The present invention relates to telecommunications networks whose nodes are capable of processing in a specific way information messages that they receive; to be more precise, it relates to accessing telecommunications networks of the above kind.
The invention applies more particularly to active networks, i.e. networks in which some of the routing systems (nodes) are capable of processing in a specific way at least some of the messages conveyed by the network. In other words, this means that these nodes must be able to run an algorithm other than those known to them at the time they were designed, and that each message received may require processing resources.
Not all the nodes in an active network necessarily have processing capacity: a distinction is therefore drawn between active nodes and non-active nodes, which are usually called passive nodes. Similarly, not all messages require specific processing: a distinction is therefore drawn between active messages and non-active (passive) messages.
Computer and telecommunications networks can be divided into a plurality of domains, also known as sub-networks. This is known in the art. Controlling access to a domain by means of an access control gateway is also known in the art. In Internet Protocol networks the access control gateway is called an edge router and the routing systems (nodes) are called routers.
However, the function of access control gateways is primarily limited to verifying the right to use the bandwidth corresponding to the data transmitted by a sender.
The accompanying FIG. 1 shows the environment of an access control gateway E of the above kind. The access control gateway E administers access to a domain D made up of N nodes R1, R2, R3, . . . , RN. The figure shows two senders A and B of messages, for example host stations or nodes of another domain.
Sender A is not authorized to send messages to the domain D. The access control gateway E therefore blocks messages coming from sender A.
However, sender B is authorized to send messages to the domain D. The access control gateway can therefore pass messages coming from sender B. In a more sophisticated implementation of this access control gateway, it passes only a number of messages corresponding to the bandwidth to which the sender B has subscribed, for example.
It can therefore be seen that the above kind of access control gateway does not administer the processing generated by messages received from senders. If the domain D includes active routing systems, there is nothing to prevent senders A and B sending messages requiring considerable processing resources of the active routing systems.
Also, this can lead to congestion of the active routing systems and therefore collapse of network performance.
Similarly, this lack of control can generate security lapses, since a malevolent sender can render the network inoperative merely by sending messages requiring considerable processing resources.
Obviously, another drawback is the possibility of sending computer viruses that are not checked before they are executed by the routing systems.