WO2011044396A2

WO2011044396A2 - Method and apparatus for supporting network communications

Info

Publication number: WO2011044396A2
Application number: PCT/US2010/051874
Authority: WO
Inventors: Santosh Chandrachood; Pawan Uberoy; Rehan Jalil; Henry Fung
Original assignee: Santosh Chandrachood; Pawan Uberoy; Rehan Jalil; Henry Fung
Priority date: 2009-10-07
Filing date: 2010-10-07
Publication date: 2011-04-14
Also published as: WO2011044396A3

Abstract

Network communications systems have been evolving to support higher data rates and more sophisticated services, in part based on improved network communications protocols, but inefficiencies at network nodes are still found within networks. Embodiments of the present inventions improve nodes by supporting subscriber-based activities of a switch within the nodes, e.g., network gateways, to reduce delay and utilize resources within the nodes more efficiently. Other embodiments change processing activities from operating at a control plane to operating at a data plane or combination of control and data planes. Still further embodiments employ deep packet inspection to improve processing activities on communications traffic, optionally enabling service providers to adjust network resources automatically and activate quality of service parameters according to subscriber profiles. Because the embodiments work at a network node level, they can be applied to and improve performance of today's and tomorrow's communications networks using various communications protocols.

Description

METHOD AND APPARATUS FOR SUPPORTING NETWORK

COMMUNICATIONS

RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No. 61/278,496, filed on October 7, 2009; U.S. Provisional Application No. 61/278,505, filed on October 7, 2009, U.S. Provisional Application No. 61/278,520, filed on October 7, 2009, U.S. Provisional Application No. 61/278,519, filed on October 7, 2009 and U.S. Provisional Application No. 61/278,518, filed on October 7, 2009, and U.S. Provisional Application No. 61/278,486, filed on October 7, 2009, the entire teachings of all applications being incorporated herein by reference in their entireties.

BACKGROUND OF THE INVENTION

In subscriber aware networks, such as Worldwide Interoperability for Microwave Access (WiMax) networks, High Speed Packet Access (HSPA) networks, 3^rd Generation Partnership Project Long Term Evolution (3GPP LTE) networks etc., a large number of subscribers can be hosted by distributing subscriber knowledge across different modules (e.g. , cards in a chassis). However, such distribution cannot be achieved unless a subscriber's signaling and data packets are seen by a forwarding entity, such as a network processing unit (NPU) in a line card within a gateway, where the NPU can be specialized hardware that processes networking packets. After inspecting a packet in the NPU, the NPU forwards the packet to an NPU of a line card that hosts the subscriber's profile. The NPU of the host line card then handles forwarding activities pursuant to parameters of the subscriber's profile, such as priority or bandwidth allocation.

Network management systems use network resource management in telecommunications networks to maintain an understanding of a status of link resources and allocations, among other reasons. Resource management is used to track and manage network capacity, such as bandwidth, as well as other network resources. Resource management can occur at many hierarchical levels within a network, such as at traffic control nodes, gateways, routers, or switches. Within such nodes are often control circuits, such as central processing units (CPUs), which communicate with other nodes at a control plane level via a node-to-node control channel (i.e., inter-node control channel). The CPUs control states of traffic modules, such as network processing units (NPUs), operating at a data plane level via a CPU-to-NPU control channel (i.e., intra-node control channel). In a typical NPU programming paradigm, a host CPU accesses and programs the NPU resources using a control channel. Communications between the CPU and NPU may be bidirectional to enable the CPU to monitor a state of the NPU, or other data plane processors or modules within the node. Such bidirectional communications between control and data enables service providers to provision network nodes based on network congestion or other states, such as faults within the network, and to maintain sufficient resources for traffic to traverse network communications paths without interruption.

In subscriber aware networks, quality of service (QoS) parameters are tightly associated with each subscriber. Due to network resource constraints such as radio bandwidth, QoS is enforced end-to-end on per subscriber basis. Additionally, billing servers or accounting servers may be used to track activities on a per- subscriber basis, such as for billing subscribers for their respective wireless calling minutes. In other subscriber-aware networks, voice is delivered as packetized data over a packet network. In a typical scenario for traditional voice call management, the service provider pre-allocates radio and other network resources in anticipation of a voice call that needs to be guaranteed a certain level of service. Making such guarantees locks up scarce resources until the voice call is actuality attempted. In addition, such subscriber-aware networks include classifiers set up as 5 -tuple classifiers, which do not enable detection of advanced layer applications, such as the transport layer (Layer 4), session layer (Layer 5), presentation (Layer 6), and application layer (Layer 7) of the open systems interconnection (OSI)

communications protocol stack. SUMMARY OF THE INVENTION

According to an example embodiment, there is provided a first apparatus, for example, a network node that includes multiple functional elements, where one functional element is designated as an anchor functional element ("anchor"). The anchor is determined based on a subscriber identifier that is unique to a specific subscriber. A fabric operably interconnects the multiple functional elements, which can be line cards in chassis or virtual modules in network node(s), and the functional elements are further operably interconnected to a switch. The switch is configured to forward the subscriber traffic to the anchor functional element, based on traffic identifiers within communications traffic, and associated with the specific subscriber identifier.

According to another example embodiment, there is provided a second apparatus, for example, a communications switch in a communications network configured to determine a unique subscriber identifier of communications traffic. Based on the unique subscriber identifier, the switch determines a specific functional element, an anchor functional element among multiple functional elements. By determining the anchor functional element, the switch can forward the

communications traffic to the functional element (i.e., the anchor functional element) that, in turn, conserves resources available to the multiple elements.

Alternative embodiments of the present invention include methods, apparatuses, and computer program products for enforcing service profiles in a mobile network. An example embodiment of the present invention includes a network node in a mobile network that includes modules configured to enforce service profiles. Modules are configured to compare service profiles based on service parameters and define service-profile identifiers with service profile having common service parameters. Further, the modules can group subscriber identifiers with the service-profile identifiers based on the service profiles and enforce the service profiles for each subscriber identifier.

In additional alternative embodiments of the present invention include methods, apparatuses, and computer program products for reporting resource values in a mobile network. An example embodiment of the present invention includes, for example, an apparatus, sometimes referred to herein as a functional element, in a mobile network node that employs modules configured to report resources as may be necessary. Specifically, a first module, a notification module, is configured to notify a resource manager of a buffer that contains subscriber information. A second module, a buffer fill module, is configured to fill a buffer with a pointer to resources in the network and is further configured to be interconnected operably to a replacement module, which replaces the resource pointer with a corresponding resource value. A reporting module reports the filled buffer.

According to another example embodiment, there can be a second apparatus for reporting resource values in a data plane of a mobile network. The apparatus can include a module configured to fill a buffer with information pertaining to subscribers in a mobile network, including the services corresponding to each of the subscribers and the resource values corresponding to each of the services. The second apparatus further includes a module configured to report the buffer.

Alternatively, example embodiments of the present invention include methods, apparatuses, and computer program products for dynamically adjusting network resources in a network node by performing deep packet inspection (DPI) on a traffic packet in the network. According to an example embodiment of the present invention, there is provided an apparatus, for example, a functional element in a network node, that includes modules configured to adjust network resources.

Specifically, a first module, a DPI module, which includes a DPI engine, which performs DPI on the traffic packet in the network node, where the node can be a subscriber-aware node, meaning the node can determine a subscriber profile and parameters associated therewith based on information in a traffic based on information in a traffic packet, and typically within an overhead portion of the traffic packet. The subscriber-aware node is provisioned as having access to modify network allocations. A second module, a notification module, is configured to notify a node in the network to adjust resource parameters based on information learned using the DPI engine, as well as any services that are available to a subscriber in the network.

Another alternative example embodiment of the present invention is a network functional element, e.g. , a. line card in a gateway for assigning resources in a network node. Components integrated with or used by the functional element determine provisioning information in a data plane based on subscriber information that is available at the data plane. The components are configured to look up data plane resources in order to determine subscriber services, such that the data plane resources can be assigned to the subscriber services in the network node.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing will be apparent from the following more particular description of example embodiments of the invention, as illustrated in the accompanying drawings in which like reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating embodiments of the present invention.

FIG. 1 is a network diagram of a prior art access portal and an embodiment of the invention that illustrates network elements operably interconnected via wireline or wireless mediums.

FIG. 2 is a system diagram of an embodiment of the invention that illustrates interconnected network elements.

FIG. 3 is a block diagram of an embodiment of the present invention that illustrates a network switch.

FIG. 4 is a flow chart of an embodiment of the present invention that illustrates functions involved in traffic switching.

FIG. 5 is a block diagram of an embodiment of the present invention that illustrates components involved in traffic switching.

FIG. 6 is a flow chart of an embodiment of the present invention that illustrates switching traffic to a determined anchor functional element.

FIG. 7 is a block diagram of an embodiment of the invention that illustrates a component involved in switching traffic to a determined anchor functional element.

FIG. 8 is a flow diagram of an embodiment of the present invention that illustrates a method of switching traffic to a forwarding entity of a network functional element. FIG. 9 is a network diagram of a network illustrating aspects of an example embodiment of the invention.

FIG. 10 is a block diagram of an embodiment of the invention illustrating interconnected functional elements.

FIG. 11 is a flow chart of an embodiment of the present invention illustrating functions involved in enforcing service profiles.

FIG. 12 is a flow diagram of an embodiment of the present invention illustrating a method of enforcing service profiles.

FIG. 13 is a block diagram of an embodiment of the invention illustrating components involved in enforcing service profiles.

FIG. 14 is a flow chart of an embodiment of the invention illustrating a method of mapping quality of service profiles in an enforcement device.

FIG. 15 is a logical diagram of an embodiment of the present invention illustrating a memory.

FIG.16 is a network diagram of a prior art access portal and an embodiment of the present invention that illustrates functional elements operably interconnected via wireline or wireless mediums.

FIG. 17 is a block diagram of an embodiment of the invention that illustrates features of a functional element involved in reporting hardware resources at a data plane and at a control plane.

FIG. 18 is a flow chart of an embodiment of the present invention that illustrates functions involved in reporting resource values in mobile network.

FIG. 19 is a block diagram of an embodiment of the invention that illustrates components involved in reporting hardware resources.

FIG. 20 is a flow chart of an embodiment of the present invention that illustrates functions involved in reporting resource values in a data plane.

FIG. 21 is a block diagram of an embodiment of the present invention that illustrates components involved in reporting hardware resources in a data plane.

FIG. 22 is a logical diagram of a memory of an embodiment of the present invention that illustrates pointer stacks. FIG. 23 is a network diagram of a prior art access portal and an embodiment of the invention that illustrates network elements operably interconnected via wireline or wireless mediums.

FIG. 24 is a block diagram of an embodiment of the invention that illustrates a functional element.

FIG. 25 is a system line diagram of an embodiment of the invention that illustrates interconnected network elements.

FIG. 26 is a flow chart of an embodiment of the present invention that illustrates functions involved in deep packet inspection.

FIG. 27 is a flow diagram of an embodiment of the present invention that illustrates a method of performing deep packet inspection.

FIG. 28 is a diagram of an embodiment of the present invention that illustrates traffic in a channel.

FIG. 29 is a block diagram of an embodiment of the invention that illustrates components involved in deep packet inspection.

FIG. 30 is a diagram of an embodiment of the invention that illustrates a traffic packet.

FIG. 31 is a network diagram including multiple network elements connected via wireline and wireless mediums.

FIG. 32 is a system diagram illustrating an embodiment of a functional element of the present invention.

FIG. 33 is a flow chart illustrating an embodiment of the present invention provisioned to assign resources in a network node.

FIG. 34 is a flow diagram illustrating an embodiment of the present invention.

FIG. 35 is a block diagram illustrating an embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

A description of example embodiments of the invention follows. Embodiments of the present invention include methods, apparatuses, and computer program products for subscriber distribution and load balancing of subscriber traffic employing a mid-plane design in a subscriber-aware platform.

In typical hardware forwarding architectures, packets are seen and decoded by a network processing unit (NPU), which may be located on a line card of, for example, a network gateway or other network node. In a case in which subscriber profiles correspond to subscribers in a mobile network distributed across multiple functional elements (e.g., a line card or line cards in a chassis), subscriber traffic may arrive on a card that does not host a particular subscriber's profile. Therefore, subscriber traffic may require multiple blind hops between multiple line cards in order to find the line card hosting that subscriber's profile, where each of the hops uses resources of the line cards and interconnecting fabric, such as a backplane data or system bus consuming the resources, such as fabric availability or bandwith, NPU cycles, or knowledge of quality of service (QoS).

Example embodiments of the present invention can allow for a mid-plane design that can include functional elements, such as line cards interconnected operably by a fabric. Once subscriber traffic enters a gateway node, a device, such as a subscriber-aware switch, can be programmed with a subscriber profile table that maps a subscriber to the proper hosting slot information of a line card provisioned with or maintaining that subscriber's profile. Example embodiments of the present invention have an ability to switch traffic to a hosting NPU of a line card, thereby avoiding unnecessary hops in the system. Alternatively, an embodiment may employ QoS classifiers to classify the subscriber traffic to allow for traffic to be scheduled across any line cards in a chassis connected by the fabric to reach the proper hosting line card, referred to interchangeably herein as an anchor line card or just "anchor."

Embodiments of the present invention provide various technical advantages of conventional methods and apparatuses for allocating resources in a network node, such as adding intelligence in a switch in order to steer subscriber-traffic to a line card having subscriber information, thereby saving bandwidth and resources. In alternative example embodiments, various technical advantages exist, such as employing a subscriber-aware architecture to avoid across card fabric hops. Some of these technical advantages are shown and described in the description of the present invention with respect to the accompanying figures. Certain embodiments of the present invention may enjoy some, all, or none of these advantages. Other technical advantages may be readily apparent to those skilled in the art from the following figures, description, and claims.

In some example embodiments, QoS can allow for resource reservation and control or can provide different priorities to different elements of the network, including, for example, providing different services based on applications, subscribers, performance level, data flows, or other commonly known or hereafter developed elements supporting QoS specifications. QoS parameters can include, for example, delay, jitter, bit rate, guarantees, bandwidth, or other commonly employed or hereafter-developed parameters useful for quality of service in a network.

In alternative example embodiments of the present invention, network resources or hardware resources can include, for example, NPU, central processing unit (CPU), or other hardware resources, such as search capabilities, ternary content adjustable memory (TCAM), control functions, statistics, memory channels, fabric buffering memory, fabric backplane, or other commonly known or hereafter developed network resources.

FIG. 1 is a network diagram of a network 100 illustrating aspects of an example embodiment of the invention. The network 100 can be any type of network configured to enable wireless access, such as a wide area network (WAN) having wireless access thereto, wireless broadband network employing a Worldwide Interoperability for Microwave Access (WiMax) network, High Speed Packet Access (HSPA) network, 3^rd or 4^th Generation Partnership Project Long Term Evolution (GPP LTE) network, or other commonly employed or hereafter-developed network. The network 100 can include at least one access network 101 to interconnect operably with a number of network elements, may include, for example, mobile end user devices 150a-g, referred to herein as mobile devices or subscriber devices.

The access network 101 can connect basic network elements such as a mobility management entity (MME) (not shown), home location register (HLR) (not shown), home agent 125, gateways 120a-b, or other known network elements. The access network 101 connects to at least one base transceiver station (base stations) 140a-f, either directly or through additional networks, such as an edge network (not shown), which connects mobile devices 150a-g via a telecommunications interface or wireless medium, e.g., an air interface. The home agent 125 further connects the wireless network 135 to external networks, e.g. , the Internet 116 or a mobile switching center 149 containing service portals 1 15a-d. The service portals 115a-d can provide support for multiple service types through use of, for example, an authentication, authorization, and accounting (AAA) server 115a, dynamic host configuration protocol (DHCP) server 115b, billing server 115c, home policy function (PF) server 115d, or other type of portal that may be used at the mobile switching center 149 or other network control location. The AAA server 115a may provide authentication services to validate a subscriber, authorization to determine the subscriber's rights, and accounting to determine subscriber's usage. The DHCP server 115b may provide for address allocation services in a manual, automatic, or dynamic manner, or as otherwise provided by a network administrator. For example, the DHCP server 115b may receive a packet from other network elements requesting the Internet protocol (IP) address of the packet, for which the DHCP server 1 15b can perform a look-up and provide the information to the requesting element. The home PF server 115d may provide general policy rules or application dependent policy rules. The home PF server 115d may also evaluate network requests against the policies and may be associated with a home policy database, which may be associated with a network service provider.

Continuing to refer to the example embodiment of FIG. 1, traffic 102, originating at a mobile device such as a portable computer mobile device 150a, may travel toward its respective base station 140a via a wireless medium 199. The base stations 140a may, in turn, forward the traffic 102 to a corresponding gateway 120a via a wired or wireless medium 199. The gateway 120a can be any of a multitude of wireless gateways, such as an Access Signaling Node Gateway (ASN-GN), Gateway GPRS Support Node (GGSN), Serving General Packet Radio Service Support Node (SGSN), System Architecture Evolution (SAE) gateway, or other currently known or hereafter-developed gateway. In the example network 100, the gateway 120b contains at least one functional element, such as a line card, that supports traffic packets, or other traffic signals, at traffic rates; multiple line cards in a chassis 160b- f can also be present.

An example embodiment of the present invention includes a subscriber- aware switch, such as the switch 130 in FIG. 1, which directs traffic from a subscriber to the specific line card where the subscriber's profile is maintained. The specific line card may be referred to herein as an "anchor" line card. In alternative example embodiments of the present invention, the subscriber-aware switch 130 can be found at a network backbone of a network or a gateway node, such as the gateway 120b of FIG. 1. In one example embodiment, the switch 130 can be configured to determine a subscriber profile associated with the communications traffic 102. The subscriber-aware switch 130 has knowledge of the subscriber's profile location, whereas previous switches are non-subscriber-aware switches, such as a multiplexer (MUX) switch 1 18 that merely switches traffic without awareness of the traffic's destination as a function of its source.

