1. Field of the Invention
Our invention relates generally to network configuration management. More particularly, our invention relates to end-to-end configuration management and configuration validation of customer premise networks to correctly enable new services being executed within these networks.
2. Description of the Background
Users are continuously executing from within their customer premise networks (e.g., small office/home office networks, small enterprise networks, home networks, etc.) new types of applications and services (hereinafter collectively referred to as services) including: web server hosting, multi-player gaming, MP3 file sharing, video and voice conferencing, and IP-based services like telnet, FTP, and ssh. Coincident with these services, users are also employing new technologies in theirs networks such as broadband gateways/routers (hereinafter broadly referred to as gateways). As shown in FIG. 1, a gateway 104 resides between a broadband access termination device 102 (e.g., cable modem, DSL modem, satellite), which provides access to a service provider network 120, and user devices including a PC 106, a web terminal 110, an internet radio 108, a laptop 112, etc. Gateways provide differing functions including firewall protection, network address translation (NAT), router functionality, VPN functionality, and quality of service assurance. The customer premise network 100, as seen in FIG. 1, may be connected, through an access router, to a private network, such as service provider network 120, and to a public network, such as the Internet 122.
Of concern here is the configuration management of these customer premise networks 100 when a user starts using new services like those described above. Often, before these services can correctly function, the user must correctly configure the user devices 106-112 and gateway 104. For example, the user devices may require configuration of the IP-layer (and above) functionality. Of greater concern is configuring gateway functionality. For example, NATs and firewalls break the traditional end-to-end model of IP networks and therefore make it impossible for the IP-based peer-to-peer and sever-based types of services described above to correctly operate (note that these services require external devices to access the home network) without first correctly configuring this functionality. Specifically, NATs and firewalls restrict access to external devices unless the correct entries are first made in the NAT""s port forwarding table and the correct xe2x80x9cholesxe2x80x9d are first made in the firewall.
As such, a home user must correctly configure the user devices and gateway before these new service types will correctly execute. Unfortunately, the configuration of gateways and user devices is a nontrivial task that the average user is not equipped to perform. Failure to correctly configure these devices when invoking new services cannot only be difficult to debug, it might also create security holes to which the user is unaware.
Prior solutions address customer premise network configuration management but present several problems. First, prior solutions are associated with and only address a particular device (like a gateway 104 or PC 106) within the network 100. As such, these solutions fail to take an end-to-end view of the network and therefore, can fail to completely enable a new service and can create conflicting/incompatible configurations. A second problem is that some services require configuration of devices and servers external to the customer premise network 100, which configurations cannot be performed by the prior solutions because they only operate from within the network. A third problem is that prior solutions fail to ensure that configuring the network for one service does not disable another service. Lastly, these solutions are vendor specific and cannot address any device.
Accordingly, it is desirable to provide a method and apparatus to perform end-to-end network configuration management of a customer premise network, thereby overcoming the above and other disadvantages of the prior art. In accordance with a first embodiment of our invention, a network configuration manager performs end-to-end configuration management and configuration validation of the customer premise network to enable a requested service to operate within the network.
Upon receiving a request to configure a specific service, our inventive system obtains a service template, from a plurality of service templates, that corresponds to the requested service. Service templates provide vendor-neutral end-to-end requirements for enabling a particular service within a customer premise network. The system uses the obtained service template to invoke a configuration generator that generates vendor-neutral device-configuration settings for the device types that can comprise a network. The system next invokes a configuration validator module to validate the network for the requested service. For example, the configuration validator determines if the generated vendor-neutral device-configuration settings for the requested service and the device-configuration settings for all priorly enabled services within a network meet the service requirements, as specified by the service templates, for the services enabled within the network. Finally, the system invokes an adaptor module that translates the vendor-neutral device-configuration settings determined for the requested service to vendor-specific device-configuration settings and communicates these settings to the particular devices within the customer premise network to enable the service. Similar to the above, the network configuration manager can also disable a service within the customer premise network.
In accordance with a first specific embodiment of our invention, the network configuration manager configures the customer premise network for a specific service upon receiving a user invoked configuration request through a web interface. In accordance with a second specific embodiment of our invention, a packet sniffer is deployed within the customer premise network. The packet sniffer monitors traffic emanating from the network, watching for IP packets pertaining to specific services. Upon detecting a service that has not been priorly enabled, the packet sniffer requests the network configuration manager to configure the network to enable the detected service. Lastly, in accordance with a third specific embodiment of our invention, a user accesses an external system for a specific service, which external system generates a request to the network configuration manager to configure the network for the service.