless communication systems and networks are used in connection with many applications, including, for example, satellite communications systems, portable digital assistants (PDAs), laptop computers, and portable communication devices (e.g., cellular telephones). One significant benefit that users of such applications obtain is the ability to connect, or stay connected to, a network (e.g., the Internet) as long as the user is within range of such a wireless communication system.
Current wireless communication systems use either, or a combination of, circuit switching and packet switching in order to provide mobile data services to a mobile subscriber. Generally speaking, with circuit-based approaches, wireless data is carried by establishing a dedicated (and uninterrupted) connection between the sender and recipient of data using a series of circuits controlled by switches or exchanges. This direct connection is set up between the parties involved in a call by exchanging signaling messages which contain the parties' addresses and request the establishment of a physical switching path. Once the direct connection is set-up, it is maintained for as long as the sender and receiver have data to exchange. The establishment of such a direct and dedicated switching path results in a fixed share of network resources being tied up, with no one else being able to make use of them until the connection is closed. When the physical connection between the sender and the receiver is no longer desired, it is torn-down and the network resources are allocated to other users as necessary.
While circuit-based approaches are generally well suited for applications requiring constant bandwidth and high quality of service (QoS), they are generally inefficient for low-bandwidth and “bursty” applications because the time between signal transmission is not used by any other calls (due to the dedicated nature of the call line). In addition, with circuit switching, the setup time can be considerable, and costs can be high for a user because there are generally usage charges even when the dedicated connection is not being used to transmit data. Most current wireless communications systems, such as those based on technologies including code-divisional multiple access (CDMA), global system mobile communication (GSM), and time division multiple access (TDMA), use radio frequency (RF) circuit connections at least for connecting a mobile subscriber to the system's radio access network (as explained below).
Packet-based approaches, on the other hand, do not permanently assign transmission resources to a given call, and do not require the set-up and tear-down of physical connections between a sender and receiver of data. In general, data to be transmitted in packet-based approaches is “packetized,” where the data is divided into separate packets of information, and each packet receives “header” information that may provide, for example, source information, destination information, information regarding the number of bits in the packet, priority information, and security information. The packets are then routed to a destination independently of the other packets of information, potentially along diverse routes. In addition to headers, these packets generally also include “trailers” which are used to provide redundancy checks (e.g., a cyclic redundancy code for detecting errors). Once these packets arrive at their ultimate destination, assuming they did not arrive in sequential order, they are reconfigured in the original order to provide the data that was being transmitted.
One advantage of packet-based approaches is that they use bandwidth on a circuit only as needed, allowing other transmissions to pass through the lines in the interim. Accordingly, packet-based approaches are often preferable to circuit-based approaches for applications that transmit data in bursts (e.g., interactive applications in which a user periodically enters data to be transmitted using a keyboard or other input device). In such applications, packet-based approaches make it possible to interleave multiple transmissions (e.g., from several terminals) onto the transmission channel, rather than the channel being idle between the periodic data inputs of a user. Additionally, because a plurality of paths exists from the sender to the receiver, alternate routes may be used to convey the packets in the event of a failure or congestion of a given route. Three major drawbacks to packet-based approaches include the burden of establishing routing for each packet (unlike the circuit switch architecture, which uses fixed routing for any given call), nondeterministic QoS, and the requirement for additional bandwidth because each packet must contain the necessary header information which conveys the routing requirements of that packet.
FIG. 1 is a simplified illustration of one embodiment of a conventional wireless communication system 100 in which the present invention may be implemented. As the main features of wireless communication system 100 are well known to those versed in the art, only a brief description of its components will now be provided. Further explanation will be provided below as necessary to aid the understanding of the principles of the present invention described herein.
As shown, wireless communication system 100 includes a mobile subscriber (MS) 102. MS 102, which is also known in the art as a mobile station, mobile node, and by other names, may be any suitable device that is capable of communicating with a wireless network. For example, MS 102 may be a cellular telephone or laptop computer with a wireless modem.
In wireless communication system 100, MS 102 communicates with a radio access network (RAN) 104 over an air interface or airlink 103 using an established RF circuit or RF data channel (as is well known in the art). RAN 104 includes a base station or base transceiver station (BTS) 106, a base station controller (BSC) 108, and a packet control function (PCF) 110 (which may be co-located with BSC 108, although this is not required). BTS 106 is used for transmitting and receiving RF signals from MS 102 by converting digital data into radio signals and vice versa. Although not shown, BTS 102 generally has an associated radio tower or antenna that it uses to communicate with various mobile subscribers, such as MS 102, using respective radio links. In particular, BTS 106 communicates with MS 102 through the modulation and transmission of sets of forward signals, while BTS 106 receives and demodulate sets of reverse signals from MS 102 that are engaged in a wireless network activity (e.g., a telephone call, Web browsing session, etc.).
