(12) United States Patent
`Malkin
`
`USOO6247054B1
`(10) Patent No.:
`US 6,247,054 B1
`(45) Date of Patent:
`*Jun. 12, 2001
`
`(54) METHOD AND APPARATUS FOR
`REDIRECTING PACKETS USING
`ENCAPSULATION
`
`(75) Inventor: Gary Malkin, Lowell, MA (US)
`
`(*) Notice:
`
`(73) Assignee: Nortel Networks Limited, Montreal
`(CA)
`This patent issued on a continued pros-
`ecution application filed under 37 CFR
`1.53(d), and is subject to the twenty year
`patent term provisions of 35 U.S.C.
`154(a)(2).
`
`0
`-
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.: 08/822,848
`(22) Filed:
`Mar. 24, 1997
`(51) Int. Cl." ........................... G06F 15/173; G06F 15/16
`(52) U.S. Cl. ............................................. 709,225. 709/219
`(58) Field of Search ......................... 395/20031, 20032,
`395/200.33, 200.36, 200.49, 200.55, 200.56;
`709201 2O2 s 2O3 206 219 225 226
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`6/1995 Chinnock et al. ................... 340/827
`1/1998 Tabuki ............................ 395/187.01
`
`5,426,427
`5,706,427
`
`5,708,780 * 1/1998 Levergood et al. ............ 395/200. 12
`5,764,890 * 6/1998 Glasser et al. ......
`... 395/188.01
`5,774,660 * 6/1998 Brendel et al. ..
`... 395/200.31
`5,781,550 * 7/1998 Templin et al. ..................... 370/401
`5,812,776
`9/1998 Gifford ............................ 395/200.47
`
`
`
`sk -
`
`cited by examiner
`Primary Examiner-Glenton B. Burgess
`ASSistant Examiner Kenneth W. Fields
`(74) Attorney, Agent, or Firm-Blakely Sokoloff Taylor &
`Zafman LLP
`ABSTRACT
`(57)
`A method and apparatus for redirecting packets using encap
`Sulation techniques. In one embodiment, an Internet Sub
`Scriber transmits an Internet Service request to a Network
`Access Server (NAS). The service request is transmitted in
`a first packet. The NAS analyzes the first packet to determine
`whether the Service request exceeds the Subscriber's internet
`Subscription. If the request exceeds the Subscriber's
`Subscription, the NAS encapsulates the first packet into a
`Second packet and redirects the Second to a redirection
`server. The packet is encapsulated to preserve the address of
`the original destination of the Service request. Upon receipt,
`the redirection Server generates a reply to the internet Service
`request which specifies why the Service request was denied.
`The redirection server also Substitutes the address of the
`original destination as the Source of the reply message to
`allow the reply message to be received as reply from the
`original destination.
`
`46 Claims, 3 Drawing Sheets
`
`
`
`
`
`
`
`
`
`
`
`ISP.NETWORK-16
`
`SET OF INSTRUCTIONS
`FOR ENCAPSULATING AND
`REDIRECTING PACKETS
`TO AREDIRECTION SERVER
`-18
`
`PROCESSOR
`
`
`
`
`
`
`
`SUBSCRIBERS
`COMPUTER
`SYSTEM
`-10
`
`REDIRECTION
`SERVER
`-14
`
`Panasonic-1006
`Page 1 of 10
`
`

`

`U.S. Patent
`U.S. Patent
`
`Jun. 12, 2001
`
`Sheet 1 of 3
`
`US 6,247,054 B1
`US 6,247,054 B1
`
`
`
`NOLLDFUICIY
`
`YaNdaS
`
`-Pi-
`
` YOSSIIOUd
`
`-8[-
`
`
`
`-9T-NYOMLINdSI
`
`SNOHINYLSNI4O14S
`
`
`
`GNVDNILVINSdVINAHOF
`
`SLAINDdONLIFGIGIY
`
`
`
`YINYISNOLLIFUIGIYOL
`
`
`
`
`
`
`
`
`
`
`
`S,YFGIYISENS
`
`YAlNdWO?
`
`WHILSAS
`
`=0T-
`
`PO
`
`Panasonic-1006
`Page 2 of 10
`
`Panasonic-1006
`Page 2 of 10
`
`
`
`
`
`

