Browse Prior Art Database

Real-Time Mechanism for Accounting and Network Access Control

IP.com Disclosure Number: IPCOM000111931D
Original Publication Date: 1994-Apr-01
Included in the Prior Art Database: 2005-Mar-26
Document File: 4 page(s) / 114K

Publishing Venue

IBM

Related People

Rutsche, E: AUTHOR

Abstract

Disclosed is a real-time mechanism for accounting and telecommunications netoworks access control. Accounting and network access control are performed on a connection or on parts of the connection information, e.g., source address, destination address, or ports. This connection information is extracted from the packet header and searched in a table of stored addresses. If the address is found in the table, the required accounting or access control operations are performed.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Real-Time Mechanism for Accounting and Network Access Control

      Disclosed is a real-time mechanism for accounting and
telecommunications netoworks access control.  Accounting and network
access control are performed on a connection or on parts of the
connection information, e.g., source address, destination address, or
ports.  This connection information is extracted from the packet
header and searched in a table of stored addresses.  If the address
is found in the table, the required accounting or access control
operations are performed.

      The disclosed mechanism is presented in Fig. 1.  A Header
Parser (HP) processes a packet header and extracts the relevant
connection and accounting information.  It builds a unique Connection
Number (CN) from the connection information.  The CN and the
accounting information are forwarded to an Accounting Controller
(AC).  The AC holds a table with the accounting and access control
information of the known connections.  The AC looks up the connection
information in the table and performs the accounting and/or access
control operations.

Using the Protocol Filter for Accounting -  The Protocol Filter (PF)
[*]  is a device running at network speed that extracts the
connection information from the stacked protocol headers and creates
a unique connection number.  The PF can be used to implement the HP.

      The AC consists of an Accounting Table and an Accounting State
Machine -  The Accounting Table holds for each connection the
cumulative accounting information at the address denoted by the
connection number.  The Accounting State Machine (ASM) increments
this entry by the accounting information, e.g., the packet size,
provided by the PF or by the network interface.  By this method the
accounting information is collected for each connection.  The
Accounting table holds 2 sup n entries, where n is the number of bits
of the CN generated by the PF.  The PF can process multiple protocol
stacks, e.g., TCP/IP, SNA, OSI, Netbios, XTP.

      The accounting information can also be collected for classes of
connections, e.g. connections going to the same TCP port or
originating from the same IP address.  For this application a
simplified mechanism for the HP can be used.  Instead of the tagged
CAM (Content Addressable Memory) used in the PF a wide CAM holding
the required connection information can be used, e.g. TCP/IP
address/port pair.  In this simplified mechanism the CAM and the
Accounting Table have the same number of addresses n.

      Managing the Accounting Table -  For accounting, the ASM
increments the account in the Account...