Patent application title: NETWORK GATEWAY FOR TIME-CRITICAL AND MISSION-CRITICAL NETWORKS
Larisa Tsirinsky-Feigin (Tel-Aviv, IL)
E.S. - EMBEDDED SOLUTIONS 3000 LTD, ISRAEL
IPC8 Class: AH04L2908FI
Class name: Electrical computers and digital processing systems: multicomputer data transferring computer-to-computer protocol implementing computer-to-computer data framing
Publication date: 2014-09-04
Patent application number: 20140250238
A network gateway and method for processing frames in communication
network are provided. The network gateway includes a decision unit
configured to determine an association of incoming frames with at least
one network service; a processing unit configured to process each frame
determined to be associated with the at least one network service; a
queue configured buffering frames determined to be associated with the at
least one network service; and a traffic shaper configured to perform
bandwidth management on frames stored in the queue.
1. A network gateway, comprising: a decision unit configured to determine
an association of incoming frames with at least one network service; a
processing unit configured to process each incoming frame determined to
be associated with the at least one network service; a queue configured
to buffer frames determined to be associated with the at least one
network service; and a traffic shaper configured to perform bandwidth
management on frames stored in the queue.
2. The network gateway of claim 1, wherein the at least one network service comprises at least one of: retransmission of the frames, redirection of frames to one or more destinations, dropping of frames, address resolution, protocol conversion, bandwidth management, prioritization of frames, signalling, alarming, and data encryption.
3. The network gateway of claim 2, wherein the protocol conversion service enables converting at least Internet protocol (IP) frames to non-IP frames and converting non-IP frames to IP frames.
4. The network gateway of claim 3, wherein the non-IP is a protocol including at least one of: MIL-STD-1553, RS 485, RS 422, RS 235, and Hotlink; and wherein the digital video format includes at least H.264, and MPEG-4.
5. The network gateway of claim 1, wherein the network gateway is further configured to transparently inspect frames flow in the network.
6. The network gateway of claim 1, wherein the association between incoming frames and at least one network service is based on at least one network event.
7. The network gateway of claim 6, wherein the at least one network event comprises at least one of: a predefined data pattern, a predefined frame sequence, a virtual channel, and any combination of network addresses.
8. The network gateway of claim 7, wherein the virtual channel carries traffic that always originates from the same source IP address and port number, and that is directed to the same destination IP address and port number.
9. The network gateway of claim 6, wherein the decision unit is further configured to provide frames not being associated with a service directly to the queue.
10. The network gateway of claim 6, wherein the decision unit includes a service table for mapping the at least one network event associated with an incoming frame to the at least one service.
11. A method for inspecting frames in a communication network, comprising: transparently intercepting frames flowing in the communication network; determining if at least one network service can be associated with each intercepted frame; processing each intercepted frame according to the at least one service being associated with the frame; and relaying the processed frame back to the communication network.
12. The method of claim 11, further comprising: performing bandwidth management operations on the processed frame or on a frame that was not processed, wherein the bandwidth management operations include at least one of: buffering frames, and rate shaping of frames.
13. The method of claim 11, wherein the determination of the least one network service associated with the intercepted frame is based on at least one network event.
14. The method of claim 13, wherein the at least one network service comprises at least one of: retransmission of the frames, redirection of frames to one or more destinations, dropping of frames, address resolution, protocol conversion, bandwidth management, prioritization of frame, signalling, alarming, and data encryption.
15. The method of claim 14, wherein the protocol conversion service enables converting at least Internet protocol (IP) frames to non-IP frames and converting non-IP frames to IP frames.
16. The method of claim 13, wherein the at least one network event comprises at least one of: a predefined data pattern, a predefined frame sequence, a virtual channel, and any combination of network addresses.
17. The method of claim 13, wherein the communication network is a time-critical and a mission-critical network.
19. A non-transitory computer readable medium having stored thereon computer executable code which, when executed, causes a processor to perform the method of claim 11.
CROSS REFERENCE TO RELATED APPLICATIONS
 The present application is a continuation application of U.S. application Ser. No. 12/962,420, now U.S. Pat. No. 8,705,541, which is a continuation application of International Patent Application No. PCT/US2009/043887 filed on May 14, 2009, now pending; the International Patent Application claims the benefit of U.S. provisional application No. 61/060,270 filed on Jun. 10, 2008, the contents of which are herein incorporated by reference.
 The invention relates generally to data networks, and more particularly to network devices for allowing communications between ground and aerial data networks.
 A transport control protocol (TCP) is used extensively by many of the network communication applications including, for example, the World Wide Web (WWW), e-mail, file transfer protocol (FTP), streaming media applications, and the like. The TCP is a reliable stream delivery service that guarantees to deliver a stream of data sent from one host to another without duplication or losing data. The TCP implements a positive acknowledgment technique that includes retransmission of packets to guarantee reliability of packet transfers. This technique requires the receiver to respond with an acknowledgment message as it receives the packet, when such message is not received within a predefine time window, the sender retransmits the packet. As the TCP is optimized for accurate delivery, the protocol sometimes incurs relatively long delays and extensive bandwidth usage. Therefore, the TCP is not particularly suitable for applications where real-time delivery is needed.