`

`U.S. Patent
`
`Jun. 12, 2001
`
`Sheet 2 of 3
`
`US 6,247,054 B1
`
`F.IG, 2
`
`
`
`
`
`YES
`
`
`
`FORWARDSUBSCRIBERS PACKET
`TO INTENDED DESTINATION
`-206
`
`SUBSCRIBER
`DIALS INTO WAS
`-202
`
`
`
`
`
`IS REQUEST
`SERVICEFA/AILABLE
`TO THE SUBSCRIBER2
`-204
`
`NO
`
`
`
`ENCAPSULATESUBSCRIBERS
`PACKETAND REDIRECT
`TO REDIRECTSERVER
`-208
`
`REDIRECTSERVER DECAASULATES
`THE SUBSCRIBERSACKET
`-210
`
`REDIRECTSERVER GENERATES
`APPROPRIATEAPPLICATION REPLY
`-212
`
`APPLICATION REPLYSEWTTO
`SUBSCRIBER WITH REPLY
`HAVING SUBSCRIBERS ORIGINAL
`DESTINATIONAS THE SOURCE
`OF THE REPLY
`-214
`
`Panasonic-1006
`Page 3 of 10
`
`

`

`U.S. Patent
`
`Jun. 12, 2001
`
`Sheet 3 of 3
`
`US 6,247,054 B1
`
`
`
`d'I
`
`Panasonic-1006
`Page 4 of 10
`
`

