The present invention relates to communications networks, and more particularly, to protecting the operational integrity of such networks.
A well-known feature of conventional telecommunications systems which provide telephone service, e.g., public switched telephone network (PSTN), central offices (CO), private branch exchange (PBX), and Internet telephony servers, is that such systems are discrete islands of functionality, and each such island has its own particular syntax and semantics. The use of the different syntaxes, semantics, and protocols, makes it difficult to easily interconnect the various islands, and it is virtually impossible to provide features that work together seamlessly across the various islands.
Furthermore, the introduction of new service features, i.e., applications, into conventional telephony networks by the network""s operator is accomplished using internal applications programmers and/or a limited number of select (and in most cases, certified) external software vendors. The reason for such careful introduction of new service features through a small number of vendors is directly related to the apprehension of introducing a piece of uncertified software into the network which can cause major service interruptions. There exist numerous examples of well publicized communications network failures which have caused major service interrupts and significant financial losses for their network operators and customer base.
Complicating matters further is the current day evolution of next generation networks which are centered on the convergence of voice and data networks. That is, it appears highly likely that the next generation communications network will be an evolution of today""s PSTN and Internet Protocol (IP) networks. Today""s service providers are being driven by a number of factors in the development of such next generation networks such as: (1) the well-known Internet is becoming a major network choice for distribution of voice and data; (2) IP usage is increasing at a dramatic rate thereby causing bandwidth problems on existing PSTN networks carrying significant data traffic; (3) convergence of PSTN and packet networks (e.g., IP networks) is required to allow for end-to-end delivery of communications services; (4) the creation of new services connected with the increasing use of packet networks; and (5) increasing deregulation in the marketplace is creating new and competitive telecommunications environments for established, new and specialized service providers in both voice and data traffic.
One major underlying feature in delivering such next generation communications networks is network interoperability. That is, the service provider""s ability to offer valued added communications services across circuit and packet networks is tied directly to the ability of providing interoperability across a number of heterogeneous networks that support a wide range of signaling protocols (e.g., SS7, IP, Media Gateway Control Protocol (MGCP), H.323, Session Initiation Protocol (SIP) and the like). An emerging switching platform useful in resolving such network interoperability issues is so-called xe2x80x9csoftware switchingxe2x80x9d, Software switches (also known in the art as xe2x80x9csoftswitchesxe2x80x9d) are a multi-protocol software solution for signaling and transport thereby providing interoperability across heterogeneous networks,-e.g-., circuit-and packet networks. As such, PSTN and Internet Telephony Service Providers can provide seamless interoperability between PSTN and IP network domains. Of course, the issue raised above with regard to network safety and the introduction of new service features through the implementation of software switches in next generation networks, remains unchanged.
More particularly, there are two main safety properties that are critical in next generation networks, namely, so-called xe2x80x9ccomputationalxe2x80x9d safety and xe2x80x9cnetworkxe2x80x9d safety. Computational safety is directed to ensuring that the introduction of a particular piece of software code will be incapable of corrupting other pieces of currently executing code in the system, e.g., the software switch. Computational safety can be provided through the selection of the programming language for coding the software. For example, Java(trademark) is a popular programming language which enables users to create applications that can be used and executed across the Internet without concerns about platform compatibility or network security. That is, Java is a well-known platform-neutral language meaning that programs developed using Java can execute on a variety of computer systems without the need for any modifications. Such platform independence stems from the use of a special format for compiled Java programs called xe2x80x9cbytecodesxe2x80x9d which are a set of instructions which look similar to conventional machine code, but are not specific to any one processor. Thus, a Java bytecode can be read and executed by any computer system that has the well-known Java interpreter. Thus, placing the Java program in bytecode form enables the execution of such programs across any platform, operating system, or windowing system so long as the Java interpreter is available. As such, the capability of having a single binary file, i.e., Java bytecode file, executable across multiple platforms is a key attribute which is making Java bytecode, particularly in the form of applets, a common way of executing programs across the World Wide Web (WWW).
As will be appreciated, a byetcode file is typically obtained by compiling a Java file and is a stream of bytes representing a single class in a form suitable for the well-known Java Virtual Machine (xe2x80x9cJVMxe2x80x9d). The Java Virtual Machine executes bytecodes and provides Java with certain fundamental capabilities such as object creation and garbage collection. Importantly, as a virtual machine based language, Java inherently provides computational safety which ensures that a piece of Java code will be incapable of corrupting some other piece of Java code that is executing in the same (or different) process space.
