1. Field of the Invention
The present invention relates to routing in a telecommunications network, and, more particularly, to routing with allocation of nodes that perform content filtering in the network.
2. Description of the Related Art
In an interconnected communication network, users establish connections between a source node and a destination node with a stream of data that is transferred through the network over a network path. The data of one or more connections constitutes traffic over the network. Optical networks are typically characterized by a set of optical switches (i.e., nodes) connected via optical links. Packet networks (which may be implemented using optical networks) are typically characterized by routers (also considered nodes) interconnected by electrical or optical links. A network path for a connection between a given source-destination (node) pair is defined by a set of nodes (the source and destination node pair and any intermediate nodes) interconnected by a set of links coupled to the nodes carrying the data stream, or flow, of the connection. Each node and each link has a capacity corresponding to the traffic it may carry, and “capacity” may be a general term describing bandwidth, effective bandwidth, link quality, or similar link-transmission characteristic.
Each link of a network has a corresponding capacity to transfer data, which link capacity is typically expressed as a link characteristic such as bandwidth or effective bandwidth (a quantity that takes into account transmission requirements such as buffer and/or transmission delay, packet loss, and QoS guarantees).
Increasingly, packet networks are subject to malicious attacks through propagation of computer viruses and worms. The growth of fast-propagating attacks has identified a need for network-based mechanisms for quarantining or containing these attacks. Network-aided containment might be used to effectively augment other defense mechanisms such as those aimed at reducing host vulnerabilities or limiting damage to infected hosts. Ad-hoc containment using several mechanisms, such as content filtering of messages for Code-Red signatures, blacklisting addresses, and blocking access to specific ports, is typically used to protect individual networks. Among common containment methods, content filtering is preferred.
Content filtering at highly used points of the Internet, such as the top ten Internet service providers (ISPs), is generally more effective than content filtering at the individual customer network level. Content-filtering mechanisms might be activated faster than other host-based schemes because identifying and generating worm signatures (used by content-filtering mechanisms) might be accomplished faster than understanding the mechanisms used for propagation by a new worm. Also, once a worm signature has been identified, network-based content-filtering mechanisms might be activated faster since the worm signatures are distributed to fewer nodes.
For containment by content filtering to be effective, all of the traffic carried by the network should be filtered. Filtering requires complete examination of each packet's contents to identify worm signatures, making content filtering an expensive operation in terms of network resource use (e.g., processing and delay). Available content-filtering capabilities should be optimally placed in nodes of the network to be used effectively. Random (or improper) selection of content-filtering nodes might force routing of packets along longer paths, leading to increased bandwidth usage per connection and lower network throughput. Thus, random placement of content-filtering capabilities might result in significant waste of network capacity in routing traffic to these sub-optimally placed content-filtering nodes.