An example of a prior art subnetwork 1 10a includes similar elements and components as the network 100 as a whole, including, for example, subscriber devices 150a-c connected to base stations 140a-c via a wired or wireless medium 199. The base stations 140a-c are similarly connected to a gateway node 120a via mediums 199. The gateway 120a may include a multiplexer switch 1 18, which simply forwards traffic signals from an input to an output based on header information, and may include a line card 160g (or multiple line cards 160g-j) for processing functions.

The MUX switch 1 18 switches incoming data from an input port to a specific output port. The MUX switch 1 18 determines a packet address, such as a media access control (MAC) address from a frame in an Ethernet local area network (LAN) or an Internet protocol (IP) address from a packet in a packet-switched network, and corresponding output port to use to forward the traffic towards its final destination. In an open systems interconnection (OSI) reference model, the MUX switch 118 reads a physical address from header information (e.g, a destination MAC address) or performs a look-up of the destination in a routing table of a router.

In large mobile communications networks, such as the network 100, a MUX switch can receive a traffic packet and merely determine its next destination based on the header information of the packet and switch the packet 102 to a next point (known as a "hop") in the network. The greater number of hops a traffic packet must be sent on to reach its destination causes latency in the network. In the example prior art sub-network 110a, the MUX switch 118 receives subscriber traffic from the base stations 140a-c via the connection mediums 199. The MUX switch 118, having no knowledge about subscriber information or subscriber profile s regarding to the traffic is being sent, merely receives the traffic at the switch and, upon reading the header information, forwards the packet to the next hop. In this example, the next hop 1 13a is to line card 160j. If the line card 160j does not contain a subscriber profile indicating where the subscriber traffic flow should be sent, line card 160j forwards the packet to a second next hop 113b, such as to line card 160i, which itself may not know the subscriber profile and, in turn, again forwards the traffic via a third next hop 113c, such as to line card 160h. A final next hop 113d to line card 160g, which contains a subscriber profile, allows for the traffic to continue to a destination outside the gateway node 120a, which is generally defined as a network node at a level of a network that connects one network with another portion of a network. The MUX switch 1 18 in combination with the traditional forwarding action of the line cards 160g-j causes any number of hops 113a-d because the MUX switch 1 18 must figure out blindly where to forward the data. Thus, such an unaware MUX switch causes a significant amount of network latency, which, in turn, reduces bandwidth capacity as traffic reaches a bottleneck in the gateway node 120a.

Example embodiments of a portion of the network 100, sub network 110b, that employs an embodiment of the present invention has improved efficiency over the above-described sub-network 110a subscriber-aware switch, such as the switch 130 in the second gateway 120b. The subscriber-aware switch 130 directs traffic received from a subscriber device to the specific line card where the subscriber's profile is maintained, referred to herein as an anchor line card. For example, the subscriber-aware switch 130 can be configured to determine a subscriber profile or a unique subscriber identifier associated with the communications traffic 102. In the example embodiment, the subscriber-aware switch 130 can dynamically maintain a subscriber profile table 131, which can learn subscriber profile information and a location of the subscriber's profile. Using the subscriber profile table 131, the switch 130 can determine a line card containing the subscriber information and designate that line card as the anchor line card 160a.

In operation, the switch 130, being a subscriber-aware switch, provides efficiency by having knowledge of or the ability to determine the subscriber's profile at the anchor line card 160a, among the multiple line cards 160a-f. In an alternative example embodiment, the traffic forwarded to the anchor line card 160a can then be passed, with the subscriber profile information and traffic packet payload, to other line cards via a fabric (described in FIG. 2) as may be needed to direct the traffic to its destination port.

The anchor functional element 160a (described in more detail below in reference to FIG. 2), which contains the subscriber-profile, receives the traffic 102, from the downstream base station 140d via the subscriber-aware switch 130 and may perform network resource functions prior to transmitting the traffic 102 to a home agent 125 or final destination. In an example embodiment of the present invention, a subscriber 150f may have a profile at the line card 160a, which is thereby designated as the anchor line card from among other line cards 160b-f because the subscriber's 15 Of profile is located at that line card 160a. However, any of the line cards 160a-f can be designated as the anchor line depending upon where a subscriber profile is located.

In one embodiment, upon receipt of a signalling packet, such as an SS7 signalling packet in a voice over Internet protocol (IP) packet switched network or an R6 signalling packet in an IPv6 packet switched network, the subscriber-aware switch 130 can extract subscriber information from the source (or destination) identifier in the header and, if available, subscriber profile information. Using that information, the switch 130 may itself assign the line card to be the anchor line card for the subscriber and provide the profile information to the anchor line card or assign the line card to be the anchor line card for the subscriber and cause the anchor line card to obtain the subscriber's profile information from an external resource, such as a service provider's subscriber database server. In another embodiment, the same activities can be initiated by the subscriber-aware switch's 130 receipt of a traffic signal having a known or unknown source (or destination) address. In embodiments in which subscriber profiles timeout after periods of inactivity by a given subscriber, the switch 130 updates its table 131 to remove the line card's "anchor" designation for the "timed-out" subscriber, resulting in the foregoing process to begin again upon receipt of a next signaling or traffic from the subscriber. Although inefficiency is experienced, overall efficiency and resources conserved are improved. In some embodiments, the subscriber-aware switch 130, in addition to providing efficiency by directing a subscriber's traffic to its designated anchor line card, can apply the subscriber's profile in a manner consistent with how other network nodes, such as the anchor line card apply it. For example, the switch 130 may give a subscriber's traffic higher (or lower) priority than other subscriber's traffic based on its profile, regulate traffic rate or bandwidth, or perform other activities in accordance with the subscriber's profile.

It should be understood that the anchor line card 160a receives the subscriber's traffic from the subscriber-aware switch 130, but the anchor line card 160a may still forward the subscriber's traffic after its processing via a fabric (not shown) to other line card(s) 160b-f if other line card(s) have logical or physical connections to parts or channels the anchor line card does not. In such cases, the receiving line card(s) 160b-f may act as "dumb" line cards or may themselves perform activities consistent with the subscriber's profile. The foregoing egress activities for a source subscriber at a near end of the network may be applied in reverse for ingress traffic from a destination subscriber at a far end of the network.

FIG. 2 is a high-level system diagram 200 of an embodiment of the invention illustrating interconnected network elements. The example embodiment of the system diagram 200 can include subscriber devices 250a-c, subscriber-aware switch 230 maintaining a subscriber-profile table 231 , functional elements 260a-c, fabric 265, and a backplane 204.

In the example embodiment, subscriber devices 250a-c can connect to the subscriber- aware switch 230 via wireless or wireline connections 299; alternatively, the subscriber-devices 250a-c can pass through base stations (not shown) or intermediary networks (not shown) prior to reaching the subscriber-aware switch 230. Alternative example embodiments of the first and second apparatuses (as described above in the Summary of the Invention) allow the subscriber profile table 231 to determine the anchor functional element 260a that maintains a subscriber profile 266 that contains information on each subscriber, such that the subscriber profile 266 is accessible to the subscriber-aware switch 230. Maintenance of the subscriber profile table 231 allows the switch to map specific subscriber identifiers with the proper hosting-slot information of a forwarding entity, such as a network node or sub-element thereof. The subscriber-aware switch 230 may also classify traffic 202; where classifications, for example, can be quality of service (QoS) classifiers that can be used to forward the traffic to ingress-interface ports 271 of one or more of the functional elements 260a-c.

In alternative example embodiments, the subscriber-aware switch 330 may be enabled further to redirect communications traffic in a subscriber-aware, fast- forwarding manner in the occurrence of a failover; thereby allowing subscriber traffic to be transmitted to the appropriate forwarding entity. The functional elements 260a-c may include (as illustrated in the anchor functional element 260a, the elements of which may be applicable to the functional elements 260b-c) forwarding entities (not shown), load-balancing elements (not shown), network processing unit(s) (NPU) 263, central processing unit(s) (CPU) (not shown), memory (not shown), or other components and sub-components as are commonly employed or hereafter developed in line cards. Alternative example embodiments can include a back plane 204 configured to interconnect elements, such as the functional elements 260a-c, multiple line cards in a chassis (e.g. , the line cards 160a- f of FIG. 1), the fabric 265, or other commonly employed or hereafter developed elements of backplane architecture.

FIG. 3 is a block diagram 300 of a subscriber-aware switch 330 illustrating aspects of an example embodiment of the present invention. The example block diagram 300 may include a subscriber-aware switch 330, including, for example, some or all of a subscriber profile table 331 , network processing unit (NPU) 363, central processing unit (CPU) 364, or memory 335.

To begin processing, a traffic packet 302 can be sent by a base station 340 (not shown), via a communications interface 399 (e.g., an optical fiber, copper wire, or air interface) and received by a traffic management entity (TME) 319a at the subscriber- aware switch, via a multitude of ingress-interface ports 271 ; alternatively, the traffic packet 302 can enter the subscriber profile table 331 directly. The subscriber profile table 331 can maintain subscriber profile information on a per- subscriber basis. The subscriber profile table 331 further can maintain the subscriber profile in a dynamic manner, including updating and learning subscriber information, such as a unique subscriber identifier 374, anchor line card 360, or additional information commonly employed or hereafter developed.

In an alternative embodiment, the traffic packet 302 can enter the NPU 363 directly. The ingress-interface ports 371 being decided by a routing protocol of the traffic packet 302 from the base station 340 to determine which port 371 to use to forward the traffic. The traffic packet 302 can enter the NPU 363, which can operate at a data plane 397 and maintain fast path packet switching at traffic rates or multiples of thereof in the data plane 397. The NPU 263 may perform any number of functional operations, including, for example, determining routing information, data manipulation, control processing, packet allocation, determine quality of service (QoS) parameters, or other commonly known or hereafter developed functions.

In alternative example embodiments of the present invention, the subscriber- aware switch can contain a central processing unit (CPU) 364, located, for example, in a control plane 398. The CPU 364 can receive the traffic packets 302, if necessary, an operating in a slow path. In an alternative example embodiment, the NPU 363, the CPU 364, or both the NPU 363 and CPU 364 can be interconnected operably to a memory 335, such as a ternary content addressable memory (TCAM). Alternatively, another example embodiment can include a QoS database 333 for maintaining QoS classifiers for the subscribers in a communications network like the network 100 of FIG. 1.

In an example embodiment, following the anchor line card (not shown) being determined by the subscriber-aware switch based on, for example, information in the subscriber profile table 331 , the subscriber-aware switch can forward the traffic via an egress-output ports 379, egress TME 319b, or other commonly employed or hereafter developed method of switching communications traffic. Alternative example embodiments of the present invention can determine, at the subscriber-aware switch, subscriber information, such as a subscriber service profile, source address, unique subscriber identifier, or other commonly known or hereafter developed subscriber information. In an example embodiment, the unique subscriber identifier may include, for example, an international mobile subscriber identity (IMSI), a media access control (MAC) address, an Internet protocol (IP) address, or other commonly employed or hereafter developed subscriber identifier. In one example embodiment, the subscriber-aware switch can determine subscriber information by observing signaling communications in order to determine the anchor line card corresponding to the unique subscriber identifier and forwarding the subscriber traffic to that anchor line card. Alternatively, the subscriber-aware switch can use a control packet to ensure the subscriber traffic is forwarded to the corresponding anchor line card maintaining the subscriber profile. In one example embodiment, the subscriber profile can be found in the control packet or as part of the signaling. Alternatively, the control packet can be parsed for a network access identifier (NAI), which can indicate a subscriber identifier at the subscriber's request for access to the network. The NAI can bind the subscriber identifier with the IP address associated to that subscriber; or the control packet can bind the NAI to the subscriber's IP address. In one example embodiment, the subscriber traffic at the anchor line card containing the subscriber profile can be transmitted across a fabric that interconnects multiple line cards in an operable manner. The fabric allowing for the traffic packet and the subscriber profile to be maintained across one or more line cards such that the subscriber information, e.g., quality of service (QoS) parameters, is maintained and traffic is classified.

FIG. 4 is a flow chart 400 illustrating a method by which a network node, such as the gateway node 120b of FIG. 1, can route subscriber traffic according to an example embodiment of the present invention. According to the example embodiment, the flow chart 400 selects a functional elements from among multiple functional elements in a chassis to be designated an anchor functional element (480), such as the line card 260a of FIG. 2. The network node may switch subscriber traffic to the designated anchor line card based on traffic identifiers associated with a subscriber identifier (490). Alternatively, the multiple functional elements may be located in different network elements being interconnected in any system configuration of any physical or logical configuration.

FIG. 5 is a block diagram 500 of a network node 526 illustrating aspects of an example embodiment of the present invention. Example embodiments of the network node 526 can include components, such as a selection module 581 and a switching module 591. The block diagram 500 can be a physical or logical representation and may exist, for example, in a line card at a gateway node in a network, such as an example network 100 of FIG. 1, or block diagram 500 can be distributed among multiple different physical network nodes. According to the example embodiment, the selection module 581 can employ a unique subscriber identifier 574 to designate a functional element from among multiple functional elements in a chassis to be an anchor functional element 571. The section module 581 can forward information, such as the anchor function element 571, the unique subscriber identifier 574, or the traffic 502 to the switching module 591. In alternative embodiments, any or all of the modules 581 and 591 may exist on a functional element at a network node or as individual, interconnected modules located at different sites on a network, like network 100 in FIG. 1.

FIG. 6 is a flow chart 600 of an embodiment of the present invention illustrating switching traffic to a determined anchor functional element, such as the anchor line card 160a of FIG. 1. According to the example embodiment, the flow chart 600 parses communications traffic to determine a unique subscriber identifier (686). The flow chart 600 can identify an anchor functional element that maintains or has knowledge of a subscriber profile that corresponds to the unique subscriber identifier (688). Further, the flow chart 600 can switch the communications traffic to the identified anchor functional element (690). Alternatively, in example embodiment of the present invention, the multiple functional elements may be located in different network elements being interconnected in any system configuration of any physical or logical configuration.

FIG. 7 is a block diagram 700 of a switch according to an example embodiment of the present invention. Components of the switch 730 can include a parsing module 787, an identification module 789, and a switching module 791. According to the example embodiment, the parsing module 787 can parse communications traffic 701 to identify a unique subscriber identifier 774 for the specific communications traffic 701. The parsing module 787 can transmit one of the unique subscriber identifier 774, the traffic 701, or both, to the identification module 789. The identification module 789 can determine an anchor functional element 770 that includes a map or knowledge of a subscriber profile corresponding to the unique subscriber identifier 774. The identification module 789 can transmit information to the switching module 791, such as the determined anchor functional element 770, the unique subscriber identifier 774, and the traffic 701. The switching module 791 can forward the communications traffic 701 to the determined anchor functional element 770. In alternative embodiments, any or all of the modules 787, 789, 791 may exist on a functional element at a network node or as individual, interconnected modules located at different sites on a network, like network 100 in FIG. 1. Alternatively, example embodiments of the present invention can include modules being in a system of any physical or logical configuration.

FIG. 8 is a flow diagram 800 of an example embodiment of the present invention illustrating a method of switching traffic to a forwarding entity of a network functional element. The example embodiment can be performed in one embodiment at a subscriber-aware switch having a configuration consistent with the subscriber-aware switch 230 of FIG. 2. Alternative example embodiments of the flow diagram 800 can be located at network elements or sub-elements

interconnected operably in a communications network.

After beginning, the determination procedure of FIG. 8 determines a subscriber identifier based on, for example, an inspection of a traffic packet including the payload or alternative layers of the traffic packet (878). Based on the determined subscriber identifier, which can be a unique subscriber identifier, a subscriber-aware switch can determine an anchor line card, from among multiple line cards, which maintains the subscriber profile for the traffic packet (880). The subscriber-aware switch can classify the communications traffic based on, for example, quality of service (QoS) parameters associated with the subscriber identifier (879). The subscriber-aware switch can maintain a subscriber profile table (882), which can include subscriber information such as, the unique subscriber identifier, the corresponding anchor card, QoS parameters, service type, or additional information commonly employed or hereafter developed as subscriber information.

In the example embodiment of flow diagram 800, the subscriber-aware switch can identify traffic packet identifiers that can, for example, correspond to the unique subscriber identifier (883); the flow diagram 800 associating the traffic identifiers with the unique subscriber identifiers (884). The traffic identifiers can be the same as the subscriber identifier; alternatively, the traffic identifier and the subscriber identifier can be bound together to be part of the subscriber information or identification. The subscriber-aware switch can switch the traffic packet to a corresponding anchor line card based on, for example, the traffic identifiers associated with the unique subscriber identifiers (890). Alternatively, an example embodiment can switch the traffic packet according to the information maintained in the subscriber profile table, where the subscriber profile table Can update entries in a dynamic manner. In another alternative example embodiment, communications traffic from a subscriber can be switched across ingress-interface ports of one or more line cards, interconnected by a fabric, based on QoS classifiers. The QoS classifiers can, for example, be transmitted with the traffic packet in the packet payload.

In example embodiments of the present invention, the subscriber-aware switch can balance traffic load using the subscriber profile table to forward the traffic to a forwarding entity of one of the line cards without overloading the interface (892). In alternative example embodiments, the subscriber-aware switch can perform load balancing based on traffic-rate factors, non-traffic rate factors, or other commonly employed or hereafter developed methods of load balancing. In other example embodiments of the present invention, the subscriber-aware switch can determine if a failure occurrence has occurred in the network (893), for example, a network node is overloaded. If a failure occurrence is detected, the subscriber- aware switch can redirect the traffic in a subscriber-aware, fast-forwarding routing manner (894); if a failure occurrence is not detected, the subscriber-aware switch can forward traffic to the anchor card with the subscriber profile (895).