`

`
`
`US 6,247,054 Bl
`
`1
`
`METHOD AND APPARATUS FOR
`
`REDIRECTING PACKETS USING
`ENCAPSULATION
`
`2
`DETAILED DESCRIPTION
`
`A method and apparatus are described for redirecting
`
`
`
`
`
`
`application packets using encapsulation techniques. In the
`
`
`
`
`
`
`following description, numerous specific details are set forth
`FIELD OF THE INVENTION
`5
`
`
`
`in order to provide a thorough understanding of the present
`
`
`
`
`invention. It will be apparent, however, to one of ordinary
`The present invention relates to computer networking
`
`
`
`
`
`
`
`skill in the art that the present invention may be practiced
`
`
`
`
`systems, and in particular, the invention relates to redirecting
`
`
`
`
`without these specific details. In other instances, well-known
`
`packets using encapsulation.
`standards,
`
`
`structures, and techniques have not been shown in
`10
`BACKGROUND OF THE INVENTION
`
`
`
`order not to unnecessarily obscure the present invention.
`
`
`
`As discussed above, in the prior art background section,
`Many Internet Service Providers (ISPs) offer multiple
`
`
`
`
`
`
`there is a need to provide computer users/ISP subscribers
`
`
`
`levels of service, charging a different fee for each service
`
`
`
`
`with a more informative message explaining why they are
`
`
`
`
`level. For example, a subscriber of an ISP may subscribe to
`
`
`
`Internet service. One15 unable to receive their requested
`
`
`
`e-mail only, connection access (i.e., Telnet and FTP), or full
`
`
`
`approach is to return an appropriate application level mes­
`
`
`access which would allow access to the World Wide Web
`
`
`
`sage to the subscriber specifying in more detail why the
`(WWW).
`
`
`
`
`service is unavailable to the subscriber. For example, the
`Typically, the ISPs are configu red so that a subscriber
`
`
`
`
`
`application message could indicate to the subscriber that
`
`
`
`cannot use a service which is not included in the subscriber's
`
`
`20 they are attempting to access the WWW, but their subscrip­
`
`
`
`subscription. The Network Access Servers (NAS), which
`
`
`
`tion to the ISP does not include access to the WWW.
`
`
`
`
`provide point-of-presence dial-in access for the ISPs, may
`
`
`In order to return such a message, the NAS 12 of the
`
`
`provide filtering to prohibit a subscriber from accessing
`
`
`
`present invention, as shown in FIG. 1, is configured to detect
`
`
`services not included in the subscriber's subscription. When
`
`
`
`
`when a service request exceeds a computer operator's sub­
`
`
`a NAS detects a subscriber attempting to exceed their
`
`
`scription. In such a case, the NAS 12 may redirect the
`
`
`
`
`
`allowed service level, the NAS typically discards the sub-25
`
`
`
`
`subscriber's request (in the form of a packet) to a Redirec-
`
`
`
`
`
`scriber's packet (which contains a request for the service),
`
`
`
`tion Server 14 included the ISP network 16. The Redirection
`
`
`
`
`and returns a simple "cannot connect" type message to the
`
`
`
`
`Server will respond to the packet by generating and sending
`subscriber.
`
`
`
`an appropriate application level reply message to the sub-
`
`
`
`As a result, the subscriber is uninformed as to why they
`
`
`
`30 scriber indicating why the request has been denied.
`
`
`
`
`
`are unable to connect or receive their requested service. As
`
`
`
`
`The message from the Redirection Server will be sent as
`
`
`
`such, it would be desirable to return an appropriate appli­
`
`a "reply" to the subscriber's original service request. The
`
`
`
`cation level message to the subscriber providing a more
`
`
`
`subscriber's computer system, however, will typically
`
`
`
`
`
`detailed explanation why the requested service is unavail­
`
`
`
`
`expect the reply message to have been sent from the original
`