 A user datagram protocol (UDP) is usually utilized in applications require timely delivery. The UDP does not guarantee reliability or ordering of packets, thus packets (or datagrams) may arrive out of order, appear duplicated, or go missing without notice. The UDP is faster and less bandwidth consuming than the TCP as the overhead of checking when every packet actually arrives is eliminated.
 In the related art network devices (e.g., gateways, switches, routers, etc.) implementing network communication using either a UDP or a TCP, cannot provide efficient mechanisms to support communication over special-purpose time-critical and mission-critical networks where both timely and guaranteed delivery are essential. Typically, such networks are utilized in military applications, communication between ground and aerial devices, and so on.
 An example for a time-critical and mission-critical network is an IP military network that requires more complex architecture than a civilian IP network. At least the following factors contribute to this complexity: unstable end-to-end connectivity between a source device and a destination device in such a network: a limited bandwidth allowance per source and/or destination, a strict prioritization requirements, real-time requirements, and traffic and protocols restrictions because of special military network devices (e.g., gateways, encoders, firewalls, etc.).
 Furthermore, such networks demand to support non-compromised requirements, such as bandwidth management over limited bandwidth, quality of service per every packet, no latency, transparency, and so on.
 It would be therefore advantageous to provide a network device that can support the requirements of special-purpose data networks while being fully compliant standard network protocols and devices and fully transparent to other network entities.
 Certain embodiments disclosed herein include a network gateway comprising a decision unit configured to determine an association of incoming frames with at least one network service; a processing unit configured to process each frame determined to be associated with the at least one network service; a queue configured buffering frames determined to be associated with the at least one network service; and a traffic shaper configured to perform bandwidth management on frames stored in the queue.
 Certain embodiments disclosed herein also include a method for inspecting frames in a communication network. The method comprises transparently intercepting frames flowing in the communication network; determining if at least one network service can be associated with each intercepted frame; processing each intercepted frame according to the at least one service being associated with the frame; and relaying the processed frame back to the communication network.
BRIEF DESCRIPTION OF THE DRAWINGS
 The subject matter disclosed herein is particularly pointed out and distinctly claimed in the claims at the conclusion of the specification. The foregoing and other objects, features, and advantages of the invention will be apparent from the following detailed description taken in conjunction with the accompanying drawings.
 FIG. 1 is a diagram of a data network used to describe the various disclosed embodiments;
 FIG. 2 is a block diagram of the network gateway realized in accordance with an embodiment;
 FIG. 3 is an example for a service table constructed in accordance with an embodiment; and
 FIG. 4 is a flowchart describing the operation of the network gateway implemented in accordance with an embodiment.
 It is important to note that the embodiments disclosed herein are only examples of the many advantageous uses of the innovative teachings herein. In general, statements made in the specification of the present application do not necessarily limit any of the various claimed inventions. Moreover, some statements may apply to some inventive features but not to others. In general, unless otherwise indicated, singular elements may be in plural and vice versa with no loss of generality. In the drawings, like numerals refer to like parts through several views.
 FIG. 1 is an exemplary diagram of a data network 100 used to describe the principles of the invention. The network 100 includes sub-networks 110-1 and 110-2 connected through a data link 130. Each of the sub-networks 110 include a network device 140 (e.g., a router, a switch, an airborne Ethernet switch, etc.) and a network gateway 150 constructed in accordance with certain embodiments of the invention. Each of the sub-networks 110 may be, for example, a local area network (LAN) and the data link 130 may be either a wireless link or a wired link adapted to carry UDP traffic. In a preferred embodiment the data link 130 is a wireless link connecting a ground sub-network 110-1 to an aerial sub-network 110-2. An example for such configuration may be controlling of systems installed in unmanned aerial vehicles (UAV), air plans, etc. from a ground station.
 To enable reliable communication between the sub-networks 110-1 and 110-2, the gateway 150 supports all the requirements of special purpose data networks which include, but are not limited to, bandwidth management, quality of service per every message, no latency, transparency, and so on. With this aim, the network gateway 150 is a transparent device that monitors traffic flows between the sub-networks 110. Specifically, the network gateway 150 inspects the data frames flow between the sub-networks 110 and processes the frames based on predefined networks events. Acting as a transparent device, the network gateway 150 has no IP address that other network entities should address their frames to (an IP address may be used only for maintenance and configuration purposes). Network entities merely send frames to each other while the gateway 150 intercepts these frames at the data link layer. In certain embodiments of the invention the network gateway 150 may include the network device 140.
 FIG. 2 shows an exemplary and non-limiting block diagram of the network gateway 150 implemented in accordance with an embodiment of the invention. The network gateway 150 includes a decision unit 210, a processing unit 220, a queue 230 and a traffic shaper 240. The network gateway 150 is configured to inspect each incoming data frame, detects network events and determines based on the network events what type of services should be associated with the frames. A network event may be, for example, a predefined data pattern, a predefined frame sequence, a virtual channel, any combination of network addresses, and the like. A virtual channel carries traffic that always originates from the same source IP address and port number and directed to the same destination IP address and port number.