Alternatively, example embodiments of the present invention can include a switch programmed with subscriber information, such that the subscriber-aware switch can transmit subscriber packets to a subscriber-aware network processing unit (NPU) via a fast-path (i.e., in a data plane, rather than in a control plane). In another alternative example embodiment, the subscriber-aware switch can be employed at or be accessible to a data plane, where the data plane switch allows for fast-path packet switching, for example, switching the traffic over a traffic rate bus that operates at traffic rates (e.g. , 40 Gbps or 100 Gbps, or higher or lower) or multiples thereof in the data plane. In alternative example embodiments, the fabric can switch at traffic rates (e.g., 100 Gbps) or traffic rates multiplied by the number of slots available to switch through.

Further example embodiments can include quality of service (QoS) classifiers programmed into a switch to preserve the QoS classification, thereby enabling proper treatment for incoming subscriber traffic. The example

embodiment can include load balancing subscriber traffic using subscriber tables to redirect traffic to a NPU hosting the subscriber's information in a manner avoiding overload of congested or otherwise problematic interface cards. In an alternative example embodiment, a subscriber profile associated with traffic can be dynamically added to the subscriber-aware switch, for example, added to the subscriber profile table or a memory such as a ternary content addressable memory (TCAM). The subscriber-aware switch can program the QoS classifiers in the subscriber-aware switch with the subscriber profiles, thereby making the subscriber-aware switch a mid-plane switch.

In yet another alternative example embodiment, the subscriber-aware switch can determine the unique subscriber identifiers based on deep packet inspection (DPI) of the traffic packets. In the example, DPI enables advanced packet examination by reaching deeper layers of the packet, in reference to, for example, an open systems interconnection (OSI) reference model, which has a seven layer stack. Alternatively, DPI can be performed in reference to a TCP/IP reference model, or other models commonly employed or hereafter developed. While DPI can be used to inspect even lower levels of a traffic packet, such as the physical (Layer 1), data link (Layer 2), or network layers (Layer 3), this type of inspection is normally considered shallow packet inspection. DPI can be used to view layers 4-7 of the IP data and provide a more detailed understanding of the type of traffic transported in a network. Based on the inspection, the subscriber-aware switch, anchor line card, or other line card(s) may apply traffic processing activities consistent with the corresponding subscriber's profile.

Alternatively, an example embodiment of the present invention may include a process for a subscriber profile table in a subscriber-aware switch to learn a location of a subscriber's profile among the line cards (or network nodes or logical modules, depending on implementation) or assign a location to the subscriber profile based on a dynamic function. The dynamic function can include, for example, a subscriber device with an unknown profile location, such that the subscriber profile table must send a request to a functional element to determine if the functional element contains the subscriber profile. The functional element may contain a network service processor (NSP) that can be queried for the subscriber profile. If the NSP cannot locate the subscriber profile, the functional element or a

subcomponent thereof can send a request into the network to a subscriber database, such as a network service provider database. The network service provider can provide the service profile back to the functional element, which, in turn, can provide the subscriber profile to the subscriber profile table in the subscriber-aware switch. As such, the subscriber-aware switch can dynamically update, on a frequent or infrequent basis, the subscriber profiles. In an alternative embodiment, the subscriber profile table can be programmed, for example, by a network operator via provisioning or signaling nodes or via a direct terminal programming node, in order to update the subscriber profile table with new or changed subscriber information. In alternative example embodiments, the switch can employ the service profile of the subscriber to determine or interpret quality of service parameters.

Turning to another example embodiment of the present invention, current subscriber-aware mobile networks, parameters of each subscriber are provisioned in a centrally located repository, such as an authentication, authorization, and accounting (AAA) server or home location register (HLR). These parameters are returned to entities enforcing quality of service (QoS) on a per-subscriber basis, which limits the number of subscribers that can be supported.

Previous approaches attempt a solution with infinite resources that can copy each QoS profile on per-subscriber basis and can have one-to-one mapping in software, as well as hardware. The previous attempts at solutions placed severe limitations on the number of subscribers that can be supported by a network. Other attempts to solve this problem tried to share common parameters, such as classifiers, in a scarce resource such as a ternary content addressable memory (TCAM), such that packets matching a set of classifiers can be mapped to one QoS class even though packets may arrive from two different subscribers. Previous approaches in the industry program a TCAM with classifier for each subscriber (with each subscriber's Internet protocol (IP) address), causing the scarce resource memory of the data plane to be quickly exhausted. Furthermore, prior approaches cannot support overlapping classifiers.

Example embodiments of the present invention allow a profile identifier to be associated to a given set of subscribers first, and classifiers for that profile identifier are programmed. Each profile identifier creates a unique (disjoint) set of classifiers that can be matched in parallel in the TCAM. Following receipt of a traffic packet, the forwarding engine can perform a look-up of the profile 10 and use it to form a TCAM key. Based on the TCAM key, the TCAM can look-up only the classifiers that are needed. This provides the service class within a given profile. A look-up of classifiers using a subscriber identifier, which can include, for example, an IP address, international mobile subscriber identity (IMSI), or other known or future-developed identifier, can map the subscriber identifier to a unique QoS profile in hardware; thereby reducing QoS resource requirements without sacrificing functional capability.

In the example embodiment, a system-wide profile identifier is assigned to a plan; all subsequent subscribers with that plan can be mapped, at an enforcement device such as an Access Signaling Node Gateway (ASN-GN), Gateway GPRS

Support Node (GGSN), or a network processing unit (NPU), with that system-wide profile identifier. For example, if a service provider has ten service plans and one million subscribers using those ten service plans, then a memory in a control plane of the example embodiment is only consumed for the ten plans. In alternative embodiments, data corresponding to the ten service plans are maintained strictly in the data plane, offloading more data and processing from this control plane. Embodiments of the present invention can account for a fact that a network operator may create a few service classes with QoS parameters and derive various subscriber plans out of service classes. For example, a service provider can have voicel, voice2, voice3, videol, video2, video3, BE1, BE2, BE3 service classes but may create plans such as Gold = {voicel, videol, BE1} and so on. Embodiments of the present invention may enable plans to be generated in a dynamic manner as subscribers join the network.

Embodiments of the present invention provide various technical advantages over conventional methods and apparatuses for allocating resource in a network node, such as scaling network resources to handle large numbers of classifiers by "chunking" classifiers together dynamically without truncation. Some of these technical advantages are shown and described with respect to the accompanying figures. Certain embodiments of the present invention may enjoy some, all, or none of these advantages. Other technical advantages should be readily apparent to those skilled in the art from the following figures, description, and claims.

FIG. 9 is a network diagram of a network 900 illustrating aspects of an example embodiment of the invention. The network 900 can be a network similar to the network 100 of FIG. 1, including the same or similar elements with

corresponding functionalities. The network 900, in addition to the elements included in the network 100, can further include example embodiments of the present invention can include a quality of service (QoS) classifier table 931, which can be located at a network node, such as the gateway 120b of FIG. 1. The QoS classifier table 931 can maintain or include information relating to a subscriber or set of subscribers 950a-g on the network 900. The QoS classifier table 931 can be a centrally located repository for individual subscriber parameters that can be used by or forwarded to entities in the network 900 to enforce QoS on a per-subscriber basis.

Alternatively, an example embodiment of the present invention can support scalability of network resources and provide for fast processing on a per-subscriber basis because the embodiment can group subscribers together based on common parameters. The QoS classifier table 931 can map multiple subscribers with common parameters to a single class of service type (not shown), thereby lowering resource requirements on the network elements. In alternative example embodiments, QoS can provide different priorities to different elements of the network, which may include, for example, providing different services based on applications, subscribers, performance level, data flows, or other commonly known or here-after developed elements requiring quality of service specifications. QoS parameters can include, for example, delay, jitter, bit rate, guarantees, bandwidth, or other commonly employed or hereafter-developed parameters useful for quality of service in a network, such as a mobile communications network.

FIG. 10 is a block diagram 1000 of an embodiment of the invention illustrating interconnected functional elements 1060a-b, where functional element 1060b is designated as an anchor functional element. The functional elements

1060a-b are interconnected operably via a fabric 1065; alternatively, all functional elements in a chassis may be interconnected via a fabric 1065.

When a subscriber enters a network, like the network 100 in FIG. 1 , service flows and other configurable attributes, such as quality of service (QoS) parameters, are created or provisioned as per the attributes. A service flow management (SFM) entity at a base station, may be a logical entity that may create, admit, activate, modify, or delete service flows as may be desired or needed. The QoS classifiers may be used to implement service flows, where QoS classifiers may include, for example, congestion avoidance, congestion management (e.g. , priority queuing), classification, traffic conditioning (e.g., shaping flows using different rates), marking, or traffic separation.

Example embodiments of the present invention can include a functional element at a gateway node, or other network node, which has access to a network processing unit (NPU). For example, the block diagram 1000 illustrates two functional elements 1060a-b, which are interconnected by a fabric 1064. The functional elements 1060a-b can be, for example, line cards around a network node, or multiple line cards in a chassis. The functional element 1060a is designated as a local functional element and the functional element 1060b is designated as an anchor functional element. The functional element 1060a receives the traffic 1002, from a downstream base station (not shown), and may perform network resource functions prior to transmitting the traffic 1002 to a second functional element 1060b. The functional element 1060b can be an anchor line card, such that the anchor line card 1060b includes information on a subscriber in the network. For example, a subscriber has a subscriber profile (explained in more detail below) at line card 1060b, which is thereby designated, optionally by a central processing unit (CPU) 1064a, as the anchor line card out of any interconnected line cards because the subscriber's profile is located at that specific line card 1060b. However, any line card, which may be physically or logically interconnected, can be designated as an anchor line card for the same subscriber's profile of other subscriber profiles.

Further, line cards can be a primary anchor or backup anchor, where backup anchor line cards become primary anchor line cards for a subscriber's profile in an event of a failure of the primary anchor, configuration, or other fault, depending on multiple factor, for example, where a subscriber's profile is located.

Functional element 1060a receives subscriber traffic from a network or base station (as illustrated in FIG. 9) via an ingress-interface port 1071 ; the specific ingress-interface port 1071 can be determined based on a protocol designated in the traffic packet. Alternatively, the functional element 1060a can receive subscriber traffic via a fabric 1065 from a different line card (not shown) in a chassis or otherwise interconnected to functional element 1060a in a logical or physical configuration. However received, traffic packet 1002 may directly enter NPU 1063 a via a NPU interface (not shown), or, alternatively, the traffic packet 1002 may enter a traffic management entity 1019a, which may direct the packet further using commonly employed or hereafter-developed methods of traffic management. The NPU 1063 a can forward the traffic packet directly to the anchor functional element 1060b via fabric 1065 using information from the CPU 1064a, which is configured to know the anchor line card of the subscriber traffic. In alternative embodiments, all CPUs in the network node collectively determine the anchor line card for a given subscriber.

Similar to the functional element 1060a, the anchor functional element 1060b can receive the traffic packet 1002, which can directly enter NPU 1063b via a NPU interface (not shown), or, alternatively, the traffic packet 1002 may enter a traffic management entity 1019b, which may direct the packet further using commonly employed or hereafter-developed methods of traffic management. The NPU 1063b at the anchor functional element 1060b can determine, in conjunction with the CPU 1064b, classifier table 1031, and other optionally interconnected devices, service parameters. For example, in one embodiment, the service parameters can be determined using a service type 1055a-c of network traffic 1002 that is associated with service profiles, the service parameters can be quality of service (QoS) parameters. Alternatively, in other example embodiments, the service parameters can be determined as a function of the subscriber identifier and the service class identifier. The classifier table 1031 can determine rules 1056a-c to apply to the traffic 1002 based on the service type 1055a-c and determine actions 1059a-c to apply to the traffic based on the determined rules 1056a-c.

For example, another embodiment of the present invention can allow a subscriber on the network to be determined with a certain service profile. The service profile can be contained in a table, such as a QoS profile table 1032, which may include the subscriber's service type informationl055a-c, the rules 1056a-c associated with that type of service, and the actions 1059a-c that can be taken based on the rules and services of the subscriber. The service type 1055a-c can include, for example, data service 1055a, voice service 1055b, video stream service 1055c, etc., where the voice service 1055b has classifiers, or rules 1056b, that can allow for different actions 1059b to take place.

For example, one rule can state that if the call is an emergency call, mark the first traffic packet received as a high priority packet; therefore, the action may be to send that traffic packet as a high priority packet. Any additional packets determined to have the same protocol address, such as a wide area network (WAN) protocol address, as the first packet, are similarly marked with the subscriber identifier of the first packet.

Additional example embodiments of the present invention can include a module at a network node, which has access to a NPU, which can determine service parameters using a service type of network traffic that is associated with service profiles, the service parameters can be QoS parameters. The module can be in ay configuration, may include one or more corresponding or interconnected modules, in a system of any physical or logical configuration. FIG. 11 is a flow chart 1100 illustrating a method by which a line card, such as the line card 1060b of FIG. 10, can enforce service profiles according to an example embodiment of the present invention. According to the example embodiment, the flow chart 1100 compares service profiles of subscribers in a network, such as the network 900 of FIG. 9, based on service parameters associated with the service profiles (1181). The line card then defines service-profile identifiers for service profiles that have the same or common service parameters (1 182). The line card may create groups of subscribers, based on the subscriber identifiers associated with each subscriber, where creating a group can include grouping subscriber identifiers with service-profile identifiers based on the service profiles (1183). Further, the line card may use the service profile identifiers to enforce service profiles on a per-subscriber basis (1184).

Alternative example embodiments can allow for identifying new subscribers joining the mobile network that may need a new service-profile identifier and generating one in a dynamic manner for that new subscriber. If the subscriber is not a new subscriber, in other words, the subscriber is associated with an existing subscriber identifier, it is determined whether that subscriber identifier is associated with a service-profile identifier, if not associated, a service-profile identifier having common service parameters as the subscriber identifier is generated in a dynamic manner and associated with the subscriber identifier.

FIG. 12 is a flow diagram 1200 illustrating a method by which a network node, such as the gateway node 120b in FIG. 1, can enforce service profiles according to an embodiment of the present invention. According to the example embodiment, the flow diagram 1200 compares service profiles based on service parameters (1281), where the service parameters can be determined using quality of service (QoS) parameters (1289). QoS parameters may include services, rules, and actions for a specific subscriber or group of subscribers in a network, such as network 900 in FIG. 9; the QoS parameters can be determined by determining a service type associated with a service profile (1290), then determining the rules associated with the service type (1291), and then determining actions that can be taken or applied to traffic in the network based on the rules (1292). The flow diagram 1200 can compare service profiles based on service parameters (1281). Based on the determined service parameters or QoS parameters, service-profile identifiers are defined with service profiles (1282); the service profiles can then be mapped to an enforcement device, such as a memory (1293). Alternatively, service profiles or additional information may be mapped to the enforcement device at any time.

Continuing to refer to FIG. 12, the flow diagram 1200 performs a look-up of subscriber identifiers of the subscribers in the network, such that each subscriber can have a unique subscriber identifier (1294). Following determination of subscriber identifiers, the example embodiment groups subscriber identifiers, based on service profiles, to service-profile identifiers (1283). The flow diagram 1200 can combine multiple subscriber identifiers with common parameters, which can be grouped as service-profile identifiers. The grouped service-profile identifiers can enhance efficient use of network resources by having fewer identifiers than subscribers in the network because the subscriber identifiers can be grouped. The example embodiment of the flow diagram 1200 determines actual enforcement parameters, such as determining the actual service type, maximum rate, queuing parameters, statistics, or policy enforcement procedures for the subscriber identifier. In some embodiments, the service profiles are enforced on a per-subscriber-identifier basis using the profile identifiers (1284).

Alternative embodiments of the present invention may include additional

QoS parameters, where the QoS parameters are specified for different layers of a system. QoS parameters can include, for example, expected performance characteristics, degree of synchronization between related services, events, rules, actions, or information flows, degree of resource commitment, cost of service, service access point specifications, and other commonly known or hereafter- developed requirements.

Alternative embodiments may allow for actual enforcement parameters to be bearer dependent, include traffic scheduling information, ordering, queuing, or other commonly employed or hereafter-developed procedures for enforcing quality of service or service parameters.

FIG. 13 is a block diagram 1300 illustrating a network node 1380 according to an example embodiment of the present invention. Components of the network node 1380 can include an evaluation module 1385, characterization module 1386, collection module 1387, and enforcement module 1388. According to the example embodiment, the evaluation module 1385 compares multiple service profiles 1358 based on service parameters 1353 corresponding with the service profiles 1358. The evaluation module 1385 can forward a copy of information, such as the service profiles 1358 and the service parameters 1353, to the characterization module 1386. The characterization module 1386 can define service-profile identifiers 1352 based on the service profiles 1358 that have common service parameters 1353. The collection module 1387 is configured such that it can receive information from the characterization module 1386, may include, for example, the service profiles 1358, the service parameters 1353, and the service-profile identifiers 1352; alternatively, the collection module 1387 can receive service-profile identifiers 1352 and service profiles 1358. The collection module 1387 can group subscriber identifiers

(described in more detail in reference to FIG. 15) with the service-profile identifiers 1352 based on the service profiles 1358. The enforcement module 1388 can enforce service profiles 1358 on a per-subscriber-identifier basis using the service-profile identifiers 1352.

In alternative embodiments, any or all of the modules 1385-1388 may exist on a functional element at a network node or as individual, interconnected modules located at different sites on a network, such as network 900 in FIG. 9.