`able to the subscriber.
`
`
`
`
`
`
`35 destination of the subscriber's original service request ( e.g.,
`a WWW site).
`SUMMARY OF THE INVENTION
`The reply message from the redirection server will be
`
`
`
`The present invention provides a method and apparatus
`
`
`
`
`
`
`
`transferred via packets. The packets typically include data
`
`
`
`
`for redirecting packets using encapsulation techniques. In
`
`
`
`
`
`and a header. The header typically specifies the source of the
`
`
`
`one embodiment, an Internet subscriber transmits an Internet
`
`
`
`
`
`40 packet (i.e., the redirection server) and the destination of the
`
`
`
`service request to a Network Access Server (NAS). The
`
`
`packet (i.e., the subscriber's computer).
`
`
`
`
`service request is transmitted in a first packet. The NAS
`
`
`
`
`When the subscriber's computer system receives the reply
`
`
`
`analyzes the first packet to determine whether the service
`
`
`
`
`message from the Redirection Server, their computer will
`
`
`
`
`request exceeds the subscriber's internet subscription. If the
`
`
`
`
`typically execute an algorithm to check the integrity of the
`
`
`
`request exceeds the subscriber's subscription, the NAS
`45
`
`
`
`
`data in the reply message to determine whether some of the
`
`
`encapsulates the first packet into a second packet and
`
`
`
`data may have been lost while being transmitted. The
`
`
`
`redirects the second to a redirection server. The packet is
`
`
`
`algorithm is commonly referred to as a checksum.
`
`
`
`encapsulated to preserve the address of the original desti­
`
`
`
`The checksum will typically analyze the source and
`
`
`
`nation of the service request.
`
`
`
`in the header of the packets. 50 destination addresses provided
`
`
`
`
`Upon receipt, the redirection server generates a reply to
`
`
`Considering the reply packets sent from the redirection
`
`
`
`
`the internet service request which specifies why the service
`
`
`
`
`server are being sent as a reply to the subscriber's original
`
`
`
`
`request was denied. The redirection server also substitutes
`
`
`
`
`service request, the checksum performed by subscriber's
`
`
`
`
`
`the address of the original destination as the source of the
`
`
`
`
`
`computer system will expect the source address of the reply
`
`
`
`reply message to allow the reply message to be received as
`
`
`
`
`packet to match the destination address of the subscriber's
`reply from the original destination.
`55
`
`
`original service request.
`
`
`
`As a result, the reply message from the redirection server
`
`
`
`will most likely fail the checksum because it has been sent
`The present invention is illustrated by way of example
`
`
`
`
`
`
`
`from the redirection server, rather than being sent from the
`
`
`
`and not limitation in the figures of the accompanying
`
`
`
`
`
`60 destination of the original service request. Therefore, the
`
`drawings, and in which:
`
`
`
`subscriber's computer system will assume the data of the
`FIG. 1 illustrates a network configuration implementing
`
`
`
`
`
`
`
`
`
`reply message is faulty and dispose of the reply message. As
`
`
`one embodiment of the present invention.
`
`
`
`
`a result, the subscriber will not receive the message explain­
`
`
`
`ing why the original service request was denied.
`
`
`
`
`FIG. 2 illustrates a flow diagram describing the steps of
`
`the invention according to one embodiment.
`
`
`65 One solution to the problem is to have the Redirection
`
`
`
`Server perform a "spoofing" technique. Using the spoofing
`
`
`
`FIG. 3 illustrates an encapsulation technique performed
`
`
`
`technique, the Redirection Server will substitute the desti-
`
`
`
`according to one embodiment of the present invention.
`
`
`
`B RIEF DESCRIPTION OF THE D RAWINGS
`
`Panasonic-1006
`Page 5 of 10
`
`