 That is, the virtual channel is defined as a combination of source/destination IP addresses and port numbers. The services that can be associated with a frame may include, but are not limited to, retransmission of the frames (i.e., guaranteed delivery), redirection of frames to one or more destinations, address resolution (e.g., acting as an ARP proxy), protocol conversion, bandwidth management, prioritization, encryption and decryption of data by implementing, for example, an IPSec protocol, signalling, alarming, and so on.
 The protocol conversion service enables converting an Internet protocol (IP) to legacy protocols, such as MIL-STD-1553, Hotlink; serial protocols, such as RS 485, RS 422, RS 235 and the like. In addition this service enables converting an analog video format to a digital format compliant with, for example, the H.264 and MPEG-4 formats. It is appreciated that the network gateway can be easily adapted to support other type of services and that the services listed above are merely examples.
 The decision unit 210 is configured to receive an incoming frame relayed by a network device 140 and determines if further processing is required for that frame. The decision is taken using a service table stored in the decision unit 210. The table defines for each network event what should be the service(s) to be associated with frames comply with the detected event. An exemplary and non-limiting service table is provided in FIG. 3, where the network event is a virtual channel. Entries in the service table designated as "null" indicate that no processing is required on frames received on the respective virtual channels. Such frames are forwarded directly to the queue 230. The service table is preconfigured and can be dynamically updated by a user (e.g., a system administrator).
 To ensure in order transmission of frames while the decision unit 210 evaluates a frame, no new frames are received. It is appreciated that the evaluation of frames includes a look-up table operation to locate the respective virtual channel entry, thus there is no latency involved with the operation of the decision unit 210.
 Frames that should be processed are input to the processing unit 220, which handles each frame according to the service(s) associated with the frames. Each service requires different handling by the processing unit 220. For example, to guarantee reliable delivery a copy of the frame is retransmitted predefined number of times, redirection of a frame includes modifying the destination IP address and port number to specify the new destination, dropped frames are not transmitted, conversion of unicast frames to multicast frames, and prioritizing of frames by inserting "prioritized" frames into the head of the queue 230. In fact, processed (non-prioritized) frames are saved in the queue 230 according to the order in which they were received.
 The traffic shaper 240 is configured to retrieve frames stored in the queue 230 and to perform the task of bandwidth management to meet the available bandwidth on the data link 130. Typically, traffic shaper 240, buffers a set of frames, thereby imposing additional delay on those frames such that they conform to a predetermined constraint of the data link's 130 bandwidth. This ensures elimination of burst transmissions and transmitting data at a transfer rate which is no higher than the permitted rate.
 FIG. 4 shows an exemplary and non-limiting flowchart 400 describing the operation of the network gateway 150 provided in accordance with an embodiment. At S410 a frame sent from a network device (e.g., device 140) is intercepted. At S420, a check is made to determine if one or more predefined services are associated with a frame. As mentioned above, the check is performed by matching a virtual channel of the frame and/or a network event against the service table. If S420 results with a "yes" answer the execution continues with S430; otherwise, the execution proceeds to S440.
 At S430, the frame is processed according to service(s) associated with the frame. The processing tasks include, but are not limited to, redirection of the frame, dropping the frame, prioritizing the frame, retransmission of the frame, protocol conversion and address resolution. In a preferred embodiment the processing further includes generating alarms and signalling the users based on detected network events through the processing step. For example, a network event may be a frame that matches a predefined sequence, thus if such a frame is detected an alarm may be generated. As another example, the gateway 150 may signal the user if a frame is sent to or from an unknown address, which is an address that is not configured in the gateway. At S440, bandwidth management is performed by shaping "processed" and "non-processed" frames. Thereafter, at S450 frames are relayed to the data link 130.
 The embodiments disclosed herein can be implemented as any combination of hardware, firmware, and software. Moreover, the software is preferably implemented as an application program tangibly embodied on a program storage unit or computer readable medium. The application program may be uploaded to, and executed by, a machine comprising any suitable architecture. Preferably, the machine is implemented on a computer platform having hardware such as one or more central processing units ("CPUs"), a memory, and input/output interfaces. The computer platform may also include an operating system and microinstruction code. The various processes and functions described herein may be either part of the microinstruction code or part of the application program, or any combination thereof, which may be executed by a CPU, whether or not such computer or processor is explicitly shown. In addition, various other peripheral units may be connected to the computer platform such as an additional data storage unit and a printing unit. Furthermore, a non-transitory computer readable medium is any computer readable medium except for a transitory propagating signal.
 All examples and conditional language recited herein are intended for pedagogical purposes to aid the reader in understanding the disclosed embodiments and the concepts contributed by the inventor to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions. Moreover, all statements herein reciting principles, aspects, and embodiments of the invention, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future, i.e., any elements developed that perform the same function, regardless of structure.
Patent applications by Larisa Tsirinsky-Feigin, Tel-Aviv IL
Patent applications in class Computer-to-computer data framing
Patent applications in all subclasses Computer-to-computer data framing