FIG. 14 is a flow chart 1400 illustrating a unit in a line card, such as the NPU 1063b of FIG. 10 can map quality of service profiles in an enforcement device, where, for example, the enforcement device is a memory. Additional embodiments of the present invention allow for a memory to store service-profile identifiers or map the service profiles such that the information is accessible to the NPU. For example, following receipt of a packet at a module (1495), a second module performs multiple table look-ups in order to map a service profile, where the service profile is based on unique QoS parameters. First, the service-profile identifier is looked-up in a hardware device (1496); second, the service parameters are looked- up based on the information determined from the first look-up (1497); last, the subscriber identifier is determined (1498), which can be a dynamically determined identifier associated with a single user, associated with the determined service- profile identifiers can be retrieved and mapped in the memory (1499). Based on a combination of any of the determined information, a service profile is enforced using enforcement parameters based on the unique QoS classifiers of the subscriber identifier.

Alternative embodiments of the present invention can map QoS information, or other information regarding a subscriber in a network, to a table or module in any configuration or format, where such modules can be in a system of any physical or logical configuration.

FIG. 15 is a logical diagram of a memory 1500. The memory 1500 can be any memory, for example, a ternary content addressable memory (TCAM) 1535, which can be used as an enforcement device. TCAM memory is particularly suitable for the described application because other forms of memory may also be employed. The TCAM 1535 may include information and data necessary to provide efficient resource allocation of the quality of service (QoS) profiles, such as a subscriber table 1531, which can maintain individual subscriber identifiers 1557a-f, and the profile identifiers 1552a-c corresponding with the individual subscriber identifiers 1557a-f. For example, a subscriber entering the mobile network is assigned and provisioned a specific subscriber identifier; such that a first subscriber is assigned subscriber identifier "SI" 1557a, which is associated with profile identifier "PI" 1552a.

The subscriber table 1531 can forward a copy of the profile identifiers 1552a-c to a secondary table, a QoS profile table 1532, which can include payload of traffic 1502 corresponding with the profile identifiers 1552a-c and further corresponding to QoS and service parameters 1553a-c. QoS parameters may include information regarding a set or sets of services 1555, which can correspond to a set or sets of rules 1556, which further can correspond to a set or sets of actions 1559.For example, the profile identifier "PI" 1552a corresponds to QoS parameters, for example, service class 1 (SCI) 1553a. The service class 1553a may contain a multitude of information, which may include, for example, the service 1555, rule 1556, or action 1559 that correspond to the profile identifier 1552a.

The QoS profile table 1532 may forward the QoS information or a copy of the service class 1553a-c information to a tertiary table, a QoS match table 1533, which can include, for example, the subscriber identifiers 1557a-c and the QoS service classifiers that correspond to the individual subscriber identifiers 1557a-c.

Alternative embodiments of the present invention can include, for example, multiple types of memory interconnected or available to forward and receive data from another memory unit. Other embodiments may include fewer or greater numbers of tables with similar or different network information.

Turning to a typical approach to collect application statistics is to send requests to a resource manager in a control plane that can access resource hardware via a device driver, where the resource hardware, such as a counter, keeps track of activity occurring in a data plane. The resource manager and device driver may both be located in a central processing unit (CPU). In the typical approach, an application sends a synchronous read message to the resource manager. Following receipt of the synchronous read message, the resource manager sends a synchronous message to the driver, causing the device driver to read statistics from the hardware. Throughout the process, multiple synchronous transactions or messages are exchanged, meaning the resource manager waits for requested information from the driver or intermediate modules, and the device driver waits for its response from the hardware, and, while waiting, the resource manager, intermediate modules (if any), and device driver perform no other activities. Synchronous operations are fine for small volumes of subscribers, but as subscribers increase in number, such as with the advent of 4G wireless networks, the synchronous approach will be inefficient and result in consuming large amounts of CPU resources, which can produce a sub- optimal rate of information retrieval.

In the case of maintaining counters in line cards in a network gateway, for example, and having internal retrieval activities in the same line card, current methods begin with an application's sending a synchronous message to a resource manager, the resource manager's responsively sending a synchronous message to the device driver, the device driver sending a synchronous message to the hardware resource, the hardware resource responding in kind to the driver, the driver's responding in kind to the resource manager, and the resource manager responding in kind to the application. Similarly, current methods for processes across line cards include two additional synchronous messages: one synchronous message sent from the application on a first card to the application on a second card in order to begin the process, and a second synchronous message sent from the application on the second card to the application on the first card in order to end the process.

Embodiments of the present invention can allow for the use of asynchronous messaging across all modules and returning hardware statistics, such as statistics from counters, directly from the hardware to an application process. Therefore, an embodiment of the present invention has an ability to bypass transactions between the application and the resource manager, and to bypass similar transactions between the resource manager and device driver. Alternatively, example embodiments of the present invention can be applied to bypassing transactions between cards, thereby removing cross-card synchronous communication. It should be understood that at least two levels of efficiency are achieved first, asynchronous activities enable requesting modules, such as the resource manager, to conduct other activities or release its resources back to its host CPU, and second, bypassing transactions can use fewer control plane resources, and possibly no control plane resources in cases when return of the information from the hardware device is reported back to the requesting application via the data plane absent any control plane interaction.

A further optimization of alternative example embodiments of the present invention includes sending a command to return a "bulk of operations to hardware" and retrieve them in a single pass of messaging across these processes. This example embodiment may lower inter-process communications (IPCs) significantly, eliminate synchronous calls, and significantly increase speed of retrieval.

Additional alternative example embodiments of the invention include any or all of the modules being configured to operate in an asynchronous manner relative to the activities of the resource manager, and further can include any of the modules configured to operate at a data plane of a network functional element or multiple combinations of the modules configured to operate at both the data plane and the control plane of the network functional element.

Alternatively, example embodiments of the present invention can include a buffer being filled with information regarding subscribers in the mobile network, where information can include representations and indications of the subscribers, subscribers' corresponding provisioned services, resource values corresponding to the provisioned services, or other representative subscriber information as may commonly employed or hereafter developed. In example embodiments with modules included on the network functional element, as well as external functional elements or devices, the modules may receive the buffer via transmission of the buffer in the form of a traffic-packet, or, alternatively, the modules may receive a pointer to the buffer. Any of the modules being interconnected operably to one another or other network elements and configured to perform operations such that statistics relevant to a subscriber or set of subscribers in the mobile network may be available to applications external to the functional element.

Embodiments of the present invention provide various technical advantages of conventional methods and apparatuses for allocating resources in a network node. Some of these technical advantages are shown and described in the description of the present invention. Certain embodiments of the present invention may enjoy some, all, or none of these advantages. Other technical advantages may be readily apparent to those skilled in the art from the following figures, description, and claims.

FIG. 16 is a network diagram of a network 1600 illustrating aspects of an example embodiment of the invention. The network 1600 can be a network similar to the network 100 of FIG. 1 , including the same or similar elements with corresponding functionalities. The network 1600 can further include an example of a prior art access portal 1610a, the portion of the network includes similar elements and components as the network 1600, including, for example, subscriber devices 1650a-c connected to base stations 1640a-c via a wireless medium 1699. The base stations 1640a-c are similarly connected to a gateway node 1620a via mediums 1699. The gateway 1620a may include a multiplexer switch 1618, which simply forwards traffic signals from an input to an output based on header information, and may include a line card 1660g (or multiple line cards 1660g-i) for processing functions. However, the prior art example embodiments rely on synchronous resource reporting, where the messages execute sequentially; while one entity is waiting for a response from a second entity, the execution process is suspended.

The synchronous messaging system of the prior art example requires more wait time as the number of messages sent increase, thereby increasing run time and resources. For example, in reference to the blown-out prior art synchronous messaging 1639, referencing a line card 1660g, a synchronous-messaging example is illustrated. In order to provide resource statistics to application 1623c, elements of the line card 1660g must perform a series of synchronous messages. The synchronous messaging series occurs in a control plane 1698c (i.e., a slow path) and includes communications between a sub-application 1627c, resource manager 1621c, driver 1622c, hardware 1626c, and application 1623c. Synchronous messaging here is communication between these processes, which is un-buffered and requires each process to wait until the data or message between the two processes has been transferred or completed. Throughout the entire process of reporting statistics to the application 1623c, multiple synchronous messages or transactions are sent between each pair of processes cause inefficient results, consume large amounts of CPU resources, and produce sub-optimal rate of retrieval.

In the example embodiment of the prior art synchronous messaging, the sub- application 1627c sends a synchronous message 1617a to the resource manager 1621c requesting hardware statistics; before the resources manager can send a message to the driver 1622c, the resource manager 1621c must give a response to the sub-application 1627c first. This pattern, of request message/response message pertains to all processes. In other words, the resource manager 1621c sends a synchronous message 1617b to the driver 1622c, which responds and then sends a synchronous message 1617c to the hardware 1626c, which responds. In order for the statistics to be reported to the application 1623c, the processes must reverse order and send the information upwards. In other words, the hardware 1626c sends a synchronous message 1617d to the driver 1622c, which responds and sends a synchronous message 1617e to the resource manager 1621c. The resource manager 1621c responds to the driver 1622c and sends a synchronous message 1617f to the sub-application 1627c, which responds. After all of these synchronous processes complete, the sub-application 1627c can send a synchronous message 1617g to the application 1623c, which can include the statistical reports.

Example embodiments of the present invention can include asynchronous messaging and fast-path forwarding using a data plane. Resource management employing asynchronous messaging systems do not require response return, and, therefore, allow for scalable resource allocation and messaging without information loss. In an example embodiment of the present invention, large numbers of subscribers can be assigned to one or more hardware counters on the network 1600 per subscriber. In order to report statistics about the counters, the hardware counters can be polled periodically and report the subscriber-hardware statistics using asynchronous messaging in a data plane 1697b, or in the data plane 1697b and a control plane 1698b. An example embodiment of a function element 1660b is illustrated in the blown out example embodiment of asynchronous messaging 1638.

The functional element 1660b, which can be a line card or a line card designated as an anchor line card (e.g. , 1660a) that includes a subscriber's profile. The functional element 1660b includes a control plane 1698b, which is a slow path and a data plane 1697b, which is a fast path. The control plane 1698b can contain a sub-application 1627b, resource manager 1621b, and driver 1622b. The data plane 1697b can contain hardware 1626b. In an example embodiment of the present invention, the sub-application 1627b can send an asynchronous message 1617h to the driver 1622b, which can immediately send an asynchronous message 1617i to the hardware 1626b. The hardware 1626b can immediately, from the data plane, send an asynchronous message to the application 1623b in a fast-path, without. Additional example embodiments are explained in reference to FIG. 17.

FIG. 17 is a block diagram 1700 illustrating a functional element 1760, such as a network node, for reporting resources using a data plane 1797 and a control plane 1798. The functional element 1760 can be a single line card at a network node, or be a line card among a plurality of line cards in chassis at a network node. The functional element 1760 can include a network processing unit (NPU) 1763, which can be located on the data plane 1797, or forwarding plane, of the functional element 1760. The NPU 1763, operating in the data plane 1797, can include, for example, a hardware component 1726. The CPU 1764, operating in the control plane 1798, can include, for example, a billing sub-application 1727, a resource manager 1721, or a driver 1722. An application programming interface (API) (not shown) implemented by components of a software system, such as an operating system, an application, or a system library, being tied in a logical or physical configuration to the billing applications 1723a-b for interacting with the billing sub- application 1727.

The NPU 1763 is interconnected operably to the functional element 1760 via a fabric 1765. The fabric 1765 further can interconnect operably multiple functional elements (not shown) in a chassis. The NPU 1763 can be interconnected operably to the CPU 1764 via a peripheral component interconnect (PCI) bus 1772, or other method of interconnecting or integrating circuitry, for example, a traffic rate bus that can be operating at traffic rates or multiples thereof. The CPU 1764 can

communicate with other nodes at the control plane 1798 level via a control channel. The CPU 1764 can control states of traffic modules, such as the NPU 1763, operating at the data plane level via a CPU-to-NPU control channel. One or both of the NPU 1763 and CPU 1765 may be coupled to a memory 1735, where the memory can be a ternary content addressable memory (TC AM) or other finite memory as may be known or hereafter developed.

The functional element 1760 can include egress output ports 1779 from which traffic can be sent to sub-elements within a same node 1708 as the functional element 1760 or to an external node 1709. Both or either of the same node 1708 and external node 1709 can be a type of element in a network, such as the network 1600 of FIG. 16, for example, the node can be a client, a server, a peer, or other network element commonly employed or hereafter developed. The same node 1708 and the external node 1709 may include, for example, a billing application 1723a-b (e.g. , billing server 1 15c in FIG. 1), an accounting server 1728a-b, and an element management system (EMS) 1729a-b. Alternatively, another example embodiment may include additional applications, management entities, servers, or other services commonly known or hereafter developed applicable to hardware resources.

In one example embodiment, a traffic packet 1702 can enter the NPU 1763 via the fabric 1765 or via an ingress input port 1771 , the ingress input port 1771 being decided based on packet header information, such as protocol information. The traffic packet 1702 enters the hardware 1726 of the NPU 1763 located in the data plane 1797. The control plane 1798 receives the packet 1702 from the data plane 1797 via bus 1772. The traffic packet 1702 being associated with a subscriber (not shown), where the subscriber can be assigned to multiple hardware counters. In one example embodiment of the present invention, a series of

asynchronous messages 1712 can be performed to report statistics to an application. The billing application 1723b may require statistics or a network operator may program or decide hardware counter statistics to be reported to other network entities. The billing sub-application 1727 can send an asynchronous message to the resource manager 1721 in the control plane 1798. Without waiting for a response, the resource manager 1721 can send an asynchronous message to the driver 1722, which can send an asynchronous message to the hardware 1726, located in the data plane. The hardware 1726 can return hardware resource statistics to the driver 1722, which can report the hardware resource statistics to the billing application 1723b using an asynchronous return message.

In an alternative example embodiment, a series of asynchronous messages 1713 can be perform to report statistics to an application. The billing sub- application 1727 can transmit an asynchronous message to the driver 1722, which can, in turn, transmit an asynchronous message to the hardware 1726 located at the data plane 1797. The hardware 1726, in the NPU 1763 can directly report the hardware statistics from the data plane 1797 to the billing application 1723b, without return response to the control plane 1798.

In yet another alternative example embodiment of the present invention, a series of asynchronous messages 1714 can be performed to report statistics to an application. The billing sub-application 1727 can send an asynchronous message to the hardware 326 directly, bypassing all processes in the control plane, thereby saving the CPU 1764 resources and improving production of near-optimal or optimal rate of information retrieval. The hardware 1726 reports the statistical results directly from the data plane to the billing application 1723b.

In alternative example embodiments, an application on one card can acquire statistical results or information from hardware on another card, bypassing any interprocess communication or synchronous messaging. In yet another alternative example embodiment, an application can specify specific statistics relevant to a subscriber or set of subscribers, such that the relevant statistics can be acquired for all such subscribers with a single transaction and flow of process invocation without synchronous messaging. Further alternative example embodiments can include an application requesting a direct return delivery of statistical results from a device driver, without mediation of a resource manager process.

Alternatively, another example embodiment may include resource processes occurring between two line cards or across multiple line cards. In this example embodiment, the same series of asynchronous messages 1712, 1713, and 1714 can occur between two line cards or across multiple line cards on the same or different network elements.

FIG. 18 is a flow chart 1800 illustrating a method by which a network element, such as the line card 1660a of FIG. 16, can report resource values in a network according to an aspect of the present invention. According to the example embodiment, the flow chart 1800 notifies a resource manager of a buffer that can contain subscriber information (1881). The buffer containing subscriber information can be filled with resources pointers (1882) and the resource pointers can be replaced with resource values corresponding to the resource pointers (1883).

Further, the example embodiment of flow chart 1800 can report the buffer or buffer contents (1884).

In alternative example embodiments, a buffer, such as the buffer 2245b of FIG. 22, can be reported to an external node by transmitting the buffer or a portion of the buffer. Alternatively, another example embodiment can transmit the buffer to an element of the same node by coping the buffer into a traffic packet without any modifications. The buffer can be reported to any node or network sub-element in the network by other methods commonly employed or hereafter developed.

FIG. 19 is a block diagram 1900 illustrating a network element, such as a network node 1980, illustrating an example embodiment of the invention. The block diagram 1900 includes a notification module 1985, buffer fill module 1986, replacement module 1987, and reporting module 1988. The notification module 1985 can notifying a resource manager regarding a buffer 1945, which can include subscriber information 1951 or other information. The notification module 1985 can pass a copy of the buffer or forward a pointer to the buffer to the buffer fill module 1986; the buffer fill module 1986 can fill the buffer 1945 with a resource point 1948. The replacement module 1987 can receive information from the buffer fill module 1986, such as the resource pointers 1948, subscriber information 1951, or the buffer 1945. The replacement module 1987 can be configured to replace the resource pointers 1948 with the resource values 1949 corresponding to the resource pointers 1948. The reporting module 1988 can be configured to report the buffer 1945; the reporting module 1988 can receive a copy of the buffer 1945 or a pointer 1948 forwarded from the replacement module 1987.

Alternatively, another example embodiment can include the reporting module 1988 receiving a copy of the buffer 1945 directly from a memory, such as the memory 1735 of FIG. 17. Another alternative example embodiment of the present invention can include, for example, the modules being in any configuration in system of any physical or logical configuration.

FIG. 20 is a flow chart 2000 illustrating a method by which a network element, such as the line card 1660a of FIG. 16, can report resource values in a data plane according to an example embodiment of the present invention. The example embodiment of flow chart 2000 provides for a method of filling a memory, which can include a buffer such as the buffer 2245a of FIG. 22, in a data plane with information regarding subscribers or subscriber devices present in a network, such as the mobile network 1600 of FIG. 16 (2091), and the buffer further being reported via a data plane of a mobile network or network entity (2092).