`

`3
`nation address of the Subscriber's original Service request in
`place of the Redirection Server's address as the source
`address in the header of the reply message. AS Such, the
`reply message from the redirection Server will pass the
`checksum, as it would if it were a reply message from the
`destination of the Subscriber's original Service request.
`However, another problem still remains. That is, when the
`NAS initially redirects the original service request to the
`Redirection Server, the destination address of the Subscrib
`er's original Service request is typically lost. That is, in order
`to redirect the Subscriber's request packets to the redirection
`Server, the NAS will typically remove the data message (i.e.,
`the request) from the Subscriber's packet and place it in a
`new packet to be sent to the Redirection Server.
`AS a result, the packet Sent to the redirection Server will
`have the NAS’s address as the Source address and the
`redirection Server's address as the destination address. The
`destination address of the Subscriber's original Service
`request will not be included in the new packet. The Redi
`rection Server, therefore, will not be able to perform the
`Spoofing technique as described above.
`The present invention, however, enables the NAS to
`redirect packets received from the Subscriber's computer
`System while keeping the destination address of the Sub
`Scriber's original Service request in tact. As a result, the
`Redirection Server is able to successfully perform the spoof
`ing technique described above. That is, the Redirection
`Server is able to Send a reply message to the Subscriber and
`have the messages pass the Subscriber's checksum as if the
`reply messages were Sent from the destination of the Sub
`Scriber's original Service request.
`More Specifically, in one embodiment of the present
`invention, if the Subscriber is found to be attempting to
`exceed their allowed ISP Services, their packets are “encap
`Sulated within new packet and the new packet is sent to the
`Redirection Server. As a result, the destination address of the
`Subscriber's original packet is preserved for the Redirection
`Server to use when performing the spoofing technique. In
`alternative embodiments, the Internet Service request can be
`redirected by the NAS for additional reasons, without
`departing from the Scope of the invention.
`FIG. 2 describes the Steps performed to encapsulate
`packets received from a Subscriber's computer System,
`according to one embodiment of the present invention. In
`step 202, a subscriber dials into a port of an ISP's local
`point-of-presence access Server, otherwise referred to as a
`NAS, to gain access to the ISP. When a computer system is
`connected to a network it is commonly referred to as a node.
`After the Subscriber has dialed into the NAS, the Sub
`scriber's node and the NAS will establish a serial
`connection, typically via a point-to point protocol (PPP).
`During an authentication phase of the PPP, the subscriber
`will typically provide the NAS with a user name. The NAS,
`in response, will forward the user name onto an authenti
`cation Server. The authentication Server, in response, will
`inform the NAS which Internet services are available to the
`respective Subscriber.
`After the connection between the Subscriber's node and
`the NAS has been established, the Subscriber may transmit
`an Internet Service request. For example, the Subscriber may
`attempt to access the WWW. As discussed above, the service
`request will be sent to the NAS via a packet of information.
`In the case of the Internet Transmission Control Protocol/
`Internet Protocol (TCP/IP) Suite, the packets are provided in
`an IP format.
`In step 204, the NAS examines the packet received from
`the subscriber to determine if the Subscriber is attempting to
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,247,054 B1
`
`4
`access an Internet Service that may not be allowed per the
`subscriber's ISP subscription. In one embodiment, the NAS
`may examine the destination port provided in the transport
`layer of the packet. The transport layer is the fourth of seven
`layer in the International Organization for Standardization's
`Open Systems Interconnection (OSI) model for standardiz
`ing computer-to-computer communications.
`The destination port of the transport layer may indirectly
`indicate to the NAS what the type of service the subscriber
`is attempting to access. The NAS can compare the Service
`request by the subscriber with the services that are available
`to the Subscriber, as indicated by the authentication Server
`during the authentication phase of the PPP.
`If the service is available to the subscriber, in step 206 the
`NAS will forward the packets to their respective destina
`tions. On the other hand, if the service is not available to the
`user, in step 208 the packet received from the Subscriber is
`encapsulated in a new packet by the NAS and is forwarded
`to the Redirection Server.
`FIG. 3 illustrates encapsulation, according to one embodi
`ment of the present invention. For example, the request
`packet 310 sent by the subscriber's node, may include user
`data 312, a transport header 314 (which typically includes a
`destination port number (DPN) which indicates the
`requested service), and an IP header 316 (which is the
`network address of the packets destination).
`The encapsulated packet 320 generated by the NAS, will
`include a new transport header 324 and an IP header 326
`added onto the request packet 310. AS a result, the original
`transport header 314 and IP header 316 will be subsumed
`into the user data layer of the encapsulated packet.
`Moreover, the added transport header 324 and the IP header
`326 will both direct the encapsulated packet to the redirec
`tion Server. Alternative encapsulation techniques may be
`used by the NAS, without departing from the scope of the
`invention, provided the destination address of the original
`Service request is preserved.
`By redirecting the Subscriber's packet via encapsulation,
`the destination address of the Subscriber's Service request is
`preserved. As such, the Redirection Server is able to use the
`destination address of the original Service request when
`performing the Spoofing technique as described above.
`Upon receipt of the encapsulated packet from the NAS, in
`Step 210, the Redirection Server decapsulates the encapsu
`lated packet. In Step 212, the Redirection Server analyzes the
`Subscriber's packet and creates an appropriate application
`response, which more Specifically indicates to the Subscriber
`why their Internet Service request is being denied. In Step
`214, the reply message is placed in a reply packet to be
`returned to the Subscriber.
`In particular, the reply packet uses the destination address
`of the Subscriber's original request packet 310 as the Source
`address of the reply packet. As a result, the reply packet Sent
`to the Subscriber's node will pass the checksum as a reply
`message from the destination of the Subscriber's original
`Internet Service request.
`In step 216, the reply packet is sent from the Redirection
`Server to the NAS, which forwards the reply packet to the
`subscriber's node. In step 218, the subscriber's computer
`System receives the reply packet. After performing a check
`Sum on the reply packet, the Subscriber's computer System
`displays the message generated by the Redirection Server,
`thereby presenting a more informative message explaining
`why the Subscriber's Internet Service request is denied.
`In alternative embodiments, the present invention may be
`applicable to implementations of the invention in integrated
`
`Panasonic-1006
`Page 6 of 10
`
`