BSC 108, which is generally in fixed line communication with BTS 106, is used for managing the radio resources of BTS 106. For example, as known in the art, BSC 108 may handle radio-channel setup, frequency hopping, and handovers. Moreover, BSC 108 provides an interface between the radio frequency (RF) traffic arriving from the antennas of BTS 106 and mobile switching center (MSC) 112, which connects to a public switched telephone network (PSTN) 114. Meanwhile, PCF 110 is used to route IP packet data between MS 102 (when within range of BTS 106) and a packet data service node (PDSN) 116. PDSN 116, in turn, is used to provide access to one or more internet protocol (IP) networks such as IP network 118. It will be understood that IP network 118 may be, for example, the Internet, intranets, applications servers, or corporate virtual private networks (VPNs). In this manner, PDSN 116 acts as an access gateway. Although not shown in FIG. 1, PDSN 116 generally also acts as a client for Authentication, Authorization, and Accounting (AAA) AAA servers. As known in the art, AAA servers are used to authenticate and authorize MS 102 before access is granted to IP network 118.
An important consideration for wireless communication system 100, which uses a circuit oriented approach in connecting MS 102 (and other mobile subscribers which are not shown) to one or more BTSs (such as BTS 106) of RAN 104, is how to efficiently utilize the available RF resources (e.g., the RF spectrum allocated for use by a wireless provider). As known by those skilled in the art, it is generally very costly to establish/disconnect the necessary RF circuits to transmit data to and from MS 102. Thus, for efficiency reasons, once a circuit has been established, it is typically kept in an established state consuming previous RF bandwidth until sufficient time passes without data transfer (e.g., at least a few tens of seconds). Following this time period, RAN 104 may decide that the session is “dormant” and permit the portion of the RF spectrum reserved for the circuit to be reallocated to another mobile subscriber. It will be understood by persons versed in the art that the term dormant, as used herein, refers to a situation where a logic path exists for transferring data between MS 102 and IP network 118, but there is no allocated RF circuit. For example, once a certain period of time has passed without data transfer between MS 102 and IP network 118, the RF circuit is de-allocated, where the data session still exists but the RF data channel has been released and is available for use by other mobile subscribers. On the other hand, a session is said to be active when there is an allocated RF circuit for transferring data between MS 102 and IP network 118.
In wireless systems using circuit based connections to mobile subscribers such as described above, the worst case scenario in terms of RF resource usage is for a single packet (or a few isolated packets) to be sent to a large number of mobile subscribers (e.g., MS 102) of wireless communication system 100 during a relatively short period of time. This would require an RF data circuit to be established for each MS 102 in order to pass the packet, and then these circuits would remain idle until RAN 104 decides to de-allocate the RF resources and make the sessions dormant (e.g., due to lack of traffic data). Unfortunately, the traffic patterns observed on the Internet and other existing IP networks often have these properties. For example, these traffic patterns are often observed when IP address scans are being performed (e.g., by a malevolent computer program seeking to locate vulnerable computer systems), or when ping packets or IP echo requests are being sent to multiple mobile subscribers.
One common technique that is often used to prevent imprudent activation of RF circuits is to apply packet filters in the to-subscriber direction (e.g., from IP network 118 to MS 102). As is well known in the art, packet filters generally use a set of selectors (e.g., fields in the header of the traversing packets) to determine whether to allow packets to pass to MS 102.
While existing packet filters are able to take into account several factors when deciding whether to permit a packet to pass, they do not take into account RF circuit state information (as defined below). For example, such filters do not consider whether an RF circuit has already been established for a given MS 102, or the past history of RF circuit connections to MS 102. As a result, existing packet filters are not able, for example, to permit or deny the passage of a single packet on the basis of an RF circuit already being established, where the passage of such a packet would not present a significant burden on wireless communication system 100. Additionally, for example, existing packet filters are not able to permit or deny the passage of such a packet based on past circuit state transitions, general availability of RF resources in wireless communication system 100, and other similar circuit state information that would be beneficial to consider.
Accordingly, it is desirable to provide systems and methods for filtering packets in the to-subscriber direction where the filtering is at least in part based on RF circuit state information.