In alternative example embodiments, the buffer can be reported to an external node, such as the external node 1709 of FIG. 17, by transmitting the buffer or a portion of the buffer. Alternatively, another example embodiment can transmit the buffer to an element of the same node, such as the node 1708 of FIG. 17, by copying the buffer into a traffic packet without any modifications to the buffer. The buffer can be reported to any node or network sub-element in the mobile network by other methods commonly employed or hereafter developed.

FIG. 21 is a block diagram 2100 illustrating a network element 2180, such as the line card 1660a of FIG. 16, according to an example embodiment of the invention. Components of the network element 2180 can include a buffer fill module 2193 and a reporting module 2194. The buffer fill module 2193 can be configured to fill a buffer 2145 with information representing subscribers, such as source or destination, subscribers' corresponding services, such as quality of service, and accounting or billing records of the subscribers. According to an example embodiment, the modules can be part of or all of a system to report resource values in a data plane of the network element. Alternatively, another example embodiment of the present invention can include, for example, the modules being in any configuration in system of any physical or logical configuration.

FIG. 22 is a logical diagram 2200 illustrating a memory, such as buffers

2245a-b, according to an example embodiment of the present invention. The buffers 2245a-b can be a storage medium used, for example, to collect and stored data for use by a network element, such as network node 1620b of FIG. 16; the buffers 2245a-b can be used for other purposes commonly employed or hereafter developed, such as for interconnecting circuits operating at different rates or reading and writing information. In alternative example embodiments, the buffers 2245 a-b can be other types of memory, such as a queue, cache, or other commonly employed or hereafter developed type of memory or portion of memory. The buffers 2245a and 2245b can be the same buffer during different stages of a buffer fill procedure, such as the buffer fill procedure 1881 of FIG. 18. The buffer 2245a can store subscriber information in general, including, for example, a recipient address 2242, subscriber identifiers 2257a-c, classifiers 2253a-l-2253a-3 and 2253b-l-2253b-3, hardware resource pointers 2248a-f, or other information 2243; the information stored in the buffer 2245a can be rewritten, read, and otherwise reconfigured based on different information or processes in the network. The recipient address 2242 can be identified or determined based on the information in a traffic packet, such as the traffic packet 1702 of FIG. 17, the packet information may include, for example, payload or header information with a sender's and recipient's Internet protocol (IP) address or other mobile address. The subscriber identifiers 2257a-c can include unique subscriber identifier, which can be dynamically determined by a network processing unit (NPU), such as the NPU 1763 of FIG. 17, or may be based on other learned or known information about a subscriber device (not shown).

In alternative example embodiments, the subscriber identifiers 2257a-c can include, for example, a unique serial number of a subscriber device, a temporary identification number in a roaming network, an international mobile subscriber identity (IMSI) associated with a global system for mobile communications (GSM) or universal mobile telecommunications system (UMTS). The buffer 2245a can include information relating to the subscriber 2257a-c, such as classifiers 2253a- 1-2253 a-3 and 2253b-l-2253b-3, which may be subscriber-specific classifiers or a group of classifiers shared among subscribers. Classifiers 2253a- l-2253a-3 and 2253b-l-2253b-3 can include a multitude of information about the subscriber, for example, a rate limitation, type of service, rules or actions associated with the type of service, or other commonly known or hereafter developed subscriber information for use in a mobile communications network. In one example embodiment, the subscriber identifiers 2257a-c may be associated with the same, similar, or different types of classifiers or number of classifiers 2253a-l- 2253a-3 and 2253b-l-2253b-3. For example, a subscriber in a mobile

communications network with subscriber identifier SI 2257a, can have a first classifier 2253a- 1 that includes the type of service as being a premium level service, such as all voice calls receiving high-priority classification. Subscriber identifier S 1 2257a may have a second classifier 2253b- 1 that includes the counter values corresponding to a type of service.

In alternative example embodiments of the present invention, subscriber identifiers 2257a-c and classifiers 2253a-l-2253a-3 and 2253b-l-2253b-3 can be combined to determine resources that can be used or needed by a certain subscriber or certain group of subscribers. The buffer 2245a stores pointers to resources 2248a-f, such that the hardware resources 2248a-f can include pointers to counters located in a different network element being accessible to the buffer 2245a.^" Additional information 2243 may be stored in the buffer 2245a as determined by a network operator or other subscriber information as may be useful for determining or storing for use in application statistics.

The buffer 2245b can be the same buffer as the buffer 2245a during a different stage of the buffer fill procedure. In an alternative example embodiment, the buffer 2245b can be an exact replica of the buffer 2245a, also located in a memory, such as the memory 1735 in FIG. 17. The buffer 2245b can include the same information as stored in the buffer 1945a, such as the recipient address 2242, the subscriber identifiers 2257a-c, the classifiers 2253a-l-2253a-3 and 2253b-l- 2253b-3, and the additional information 2243. In an example embodiment, the additional information 2243 may include, for example, representations of subscribers or a subset of subscribers handled by a node in the mobile network. Continuing to refer to the present example embodiment, during a stage of the buffer fill procedure (as described in reference to FIG. 17), the buffer 2245b can replace the hardware resource pointers 2248a-f with resource values 2249a-f. The resource values 2249a-f can include, for example, accounting information or billing information for a subscriber or service; alternatively, the resource values 2249a-f can be hardware counter values. In replacing the resource pointers 2248a-f with resource values 2249a-f, the example embodiment optimizes the procedure and saves network resources without having to copy the buffer or stack multiple times. Alternatively, another example embodiment can include certain portions or entire buffers to be copied or relocated to other network elements.

Turning to an example embodiment of the present invention that allows for subscriber awareness by pairing subscriber profiles to corresponding application information in a run-time way such that network resources are not consumed unnecessarily. Deep packet inspection of a subscriber's traffic packet detects the type of information packet being sent and notifies a base station to use a specific classifier in order to deliver service based on DPI-learned information and subscriber services. Such embodiments have an ability to attach DPI-learned dynamic classifiers, optionally including policy information such as application rate, session states, quota, status of policers, and statistics counters, as payload over mobility management messaging.

Embodiments of the present invention provide various technical advantages over conventional methods and apparatuses for allocating resources in a network node, such as provisioning and transferring classifiers as a subscriber moves via a soft handoff to a different network element. Some of these technical advantages are shown and described in the description of the present invention with respect to the accompanying figures. Certain embodiments of the present invention may enjoy some, all, or none of these advantages. Other technical advantages may be readily apparent to those skilled in the art from the following figures, description, and claims.

FIG. 23 is a network diagram of a network 2300 illustrating aspects of an example embodiment of the invention. The network 2300 can be a network similar to the network 100 of FIG. 1 , including the same or similar elements with the same or similar functions. The network 2300 can further include an example embodiment of the present invention, for example, a deep packet inspection (DPI) module 2366 located or operably connected to a network element, such as the gate 2320b or a line card 2360a-f. The DPI module (explained below in detail) enables packet inspection of the traffic packet 2302 at a more detailed level. The traffic packet 2302 can contain multiple layers of information, for example, an open systems

interconnection (OSI) reference model of the traffic packet 2302 seven layer stack. The OSI reference model includes a physical layer (LI) 2311, data link layer (L2) 2312, network layer (L3) 2303, transport layer (L4) 2304, session layer (L5) 2305, presentation layer (L6) 2306, and application layer (L7) 2307. The DPI module can inspect some or all layers of a packet, including, layers L5-L7 in some

embodiments.

An example embodiment of the present invention includes a subscriber- aware switch, such as switch 2319 in FIG. 23, directs traffic from a subscriber to the specific line card where the subscriber's profile is maintained; for example, the switch can be configured to determine a subscriber profile associated with the communications traffic 2302. The switch 2319 is a subscriber-aware switch and has knowledge of the subscriber's profile location, whereas previous switches are non- subscriber-aware switches, for example, such as a multiplexer switch 2318, which merely switch traffic without being aware of the traffic's information.

Alternatively, example embodiments include DPI occurring at the subscriber-aware switch 2319 in the data plane. Unlike the current state of the art that uses Internet protocol (IP) address for forwarding functionality. Embodiments of the present invention can read the data contents that a traffic packet or message may carry, including information beyond a normal router reading a layer 3 (e.g., IP address) address to make forwarding decisions. Further example embodiments of the present invention allow for the subscriber-aware switch to retain historical or payload (or other) information in the subscriber-aware switch or module accessible to the subscriber- aware switch after forwarding of the traffic is completed.

FIG. 24 is a block diagram 2400 of functional element 2460 illustrating an example embodiment of the invention. To begin processing, a traffic packet 2402 is sent by a base station 2450, via a wireless interface 2499, and received by a traffic management entity 2419 at the functional element 2460, via one of multiple ingress-interface ports 2471.

Alternatively, the traffic packet 2402 can enter the NPU 2463 directly. The ingress- interface ports 2471 being decided by a routing protocol of the traffic packet 2402 from the base station 2450 to determine which port to enter. Alternatively, example embodiments of the present invention may include other methods of determining port entrances. The traffic packet 2402 enters a network processing unit (NPU) 2463 via an NPU interface (not shown). The NPU 2463 may perform any number of functional operations, including, for example, determining routing information, manipulating data, processing control information, allocating packets, determining quality of service (QoS) parameters, or other commonly known or hereafter developed functions.

The NPU 2463 can forward the traffic packet 2402 to a network service processor (NSP) 2462 via a bus 2472, such as a traffic bus or PCI bus, or via a fabric 2465. The NSP 2462 may contain subscriber information or a subscriber database 2449; the NSP 2462 can maintain a deep packet inspection (DPI) engine 2466, or, alternatively, may be interconnected operably to a DPI engine located elsewhere in the same or external network node.

Following receipt of the DPI-learned information, the NPU 2463 can store the DPI-learned information in a memory 2435, which can be a ternary content addressable memory (TCAM) or other finite memory currently employed or hereafter developed. The NPU 2463 can dynamically create a hash table entry 2403, such as a 5 -tuple entry, in the memory 2435, which points to the DPI-learned information. The 5-tuple entry can include information regarding the traffic packet 2402, such as a source, destination, first port, second port, and protocol to be used. Further, the NPU 2463 may determine hardware resources, based on DPI-learned information, in real time. The NPU 2463 can use multicast messaging to scale network resources by employing the hash table entry 2403.

Following process completion of DPI, the NPU 2463 can forward the packets 2402 to an additional functional element (not shown) using the fabric 2465, or the NPU can transmit the processed packets to an element external to the functional element 2460 via any output-egress port 2479. The output-egress port 2479 can be determined based on the routing protocol of the traffic packet 2402 in the packet header or, for example, a protocol stored in the 5 -tuple entry of the memory 2435.

Alternative embodiments of the present invention may include a module or set of modules in the NSP 2462 that collect subscriber information that can include subscriber identifiers, subscriber QoS parameters, or additional subscriber information, any of which may be passed between or among the NPU 2463, NSP 2462, or CPU 2464 as a specialized packet (not shown). In further alternative embodiments, it is possible to collect information and assign resources because the NPU 2463 and NSP 2462 are operably interconnected. The NPU 2463 does not have to pre-program contexts (e.g. , policers, forwarding entries, QoS parameters, classifiers, etc.) such that the hardware resources are statically reserved. Such embodiments enable dynamic resource allocation upon detection of useful or needed resources based on deep packet inspection.

Additional embodiments of the invention include the DPI engine 2466 parsing the traffic packet 2402 in order to extract information regarding subscribers in the network, including such information as types of protocols used, channel data, codec rates, or other such properties that may support further adjustments to be made. When operating, the DPI engine 2466 uses the information extracted from the traffic packet 2402 in order to allocate and de-allocate resources used to support a call, such as a voice call, to be guaranteed or have high (or low) priority. The DPI engine 2466 can generate a mobile signal, establish bearer services, use the codec rates, assign local quality of service (QoS) resources, monitor a control channel for completion of a session, de-allocate resources, or perform additional operations currently employed or hereafter developed useful for DPI.

In an example embodiment of the present invention, the DPI engine 2466 can be operably connected to any of the NSP 2462, CPU 2464, fabric 2465, memory 2435, or NPU 2463, or other commonly known or hereafter developed hardware elements or network elements via a bus 2472. The bus 2472 can be, for example, a PCI bus or a traffic bus that can operate at traffic rates or multiples thereof. The DPI engine 2466 can parse multiple levels of the traffic packet, including Layers 4-7 as described below in reference to Fig. 30, in order to determine information about the traffic packet that would otherwise not be known from a simple review of the packet header (as is customary in the art). By mining the traffic packet 2402, the DPI engine 2466 learns information about a subscriber by associating the subscriber's profile with the traffic packet 2402, thereby allowing other devices of the network node to cause base stations involved in transmission of the packet 2402 to adjust bandwidth parameters, complete soft-handoffs between base stations, and monitor base station states for traffic management purposes in order to support traffic packets associated with the subscriber profile.

Further example embodiments of the present invention include modules that can identify classifiers (e.g., parameters) associated with a traffic packet 2402 to learn and associate with the packet or the subscriber's profile. The classifiers can be 5-tuple classifiers, for example, including a source Internet protocol (IP) address, destination IP address, source port, destination port, and protocol type. The 5-tuple classifiers can be employed in some embodiments to understand policy information and to create or manage QoS profiles in a dynamic manner, or some or all of which allow a subscriber-aware node or mobility management entity (MME) to adjust parameters (e.g. , QoS parameters) dynamically in a network by signaling a node in the network or transmitting a mobility management message to an element in the network.

In alternative example embodiments, QoS allows for resource reservation and control, such that embodiments of the present invention can provide different priorities to different elements of the network, including, for example, providing different services based on applications, subscribers, performance level, data flows, or other commonly known or hereafter developed elements requiring QoS specifications. QoS parameters can include, for example, delay, jitter, bit rate, guarantees, bandwidth, or other commonly employed or hereafter-developed parameters useful for QoS in a network.

In alternative example embodiments of the present invention, network resources or hardware resources can be provisioned, assigned, allocated, or deallocated. Resources can include, for example, NPU, CPU, or other hardware resources such as search capabilities, ternary content adjustable memory (TCAM), control functions, statistics, memory channels, fabric buffering memory, fabric backplane, or other commonly known or hereafter developed network resources.

FIG. 25 is a system diagram 2500 of a portion of a mobile network illustrating an example embodiment of the invention.

Example embodiments of the present invention may use information learned from deep packet inspection (DPI) 2568 in many network situations, such as during a soft-handoff between base stations 2540a-b or between other network elements. If a subscriber device 2550 enters a mobile network, such as the network 2300 in FIG. 23, the subscriber device 2550 can connect to a base station 2540a-b in order to connect to the network. The subscriber device 2550 may connect via a medium

2599, which can be a wireless medium such as air, and further connect from the base station A 2540a to a network gateway 2520, such as the gateways 2320b in FIG. 23. The gateway 2520 can connect to a home agent 2525 via an access network (as explained in reference to FIG. 23). In the system diagram 2500, if the subscriber device 2550 moves away from the base station A 2540a and closer to a different base station, such as the base station B 2540b, the subscriber's connection may have to be transferred to the base station B 2540b or another base station in range (not shown) in order to maintain access to the network or other reasoning currently known or hereafter-determined for changing access entrance to a network.

A soft-handoff 2598 can occur between the base station A 2540a and the base station B 2540b via a connection, such as a traffic bus 2572, or other known or future-developed logical or physical connection. For example, the subscriber device 2550 may be connected to the base station A 2540a with given parameters, such as a non-congested state parameter, but the subscriber device 2550 is moving into a congested area of the base station B 2540b. Employing example embodiments of the DPI (as described in FIG. 30) allows a base station to change parameters such that context transfer, between the base station A 2540a and the base station B 2540b, can be adjusted accordingly. In other embodiments of the present invention, DPI- learned information 2568 can be used with regard to a location of the base station when, for example, a state of affairs of quality of service (QoS) may change between base stations. The base station A 2540a can share the 5-tuple information, QoS policies, or parameter adjustments of parameter classifiers with the base station B 2540b during or before a soft handoff between the base station A 2540a and the base station B 2540b.

In alternative example embodiments, DPI can enable a base station to change service parameters of other subscriber devices accessing the base station based on location or congestion of the new base station. Additional embodiments may add queues, for example, advertisements, such that a database, for example near an authentication, authorization, and accounting (AAA) server as in FIG. 1 , can transmit a context-specific advertisement or other message during a soft-handoff transfer between base stations. Alternative example embodiments may include queues or databases for other location-specific information or adjust content based on physical location of the subscriber device using DPI-learned information.

In one example embodiment, using session initiation protocol (SIP) signaling, voice over Internet protocol (VoIP) traffic can be sent via a real-time transport protocol (RTP) stream in an RTP channel. VoIP information can be embedded in a control channel of the SIP. Employing DPI, embodiments of the present invention can access and review the embedded information or parameters and can signal a base station to use specific 5-tuple information discovered by extracting the DPI information from the VoIP traffic packet.

In an alternative embodiment, the DPI-learned information or classifiers can be transmitted to a base station from a mobility management entity or other network element commonly employed or hereafter-developed network-based mobility management entity.