`

`S
`circuits or chip Sets, wireleSS implementations, Switching
`Systems products and transmission Systems products. For
`purposes of this application, the terms Switching Systems
`products shall be taken to mean private branch exchange
`(PBXs), central office switching systems that interconnect
`Subscribers, toll/tandem Switching Systems for interconnect
`ing trunks between Switching centers, and broadband core
`Switches found at the center of a Service provider's network
`that may be fed by broadband edge Switches or acceSS
`muXes, and associated Signaling, and Support Systems and
`Services.
`The term transmission Systems products shall be taken to
`mean products used by Service providers to provide inter
`connection between their Subscribers and their networks
`Such as loop Systems, and which provide multiplexing,
`aggregation and transport between a Service provider's
`Switching Systems acroSS the wide area, and associated
`Signaling and Support Systems and Services.
`In addition, the NAS of the present invention may be
`configured to perform the encapsulation technique by having
`a set of computer instructions for Encapsulating and Sending
`Packets 18 Stored on a computer readable medium, as is
`shown in FIG. 1. The computer readable medium can
`include, but is not limited to, any type of disk including
`floppy disks, optical disks, CD-ROMs, and magneto-optical
`disks, ROMs, RAMs, EPROMs, EEPROMs, magnetic or
`optical cards, or any type of media Suitable for Storing
`electronic instructions. Alternatively, the present invention
`could be implemented in discrete hardware components
`Such as large-scale integrated circuits (LSIS), application
`Specific integrated circuits (ASICs) or in firmware.
`Moreover, in the foregoing Specification the invention has
`been described with reference to specific exemplary embodi
`ments thereof. It will, however, be evident that various
`modifications and changes may be made thereto without
`departing from the broader Spirit and Scope of the invention.
`The Specification and drawings are, accordingly, to be
`regarded in an illustrative rather than restrictive Sense.
`What is claimed is:
`1. A method for Selectively redirecting packets of
`information, Said method comprising:
`a) receiving a first packet of information from a first
`Source, Said first packet of information having a first
`destination specified in a header of Said first packet of
`information;
`b) examining said first packet to determine whether a
`Service request of Said first packet exceeds a pre
`determined Service level available to Said first Source;
`and
`c) processing said first packet of information to redirect
`Said first packet of information to a Second destination
`in place of Said first destination if Said first packet
`exceeds Said pre-determined Service level available to
`Said first Source, wherein Said first packet of informa
`tion is processed to be redirected to Said Second desti
`nation and include Said first destination as Specified in
`Said header of Said first packet of information, Said Step
`of processing enables Said Second destination to gen
`erate a reply packet to Said first Source, and Said reply
`packet identifies Said first destination as a Source of Said
`reply packet.
`2. The method of claim 1, wherein the method is per
`formed by a Network Access Server (NAS).
`3. The method of claim 1, wherein Said processing Said
`first packet of information includes encapsulating Said first
`packet of information into a Second packet of information.
`
`1O
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,247,054 B1
`
`6
`4. The method of claim 3, wherein said first packet
`includes a service request to an Internet Service Provider
`(ISP), and Said reply packet generated by said Second
`destination includes a message indicating Said Service
`request of Said first packet exceeds Said pre-determined
`Service level available to Said first Source.
`5. The method of claim 1 wherein the method is per
`formed by a Switching System product.
`6. The method of claim 1 wherein the method is per
`formed by a transmissions System product.
`7. A computer-readable medium having Stored thereon a
`plurality of instructions, including a first Set of instructions
`for Selectively redirecting packets of information, Said first
`Set of instructions, when executed by a processor, cause Said
`processor to perform:
`a) receiving a first packet of information from a first
`Source, Said first packet of information having a first
`destination specified in a header of Said first packet of
`information;
`b) examining said first packet to determine whether a
`Service request of Said first packet exceeds a pre
`determined Service level available to Said first Source;
`and
`c) processing said first packet of information to redirect
`Said first packet of information to a Second destination
`in place of Said first destination if Said first packet
`exceeds Said pre-determined Service level available to
`Said first Source, wherein Said first packet of informa
`tion is processed to be redirected to Said Second desti
`nation and include Said first destination as Specified in
`Said header of Said first packet of information, Said Step
`of processing enables Said Second destination to gen
`erate a reply packet to Said first Source, and Said reply
`packet identifies Said first destination as a Source of Said
`reply packet.
`8. The computer-readable medium of claim 7, wherein the
`first set of instructions are performed by a Network Access
`Server (NAS).
`9. The computer-readable medium of claim 7, wherein
`Said processing Said first packet of information includes
`encapsulating Said first packet of information into a Second
`packet of information.
`10. The computer-readable medium of claim 9, wherein
`Said first packet includes a Service request to an Internet
`Service Provider (ISP), and said reply packet generated by
`Said Second destination includes a message indicating Said
`Service request of Said first packet exceeds Said pre
`determined Service level available to Said first Source.
`11. The computer-readable medium of claim 7 imple
`mented on a Switching System product.
`12. The computer-readable medium of claim 7 imple
`mented on a transmissions System product.
`13. A Network Access System (NAS) comprising:
`a) a first device operable to receive a first packet of
`information from a first Source, Said first packet of
`information having a first destination specified in a
`header of Said first packet of information;
`b) said first device operable to examine Said first packet to
`determine whether a Service request of Said first packet
`exceeds a pre-determined Service level available to Said
`first Source; and
`c) said first device further operable to process said first
`packet of information to redirect Said first packet of
`information to a Second destination in place of Said first
`destination if Said first packet exceeds Said pre
`determined Service level available to Said first Source,
`
`Panasonic-1006
`Page 7 of 10
`
`