However, while providing computational safety in the context of next generation networks is important, such networks employ robust call processing systems for which computational safety alone is insufficient to ensure the integrity of the network. That is, even though a particular piece of software code, e.g., a service feature, does not corrupt another piece of software code in the network, the particular piece of code can still significantly disrupt the network, e.g., by sending arbitrary messages through the network which, in turn, use network resources arbitrarily. So-called network safety is the safety property that ensures that no single application can arbitrarily misuse network resources thereby damaging the network or decreasing network efficiency. Further, and particular to call processing systems, network safety also means that any damage caused by a specific feature is localized to the that particular feature, e.g., a call, and the balance of the features in the call processing system function normally. Therefore, a need exists for providing network safety in next generation networks
An aspect of the present invention is directed to a method and apparatus for protecting against network damage in next generation call processing systems. More particularly, in accordance with an aspect of the invention, network safety is achieved using semantic restriction of higher level call processing protocol primitives coupled with dynamically programming the various network routing elements to enforce both so-called connection control and rate control. In accordance with the preferred embodiment of the invention, such semantic restriction restricts the nature of the messages that can be exchanged between the various components of a softswitch. Further, connection control limits the number of connections between various components of the softswitch, and rate control establishes the rate at which such connections are made. In accordance with an embodiment of the invention, such connection control and rate control is achieved by dynamically re-programming various network routing elements. For example, in accordance with an aspect of the invention, connection control is used to restrict the number of connections, e.g., TCP connections, that a particular feature is allowed to make, and rate control is used to restrict the number of messages, i.e., the effective bandwidth, from the particular feature.
In accordance with the preferred embodiment of the invention, a distributed architecture is defined that employs a collection of resources each of which exposes a hierarchical namespace. More particularly, the distributed architecture of the preferred embodiment is that of the so-called xe2x80x9cLucent Technologies Softswitchxe2x80x9d (hereinafter referred to as the xe2x80x9cLT Softswitchxe2x80x9d) available from Lucent Technologies Inc. The architecture of the preferred embodiment is directed to providing telephony services in next generation networks and includes two fundamental resource types, namely, i) the device server and ii) the call coordinator, which are interconnected by a network employing a common protocol, e.g., transmission control protocol/Internet protocol (TCP/IP). Each resource can participate in more than one call, i.e., each resource acts as a distributed file system that can arbitrate various requests presented to it. The interaction between the various resources that are available, which are substantially independent, follows conventional xe2x80x9cclient-serverxe2x80x9d architecture principles to implement end-to-end communication.
In accordance with the principles of the invention, network safety is provided by applying-the-semantic restriction by isolating and restricting the particular protocol employed by a so-called call processing complex and the particular feature, e.g., a feature applet. In addition, the direct communications of the feature are restricted to the call processing complex which, in accordance with the preferred embodiment, includes, inter alia., at least one softswitch. For example, arbitrary components of the call control complex are not allowed to communicate between each other. Thus, device servers are only allowed to respond to call coordinators, and, more particularly, only to those call coordinators which such device servers have been provisioned. Furthermore, in accordance with the preferred embodiment of the invention, the restrictions are dynamically programmed via an external entity, namely, a so-called xe2x80x9cpolicy serverxe2x80x9d, The policy server monitors all management events in the call processing complex and maintains control over all its elements. As such, the policy server monitors the operational status of the complex""s components and maintains configuration information regarding such components thereby making the policy server a strategic entity in facilitating the deliver of network safety in accordance with the principles of the invention.
Advantageously, in accordance with the aspects of the invention, protecting against network damage in next generation call processing systems is realized through using semantic restriction of higher level call processing protocol primitives coupled with dynamically programming the various network routing elements to enforce both connection control and rate control. dr
FIG. 1 shows an exemplary architecture for a PSTN/IP network implementing network safety in accordance with the principles of the invention;
FIG. 2 shows an illustrative namespace tree for a device server, e.g., as shown in FIG. 1;
FIG. 3 shows an exemplary namespace of a call coordinator, e.g., as shown in FIG. 1;
FIG. 4 is a flowchart of illustrative operations 400 delivering network safety in communications networks in accordance with the principles of the invention; and
FIG. 5 shows an exemplary network management scenario having network safety features delivered in accordance with the principles of the invention.