FIG. 26 is a flow chart 2600a of an embodiment of the present invention illustrating functions involved in deep packet inspection (DPI). Performing DPI on a traffic packet at a network node (2675), such as the gateway 2320b of FIG. 23, in order to learn information from a header and a payload of the packet or other traffic, for instance, information located in the session layer (layer 5), the presentation layer (layer 6), or the application layer (layer 7). Following determination of DPI information, the network node, which can have access to modify other network elements or allocations on the network, performs signaling a node in the network to adjust resource parameters (2676), such as 5-tuple classifiers. The signaling (2676) can include delivering the resource parameter information, such as DPI-learned information, to a second node in the network during periods of network flux or determined need for a change in capacity. Alternative example embodiments of the present invention include signaling nodes in the network for requesting services from the mobile network or delivering services to the mobile network. In alternative embodiments, each node on the network may perform DPI on traffic received at the node and each node can be enabled to request or deliver services or service information to other nodes in the network.

FIG. 27 is a flow diagram 2700b illustrating an example embodiment of the present invention. After beginning, a deep packet inspection (DPI) module (as described below in Fig. 29) can perform DPI on a traffic packet in a network, such as the network 2300 in Fig. 23 (2675); performing DPI on the traffic packet in this example includes parsing the traffic packet for information contained in any of layers 1-7 (2777). Following DPI performance, the DPI engine can generate mobile signaling, for example, in one instantiation, within R6, Rl messages in WiMAX (2778). The DPI engine establishes bearer service for real-time transfer protocol (RTP) traffic or voice over Internet protocol (VoIP) traffic end-to-end (2779), such that traffic or signaling can be transmitted between different network interfaces. The DPI engine uses a codec rate to set up policers (2780) and assigns local QoS resources for the RTP traffic (2782).

The flow diagram 2700b further monitors a control channel, for example, monitoring a control channel using session initiation protocol (SIP), in order to determine or detect if multi-way calling is present (2782). In an example embodiment where multi-way calling is detected 2706, the DPI engine performs another cycle for each subscriber in the multi-way call. In another example embodiment, the control channel is monitored in order to detect a call completion signal; for example, a calling subscriber may terminate the call by turning off the device. Upon receiving a call completion signal, the flow diagram 2700b provides for end-to-end service parameters and transports (e.g., radio bearer and mobile device contexts) to be terminated and resources to be de-allocated (2783), some or all of which being continuously or intermittently repeated as necessary (2784).

Alternatively, in another example embodiment of the present invention, nodes in a network can be signaled, for example, by the DPI engine, to adjust the parameters at the signaled node (2676) or nodes which can be signaled to adjust base station bandwidth parameters (2785) dynamically. Alternatively, network nodes can be signaled or otherwise communicated with in methods commonly known or hereafter-developed, such that adjustments can be made (2786) as a function of a multitude of bases, including, for example, a location of the base station (2721), state of the base station (2722), congestion at the base station (2723), or other methods of adjusting parameters currently employed or hereafter-developed.

FIG. 28 is a diagram of an example embodiment of the present invention including a traffic channel 2800 supporting various communications protocols, simultaneously, individually, time division multiplexed, or combinations thereof. The communications protocols support traffic, including peer-to-peer traffic 2801, voice over Internet protocol (VoIP) traffic 2802, file transfer protocol (FTP) traffic 2803, or other protocol traffic 2804 available now or later developed. The traffic 2801-2804 can be supported by any embodiments of the inventions disclosed herein, such as those that employ deep packet inspection and related activities.

In alternative example embodiments, all features presented herein could be used for any application traffic, including VoIP traffic, Peer-to-Peer traffic, bit- torrent traffic, or any commonly employed or hereafter developed application traffic.

FIG. 29 is a block diagram 2900 of a network node 2999, such as the gateway 2320b of FIG. 23, illustrating aspects of an example embodiment of the invention. The block diagram 2900 can be a physical or logical representation and may exist, for example, in a line card at a node in a network, such as the example network 2300 of Fig. 23. According to the example embodiment of block diagram 2900, a deep packet inspection (DPI) module 2990 may include a DPI engine that can perform DPI on a packet or traffic in the network. The DPI module 2990 can pass information, such as a subscriber's available services 2955 and DPI-learned information 460, to a notification module 2995. The notification module 2995 may use the DPI-learned information 460 and the subscriber's available services 2955 to signal a node in the network to adjust resource parameters.

FIG. 30 is a diagram 3000 of an embodiment of the invention illustrating a traffic packet 3002 in an open systems interconnection (OSI) reference model. In the example embodiment of FIG. 30, deep packet inspection (DPI) can include a DPI engine, such as DPI engine 2466 of FIG. 24, or any network equipment configured for inspecting traffic and using information from within the packet, to perform or cause other network modules or nodes to perform functions in the network. Network functions can include, for example, quality of service (QoS), resource allocation, statistics, or other commonly known or hereafter-developed network functions. Internet protocol (IP) traffic packets may have a number of different headers, depending on the layers through which the packet has been transmitted; however, network elements need only use an IP address for normal network forwarding. DPI enables advanced packet examination reaching deeper layers of the packet beyond the header and IP address information. While DPI can be used to inspect all levels of a traffic packet, such as the physical, data link, or network layers, this type of inspection is normally termed shallow packet inspection. DPI can be used to view layers 4-7 of the IP data and provide a more detailed understanding of the type of traffic transported in a network.

In the example embodiment of diagram 3000, a traffic packet 3002 is illustrated using the OSI reference model, which is one type of model to view or divide a communications network into smaller categories, such as layers. Each layer of the OSI reference model can communicate with the layer directly above or directly below itself. Layer 1 (LI) is a physical layer 3011 ; the physical layer defines electrical or physical relationships between network elements and a medium for transmitting traffic. The medium can be any medium currently employed or hereafter developed for transmitting traffic in a communications network, for example, air, optical fibers, or copper cable. Layer 2 (L2) is a data link layer 3012; the data link layer 3012 transfers data between network elements using functions and procedures at that layer. Layer 3 (L3) is a network layer 3003; the network layer 3003 performs network routing functions and possible quality of service optimization requested at other network elements or packet layers. Layer 4 (L4) is a transport layer 3004; the transport layer 3004 enables end-user traffic transfer;

typical examples include transmission control protocol (TCP) or user datagram protocol (UDP). Layer 5 (L5) is a session layer 3005, which manages local and remote application connections in a network. Layer 6 (L6) is a presentation layer 3006 that provides correspondence between application layer entities that may have different semantics. Layer 7 (L7) is an application layer 3007. The application layer 3007 interacts with a software application that an end-user employs via a user interface of the software application.

In alternative example embodiments of the present invention, other reference models, such as a TCP/IP protocol stack reference model, may be used to understand or program deep packet inspection modules. Alternative embodiments may also maintain deep packet inspection modules at any location or network element in a communications network, such as the network 2300 in Fig. 23.

Turning to another example embodiment of the present invention, an embodiment can provide various technical advantages over conventional methods and apparatuses for allocating resource in a network node, such as allocating network processing unit resources dynamically in the fast path, without host central processing unit involvement and without statically holding-up resources. Some of these technical advantages are shown and described in the following description of the present invention with respect to the accompanying figures. Certain

embodiments of the present invention may enjoy some, all, or none of these advantages. Other technical advantages may be readily apparent to those skilled in the art from the accompanying figures or claims.

Sophisticated resource management employing a network processing unit

(NPU) can be challenging due to fixed and limited instruction set(s) of the NPU. In a typical NPU programming paradigm, a host central processing unit (CPU) has access to NPU resources; the CPU programs the NPU resources using a control channel within a network node. This model is suitable in cases in which contexts are relatively static and resources are available at all times. However, in the case of a large mobile network with interconnected networks, contexts are dynamic and each subscriber in the network can consume multiple hardware resources, such as statistics pointers, policers, forwarding entries, and the like. In many designs, any time new information is learned about the resources in real-time, the CPU must be involved in order to program these resources. However, as mobile services become a more active part of network services overall, CPU involvement became impractical due to high session rates; for example, 5-tuple flow information is learned at a rate of over 100K 5 -tuples per second.

One example embodiment of the present invention that leads to suitable resolution of resource allocation in mobile networks is through avoiding

programming individual resources attached to each subscriber. Alternatively, another example embodiment creates a pool or group of resources, divided into categories, for example, which can be shared dynamically when a flow or subscriber is active in the network.

Embodiments of the present invention include methods, network elements, and computer readable media products for assigning resources in a network node by dynamically allocating NPU resources in a fast path (i.e., data plane, as opposed to a control plane) without a host CPU and without a static hold on the NPU resources. An example embodiment of the present invention includes an apparatus, for example, a functional element, physical or logical, in a network node that includes a determination module to determine provisioning information in a data plane based on subscriber information that is available in the data plane, a performance module that looks-up data plane resources based on the subscriber information in order to determine a subscriber service, and an assignment module that assigns the data plane resources in the data plane to the subscriber services in that (or a different) network node.

FIG. 31 is a network diagram of a network 3100 illustrating aspects of an example embodiment of the invention. The network 3100 can be a network similar to the network 100 of FIG. 1, including the same or similar elements with the same or similar functions. The network 3100 can include additional example

embodiments of the present invention can include a subscriber-aware switch, such as switch 3119 in FIG. 31 , which directs traffic from a subscriber device 3150a-g to a specific line card where the subscriber's profile is maintained; for example, the subscriber-aware switch 31 19 can be configured to determine a subscriber profile or a subscriber identifier associated with the communications traffic 3102. The switch 3119 is a subscriber- aware switch and has knowledge of the subscriber's profile location or can determine the anchor line card 3160a, among the multiple line cards 3160a-f for a subscriber device. Conversely, previous switches are non-subscriber- aware switches, for example, such as a multiplexer switch 31 18, which merely switches traffic without awareness or knowledge of the traffic's destination.

In the example network 3100, the gateway 3120b contains at least one functional element, such as a line card 3160a, which supports traffic packets, or other traffic signals, at traffic rates; multiple line cards in a chassis 3160b-f can also be present.

The functional element 3160a (described in more detail below in reference to FIG. 32) receives the traffic 3102, from the downstream base station 3140f, and may perform network resource functions prior to transmitting the traffic 3102 to the home agent 3125 or final destination. The functional element 3160a can be an anchor line card, such that the anchor line card 3160a includes information about a subscriber in the network. For example, a subscriber 3150f may have a profile at the line card 3160a, which is thereby designated as the anchor line card from among other line cards 3160b-f because the subscriber's 3150f profile is located at that line card 3160a. However, any of the line cards 3160a-f at gateway 3120b can be designated as the anchor line card based on information such as the subscriber device or a subscriber identifier.

Example embodiments of the present invention provide for a network processing unit (NPU) 3163 to request information regarding a subscriber in the network 3100 from a network service processor (NSP) 3162. The NSP 3162, located in a data plane of the anchor line card 3160a, provides a "fast path" (i.e. , data plane, as opposed to a "slow path." i.e., control plane) look-up of subscriber information in the NSP 3162 subscriber database (not shown). The NSP 3162 may also provide the NPU 3163 with the subscriber information in a resource map (not shown) via a traffic rate bus. The traffic rate bus from the NSP 3162 to the NPU 3163 allows for high traffic rates without using a central processing unit (CPU) 3164, which is located in a control plane of the anchor line card 3160a and is connected to the NPU 3163 via a PCI bus. The PCI bus and the CPU 3164 are slow mechanisms of transfer and cause allocation of resources to be slow, accordingly, as compared to rates of data bus.

FIG. 32 is a system diagram 3200 of a functional element 3260a illustrating aspects of an example embodiments of the invention. The functional element 3260a can be designated as an anchor functional element (as illustrated in FIG. 31, 3160a); the anchor functional element 3260a can be, for example, a line card in a gateway (not shown). The functional element 3260a can include a network processing unit (NPU) 3263, which can be located on the data plane 3280 of the functional element 3260a. The NPU 3263 operating in the data plane 3280 can include, for example, a table 3245, quality of service (QoS) table 3233, or NPU interface 3276. The functional element 3260a can include further a central processing unit (CPU) 3264, which can operate at the control plane 3298. The functional element 3260a further can include a network service processor (NSP) 3262, which can operate in the data plane 3280. The NSP 3262 can include, for example, an NSP subscriber table 3244, assignment unit 3243, or resource map unit 3242. The NSP 3262 may be interconnected operably to a deep packet inspection (DPI) module 3269.

To begin processing, a traffic packet 3202 is sent by a base station 3250, via a wireless interface 3299, and received by a traffic management entity 3219, via any of a multitude of ingress-interface ports 3271. The ingress-interface ports 3271 being determined based on protocols in the traffic packet 3202 or alternatively, determined by a network management entity. The traffic packet 3202 enters the NPU 3263 via an NPU interface 3276; after examining the traffic packet 3202, the NPU 3263 may perform a look-up of provisioning information in a subscriber table 3244 based on subscriber information available in the data plane 3280.

If NPU 3263 cannot locate subscriber information, it can transmit the first traffic packet 3202 to the NSP 3262, which can look-up the subscriber information in an NSP subscriber database 3249. Following locating the subscriber information, the NSP 3262 can create or amend the resource map 3232, at a mapping unit 3242, including the located subscriber information in a resource map 3232 and assign data plane resources in an assignment unit 3243. Data plane resources can include policers, forwarding entries, QoS parameters 3233, subscriber information or profiles, or other data plane resources. The NSP 3262 returns the first packet 3202 to the NPU 3263 with the resource map 3232 in a fast-packet processing path 3272, such as a traffic rate bus or control channel; the fast-packet processing path 3272 can operate at traffic rates or multiples thereof. Following receipt of the first packet 3202 and resource map 3232 at the NPU 3263, the NPU 3263 can store the resource map in a memory 3235, which can be a ternary content addressable memory (TCAM), or other finite memory. The NPU 3263 can dynamically create a hash table entry 3203, such as a 5-tuple entry, in the memory 3235, which points to the resources allocated by the NSP 3262 to be used by the NPU 3263. The 5-tuple entry can include information, regarding the traffic packet 3202 that was returned from the NSP 3262 with the resource map 3232, such as a source, destination, first port, second port, and protocol to be used.

The NPU 3263 can process any subsequent packets, belonging to the first packet flow, based on the resource map 3232. In an embodiment where subsequent packets, belonging to the first packet flow of packet 3202, continue to arrive, the hash table entry 3203 does not age out of the memory 3235; the hash table entry 3203 can auto refresh. Further, the NPU 3263 may determine hardware resources based on packets received from the NSP 3262 in real time, as well as, scaling network resources using multicast messaging and using the hash table entry 3203.

During periods of idle activity at the NPU 3263, such as no packets entering the functional element 3260a, the NPU 3263 can notify the NSP 3262 with subscriber information and the resource map 3232, so that the NSP 3262 may age out flow information from a cache (not shown), allowing the resource map 3232 to be marked as free and open for another request. Following process completion of packets mapped to the same resources, the NPU 3263 can forward the packets 3202 to an additional functional element (not shown) using the fabric 3265 or the NPU 3263 can transmit the processed packets to an element external to the functional element 3260a via any output-egress port 3279. The output-egress port 3279 can be determined based on the routing protocol of the traffic packet 3202, for example, the protocol stored in the 5-tuple entry.

In alternative example embodiments, the aging process can be explicitly provided for via signaling protocols or other control methods. For example, in the situation of session initiation protocol (SIP), the SIP will generate a "bye" message that will signal a module, such as the NSP, to tear down resources. Further examples can include the NPU having an awareness of the signaling that is being toned down and using such information to signal another module, such as the NSP, to tear down its resources. In alternative situations the NPU may not recognize the idle period and can continue to send the control channel information to the NSP, the NSP can realize the session is completed and tear down resources.

In alternative example embodiments, additional methods of table learning can be used, such as, tree, array, radix tree, or other table entries commonly employed or hereafter developed.

Alternative embodiments of the present invention may include a module or set of modules in the NSP 3262 that collect subscriber information that can include subscriber identifiers, subscriber QoS parameters, DPI parameters, or additional subscriber information, any of which may be passed between or among the NPU 3263 and NSP 3262 as a specialized packet (not shown). In further alternative embodiments, it is possible to collect information and assign resources because the NPU 3263 and NSP 3262 are operably interconnected. The NPU 3263 does not have to pre-program contexts {e.g. , policers, forwarding entries, QoS parameters, classifiers, etc.) such that the hardware resources are statically reserved. Such embodiments enable dynamic resource allocation without involvement of a central processing unit (CPU) 3264.

In some example embodiments, QoS can allow for resource reservation and control or can provide different priorities to different elements of the network. QoS may include, for example, providing different services based on applications, subscribers, performance level, data flows, or other commonly known or here-after developed elements requiring QoS specifications. QoS parameters can include, for example, delay, jitter, bit rate, guarantees, bandwidth, or other commonly employed or hereafter-developed parameters pertaining to QoS in a network.

In alternative example embodiments of the present invention, network resources or hardware resources can include, for example, NPU, CPU, or other hardware resources such as search capabilities, TCAM, control functions, statistics, memory channels, fabric buffering memory, fabric backplane, or other commonly known or hereafter developed network resources.

Further example embodiments of the present invention may include the traffic packet 3202 sent from a second functional element (not shown) to the functional element 3260a via the fabric 3265 or the traffic packet 3202 may enter the NPU 3263 directly without entering a traffic management entity 3219. Alternative embodiments of the present invention can connect hardware components, for example, the CPU 3264, memory 3235, NPU 3263, NSP 3262, or additional components used in a line card, via component subsystems, such as PCI bus 3273, or other known or future developed methods for operably interconnecting hardware. Alternatively, example embodiments of the present invention can include any of the NPU, CPU, or NSP operating in the control plane of the functional element.

FIG. 33 is a flow chart 3300 of an embodiment of the present invention illustrating assigning resources in a network node, such as the gateway 3120b of FIG. 31.

In the example flow chart 3300, a determination is made as to the provisioning information available or existing in a data plane based on subscriber information available in the data plane (3380). Next, a look-up of data plane resources is performed to determine subscriber services based on the subscriber information available in the data plane (3381). Finally, the data plane resources are assigned to the subscriber services in the network node (3382).