`

`7
`Said first packet of information is processed to be
`redirected to Said Second destination and include Said
`first destination as Specified in Said header of Said first
`packet of information, Said Step of processing enables
`Said Second destination to generate a reply packet to
`Said first Source, and Said reply packet identifies Said
`first destination as a Source of Said reply packet.
`14. The NAS of claim 13, wherein said first device is
`further operable to encapsulate Said first packet of informa
`tion into a Second packet of information and redirect Said
`Second packet of information to Said Second device.
`15. The NAS of claim 14, wherein said first packet
`includes a service request to an Internet Service Provider
`(ISP), and said reply packet generated by said Second
`destination includes a message indicating Said Service
`request of Said first packet exceeds Said pre-determined
`Service level available to Said first Source.
`16. The NAS of claim 13 wherein the NAS comprises a
`Switching System product.
`17. The NAS of claim 13 wherein the NAS comprises a
`transmissions System product.
`18. A computer-readable medium having Stored thereon a
`plurality of instructions, including a first Set of instructions
`for redirecting packets of information, Said first Set of
`instructions, when executed by a processor, cause Said
`processor to perform:
`a) receiving, at a first server, a packet from a client, the
`packet including a header that identifies a Second Server
`as the destination of the packet;
`b) examining the packet to determine whether a Service
`request associated with the packet exceeds a pre
`determined service level available to the client;
`c) preserving the destination of the packet by encapsulat
`ing the packet within a new packet; and
`d) if Said Service request associated with the packet
`exceeds Said predetermined Service level available to
`the client, redirecting the new packet to a third Server
`in place of the Second Server, Said encapsulating the
`packet within the new packet enables the third Server to
`generate a reply packet to the client, wherein the reply
`packet identifies the Second Server as the Source of the
`reply packet.
`19. The computer-readable medium of claim 18, wherein
`the first set of instructions are performed by a Network
`Access Server (NAS).
`20. The computer-readable medium of claim 18, wherein
`the packet includes a Service request to an Internet Service
`Provider (ISP), and the reply packet generated by the third
`Server includes a message indicating the Service request of
`the packet exceeds the pre-determined Service level avail
`able to the client.
`21. The computer-readable medium of claim 18 imple
`mented on a Switching System product.
`22. The computer-readable medium of claim 18 imple
`mented on a transmissions System product.
`23. A Network Access System (NAS) comprising:
`a) a first server operable to receive a packet of information
`from a client, the packet of information including a
`header that identifies a Second Server as the destination
`of the packet;
`b) said first server operable to examine the packet to
`determine whether a Service request associated with the
`packet exceeds a pre-determined Service level available
`to the client; and
`c) said first server further operable to preserve the desti
`nation of the packet by encapsulating the packet within
`a new packet; and
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,247,054 B1
`
`8
`d) if Said Service request associated with the packet
`exceeds Said predetermined Service level available to
`the client, said first server further operable to redirect
`the new packet to a third Server in place of the Second
`Server, the encapsulating the packet within the new
`packet enables the third Server to generate a reply
`packet to the client, wherein the reply identifies the
`Second Server as the Source of the reply packet.
`24. The NAS of claim 23, wherein the packet includes a
`service request to an Internet Service Provider (ISP), and the
`reply packet generated by the third Server includes a mes
`Sage indicating the Service request of the packet exceeds Said
`pre-determined Service level available to the client.
`25. The NAS of claim 23 implemented on a Switching
`System product.
`26. The NAS of claim 23 implemented on a transmissions
`System product.
`27. An apparatus, comprising:
`a) means for receiving, at a first server, a packet from a
`client, the packet including a header that identifies a
`Second Server as the destination of the packet;
`b) means for examining the packet to determine whether
`a Service request associated with the packet exceeds a
`pre-determined Service level available to the client;
`c) means for preserving the destination of the packet by
`encapsulating the packet within a new packet; and
`d) means for determining that if said Service request
`asSociated with the packet exceeds Said predetermined
`Service level available to the client, redirecting the new
`packet to a third Server in place of the Second Server,
`Said encapsulating the packet within the new packet
`enables the third Server to generate a reply packet to the
`client, wherein the reply packet identifies the Second
`Server as the Source of the reply packet.
`28. The apparatus of claim 27, wherein the apparatus
`comprises a Network Access Server (NAS).
`29. The apparatus of claim 27, wherein the packet
`includes a service request to an Internet Service Provider
`(ISP), and the reply packet generated by the third server
`includes a message indicating the Service request of the
`packet exceeds the pre-determined Service level available to
`the client.
`30. The apparatus of claim 27 implemented on a Switch
`ing System product.
`31. The apparatus of claim 27 implemented on a trans
`missions System product.
`32. A data Signal embodied in a propagation medium, the
`data Signal including a plurality of instructions, which when
`executed by a processor, cause the processor to:
`a) receive, at a first server, a packet from a client, the
`packet including a header that identifies a Second Server
`as the destination of the packet;
`c) examine the packet to determine whether a Service
`request associated with the packet exceeds a pre
`determined service level available to the client;
`c) preserve the destination of the packet by encapsulating
`the packet within a new packet, and
`d) if Said Service request associated with the packet
`exceeds Said predetermined Service level available to
`the client, redirect the new packet to a third Server in
`place of the Second Server, Said encapsulating the
`packet within the new packet enables the third Server to
`generate a reply packet to the client, wherein the reply
`packet identifies the Sec