FIG. 34 is a flow diagram 400 illustrating an embodiment of the present invention in which an assignment of data plane resources in a network node, such as the gateway 3120b of FIG. 31, is performed using a resource assignment procedure. The example embodiment is performed in reference to a network node having a configuration consistent with the example embodiment of FIG. 32. Other node configurations can result in a resource assignment procedure different from the example described in reference to the example of FIG. 34.

After beginning, the assignment procedure of FIG. 34 determines provisioning information in the data plane (3480), where the data plane includes a network processing unit (NPU). The NPU receives a first packet (3483) and performs a look-up of subscriber information at the NPU (3484). A determination is made as to whether the subscriber information exists at the NPU (3485); if subscriber information exists at the NPU, data resources for that subscriber are collected and the procedure ends. Alternatively, if no subscriber information exists at the NPU, the packet is transmitted to a network service processor (NSP) (3487), where the NSP is also in the data plane or can be logically or physically configured to operate with the data plane. Once the packet is transmitted to the NSP, the NSP performs a look-up of the subscriber information associated with or corresponding to the received traffic packet in an NSP database (3488). The NSP provides the subscriber information and assigns associated data plane resources, optimally in a form of a resource map, in a fast-packet-processing path (i. e. , in the data plane), to the NPU (3489). The NSP and transmits the traffic packet and associated resource map, including at least the data plane resources, to the NPU (3490). Once the traffic packet and resource map are received by the NPU, and upon receiving corresponding subsequent packets at the NPU (3491), the NPU can process the subsequent packets by employing the resource map (3492).

Following completion of processing the traffic flow or during intervals as may be determined by a network management entity, the NPU can determine if traffic activity is idle (3493). If traffic is not idle, the NPU can continue to receive corresponding subsequent packets (3491). However, if it is determined that traffic is idle, the NPU can notify the NSP of the idle status and include the currently known subscriber information and corresponding resource maps (3495). Alternatively, the NPU can notify the NSP of idle status without additional information. The NSP ages-out flow information from a cache (3496) and marks resources, such as the resource map, free for a next request for a look-up from the NPU (3497). A determination is made as to whether a packet not affiliated with subscriber information currently known by the NPU is received (3498); if such packet is identified, the procedure of the flow diagram 3400 begins again (3480).

FIG. 35 is a block diagram 3500 of a network node 3576 illustrating aspects of an example embodiment of the present invention. The block diagram 3500 can be a physical or logical representation and may exist, for example, in a line card at a gateway node in a network, such as the network 3100 of FIG. 31 , or distributed among multiple different physical or logical network elements. The example embodiment of the block diagram 3500 can include a determination module 3577, performance module 3578, and assignment module 3579 according to an example embodiment of the present invention. According to the example embodiment, the determination module 3577 determines provisioning information 3551 based on subscriber information 3552 available in a data plane and can pass that information to the performance module 3578. The performance module 3578 uses the subscriber information 3551 to perform a look-up of data plane resources 3553, which can be passed as information to the assignment module 3579. The assignment module 3579 assigns the data plane resources 3553 to subscriber services.

In alternative example embodiments, additional methods of table learning can be used, such as, tree, array, radix tree, hash table, 5 -tuple, or other table entries commonly employed or hereafter developed.

Further example embodiments of the present invention may include a non- transitory computer readable medium containing instructions that may be executed by a processor, and, when executed by the processor, cause the processor to monitor the information, such as status, of at least a first and second network element. It should be understood that elements of the block and flow diagrams described herein may be implemented in software, hardware, firmware, or other manifestation available in the future. In addition, the elements of the block and flow diagrams described herein may be combined or divided in any manner in software, hardware, or firmware. If implemented in software, the software may be written in any language that can support the example embodiments disclosed herein. The software may be stored in any form of computer readable medium, such as random access memory (RAM), read only memory (ROM), compact disk read only memory (CD- ROM), and so forth. In operation, a general purpose or application-specific processor loads and executes the software in a manner well understood in the art. It should be understood further that the block and flow diagrams may include more or fewer elements, be arranged or oriented differently, or be represented differently. It should be understood that implementation may dictate the block, flow, and/or network diagrams and the number of block and flow diagrams illustrating the execution of embodiments of the invention.

While this invention has been described according to each figure, the figures or features can be used or employed in any combination currently known or hereafter developed.

While this invention has been particularly shown and described with references to example embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention encompassed by the appended claims.

Embodiments of the present invention may include details described further in Applicants' pending U.S. patent application (Serial Number not yet assigned) being filed concurrently herewith, entitled "Method and Apparatus to Report

Resource Values in a Mobile Network" by Santosh Chandrachood and Henry Fung, which claims priority to Applicants' U.S. Provisional Patent Application No.

61/278,520, filed October 7, 2009, entitled "A Method and Apparatus to Read Large Hardware Counters in a Scalable Way" by Chandrachood et al; Applicants' pending U.S. patent application (Serial Number not yet assigned) being filed concurrently herewith, entitled "Method and Apparatus for Assigning Resources in a Network Node" by Santosh Chandrachood, which claims priority to Applicants' U.S.

Provisional Patent Application No. 61/278,486, filed October 7, 2009, entitled "A Method and Apparatus to Allocate Network Processing Unit Resources Dynamically in Fast Path Without Host CPU Involvement and Without Statically Holding Up Resources" by Chandrachood; Applicants' pending U.S. patent application (Serial Number not yet assigned) being filed concurrently herewith, entitled "Method and Apparatus for Efficient Resource Allocation of Quality of Service Profiles in Mobile Networks" by Santosh Chandrachood and Henry Fung, which claims priority to Applicants' U.S. Provisional Patent Application No. 61/278,505, filed October 7, 2009, entitled "A Method and Apparatus for Efficient Resource Allocation of Quality of Service Profiles in Mobile Networks" by Chandrachood et al;

Applicants' pending U.S. patent application (Serial Number not yet assigned) being filed concurrently herewith, entitled "Method and Apparatus to Support Deep Packet Inspection in a Mobile Network" by Santosh Chandrachood, Pawan Uberoy and Rehan Jalil, which claims priority to Applicants' U.S. Provisional Patent

Application No. 61/278,518, filed October 7, 2009, entitled "Method and Apparatus to Support Network-Initiated VoIP voice over IP telephony using deep packet inspection" by Chandrachood and Applicants' U.S. Provisional Patent Application No. 61/278,519, filed October 7, 2009, entitled "Method and Apparatus to Support Transfer of Context Generated Using Deep Packet Inspection Across Mobile Elements" by Chandrachood et al; Applicants' pending U.S. patent application (Serial Number not yet assigned) being filed concurrently herewith, entitled "Method and Apparatus for Switching Communications Traffic in a

Communications Network" by Santosh Chandrachood and Pawan Uberoy, which claims priority to Applicants' U.S. Provisional Patent Application No. 61/278,496, filed October 7, 2009, entitled "A Method and Apparatus for Subscriber Distribution and Load Balancing Using Mid-Plane Design in a Subscriber Aware Platform Such as ASN Gateway, GGSN, SGSN etc." by Chandrachood et ah, the entire teachings of all applications being incorporated herein by reference.

Claims

CLAIMS claimed is:

A method of supporting network communications traffic, the method comprising:

selecting a functional element among multiple functional elements to be designated an anchor functional element for a unique subscriber identifier, the multiple functional elements operably interconnected by a fabric and also operably interconnected by a subscriber-aware switch; and

switching communications traffic having traffic identifiers therein, using the subscriber-aware switch, to one of the multiple functional elements based on the traffic identifiers and corresponding associations with the unique subscriber identifier to support network communications traffic.

The method of Claim 1 further comprising maintaining a subscriber table of anchor functional elements on a per-subscriber identifier basis.

The method of Claim 1 wherein switching the communications traffic based on traffic identifiers further includes enabling traffic associated with a given subscriber identifier to traverse to the anchor functional element for the unique subscriber identifier.

The method of Claim 1 further comprising classifying, at the subscriber- aware switch, the communications traffic with at least one of multiple quality of service (QoS) classifiers and wherein switching the communications traffic further includes scheduling transmission of the corresponding communications traffic based on the QoS classifiers.

The method of Claim 1 further comprising classifying, at the subscriber-

aware switch, the communications traffic with at least one of multiple QoS classifiers and wherein switching the communications traffic, in an event of a failover, further includes redirecting the communications traffic in a subscriber-aware, fast-forwarding, routing manner.

The method of Claim 1 further comprising associating the unique subscriber identifier with the subscriber profile at one of the multiple functional elements, the functional elements containing the subscriber profile enabled to provide subscriber-related service parameters to the subscriber-aware switch.

The method of Claim 1 wherein the functional element is a line card in a chassis or physical or logical element distributed about a network.

The method of Claim 1 further including enabling the subscriber-aware switch to employ the subscriber table to map the subscriber identifier with the identity of the anchor functional element.

The method of Claim 1 wherein selecting the functional element includes load balancing, at the subscriber-aware switch, the communications traffic based on the subscriber table, wherein load balancing includes selecting a functional element to be the anchor functional element based on a parameter representative of its available capacity with respect to other functional elements.

The method of Claim 1 wherein:

selecting the functional element is done responsive to receiving a signaling packet or traffic packet having a subscriber identifier without an anchor functional element previously established; and, optionally

selecting the functional element includes forwarding a subscriber profile to the functional element designated to be the anchor functional element or instructing the anchor functional element to retrieve the subscriber profile. A network node in a communications network, the network node comprising:

a functional element, among multiple functional elements, designated an anchor functional element for a unique subscriber identifier;

a fabric operably interconnected to the multiple functional elements; a switch also operably interconnected to the multiple functional elements and configured to forward communications traffic to the anchor functional element based on a traffic identifier within the communications traffic and associated with the unique subscriber identifier to support network communications.

The network node of Claim 11 wherein the anchor function element is further configured to maintain, on a per-subscriber identifier basis, a subscriber table accessible to the subscriber-aware switch.

The network node of Claim 12 wherein the subscriber-aware switch is enabled to employ a subscriber table of anchor functional elements on a per- subscriber identifier basis.

The network node of Claim 11 wherein the subscriber-aware switch is configured to parse communications traffic packets to determine whether the packets include the unique subscriber identifier and further configured to switch the packets to the anchor functional element associated with the unique subscriber identifier.

The network node of Claim 11 wherein the subscriber-aware switch is still further configured to classify the communications traffic with at least one of multiple quality of service (QoS) classifiers and wherein the subscriber- aware switch is still further configured to schedule transmission of the communications traffic based on QoS classifiers.

16. The network node of Claim 1 1 wherein the subscriber-aware switch is still further configured to classify the communications traffic with at least one of multiple quality of QoS classifiers and wherein the subscriber- aware switch is still further configured to redirect communications traffic in a subscriber- aware, fast-forwarding, routed manner in an event of a failover.

17. The network node of Claim 16 wherein the multiple functional elements include forwarding entities, and wherein the switch includes a load balancing module configured to designate anchor functional elements in a load- balanced manner. 18. The network node of Claim 11 wherein functional elements containing the subscriber profile are enabled to provide subscriber-related service parameters to the subscriber-aware switch with the unique subscriber identifier being associated with the subscriber profile at the anchor or functional element. 19. The network node of Claim 11 further comprising a selection module

configured to designate a functional element as an anchor functional element responsive to receipt of a signaling packet or traffic packet having a subscriber identifier without an anchor functional element previously established for the subscriber identifier and wherein the selection module optionally is further configured to forward a subscriber profile to the functional element designated to be the anchor functional element or instruct the anchor functional element to retrieve the subscriber profile.

20. A computer program product including a computer readable medium having computer readable instructions to support communications traffic in a communications network, wherein the computer readable instructions when executed by a processor, cause the processor to:

select a functional element, among multiple functional elements, to be designated an anchor functional element for a unique subscriber identifier, the multiple functional elements operably interconnected by a fabric and also operably interconnected by a switch configured to switch the

communications traffic, the switch thus being a subscriber-aware switch; and switch the communications traffic using the subscriber-aware switch to the anchor or functional element based on a traffic identifier in the communications traffic and associated with the unique subscriber identifier to support network communications.

A method of switching communications traffic in a communications network, the method comprising:

parsing the communications traffic for a unique subscriber identifier; identifying an anchor functional element having a profile corresponding to the unique subscriber identifier; and

switching the communications traffic to the anchor functional element.

The method of Claim 21 further comprising maintaining a subscriber table of anchor functional elements on a per-subscriber identifier basis.

The method of Claim 21 wherein switching the communications traffic based on traffic identifiers further includes enabling communications traffic associated with the unique subscriber identifier to traverse the anchor functional element associated with the unique subscriber identifier.

The method of Claim 21 wherein switching the communications traffic further includes scheduling the communications traffic based on quality of service (QoS) classifiers.

25. The method of Claim 21 wherein switching the traffic, in an event of a

failover, further includes redirecting the communications traffic in a subscriber-aware, fast-forwarding, routing manner.

26. The method of Claim 21 wherein switching the communications traffic further includes load-balancing the communications traffic based on traffic- rate or non-traffic rate factors.

27. A communications switch in a communications network, comprising:

a parsing module to parse communications traffic for a unique subscriber identifier;

an identification module to identify an anchor functional element having a profile corresponding to the unique subscriber identifier; and

a forwarding module to forward the communications traffic to the anchor functional element.

28. The communications switch of Claim 27 wherein the identification module is further configured to determine a subscriber profile associated with the communications traffic, the switch thus being a subscriber-aware switch, the forwarding module further configured to forward the communications traffic as a function of the subscriber profile.

29. The communications switch of Claim 27 further comprising a memory

configured to maintain a subscriber table of anchor functional elements on a per-subscriber identifier basis.

30. The communications switch of Claim 27 wherein the forwarding module is further configured to schedule the communications traffic based on quality of service (QoS) classifiers.

31. The communications switch of Claim 27 wherein the forwarding module is configured to forward the communications traffic in a first direction, and wherein the forwarding module is further configured, in an event of a failover, to forward the communications traffic in a second direction in a subscriber-aware, fast-forwarding, routing manner. The communications switch of Claim 27 wherein the forwarding module is further configured to balance the load of the communications traffic based on traffic -rate or non-traffic rate factors.

A computer program product including a computer readable medium having computer readable instructions to switch communications traffic in a communications network, wherein the computer readable instructions, when executed by a processor, cause the processor to:

parse communications traffic for a unique subscriber identifier; identify an anchor functional element having a profile corresponding to the unique subscriber identifier; and

switch the communications traffic to the anchor functional element.

A method of enforcing service profiles in a mobile network, the method comprising:

comparing multiple service profiles based on multiple service parameters of the service profiles;

defining multiple service-profile identifiers with multiple service profiles having common service parameters;

grouping subscriber identifiers with the respective service-profile identifiers based on multiple service profiles; and

enforcing service profiles on a per-subscriber identifier basis as a function of the service profile identifiers.

35. The method of Claim 34 wherein multiple service parameters are quality of service (QoS) parameters and further comprising determining multiple service parameters by:

determining a service type of traffic associated with the service profile;

based on the service type, determining a rule to apply to the traffic; and

based on the rule, determining an action to apply to the traffic. The method of Claim 34 further comprising:

distributing a subscriber identifier Internet protocol address for a first subscriber identifier; and

for subsequent subscriber identifiers grouped to the same service- profile identifier, distributing the respective service-profile identifiers.

The method of Claim 34 further comprising, upon identifying a new subscriber identifier associated with a subscriber's device joining the mobile network, dynamically generating at least one of multiple service profiles having a service-profile identifier.

The method of Claim 37 further comprising:

detecting a subsequent subscriber identifier, other than a new subscriber identifier;

determining the subscriber identifier for at least one of multiple respective service-profile identifiers; and

assigning the subscriber identifier to service-profile identifiers, the service-profile identifiers containing subscriber identifiers having common service profiles.

The method of Claim 38 further comprising:

mapping service profiles within an enforcement device to at least one of the common service profiles; and

based on the mapping, enforcing at least one of the common service profiles.

40. The method of Claim 38 further including storing the service-profile

identifiers, each of the service-profile identifiers having a unique set of QoS classifiers.

41. The method of Claim 38 further including, following receipt of a packet, performing:

(i) a first look-up of the service-profile identifiers associated with a packet to launch a look-up of rules in a database;

(ii) a second look-up of the rules or service parameters to determine a service class identifier;

(iii) a third look-up of actual subscriber-identifier parameters on a per-subscriber identifier and per-service class identifier basis; and

(vi) mapping the unique QoS profile.

42. The method of Claim 41 further comprising determining enforcement

parameters for multiple service profiles in the mobile network as a function of the unique QoS profile of the subscriber identifier.

The method of Claim 34 further comprising performing a look-up based on the subscriber identifier to determine the service-profile identifier for the subscriber identifier, the service profile identifier matching multiple service parameters, the service parameters including functional effects including services, rules, or actions, or combinations thereof.

A network node in a mobile network for enforcing service profiles, the network node comprising:

an evaluation module configured to compare multiple service profiles based on multiple service parameters of multiple service profiles;

a characterization module configured to define multiple respective service-profile identifiers with multiple service profiles having common service parameters;

a collection module configured to group subscriber identifiers with the respective service-profile identifiers based on multiple service profiles; and an enforcement module configured to enforce service profiles on a per-subscriber-identifier basis as a function of the respective service-profile identifiers.

The network node of Claim 44 further comprising a classification module, accessible to a network processing unit (NPU), including a classification table containing at least multiple service parameters, the multiple service parameters being quality of service (QoS) parameters.

The network node of Claim 45 wherein the classification module is further configured:

to determine multiple service parameters as a function of a service type of traffic associated with the service profiles;

based on the service type, to determine a rule to apply to the traffic; and

based on the rule, to determine an action to apply to the traffic.

The network node of Claim 44 further comprising a determination module coupled to the collection module and configured to determine the subscriber identifier for a first traffic packet's wide-area-network (WAN) protocol address, and wherein for subsequent traffic packets having the same WAN protocol address, the determination module is configured to use the subscriber identifier determined for the first packet.

The network node of Claim 44 wherein the characterization module is further configured to generate a service-profile identifier in a dynamic manner following identifying a new subscriber is joining the mobile network.

The network node of Claim 44 wherein the characterization module further configured to: detect a subsequent subscriber identifier, other than a new subscriber identifier;

determine whether the subsequent subscriber identifier has service parameters in common with other subscriber identifiers; and

if so, assign the subsequent subscriber identifier to a service-profile identifier, the service-profile identifiers having common service parameters, if not, generate a service-profile identifier in a dynamic manner.

The network node of Claim 44 further comprising an enforcement device, accessible to a network processing unit (NPU), configured to map the service profiles.

The network node of Claim 44 further comprising a memory, accessible to a at least one of the evaluation module, characterization module, collection module, implementation module, and the memory configured to store the service-profile identifiers, each service-profile identifiers having a unique set of QoS classifiers.

The network node of Claim 51 wherein the memory is a ternary content addressable memory.

The network node of Claim 51 wherein, following receipt of a packet at a forwarding engine, the characterization module is still further configured to map a unique QoS profile by performing, in hardware:

a first look-up of the service-profile identifiers associated with a packet to launch a look-up of rules in a database;

a second look-up of the rules or service parameters to determine a service class identifier; and

a third look-up of actual subscriber-identifier parameters on a per- subscriber identifier and per-service class identifier basis. The network node of Claim 53 wherein the implementation module is further configured to determine:

enforcement parameters, for multiple service profiles, based on the unique QoS classifiers of the subscriber identifier; and

enforcing at least one of the common service profiles.

A computer program product including a computer readable medium having computer readable instructions to enforce service profiles in a mobile network, wherein the computer readable instructions when executed by a processor, cause the processor to:

compare multiple service profiles based on multiple service parameters of the service profiles;

determine multiple respective service-profile identifiers with multiple service profiles having common service parameters;

group subscriber identifiers with the service-profile identifiers based on multiple service profiles; and

enforce service profiles on a per-subscriber-identifier basis as a function of the service profile identifiers.

A method for reporting resource values in a mobile network, the method comprising:

notifying a resource manager of a buffer containing subscriber information;

filling the buffer with a resource pointer;

replacing the resource pointer in the buffer, with a corresponding resource value; and

reporting contents of the buffer.

57. The method of Claim 56 wherein reporting contents of the buffer includes transmitting the buffer or forwarding a pointer to the buffer to an external node. The method of Claim 56 wherein reporting includes copying the buffer into a traffic packet without modification.

The method of Claim 56 wherein at least one of the notifying, filling, replacing, or reporting is performed asynchronously relative to activities of the resource manager.

The method of Claim 56 wherein notifying the resource manager includes transferring the buffer to the resource manager or forwarding a pointer to the buffer to the resource manager.

The method of Claim 56 wherein filling the buffer includes filling the buffer with information representing subscribers, the subscribers' corresponding provisioned service, and corresponding counter values.

The method of Claim 56 wherein the notifying, filling, replacing, and reporting occurs at a data plane.

The method of Claim 56 wherein the notifying, filling, and replacing occurs at a data plane, and wherein the reporting occurs at a control plane.

The method of Claim 56 wherein the notifying and filling occur at a data plane, and wherein the replacing and reporting occur at a control plane.

The method of Claim 56 wherein the notifying occurs at a data plane, and wherein the filling, replacing, and reporting occur at a control plane.

66. The method of Claim 56 further comprising transmitting, to an acquiring application, at least one statistic relevant to at least one subscriber or set of subscribers, in a single transaction or flow of process invocation.

67. The method of Claim 56 wherein the resource pointer is a hardware resource pointer.

68. An apparatus for reporting resource values in a mobile network, the

apparatus comprising:

a notification module configured to notify a resource manager of a buffer containing subscriber information;

a buffer fill module configured to fill the buffer with a resource pointer;

a replacement module configured to replace the resource pointer with a corresponding resource value; and

a reporting module configured to report the buffer.

69. The apparatus of Claim 68 wherein the reporting module is further

configured to transmit the buffer or forward a pointer to the buffer to an external node.

70. The apparatus of Claim 68 wherein at least one of the notification module, buffer fill module, replacement module, or reporting module is configured to operate asynchronously relative to activities of the resource manager.

71. The apparatus of Claim 68 wherein the notification module is configured to transfer the buffer to the resource manager or to forward a pointer to the buffer to the resource manager.

72. The apparatus of Claim 68 wherein the reporting module is further

configured to report the buffer in a form of a traffic-packet.

73. The apparatus of Claim 68 wherein the buffer fill module is further

configured to fill the buffer with information representing indications of subscribers, the subscribers' corresponding provisioned service, and resource values corresponding to the services. The apparatus of Claim 68 wherein the notification module, buffer fill module, replacement module, and reporting module are configured to operate at a data plane.

The apparatus of Claim 68 wherein the notification module, buffer fill module, and replacement module are configured to operate at a data plane and the reporting module is configured to operate at a control plane.

The apparatus of Claim 68 wherein the notification module and buffer fill module are configured to operate at a data plane and the replacement module and reporting module are configured to operate at a control plane.

The apparatus of Claim 68 wherein the notification module is configured to operate at a data plane and the buffer fill module, replacement module, and reporting module are configured to operate at a control plane.

The apparatus of Claim 68 further comprising a transmission module, operably interconnected to the reporting module, configured to transmit, to an acquiring application, at least one statistic relevant to at least one subscriber or set of subscribers, in a single transaction or flow of process invocation.

A computer program product including a computer readable medium having computer readable instructions to report resource values in a mobile network, wherein the computer readable instructions when executed by a processor, cause the processor to:

notify a resource manager of a buffer containing subscriber information;

fill the buffer with a resource pointer;

in the buffer, replace the resource pointer with a corresponding resource value; and report the buffer.

80. A method for reporting resource values in a data plane of a mobile network, the method comprising:

filling a buffer in a data plane with information representing indications of subscribers, the subscribers' corresponding services, and resource values corresponding to the services; and

reporting the buffer via the data plane. 81. The method of Claim 80 wherein the resource values include accounting or billing records for subscribers or services.

82. The method of Claim 80 wherein the resource values are hardware counter values.

83. The method of Claim 80 wherein the information represents subscribers or subset of subscribers handled by a node in the mobile network.

84. The method of Claim 83 wherein the node is a mobile packet core gateway.

85. The method of Claim 83 wherein reporting the buffer includes transmitting the buffer to an external node.

The method of Claim 83 wherein reporting the buffer includes copying the buffer into a traffic packet without modifications.

The method of Claim 83 further comprising transmitting, to an acquiring application, at least one statistic relevant to at least one subscriber or set of subscribers, in a single transaction or flow of process.

88. An apparatus for reporting resource values in a data plane of a mobile

network, the apparatus comprising: a buffer fill module configured to fill a buffer with information representing subscribers, the subscribers' respective corresponding services, and corresponding resource values; and

a reporting module configured to report the buffer.

The apparatus of Claim 88 wherein the resource values, accessible to the loading module include the subscribers' respective corresponding services and accounting records for respective subscribers or billing records for the respective subscribers.

The apparatus of Claim 88 wherein the information represents subscribers or subset of subscribers handled by a node in a mobile packet core network.

91. The apparatus of Claim 88 wherein the node is a mobile packet core

gateway.

92. The apparatus of Claim 88 wherein the reporting module is configured to copy contents of the buffer to a traffic packet without modification and transmit the traffic packet to an external node.

93. The apparatus of Claim 88 wherein at least one of the buffer fill module or reporting module is further configured to perform asynchronously relative to activities of the resource manager. 94. The apparatus of Claim 88 wherein the reporting module is further

configured to to copy the buffer into a traffic packet without modification.

95. A computer program product including a computer readable medium having computer readable instructions to report resource values in a data plane of a mobile network, wherein the computer readable instructions when executed by a processor, cause the processor to: fill a buffer with information representing subscribers, the subscribers' respective corresponding services, and corresponding resource values; and

report the buffer.

A method for dynamically adjusting network resources, the method comprising:

performing deep packet inspection (DPI) on a packet in a network at a subscriber-aware network node, the node having access to modify network allocations using DPI information; and

notifying a node in the network to adjust resource parameters as a function of information learned by the DPI and services available to the subscriber.

The method of Claim 96 wherein performing the DPI further includes parsing the packet to extract subscriber information, application channel data, codec rates, or properties.

The method of Claim 97 wherein parsing the packet includes:

(i) generating mobile signaling;

(ii) establishing bearer services for application traffic end-to-end;

(iii) using codec rates to configure policers;

(iv) assigning local quality of service (QoS) resources for application traffic;

(v) monitoring a control channel and detecting multi-way calling, repeating (i)-(v) if multi-way calling detected; and

(vi) deallocating application resources following completion of the application session, including the end-to-end service parameters and transports in the mobile network.

99. The method of Claim 98 further comprising configuring the multi-way calls using parameters extracted for each of the calling parties.

100. The method of Claim 96 wherein notifying a node in the network includes causing a base station to adjust bandwidth parameters in a dynamic manner.

101. The method of Claim 100 further comprising adjusting the parameters as a function of a location of the base station, as a function of a state of the base station, or as a function of congestion of the base station during a soft- handoff.

The method of Claim 101 wherein, following completion of soft-handoff over mobility management messaging, incorporating classifiers associated with the packets into a context of the base station for immediate use, without additional information.

103. The method of Claim 96 wherein performing the DPI includes learning

classifiers associated with the packet, the classifiers being 5 -tuple classifiers, and further comprising associating corresponding policy information with payload-over-mobility management messaging.

104. The method of Claim 103 further comprising:

creating dynamic quality of service (QoS) profiles based on the classifiers; and

transmitting the dynamic QoS profiles and classifiers to a base station from a mobility management entity (MME).

105. The method of Claim 96 further including associating a subscriber profile, at the subscriber-aware node, with traffic in the network.

106. The method of Claim 96 wherein modifying network allocations at the

subscriber-aware network node further includes causing network elements end-to-end from source to destination, or a subset thereof, to adjust quality of service (QoS) parameters.

107. The method of Claim 96 wherein notifying a node in the network includes signaling a node in the network.

108. An apparatus for dynamically adjusting network resources in a network

node, the apparatus comprising:

a deep pack inspection (DPI) module configured to perform DPI, using a DPI engine, on a packet at a subscriber-aware network node in a network, the node having access to modify network allocations; and

a notification module configured to notify a node in the network to adjust resource parameters as a function of information learned using the DPI engine and services available to the subscriber.

109. The apparatus of Claim 108 wherein the DPI engine is further configured to parse the packet to extract subscriber information, application channel data, codec rates, or properties. 110. The apparatus of Claim 109 wherein the DPI engine is further configured to:

(i) generate mobile signaling;

(ii) establish bearer services for application traffic end-to-end;

(iii) use codec rates to configure policers;

(iv) assign local quality of service (QoS) resources for application traffic;

(v) monitor a control channel and detecting multi-way calling, repeating

(i)-(v) if multi-way calling is detected; and

(vi) deallocate application resources following completion of the application session, including the end-to-end service parameters and transports in the mobile network.

111. The apparatus of Claim 110 further including an apparatus element, such as DPI module configured to use parameters extracted for calling parties in the multi-way calling. 112. The apparatus of Claim 108 wherein the notification module is further

configured to cause a base station to adjust bandwidth parameters in a dynamic manner.

1 13. The apparatus of Claim 112 further including an apparatus element, such as DPI module configured to adjust the parameters as a function of a location of the base station, as a function of a state of the base station, or as a function of congestion of the base station during a soft-handoff.

114. The apparatus of Claim 113 wherein, following completion of a soft-handoff over mobility management messaging, the notification module is further configured to incorporate classifiers associated with the packets into a context of the base station for immediate use, without additional information.

115. The apparatus of Claim 108 wherein the DPI module includes classifiers associated with the packet, the classifiers being 5 -tuple classifiers, and further configured to associate corresponding policy information with payload-over-mobility management messaging.

1 16. The apparatus of Claim 115 further including an apparatus element, such as DPI module configured:

to create quality of service (QoS) profiles based on the classifiers; and

to transmit the dynamic QoS profiles and classifiers to a base station from a mobility management entity (MME).

117. The apparatus of Claim 108 further including an apparatus element, such as a DPI module configured to associate a subscriber profile with traffic in the network at the subscriber-aware node. 118. The apparatus of Claim 108 wherein the DPI module is further configured to cause network elements end-to-end from source to destination, or a subset thereof, to adjust quality of service (QoS) parameters.

119. The method of Claim 108 wherein the notification module is further

configured to signal a node in the network.

A computer program product including a computer readable medium having computer readable instructions to dynamically adjust network resources in a network node, wherein the computer readable instructions when executed by a processor, cause the processor to:

perform deep packet inspection (DPI), using a DPI engine, on a packet in a network at a subscriber-aware network node, the node having access to modify network allocations; and

notify a node in the network to adjust resource parameters as a function of information learned using the DPI engine and services available to the subscriber.

A method for assigning resources in a network node, the method comprising: determining provisioning information in a data plane as a function of subscriber information available in the data plane;

performing a look-up of data plane resources in the data plane as a function of the subscriber information to determine subscriber services; and assigning the data plane resources in the data plane to the subscriber services in the network node.

122. The method of Claim 121 wherein the determining, performing, and assigning are performed dynamically based on traffic received in the data plane. 123. The method of Claim 121 further comprising:

(i) following receipt of a first packet at a network processing unit (NPU), performing the look-up in the NPU;

(ii) looking-up the subscriber information and collecting data resources in the NPU;

(iii) if no subscriber information is found, transmitting the first packet to a network service processor (NSP);

(iv) performing, at the NSP, a look-up of the subscriber information in a NSP database and, by the NSP, assigning the data plane resources in a fast-packet processing path to the NPU;

(v) feeding-back the first packet with a resource map from the NSP to the NPU;

(vi) processing subsequent packets at the NPU employing the resource map received;

(vii) during idle activity, notifying the NSP with subscriber information and resource map and aging out flow information from a cache;

(viii) marking the resource map free for a next request; and

(ix) repeating (i)-(viii) for each new packet.

124. The method of Claim 123 further comprising employing specialized packets from the NSP to the NPU to forward subscriber information.

125. The method of Claim 121 further comprising determining in real-time

network processing unit (NPU) resources at the NPU based on packets received from a network service processor (NSP), the NPU being

interconnected operably to the NSP.

126. The method of Claim 125 further comprising scaling resources, at the NPU, using multicast messaging.

127. The method of Claim 125 further comprising using a hash table entry with 5- tuple resources in the NPU.

128. The method of Claim 125 wherein the NPU includes a packetized interface.

129. The method of Claim 121 further comprising:

collecting subscriber identifiers;

collecting subscriber quality of service (QoS) parameters; and honoring deep packet inspection parameters based on at least a subset of the subscriber identifiers and QoS parameters. 130. The method of Claim 121 wherein counting resources in the data plane

includes static and dynamic resource counting.

131. An apparatus for assigning resources in a network node, the apparatus

comprising:

a determination module configured to determine provisioning information in a data plane as a function subscriber information available in the data plane;

a performance module configured to perform a look-up of data plane resources in the data plane as a function of the subscriber information to determine subscriber services; and

an assignment module configured to assign the data plane resources in the data plane to the subscriber services in the network node.

132. The apparatus of Claim 131 wherein the determination module, performance module, and assignment module are configured to operate dynamically based on traffic received in the data plane.

133. The apparatus of Claim 131 further including:

a network processing unit (NPU) configured to:

(i) perform a look-up function following receipt of a packet;

(ii) look-up subscriber information and collect data resources in the NPU;

(iii) if no subscriber information is found, transmit a first packet to a network service processor (NSP), the NSP configured to perform a look-up of the subscriber information in a NSP database and assign the data plane resources in a fast-packet processing path to the NPU;

(iv) receive the first packet with a resource map from the NSP;

(v) process subsequent packets employing the resource map received;

(vi) notify the NSP, during idle activity, with subscriber information and resource map and configured to age out flow information from a cache, where the resource map is marked free for a next request; and

wherein:

(vii) the NPU and NSP are configured to operate on each new packet, s

134. The apparatus of Claim 131 wherein a network processing unit (NPU) is configured to determine in real-time NPU resources at the NPU based on packets received from a network service processor (NSP).

135. The apparatus of Claim 134 wherein the NPU is further configured to scale resources using multicast messaging.

136. The apparatus of Claim 134 wherein the NPU is further configured to use a hash table entry with 5-tuple resources.

137. The apparatus of Claim 134 wherein the NSP and the NPU are further

configured to employ specialized packets there between.

The apparatus of Claim 131 further comprising: a collection module coupled to the assignment module and configured to collect subscriber identifiers and subscriber quality of service (QoS) parameters; and

a deep packet inspection module configured to honor deep packet inspection parameters based on at least a subset of the subscriber identifiers and QoS parameters.

139. The apparatus of Claim 131 comprising at least one of a static resource

counter and a dynamic resource counter.

140. A computer program product including a computer readable medium having computer readable instructions stored thereon, wherein the computer readable instructions when executed by a processor, cause the processor to: determine provisioning information in a data plane as a function of subscriber information available in the data plane;

perform a look-up of data plane resources in the data plane as a function of the subscriber information; and

assign the data plane resources in the data plane to the subscriber services in the network node.